The relationship between companies and customers is built on trust, and contact center security is critical to maintaining that trust.
Customers give a company more business when they trust it to provide good products and a positive experience while protecting their personal information. To continue improving the customer experience, the company must gather information on its customers; the trust it has engendered will determine how much data it can collect.
Safeguarding that data is particularly vital in call centers. Companies use data at every point in the customer journey, and every piece of that data leads back to the call center. It's where customers turn for service and support, whether they have questions about a product or need to troubleshoot issues. It's where trust is won—and lost.
Threats to contact center security
While customers need to protect their identity credentials to help mitigate attempts by fraudsters to fool call centers, contact centers need to implement controls to identify bad actors trying to impersonate customers to take over accounts, steal contact information, and commit fraud or send robocalls. Sophisticated hackers will directly attack the organization that runs the contact center. Telephony denial of service attacks, for instance, flood already busy call centers with requests, preventing incoming and outgoing calls and grinding operations to a halt.
Cyber criminals are also well aware of the potential to exploit interactive voice response (IVR) systems to escalate the severity of a data breach. Just as businesses use artificial intelligence to learn more about customers and provide better service, hackers mine IVR systems' data to validate information they already have or to launch brute force attacks to crack passwords or steal more information.
Ensuring contact center security
A great way to begin bolstering contact center security is by applying the best practices already in place in other areas of your enterprise. Stress to employees the need for strong, frequently updated passwords and the need to lock down workstations when they're not in use.
Companies should also train agents to be aware of the most common risks and keep them abreast of new attack vectors and vulnerable processes that external threats could exploit. Walk through real-world scenarios and ensure that everyone understands how to report suspicious activity and to respond when a security alert is escalated.
Deploying zero trust security—in which organizations assume no credibility and require authentication from every user and device—can help shore up contact center security. So, too, can the principle of least privilege, wherein agents are granted access to only the bare minimum of customers' personally identifiable information.
Beyond that, companies that standardize on a cloud-based site can increase their ability to move or isolate data when incidents arise, and a managed network with better connectivity can limit more serious attacks. A multi-layered approach to security should also include IVR technologies that can detect suspicious caller behavior and the presence of unauthorized external applications.
Contact centers should also consider implementing authentication technology to remove the pressure of fraud identification from their agents. In 2017, one in 638 calls made to a contact center was fraudulent. That may not sound like much, but it represented a 355% increase from just five years earlier. Media forking technology allows different parts of audio from calls to be segmented from one another for independent assessment. Inbound anti-fraud tech can analyze the voice, device and behavior of the caller and provide that information to the call center alongside a risk score. Over time, this risk assessment engine builds trust for genuine callers while refining the criteria for fraudulent calls.
Putting these safeguards in place is the first step. You also need to be sure they work—and that they continue to work. Regular penetration testing, whether by your IT team or hired consultants, can help identify vulnerabilities in your network so they can be patched before they become a problem.