Improving the Security of your Call Centre Security Experience
5 mins read
5 mins read
Security is a critical dimension of contact centre Call Centre Security Experience performance. Organisations need to be certain the caller is who they claim to be. Callers need to be confident that the organisation is responsibly protecting them and their data. In many cases, security processes have not kept up with the increasing sophistication of would-be imposters and the enormous amount of personal information available due to countless data breaches. Depending on your organisation’s context, we recommend looking at four areas to improve your experience’s security.
If you want to improve the security of your Call Centre Security Experience here are some things you could consider:
Whilst authentication based on something the caller knows has been the traditional means of securing calls for many years the increasing availability of personal information in the public domain and sophistication of fraudsters means that in some cases it provides no real security. If your authentication process is based on information such as a social security number, mothers’ maiden name or date of birth, it is really just theatre.
Depending on the frequency of calling and callers ability to remember you should consider replacing these with secret questions, passwords, PINS or memorable words. These do have a range of usability and efficiency challenges, but they are significantly more secure even whilst remaining open to social engineering than the most common questions above.
To achieve higher security levels, it is usually necessary to replace or augment authentication based on something the caller knows with something they possess or are. Inherence based authentication, often known as biometrics, is based on the unique combination of callers’ physical and behavioural characteristics. Whilst you can use your fingerprint or face on your mobile device in the contact centre, this is usually based on the caller’s voice. Voice Biometric systems are significantly more secure and easier to use than traditional authentication but take time and effort to implement as callers need to be registered to use them before they can be authenticated.
Possession based authentication whilst not as easy for callers to use can often be easier to implement than biometrics and significantly increase security. In most cases it works by confirming the caller is in possession of a mobile device which you already know to be theirs. There are many approaches available from Text Message-based one-time passcodes to app-based authenticators which all have different implementation challenges, security impact and exploitable vulnerabilities.
Authentication isn’t the only way of increasing the security of your calls. The alternative is to use the data you already have to look for inconsistencies. At the simplest level, this might mean simply checking that the same incoming number isn’t claiming to represent more than a reasonable number of customer records or that a call comes from a number you have on file for the customer. More sophisticated approaches might use technology like Voice Biometrics to identify if the same person is claiming to be more than one customer or use data from the telephone network to identify a suspicious call route or potential spoofing of the inbound caller identifier.
Every authentication method will have vulnerabilities that can be exploited by those with sufficient time and malicious intent. The most secure approach is, therefore combining different factors, so-called multi-factor authentication. Using two or more of the above approaches, you can achieve significantly more secure interactions than a single technique on its own.
Of course, security isn’t the only dimension of the experience. It’s important to balance your security with both usability and efficiency of the process. The most perfectly secure process is likely to be very inefficient and almost completely unusable even by genuine customers. The intelligent application of multiple factors dependent on the risk of the service requested and the interaction itself is required to deliver the appropriate level of security without compromising usability or efficiency.
I am the expert in helping organisations find the right balance and implement new technologies and approaches to maintain this balance and improve all dimensions of the Call Centre Security Experience. I’ve written a separate article on Balancing Usability, Efficiency and Security in the Call Centre Security Experience that covers this in more depth.
These are only a small selection of the things you can do to improve your Call Centre Security Experience’s security. Of course, even these require a lot more thought and consideration before they can be implemented.
You can read more about these issues on this site or get in touch for a no-obligation confidential initial discussion. You can also take our free Call Centre Security Experience Scorecard assessment to see how your organisation performs and get recommendations customised to your unique situation.