Hybrid working is here to stay for contact centers — but how can you best keep customer data safe when so much of your engagement is now happening behind closed doors? It’s an issue that needs urgent attention.

Remote or hybrid working has become business-as-usual for most contact centers. Researchers found that 69% of US contact center agents are expected to be remote or hybrid working in 2023, according to ContactBabel’s 2023 US Contact Center Decision-Makers’ Guide.

But hybrid working isn’t ‘one thing’ — there’s a range of flavors. Organizations wanting to ease agent recruitment challenges, while maximizing the flexibility of their workforce, will follow a variety of models. Staffing patterns might include a mixture of on-premise and remote work, split shifts for home workers to fit with childcare, and casual remote staff to help out with peak periods.

Most likely, working patterns will alter to reflect changes in business needs, consumer demand and the arrival of new contact channels. Organizations may also have mergers and acquisitions, consolidate departments, move teams to smaller buildings and close larger premises.

Each change presents new security implications around customers’ sensitive data.

When agents all worked in the same supervised environment, order prevailed. Companies often relied on traditional security and protocols. Some methods worked well, others failed catastrophically. But at least the attack surface was confined. Now it’s slipped the leash and it’s a mile down the road.

Hybrid security and fraud
When considering inhibitors to homeworking, concerns over security and fraud were stated by one in three respondents as the greatest hurdle in ContactBabel’s Inner Circle Guide to Remote & Hybrid Working Contact Center Solutions.

The uncomfortable truth is that customer engagement can be impacted by people’s personal home set-up, which may be messy. Home agents could be sharing their workspace with family members, roommates and other tenants, plus anyone’s friends who may be visiting or sleeping on the couch.

This presents a host of risks around eavesdropping especially. It’s been estimated that more than 70% of agents still require customers to read payment information aloud over the phone, despite available technologies for more secure data transmission, according to ContactBabel’s Inner Circle Guide.

Then there are the risks around shoulder-surfing as well as access to laptops or devices — and the installation of keylogging software — when someone has a comfort break or makes a coffee. Any login details, card numbers scribbled down, or any paper files could be at risk too. Besides that, there can be safety issues around the potential use of unencrypted data and voice transmissions over insecure networks.

So what’s the answer?

PCI DSS 4.0 mindset
Unfortunately, some contact center leaders may think that buying a cloud service that’s PCI DSS-compliant and designed for secure services is enough. But the organization still remains responsible for its own data security. And this can be compromised by issues we’ve outlined.

As contact centers settle into the hybrid era and get ready for PCI DSS 4.0, customer-facing organizations need to adopt a new mindset.

Security must become a business-as-usual activity — a continuous process, demanding a shift in company culture.

One big question is how much of the risk of hybrid working do you want to take on yourself? For example, do you want to try to adapt traditional contact center security practices and technologies for the home-working environment? Alternatively, would it better make sense to adopt a completely shielded approach where card numbers are never seen, heard or recorded by agents? Then, if a security breach happens, there’s nothing to steal.

It’s also worth exploring advanced recording tools that use AI to monitor agent conversations. For example, calls involving new agents can be transcribed and analyzed automatically with any risky, contentious or off-piste phrases flagged immediately — so managers can take swift action. Major innovation is happening in this area.

Hybrid security breaches
As every data security professional knows, organized fraudsters and chancers are opportunistic. If most contact centers switch to a hybrid model, then criminals will do the same.

Inevitably, well-publicized security breaches will happen — and this could potentially set back the case for hybrid working. Consumers may also become more savvy and cynical, worrying about background noise during calls and feeling uneasy when agents ask for personal information.

Having won the business case for hybrid working, organizations now face the challenge of not losing all the gains they’ve secured. It wouldn’t take much to see a brand’s much-cherished hybrid strategy come crashing down, but it wouldn’t take a lot to strengthen and super-charge it either.

Contact us to discover more about securing your contact center in the hybrid era.

PCI DSS v4.0 Reference Guide

PCI DSS Reference Guide Cover

Protect Agents Everywhere

Call centre man