Contact Centers, because of the high volume of interaction with unfamiliar voices, are a prime target for security threats. There are many points of possible failure when it comes to contact center security, from hardware to data to the people who work there. It may turn out that the best way to prevent security issues is to hire competent, professional agents to work for you. Find out why as we explore...
Issue One: TDoS Attack
A telephony-denial-of-service attack is when there are so many calls that the system gets overwhelmed. It is closely related to a distributed-denial-of-service attack, which is when a web service gets overwhelmed with hits. TDoS attacks have hit emergency responders, banks, and businesses. The attack is followed by a demand for money to get the attack to stop. If the money is paid out to the extortionist, the money will go into an anonymous debit card with no way to track it.
- How to Fix It:
This is an ongoing fight. There are some firewalls specifically made for VoIP that can redirect calls when it detects a threat. Calls from a certain location can be blocked, just like traffic from an IP address can be blocked. The Department of Homeland Security asks that any victims of this fraud contact them or the FBI.Issue Two: Identity Theft Due To Security Questions
Call centers, by their nature, interact with customers half a world away. So, it's important to be able to verify the customer's identity before a scammer can do massive damage. According to a story in the Consumerist, a man in 2008 fooled the contact center of Chase and was able to take $40,000 in credit card theft from one person by knowing the victim's name, mother's maiden name, and social security number. The worst part is that the thief could not get past US-based contact centers, whose employees saw through the ruse and flagged it, but was still able to fool the Philippines-based contact center.
- How to Fix It:
This is a case where security and convenience work against each other. GoodSecurityQuestions.com recommends that security questions be safe, stable, memorable, simple, and have many possible answers. That way, the right person would easily recall the answer, and it would be difficult for a thief to guess. A good example is “What is the make and model of your first car?” a bad question is “what is your favorite flavor of ice cream?”Issue Three: Do Not Call Registry Violation
While this may not sound like a security concern by itself, you can't have a much more serious issue to the future of your business than getting sued or fined by the FTC! The Do Not Call List allows callers to file a complaint to prevent unwanted telemarketing. The FTC has collected over $70 million in fines, penalties, and paybacks to date.
- How To Fix It:
A contact center has to subscribe to the FTC's white list. There are companies that provide it as a service, and it is included with many call center software solutions. If you do it yourself, it is best to update your registry every 30 days, because more names are added and deleted from the list every month.Issue Four: Physical Security
Contact centers are an international business. Unfortunately, some areas of the world are not as safe as others. Employers must be aware of fire codes, sanitation guidelines, OSHA or similar requirements. Contact centers must be especially careful for the safety of their female workers. Companies must take ownership of their physical safety and also be sure that they are not sexually harassed by their co-workers.
- How to Fix It:
The Ministry of Business, Innovation and Employment of New Zealand recommends that you check supervisors are clear on what their responsibilities are, and that they have the right kind of experience to oversee the other workers. Also make sure that people know the locations of first aid kits, emergency exits, and fire extinguishers, which should have clear signage. Take an active role in office safety.
Issue Five: Identity Theft Due To Mis-dialing
Let's say your number is 123-4567. And let's say someone dials 123-4576? Well, it turns out that there are scammers out there that have been known to take similar numbers as legitimate companies', and put their own contact center on the receiving end. An unnamed billion dollar credit union was targeted by this method. The scammer informed the caller that they had won a gift card, and then asked for personal information to receive the supposed money.
- How To Fix it:
All but the largest of enterprises won't be able to reserve phone numbers. (Even “micorsoft.com” won't take you to Microsoft, it's a scam!) It's almost an impossible task. But what can be done is informing your customers to be wary of suspicious activity. This is actually an area where hiring American workers can be an asset, because if customers hear an unfamiliar accent, they may be more on their guard.
The consequences of failing to provide adequate security today are now two-fold. First, there are the effects of the attack itself. Then, because we live in a connected world, the word will get out through blogs and social media, to say nothing of established media. So reputation is worth as much, if not more, than the cost of a breach. The best way to face these threats is to proactively attack them head on. We even recommend you hire a “penetration tester” to attack your network for you and report how easy or hard it was. It is good practice to hire good workers and stay on the right side of the law.