Is your call center ready to face new threats to data security in 2018? It’s important to understand the risks call centers face, and make a plan to protect your business and your customers.
2017 was a banner year in payment security - both good and bad. While EMV has slashed retail card fraud, fraudsters quickly turned their efforts to new channels. Last fall saw the worst data breach in US history with Equifax, which placed uncounted millions of consumer files into the hands of criminals. These two trends - the need for alternate avenues of payment fraud, combined with wide access to personal consumer information - have converged on the call center.
Since retail fraud is becoming less and less profitable, fraudsters have turned to call centers with alarming results. Research shows that call center fraud rose by 113% in 2016. Fraudulent attacks run the gamut, from individual attempts to gain control of a consumer’s identity and drain bank accounts, to mass infiltration of a company’s network through the installation of malware. Combined, these efforts bring a major threat that requires a multifactor approach.
As with most businesses, call center data security risks come from both inside and outside the organization. Considering the high turnover, low compensation environment of many call centers, employees may pose an attractive target for compromise. According to Semafone, 11% of call center staff report being approached by people either within or outside their organization to access or share sensitive customer information.
It’s crucial to follow PCI DSS best practices to set up a secure operational environment to prevent opportunities for data theft. Consider setting up a clean room environment, excluding cell phones and locking out personal access to email and internet browsers. Monitor for signs of unusual employee activity, such as printing extra copies of customer information or downloading files to a USB drive. Common sense oversight can go far in maintaining data integrity.
Mitigating outside risk must be approached on two separate fronts: inbound calls and IT systems.
Inbound Calls: Considering the recent data breaches, call centers are finding inbound calls to be an increasing source of fraud. Caller authentication is growing more difficult. Armed with stolen personal data, fraudsters are often quite capable of answering security questions. Verifying inbound phone numbers is little help, as it’s easy to spoof caller IDs, particularly when using VOIP. Multi-layer authentication is the key to weeding out fraudulent callers. It’s wise to partner with outside experts to help manage this process. Of course, call centers should adhere rigorously to PCI DSS requirements, which are regularly updated to reflect best practices.
Keep in mind, fraudsters that dial your call center might not be trying to bilk your customers out of cash outright, but rather seeking to gain additional personal information, in order to build a more complete consumer profile for future fraudulent attempts. Don’t participate in their game. Educate your employees about what information they can and cannot provide. An educated workforce is less likely to fall prey to scams.
IT Systems: Smart IT systems provide the best defense against data breaches due to malware or information theft. Take the time to set up proper firewalls, antivirus software, and intrusion monitoring systems. These steps seem like common sense, but too often, corners may be cut in IT. Call Center Management reports, “IT system development or maintenance of call centers do not always deploy the right security technologies, which introduces a number of network deficiencies that could easily be exploited by hackers.”
Human error remains a common entry point for malware infections - from accidentally downloading an attachment to visiting a compromised website. By excluding personal emails or browsers from inside-facing systems, you can provide a wall of separation to catch any resulting attacks before they have a chance to rob you.
Today more than ever, call center data security is paramount. Considering the threats to payment security that have evolved over the past year, you can’t afford to neglect this aspect of your business. It’s vital to look both outside and inside for possible weak links. By following PCI DSS requirements, and carefully managing your call center staff, software and IT systems, you can go far in protecting your business and customers from threats.