You've seen the headlines: Home Depot, JP Morgan, and perhaps most infamously, Target, have suffered at the hands of hackers who stole personal identity personal information, such as credit card numbers. But security breaches are not limited to brick-and-mortar businesses.
According to Contact Solutions, a medium-sized contact center can get hit with as many as 1,000 fraudulent calls per month that were able to bypass security solutions.
"Fraudsters today conduct sophisticated, multipronged attacks on the enterprise," the company said in a statement. "They use IVRs for surveillance and data-gathering as a precursor to phishing with agents that can eventually lead to account takeover. The impact to the liable institution and to the customer increases downstream after transactions occur, when current fraud solutions detect suspicious activity, so it's important to detect and deter fraudsters as early in the process as possible."
Added Greg Adams, vice president of product management at Pindrop Security, in a statement, "One out of every 2,900 calls to a financial institution call center is fraudulent."
"Identity theft and security is definitely something that contact centers need to be cognizant of," says Matt Lautz, president and CIO at CorvisaCloud. "It's absolutely essential that companies take steps to verify who they're talking to and [that it is] the person that they want to be talking to."
Here are three tactics your contact center may want to consider to protect you and your customers from fraudulent activity.
Use an Automated Verification System
When it comes to agents, there needs to be a checks-and-balances solution, Lautz says, because companies should be concerned not only about a person calling into the contact center, but also agents who may have access to customer information. "You don't want your agent to hear sensitive data," he says. "[Without a solution], your agent now knows your mother's maiden name and other data."
Armed with such personal information, agents can be a potential security problem, and in the case of financial institutions, the risk can be heightened if agents, for example, are privy to monetary information about a customer. The issue is a common fraud component, but companies might not be aware of such breaches. An agent can also accidentally capture personal data without malicious intent.
One solution to thwart such exposures is transfering a customer to an automated verification system. With the agent off the line, the system will ask the questions to ensure the caller is authentic and sensitive data is not available to the agent, all while not losing the call.
"It's a great way to make sure that you're talking to the person you think you are without exposing sensitive data to the agent, which is a point of human failure," says Lautz..