Securing the Contact Center

Walk through a contact center and you will hear violations of security and privacy in the name of servicing the consumer. As we collected information on location at multiple contact centers, it was readily apparent that contact center security needs a makeover. Large and small financial institutions, processors, merchants, and technology companies were assessed to determine best-in-class standards of contact center security; however, a best-in-class solution was not found. Every contact center had significant vulnerabilities that were identifiable by speaking with agents and operational staff, and by listening to consumer conversations. 

From the information gathered in the art of the conversation to the data validated to verify the caller, all rely on the weakest link of security—humans. With a sophisticated toolkit, criminals can spoof calls, artfully gather data, and take over accounts without the representative being aware that the true person is not on the call. Or worse yet, when account and transaction information is modified for someone perceived to be a close relation (spouse, child, or executive assistant), the account is at risk. 

Contact centers are generally not where security professionals reside, yet it is the front door for criminal activity. A maze of outsourced providers—attributable to necessity or design—provides minimal infrastructure for the building of protective barriers in the contact center itself.  No one group is given the funding or the staff required to solve the challenges that contact centers bring. The only way to stop the trend of account takeover is through a collaborative approach and by deploying new security technology. 

Key questions discussed in this report:

• What types of fraud occur when contact centers are not secure?
• How are contact centers secured when there are multiple entry points?
• What technology capability is needed to minimize the threats faced by financial institutions and merchants?