Outdated practices at contact centres, like making customers read their payment information aloud, are rendering customer data vulnerable to leaks and theft.
On an average, a data breach could cost an organization $3.62 million, and one in 10 agents have been asked by others to access customers' sensitive data.
A large number of customer contact centres across the world are still employing outdated organisational practices, thereby endangering not only sensitive data belonging to customers but their reputations as well.
A survey of more than 500 agents at such contact centres by Semafone has revealed how much such centres rely on outdated, risky practices for customer interaction, data collection and fraud prevention. Because such practices are still in place, contact centres are still struggling to protect sensitive data from internal and external threats.
According to the survey, 72% of agents are required to ask their customers to read their identity numbers or payment card details aloud. At the same time, 30% of agents can access payment card information or social security numbers of customers even when they’re not on the phone with the latter.
The survey further revealed that while 7% of agents have been asked by someone from within their organisation to access or share customers’ payment card information or other sensitive data, 4% of agents have received similar requests from people outside their organisation.
Alarmingly, 42% of agents who were approached by others to access or share sensitive customer data did not report them to either management or law enforcement. As such, organisations that outsource their work to contact centres must ensure that contact centres have the technology in place to ensure that customer data is not lost or breached.
'Our survey confirmed many contact centers are still using inadequate practices when capturing, processing and storing payment card data and other personally identifiable information (PII),' said Tim Critchley, CEO of Semafone.
'When a single data breach can cost a company millions of dollars, traditional security controls like clean rooms and check points are not enough. The only way to truly protect sensitive data is to remove it from the business infrastructure completely.
'While a majority of agents are good, honest people, it takes just one malicious person to expose sensitive data and ruin a business’ reputation. Contact centers need to act now—otherwise, they are just sitting around, waiting to be breached,' he added.
According to the survey, contact centres have employed a number of restrictive measures that are affecting employee morale and resulting in high turnover. It revealed that as many as 79% of employees are not allowed to have cell phones at their workstation, 38% are not allowed paper or pens, 31% are not allowed to bring personal items or bags and 28% have to pass through security check everytime they enter and leave work.
Semafone is suggesting that organisations must adopt dual-tone multi-frequency (DTMF) masking technologies to descope their contact centres from Payment Card Industry Data Security Standard (PCI DSS) compliance. DTMF technology is essential as it helps people enter payment card information and other identifying information into the telephone keypad.
'DTMF tones are masked with flat tones so they are not captured on call recordings, and neither the agent nor an eavesdropper can decipher the numbers. The agent is also able to remain on the line in full voice conversation with the customer, thus improving the customer experience,' the firm said.
'The sensitive data is then sent straight to the appropriate third party, such as the payment processor, bypassing the contact center’s infrastructure altogether.'