The crucial efficiency considerations of call centre security processes


Security processes are an important part of many call centre operations, but the impact they have on customer experience and efficiency needs to be understood so that they can be mitigated. In this chapter from his new book, Matt Smallman examines the efficiency implications of call centre security processes.

28th Mar 2022

Efficiency is often a proxy for the cost of the security process, but you need to consider more than the direct costs. With that in mind, let’s explore the expense of manual security processes and the missed opportunities for enabling self-service features that could obviate the need for an agent call altogether. We’ll also discuss the often hidden overhead of knowledge-based security processes. 

Handle time 

The most obvious efficiency implication of the security process is the time your frontline agents spend completing it. While in theory, many identification and authentication practices can be completed quickly, the reality is often that they are not. Callers must go and find documents with reference numbers on them, systems are slow to bring up the relevant details, not every customer record has the information required, agents can’t hear customers properly and must ask them to repeat things, and callers can’t always remember the answers they need. 

As a result, the average time spent on the process may be significantly more than you’d expect. When you include the time the agent spends explaining remediation processes to callers who can’t complete the process, it can be longer still. In practice, the profile of time spent on security on your calls may be something like the curve shown in Figure 1. When you consider that this pattern is likely to be repeated on many calls, it is not unusual to find situations where up to 20% of total talk time is spent on the security process. Just think what you could do if you got some of that time back.



Measuring average call security handle time 

You may well be used to the concept of average handle time, but for the purpose of understanding the efficiency of different security processes, let’s deconstruct the call a little further.

Most calls follow a similar structure. An initial welcome and question about the customer’s reason for calling is followed by the security process (made up of identification and authentication). The agent then attempts to resolve the customer’s reason for calling and any additional needs before closing the call and completing after-call work. When measuring the absolute time taken to complete a security process, we need to be careful that only this proportion of the call is counted. 

In some organisations, the only practical way to do this is with a stopwatch and an appropriately sized sample of call recordings. Fortunately, many organisations have multiple identification and authentication methods, some of which don’t require any agent time to handle because they are fully automated. Using these fully automated methods as a baseline, you can use the call talk time, which is usually recorded in the call-centre reporting suite, to compare the time taken for different security processes and outcomes. In most cases, the difference in time is almost entirely attributable to the different security processes.

Automation and self-service 

The second element of efficiency to consider, and potentially the most significant, is the opportunity for self-service that the security process does or does not allow. Obviously, if a customer is seeking to do something themselves, wherever possible, we need to enable it and avoid the costs of an agent interaction, but in most cases, these services cannot be provided without identification and authentication. Once a caller has started speaking to an agent to complete the security process, there is little opportunity to return them to the increasingly capable range of voice-operated self-service solutions available. 

call talk time

To reduce handle time and exploit self-service capabilities, many organisations have automated some or all of the security process. But often, existing knowledge-based processes are hard to automate or require compromises to do so. In most cases, it is only possible to use simple questions or introduce PINs and passcodes, which have their own usability challenges. Even the best-performing organisations struggle to automate the security process in this way for more than 50% of their calls.

Even if customers can successfully complete automated processes many times, they often end up so worn out and frustrated that they are unlikely to fully engage with any self-service features available and prefer to speak to an agent. In this case, theoretically, there is some time saved as the agent should not need to complete the security process again and can get straight on with resolving the customer’s reason for calling. Unfortunately, in practice, 67% of customers in research complained that they had to repeat their details again when speaking to an agent.

There may be opportunities to shorten call time if, for instance, there is common or frequently requested information on every call, like minutes remaining for a mobile phone operator or the amount owed and due date for a credit-card company. Improving the rate of successful identification can have a significant impact on an organisation’s ability to get routing decisions right first time and avoid the need for internal transfers. Identity adds important additional context to a caller’s intent and can even help disambiguate between several reasons for calling, allowing customers at high risk of churn to be routed to a specialist team if their intent is related to a complaint or similar.

Cost of sustaining security processes 

Many traditional security methods are expensive to set up and maintain. For a PIN to remain secret, it is often sent by post using special printing – a panel that needs to be scratched away to reveal the PIN when held up to the light – that prevents people from guessing what is in the letter or reading its contents without the recipient noticing. While each letter may only cost a few pounds or dollars to protect, it soon adds up. Some schemes attempt to increase the security of the PIN by requiring its receipt to be confirmed or it to be activated using another security method, which adds to the cost. During a typical customer lifecycle, it will not be unusual for them to forget the PIN at least once, and each occasion means another mailing. When passwords are used instead of PINs, they too incur a cost to maintain as they add to the call length during setup, as well as when they are forgotten and need to be set up again. 

There may also be text messages, emails or letters to send to the customer to make sure it was they who requested the change, all of which have marginal costs. When security processes involve high levels of employee discretion, you need to ensure that your agents are trained to make those decisions and check that they do so appropriately. Training and monitoring costs are difficult to avoid if you want to have confidence that your security process is performing as expected, but the more material cost in my experience is on employee morale and how that impacts absenteeism and sickness. Having removed employee discretion from most security decisions, one UK wealth manager attributed a fifteen-point increase in call-centre employee satisfaction, along with corresponding decreases in attrition and absence, to the change.


The final component of efficiency to consider is the cost of dealing with complaints related to your security processes, the failures of which are often a significant source of customer dissatisfaction. In many organisations, complaints must be handled in specific ways and may need to be reported to regulators. While many can be resolved with an apology and are rightly attributed to company policy rather than error, there is still a cost to receiving, investigating, responding to and reporting them that is often ten to twenty times greater than the cost of a single call. 

Sometimes, the complaints don’t even stem from the security process. I have seen examples of complaints or issues that only get formalised when a customer experiences security-process challenges or when restrictions in the security process prevent agents from resolving the issue to the customer’s satisfaction. It’s these frustrations that push customers over the edge; they’ve been prepared to tolerate the issue or problem up until this point, but when they are unable to access a service, are asked a question whose security value they perceive as limited or have to write in so that their signature can be verified, they finally crack, and all their frustration comes out.

Unlock your call centre: A proven way to upgrade security, efficiency and caller experience is available now. Visitors to can get chapter one free. The kindle version is 99p from 1am on Wed 30 to 11pm on Thu 31st. 


Replies (1)

Please login or register to join the discussion.

By limbhaze
29th Mar 2022 11:06

Hire The Best Employees
It’s essential for successful call center management, but few managers put enough time and energy into hiring the best employees for the job. Call centers need people with a natural ability for customer service, good listening skills, effective communication skills, an excellent memory, and an enthusiastic attitude. It’s the intangibles like enthusiasm and ability to listen that often make the best employees.

And the tricky thing is, these traits can’t be taught. That’s why it’s so important that savvy managers take the time to screen new employees for attitude and aptitude.

Thanks (1)