Industry Research : 70% of Contact Centers Require Customers to Read Sensitive Data Aloud, Increasing Security Risks
A new survey of contact center agents conducted by Semafone reveals the dire state of contact center data security. Drawing responses from more than 500 agents across industries around the globe, the survey shows that a concerning number of contact centers rely on outdated, risky practices for customer interaction, data collection and fraud prevention. This exposes organizations to inside and outside security threats, and puts sensitive customer information at risk for brand-damaging data breaches.
Key survey findings
Contact centers still use data collection and customer interaction practices that create opportunities for agent fraud and leave data vulnerable to a breach.
- 72 percent of agents who collect credit/debit card information or social security numbers (SSNs) over the phone require customers to read numbers aloud, despite the readily available technologies that secure voice transactions
- 30 percent reported that they have access to customers’ payment card information or SSNs on file even when they’re not on the phone with the customer
Agents are experiencing and witnessing breach attempts from both insiders and outsiders, yet many do nothing to mitigate the risks.
- 7 percent of agents admitted that someone inside their organization has asked them to access or share customers’ payment card information or other sensitive data
- 4 percent said the same about someone outside their organization
- 9 percent said they personally know someone who has unlawfully accessed or shared customers’ payment card information
- 42 percent who were approached said they did not report the situation to either management or law enforcement
- These percentages may seem small, but just one successful breach attempt could cost an organization an average of $3.62 million, according to IBM’s 2017 Cost of a Data Breach Study
Contact centers aren’t doing enough to protect customer data and prevent fraud, while current practices contribute to low employee morale and high turnover.
- 79 percent of agents are not allowed to have cell phones at their work station
- 38 percent are not allowed paper or pens at their work station
- 31 percent are not allowed personal items or bags at their work station
- 28 percent must pass through a security check before entering or leaving work
- 26 percent work in a contact center "clean room," which prohibits any personal items and recording devices of any kind
Industry and geographical trends are apparent.
- Zero European agents reported instances of outsiders approaching them to share information – likely reflective of Europe’s stricter governance rules
- 50 percent of agents in Central and South America have access to customer data when they aren’t on the phone with the customer; these regions also had the highest number of requests from both insiders and outsiders to share data
- 35 percent of agents in the Business Process Outsourcing (BPO) industry have access to customer information when they aren’t on the line with them; 11 percent have been approached to share customer information
- The findings pertaining to BPO and Central/South America emphasize the increased risks created by outsourcing and offshoring. In fact, research shows that poor outsourcing decisions cause 63 percent of data breaches, so strong data security is vital for those with such business models
"Our survey confirmed many contact centers are still using inadequate practices when capturing, processing and storing payment card data and other personally identifiable information (PII)," said Tim Critchley, Semafone CEO. "When a single data breach can cost a company millions of dollars, traditional security controls like clean rooms and check points are not enough. The only way to truly protect sensitive data is to remove it from the business infrastructure completely."
Critchley continued, "Although just four and seven percent of survey participants had been approached by outsiders and insiders, respectively, to provide customer data, these are alarming numbers when extrapolated to the greater contact center agent population. While a majority of agents are good, honest people, it takes just one malicious person to expose sensitive data and ruin a business’ reputation. Contact centers need to act now—otherwise, they are just sitting around, waiting to be breached."
Today's Tip of the Day - Today’s Technology
More Editorial From Semafone
Semafone provides secure voice transactions for contact centres and retailers taking Cardholder Not Present (CNP) payments. The solution allows a call - and the call recording - to continue as normal whilst the customer enters their credit card information using their telephone keypad. For complete security, Semafone's patented technology masks the Dual Tone Multi-Frequency (DTMF) tones from the cardholder's telephone and replaces them with a flat tone so they can't be recognised by the call centre agent or recorded on the call recording system. By ensuring all card data remains segregated and by removing Sensitive Authentication Data (SAD) before it hits the call recorder and the contact centre infrastructure, the contact centre is taken out of the scope of PCI DSS, protected against the risk of opportunistic agent fraud and the associated reputational risk.
Published: Thursday, November 2, 2017
|Horizon Contact Centers|
Horizon is an on demand international Contact Center and (BPO) Company.
|Marketing Call Center|
Marketing Call Center is certified in ISO 9001: 2008 and operates offshore in the field of telemarketing and customer relationship management.
Fiserv is a provider of technology solutions to the financial world, including banks, credit unions, securities processing organizations, insurance companies.
|Bright Pattern Inc|
Bright Pattern is an effective cloud contact center software which helps businesses to simplify multichannel service. Bright Pattern’s solution features enterprise-grade architecture that offers n...