The Contact Center Security Challenge
The Contact Center Security Challenge
By Donna Fluss
Data and physical security are major challenges for contact center management. While these issues are not new, heightened and justifiable concerns over identity theft, hackers, and physical threats mandate making security a top priority. Contact centers must institute checks and balances to ensure that their policies, procedures and staff respect and protect their customers’ privacy.
About a year ago, there was uproar in the press about an agent in India who stole customer information. The sad reality is that contact center agents around the world, including North America, have taken similar nefarious actions that have resulted in customer and enterprise loss.
North American contact centers have established many practices to minimize the risk of theft by agents. Many centers have moved to a paperless environment, installed shredders for sensitive documents, and implemented applications that monitor and track employee footprints” on all systems and transactions. Others supply agents with lockers and do not allow personal items to enter or leave the operating environment. Most contact centers (and enterprises in general) ask staff members to sign documents stating that they will abide by the company’s code of ethics.
Unfortunately, there is no perfect method for preventing people from breaking the law. Consider, for example, agents who memorize credit card numbers and then share them with friends, or agents who give unearned rebates or free products to friends or colleagues.
Human nature is such that some people will manage to find a way around the rules. The enterprise challenge is to put in place preventative checks and balances to identify when rules are broken, before the associated issues grow too big. Fortunately for most companies, thefts in contact centers are generally not notable enough to hit the press. But this doesn’t mean that a major security breach can’t happen to you.
Protecting Staff and Facilities
Contact centers must continue to dedicate resources to protecting customers’ assets from their own employees; however they must also invest in protecting their staff and sites from the general public. In the past, the principal concerns were fires, floods, natural disasters and other “acts of God.” Now, there are more insidious threats to contact centers’ physical locations – greater challenges with greater risks, as one slip-up could have catastrophic results.
Years ago when I was running a call center, we received a call from a major in the US Army who was frustrated by our company’s policies. He explained that he was being sent abroad and as a result would be unable to cover the minimum payments on his credit card account. He wanted us to delay his payments while he was on active duty. The contact center staff appreciated his issue, but credit policy wasn’t accommodating…at least not right away. So, the very frustrated major threatened to blow us up. Twenty years ago, this threat wasn’t taken very seriously and was handled by having me, the vice president of the call center, calm him down. (We also figured out how to delay his payments until the policy group figured out what to do for him.)
Times have changed. Contact center managers can no longer take a chance and dismiss a threatening customer as just a nut case. Now, there must be well-formulated security and contingency plans for protecting employees and facilities. Sure, there are easy steps to take, like implementing video recording, hiring security, and monitoring and restricting access to buildings. Cameras can be installed in false ceilings, as in casinos–this protects both data and personnel. But these efforts are not going to help if there really is a bomb on site or someone with a gun in the facility.
Contact centers employ hundreds and sometimes thousands of agents. Comprehensive security and contingency plans are essential to protect the staff in case of a serious threat. These plans should be developed by security experts and communicated to and practiced by all staff.
Yes, this is going to cost companies money. But it could cost a great deal more if there are no plans in place when needed. In the past, many enterprises took a calculated risk and decided not to devote the time and money needed to develop contingency plans. Regrettably, this is no longer an option.
If your contact center does not have fully developed contingency and security plans, it’s time to prioritize this task and put them in place. The alternative is not a scenario that any manager or chief executive wants to consider.