Digital interactions play a critical role in enabling customers to connect, communicate and interact with organizations. The COVID-19 pandemic reinforced the value that contact centers provide, quickly transforming into a customer experience hub for connected service delivery as call volumes and interactions dramatically increased. With dispersed workforces and customer bases becoming more common, securing the contact center is critical to help prevent the potential risk and exploitation of sensitive data and personally identifiable information (PII). According to IBM’s Cost of a Data Breach 2021 report, customer PII was lost in 44% of breaches over the past year, making it the most common type of record loss and the most expensive at $180 per record. In fact, customer PII was compromised 1.5 times more than intellectual property (27%) and employee PII (26%).

Understanding the Vulnerabilities

To establish a stronger security posture, contact centers must understand what security risks they are most prone to, with account takeover, “card-not-present,” and identity theft being some of the most common.

In an account takeover, fraudsters impersonate a legitimate customer after finding personal information on social media, for example, to convince agents to change someone’s account details. Contact centers also experience “card-not-present” fraud, involving individuals purchasing items using stolen credit cards. Then, there is identity theft, occurring when personal information is obtained from data breaches, intercepted from unsecured Wi-Fi connections, or stolen from personal devices and used to deceive agents. All three of these security risks and vulnerabilities present unique challenges for contact centers that must be addressed and stopped. 

Organizations should start by evaluating their employee ecosystem—are they grappling with unsecured home Wi-Fi networks, a lack of cybersecurity training, limited antivirus solutions, or a widening gap in security software and privacy features? If not addressed, contact center organizations face severe financial implications. In fact, according to IBM's research, the average cost of a data breach was $1.07 million higher in breaches where remote work was a factor.

Methods for Preventing Fraud

The easiest and most effective way to protect your contact center is to keep the data out of the business infrastructure altogether. If there is no customer information held in systems, call recordings or networks, the threat of obtaining any sensitive PII is significantly reduced.

When it comes to handling PII, contact centers can implement dual-tone multi-frequency (DTMF) masking to ensure that customer data remains anonymous and in compliance with regulatory standards such as the Payment Card Industry Data Security Standards (PCI DSS). For example, customers can use the keypad on their phones to enter personal or payment card details instead of saying the information aloud to an agent. DTMF masking technology replaces dial tones with flat tones, allowing transaction details to be sent straight to the payment service provider, bypassing the agent entirely. Similarly, contact centers can consider using secure web links for digital transactions. This means customers can visit payment pages and enter their card information into a secure browser in which the agent cannot copy, view, or capture payment details in a screenshot.

Here are other considerations for protecting your contact center:

• Hire the right people: The best employees are those who want the best for your company. Implement background screenings, reference checks and a strong series of interviews when hiring prospective employees.
• Educate your workforce: Train everyone from the C-Suite down to identify and report any suspicious activity from within the contact center. Since call centers handle large volumes of sensitive data, educating your employees on how to properly handle this information is critical.
• Update security software regularly: Malware continuously evolves as it tries to get one step ahead of security software. As a result, vendors need to constantly update and patch programs to protect against new security vulnerabilities. Ensure that all your programs and software have the latest updates.
• Secure your network: Installing a corporate virtual private network (VPN) or security system can help segment networks so unauthorized agents cannot misuse or modify sensitive information. A stable network security system can protect your customer data and help reduce risk should your company become a victim of data theft.
• Conduct regular vulnerability assessments: Your internal and external networks and software should be scanned regularly for vulnerabilities. Early identification is the key to preventing larger, more sophisticated attacks in the future.

Implications for the Insurance Industry

As one of the world’s largest industries, insurance providers must modernize their customer experience to attract and retain customers without sacrificing security. In a competitive environment, customers expect more from their providers than ever before. It has become clear that there is no turning back from the radical transformation organizations have experienced over the last two years and the many untapped digitization opportunities that still exist.

With insurance being a highly regulated industry, providers are subject to various laws and standards designed to ensure strong security and protect customers. Typically, achieving regulatory and industry compliance is a time-consuming, resource-heavy and manual process. By using new technologies, insurers can streamline, accelerate and modernize compliance—helping firms meet and adhere to strict industry regulations.

Contact centers, for instance, serve as the first point of interaction, where sharing sensitive, personal information over digital channels has become the norm. Without a proper balance between security and customer experience, insurers will continue to risk delivering negative experiences, losing customers, and harming their bottom line. Prioritizing an omnichannel approach allows customers to stay in their channel of choice throughout the transaction or contact center interaction.

The growth in payment innovation—from digital banking to mobile wallets and contactless payments—has created positive developments for more secure, frictionless contact center interactions. Organizations must continue to prioritize customer experiences as the ultimate differentiator to set themselves apart.