Customer Service Security Isn’t Always Airtight, Even for Amazon

Earlier this week, former Amazon employee Eric Springer shared his recent experience with Amazon customer service, revealing that the e-commerce giant unknowingly gave away his identity to hackers on three occasions. Springer was alerted to the situation after receiving an email confirming a recent interaction with customer service via Web chat that he did not actually have. After reviewing the transcript, he realized someone was posing as him in an effort to get his shipping address and, in a second attempt, the last four digits of his credit card number. For consumers who are already wary about their online security, interactions like these come as no surprise—what's more surprising, Springer points out, is that a behemoth such as Amazon failed to take basic precautions, including requiring his impersonator to log in before initiating a chat.

According to a recent survey conducted by YouGov, 72 percent of consumers are "fairly concerned or very concerned" about the security of the personal data that they provide to brands. Seventy-three percent also said they were "very concerned or fairly concerned with how brands and organizations use their personal information." And, because they don't trust brands, 53 percent of the consumers surveyed said they would share less data over the next three years.

The onus is on companies to earn customers' trust and keep it, and Amazon's failure to protect Springer's identity demonstrates key security gaps that are likely not just an oversight for Amazon, but for other brands as well. Not requiring a customer to sign in before a customer service engagement was one mistake, but there are other steps companies can take as well. The best way to fight these attacks, says Nathan Cooprider, senior software engineer at cloud security company Threat Stack, is to provide more cues to customer service representatives that identify when a connection is not secure.

"When a consumer is browsing the Web, there are things that indicate on the browser whether or not the Web site has a correct certificate, and if it's using the most current protocol. These cues provide a safer Web browsing experience, and companies can provide similar types of cues to customer service representatives when they're helping people. For example, agents should be alerted if the IP address that the customer is using is different than the one he or she normally uses," Cooprider says.

One of the biggest obstacles that companies face when it comes to protecting customer data is the tension between convenience and security. If there are too many security processes that stand in the way of customers getting in touch with customer service representatives and getting the assistance they need, then customer satisfaction will plummet. "You want customers to actually be able to use the system," Cooprider says. "A customer may be applying for a loan and be asked questions about a house they lived in five years ago. They might not remember the apartment number and at that point the security measures are causing a standstill," he adds.

It's also worth noting that there's no way to protect against every single data breach or hacker, and even massive companies such as Amazon can't afford to spend all their resources on prevention. "It's practically impossible, not theoretically, but practically impossible to have something that will not have some sort of hole in it somewhere," Cooprider says. "The sufficiently resourced attacker is going to get through." The aim, instead, should be to not only focus on prevention but also allocate efforts toward repair and recovery as well. And for Amazon, the lesson should be to fix the breach after one incident, not three.

Related Articles

As businesses head into the new year, more emphasis is being placed on security. Here are some measures companies can take to mitigate risks in the contact center.

Posted December 18, 2014

Technology incorporates real-time streaming, voice biometrics, and analytics to thwart fraudsters.

Posted January 08, 2015

Marchex, a mobile advertising analytics company, today launched a major security enhancement to Marchex Call Analytics that enables companies to automatically redact credit card numbers from recorded phone calls in real time.

Posted December 15, 2015

In a study by equity insight and analytics provider 24/7 Wall Street and research company Zogby Analytics, Comcast was named one of the worst performers in customer service, while Amazon was named the best. More than 1,500 Americans were asked to evaluate companies across 17 industries.

Posted August 26, 2016

Amazon has a reputation for continually innovating to make the service experience better and easier for customers. Soon other companies may be able to quite literally borrow from Amazon's playbook, as the e-commerce giant is rumored to be developing a suite of cloud-based call center tools based on its own proprietary call center technology.

Posted March 17, 2017