Data security in the call center has emerged as front page news on both sides of the pond in the wake of two high-profile cases.
A documentary that aired in the U.K. last week showed an undercover reporter purchasing bank account details and other personal information from a man with ties to an outsourced Indian call center operation. That has renewed outrage in the U.K. where consumers are still upset about a revelation in June in which a reported £230,000 was taken from British bank customers. An employee at a Bangalore, India, call center of HSBC Holdings plc was arrested after an internal investigation in that case.
Meanwhile, criminal charges have been filed at Hewlett-Packard Co. where investigators hired by the company used pretexting to acquire the phone records of reporters in an effort to determine the source of news leaks within its organization. Pretexting is a practice of misleading employees of banks and phone companies into revealing a customer's private records. While much of the publicity has focused on the investigators and the executives at HP who may have known about the practice, it has demonstrated the need for organizations to be wary of safeguarding their customer data.
A recent survey in the U.K. found that 50% of organizations aren't doing enough to control the use of customer data, noted Richard Snow, vice president and research director with San Mateo, Calif.-based Ventana Research. Employees are unfamiliar with laws surrounding customer data or they believe that complex nondisclosure agreements are protection enough.
"There isn't a simple answer," Snow said. "Any person -- in a contact center, a work-at-home person or an outsourcer -- if you're going to get them to answer customer calls, you're going to give them data. From a technical point of view you can give them user identity files but we all know that can be broken down. The biggest issue is do you trust those people to use that data."
Snow, who is based in the U.K., has seen firsthand what a data breach in the call center can mean. Companies are now using the fact that they don't outsource customer service calls to India as a major differentiator.
The first solution, Snow said, is better screening, followed by better processes and agent monitoring.
Safe at home?
Work-at-home, or remote, agents, offer a new wrinkle to securing customer data. These agents tend to be more experienced and willing to work for less and, as technology like Voice over Internet Protocol (VoIP) evolves, require only an Internet connection, a phone and software, saving call centers on real estate costs. But no matter how sure a company is that its agents are trustworthy, what if they live in a household with an ex-con? What does their easy access to customer records mean for compliance?
"Agent selection including background screens and criminal background checks is the most critical factor," said Michael DeSalles, industry analyst for the communications practice at Frost & Sullivan.
Work-at-home agents who work from a shared computer present additional risks, because there is a greater threat of downloading a virus or being hacked, he added.
North American outsourcers, who rely most heavily on home-based agents, are the organizations addressing security most carefully. In fact, many have a proprietary screening process and are unwilling to share their methods, DeSalles said. Monitoring becomes a vital factor as well, and while companies save on real estate and benefits with work-at-home agents, they have to make up much of that in infrastructure and security.
"The very best outsourcers monitor the screens that each agent sees," DeSalles said.