Cookie Preference Centre

Your Privacy
Strictly Necessary Cookies
Performance Cookies
Functional Cookies
Targeting Cookies

Your Privacy

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences, your device or used to make the site work as you expect it to. The information does not usually identify you directly, but it can give you a more personalized web experience. You can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, you should know that blocking some types of cookies may impact your experience on the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site may not work then.

Cookies used

Performance Cookies

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.

Cookies used

Google Analytics

Functional Cookies

These cookies allow the provision of enhance functionality and personalization, such as videos and live chats. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these functionalities may not function properly.

Cookies used




Targeting Cookies

These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant ads on other sites. They work by uniquely identifying your browser and device. If you do not allow these cookies, you will not experience our targeted advertising across different websites.

Cookies used


This site uses cookies and other tracking technologies to assist with navigation and your ability to provide feedback, analyse your use of our products and services, assist with our promotional and marketing efforts, and provide content from third parties

Become a Basic Member for free. Click Here

Industry Research : Granular Security to Curb Contact Center Insider Data Theft

The risk of insider theft of customer data in contact centers has increased in line with the boom in data volume, but this can be mitigated with granular security and vigilance, analysts note. They say well-established contact centers will realize that keeping ahead of the curve in implementing best practices will give them a competitive edge.

"Generally, it is not too difficult to get hold of private information and most systems are not secure enough to stop copies [from] being made and removed from the organization," said Andrew Kellet, senior analyst of IT solutions at Ovum.

According to him, the main problem has to do with the availability--and access--of sensitive customer information, rather than the environment of a contact center.

It is also why the issue of insider infiltration is not specific to any one market or geography, he noted, because "data theft happens wherever there is a financial opportunity" and when call center workers feel undervalued or overworked.

Daniel Hong, lead analyst of enterprise at Ovum, added that the incidents of insider data theft in news headlines were only those that got uncovered and deemed "newsworthy", while other cases go undiscovered or unreported.

Despite the rise of the Internet, customer interaction with contact centers is still growing, and this increasing volume of data generated also heightens the risk of theft and fraud, he said. "Anytime sensitive information is exchanged, there is always a high risk," he said. "Add to that, the call center has been around for almost 40 years, and the world since then has become more digital with vast amounts of customer information housed on various CRM (customer relationship management) databases."

Krishna Baidya, industry manager of ICT practice in Asia-Pacific at Frost & Sullivan, noted that data compromise risks were not new, but the "scale of incidences of data theft coming to light of late seems alarming", noting how data leaks nowadays were not limited to contact centers but enterprise-held data as well, such as the the massive data breach involving Sony PlayStation.

The analysts' comments come in the wake of recent news that Indian call centers were stealing and selling confidential data of some 500,000 Britons, including medical records and credit card details.

Granularity, vigilance key
Asked what security measures will help best ensure data protection from insider threats, Kellet said a robust data loss protection (DLP) system is a "good point to start", but emphasized the crux of the matter is ultimately controlling what data operators are allowed to see.

IT controls can and should be "very granular", so data can be segmented into only that which needs to be viewed by an operator to complete a task or request. Such granularity should extend to the use of monitoring software, so that unusual usage patterns can be picked up, reported and action taken, he added.

Frost & Sullivan's Baidya said well-established contact centers typically have rigorous security controls and best practices in place to prevent insider filtration, including restricted data access, security audits, and video camera monitoring of staff.

Under such scenarios, insider data theft incidences at the agent level are quite rare, he said. However it may not be so if the main contractor does not carry out due diligence when sub-outsourcing to another provider, he pointed out.

For contact center employees at supervisory or management level who have more privileged access to data, it is also a test of their integrity when it comes to data breaches, he added.

He also stressed that part of the responsibility of ensuring protection of customer data should also be on the organization that outsourced its customer service. These companies need to be prudent in selecting the outsourcer of choice based on certifications and past records, as well as enforce a stringent SLA (service level agreement) in terms of data security or breaches.

Risks to reputation
As the risks of insider data infiltration and theft have been longtime concerns among contact centers, there would already have been preventative security measures in place, especially since a strong reputation was critical in this industry, said analysts who spoke to ZDNet Asia.

Contact centers which are "serious about their business" and want to be one-up in terms of offering customers peace of mind as a service differentiator will not only keep pace with regulations but also take initiatives to be "ahead of the curve through certification and adopting advanced security technology", Baidya said.

Hong concurred: "At the end of the day if fraudulent activities are on the rise it reflects poorly on management--and management gets this."

"These are competitive markets, and loss of integrity can mean loss of future business," added Kellet. The vulnerability to data theft is so well known that most contact centers, especially those in the finance sectors, would already have several security controls in place, he noted.

That said, just how thorough companies are in being vigilant about securing data varies. Kellet, for one, noted: "most organizations [in general] are not vigilant enough and contact centers aren't any different".

Posted by Veronica Silva Cusi, news correspondent

Today's Tip of the Day - User Queue Choice

Read today's tip or listen to it on podcast.

Published: Friday, March 30, 2012

Printer Friendly Version Printer friendly version

2020 Buyers Guide Automated Call Distributors

Call Center Studio

Call Center Studio
Call Center Studio is the world’s first call center built on Google and is one of the most secure and stable systems with some of the industry’s best reporting. It is one of the most full-featured enterprise grade systems (with the most calling features, one of the best call distribution, outbound dialing features and integrations—including IVR, AI Speech Recognition, blended inbound/outbound calling and includes Google’s new Dialogflow and Speech API. Call Center Studio is the absolute easiest to use (with a 10 minute setup), and is the price performance leader with lower equipment cost and less setup time.
PH: +1 512-872-7565

ABOUT US IN 60 seconds!

Latest Americas Newsletter
both ids empty
session userid =
session UserTempID =
session adminlevel =
session blnTempHelpChatShow =
session cookie set = True
session page-view-total =
session page-view-total =
applicaiton blnAwardsClosed =
session blnCompletedAwardInterestPopup =
session blnCheckNewsletterInterestPopup =
session blnCompletedNewsletterInterestPopup =