January 22, 2020
Stay in the Know
It was yet another booming holiday season, with total sales projected to exceed $1 trillion USD for the first time in history. All of this spending was accompanied by yet another seasonal trend – an increase in shoppers making purchases and inquiring about orders over the phone.
While a large chunk of holiday shopping was projected to be conducted via traditional retail, $135 billion USD was expected to be spent through eCommerce channels. People who bought things online may now need help with their orders, or assistance returning them, and a number of those people will call your contact center.
In addition to increased call volume for your contact center, this spike in activity represents an opportunity for payment fraud. Fraudsters – which can include seasonal employees with bad intentions – will be tempted to steal your customers’ credit card numbers and other personal information by duping agents on calls, through phishing attacks and other blackhat tactics.
Unfortunately, protecting sensitive customer data is sometimes at odds with monitoring agent performance and managing quality through recording and analytics.
Here’s what to look out for.
Why is Payment Fraud a Problem?
Payment fraud boils down to two centers of risk. The primary risk, unfortunately, is your own employees. About 70 percent of contact centers require customers to read out their credit card number or social security number in order to identify themselves. This means that the contact center representative can hear their information, memorize or record it, and then potentially use it for nefarious purposes.
Almost ten percent of all contact center representatives know someone who has done this, making it an endemic problem.
In addition to the problem of your contact center employees, there’s also the risk that an intruder is on your phone lines or in your computers.
The rollout of EMV chips over the last few years has made it harder for attackers to steal credit card information directly at the point of sale. This means that the contact center, where all this payment and account information eventually ends up, becomes a much more attractive target.
Attackers will attempt to hack into VoIP phone systems so that they can listen to calls, steal call recordings, hack into agents’ computers, and impersonate customers so they can make fraudulent purchases with stolen account information.
Defending Call Centers is Harder Than You Think
Customers want contact centers to be convenient. They want to be able to give you their information once, without having to repeat it every time they’ve moved to a new agent. Investments in omnichannel communications and other technology are all in the service of helping customers get what they need from you as quickly as possible.
Here’s the rub: often, delivering convenience isn’t in the service of security. To prevent payment fraud via impersonation, it makes sense to have customers authenticate themselves more than once. On the other hand, the more often that customers authenticate themselves, not only is it likely that they will get frustrated by having to repeat information, it also opens them up to a higher opportunity of repeating the information to a contact center representative who will steal it.
In addition, you will likely run into technological hurdles. For example, one popular way of authenticating customers is via two-factor authentication. The customer calls you and gives you their account number, and then get an email or a text message with a one-time password, thus proving that they are calling from a device that they control. This theoretically helps prevent attackers from impersonating customers.
Two-factor authentication is effective until you realize that a lot of people calling your contact center are going to be doing so from landline phones. Not everyone can use text messages or even receive emails, so enterprise security standards must be able to accommodate these individuals. In addition, every security standard that is put in place needs to acknowledge the risk of malicious insiders – which two-factor authentication can’t really do.
Your Safest Bet is to Take PII Out of Your Own Hands
We know that securing your customers’ private information is critical. And make no mistake, consumers want to know that the companies with which they do business safeguard their sensitive data.
The best way to prevent hackers – and malicious insiders – from targeting your customers is to take customers’ personal data out of the contact center interaction. In other words, you need a system that lets your customers authenticate themselves without exposing credit card numbers and other private information to an agent.
Agent-assisted automated authentication solutions can greatly improve contact center security, keeping both external attackers and malicious insiders out of the loop while still allowing the agent to provide assistance. When customers enter their account and credit card details online or on the phone, their information gets transmitted through a secure database for verification.
This way, your customer service reps are blocked from hearing a customer’s account details but remain on the line to ensure resolution.
Noble® Secure Payment Assist utilizes Noble’s patented technologies for agent-assisted transactions to help you manage payments in a protected environment. Using automated tools with touch-tone and data masking, SPA can help your organization protect PII, meet PCI security standards, reduce the risk of fraud and theft, lower costs, improve agent workflows, and create a better customer experience.
Learn more about how Secure Payment Assist can help deliver simpler, more protected payments – leading to happier customers and a more secure contact center!