Posted inPCI DSS Compliance
UK companies are being urged to take security seriously in their contact centres when adapting their home-working and office working routines as the lockdown is eased.
We all had to adapt quickly when the Coronavirus Pandemic took hold, which may have meant some organisations took short-cuts with security, suggests Eckoh, the contact centre security specialist who has helped a number of its clients to securely operate their contact centres from home.
The company is calling on UK organisations to take time to ensure their remote and home workers can offer the same levels of data and payment card security as their office-based contact centre, to ensure customers’ data is protected and the organisation is compliant. As the lockdown eases Eckoh is advising organisations to take a medium to longer-term view on how a remote or home-working contact centre can be set up to work alongside an office-based one to accommodate the ‘new normal’ where working practices may be very different.
"Criminals are opportunistic and have already seen this crisis as an opportunity for fraud," says Nik Philpot, Eckoh’s CEO. "They might use anything from phishing attacks via email, infiltrating organisations with planted employees, to obtaining card numbers that are read aloud or scribbled down on paper. People's homes aren't always secure spaces and mistakes can happen easily too. It's an uncomfortable reality."
To eliminate these risks, Eckoh is recommending its patented Secure Payment solution for handling customer card payments — one that prevents agents from seeing, hearing or recording card details.
Eckoh is also encouraging companies to go a step further and offer more empathetic services to their customers via leading-edge Chat and Chatbot technology, where PCI compliant, secure payments can be made within the Chat or Chatbot window. This is a big helping hand for remote or on-premise contact centres who are trying to handle an increasing number of customer enquiries. Having a Chatbot that can take secure payments also means that organisations can be available to customers 24x7 and for those who prefer to self-serve.
"It's another good example of how brands can be more supportive of customers at this time without compromising security. In the understandable rush to maintain customer service, it's essential that organisations get it right — even if that takes a few extra days. Customers need trust and confidence, now more than ever." says Nik.
The background story: How secure are home-working contact centre agents?
The Coronavirus has presented huge challenges for organisations. Some have closed their contact centres — mindful of a potential backlash of negative comments1 from customers who can no longer talk to someone about an order, booking or complex enquiry.
Other organisations tried to maintain business continuity by mobilising their workforce to work from home. But in the rush to ensure business continuity and good customer service, Eckoh is questioning whether adequate security measures are in place to ensure customers' personal details are safe.
Gartner reports that globally some two million customer service agents are now working from home, and this number has undoubtedly increased massively during the current crisis. But cyber-criminals are taking advantage of organisations’ weakened state by targeting them. In April 2020 alone, there were 49 data breach incidents globally, with a total of 216,141,421 affected records2.
While speed has been of the essence in getting contact centre agents to work home, Eckoh's concern is that organisations may have cut corners by opting for the cheapest or fastest route.
"In an office environment, contact centre agents are governed by internal policies, processes, procedures and security access. But what happens in the home environment? How do you keep sensitive details private?" says Nik.
The last thing a customer wants is to be relaying payment card information over the phone to someone who is not in a secure, controlled environment using a secure payment tool. Similarly, it's a big ask to make agents responsible for streams of sensitive card data coming their way, when they're not security experts.
Finding the right answers
"In any engagement, the point where payment card details are given out is the most vulnerable to attack, so this area needs to be locked down fast and effectively. This is the reason data security standards like GDPR and the Payment Card Industry Data Security Standard (PCI DSS) exist.
"Compliance and security do not pause for a crisis, and if anything, they need to be more rigorously upheld as customer service becomes more dispersed. Fortunately, technology exists to make this possible, acting as a shield around the home-worker as it did for the contact centre employee," says Nik. "This may take a little more time than some other solutions promise, but the peace of mind in having a water-tight security system will be time and money well spent in the long-term — and you’ll maintain customer confidence.”
Eckoh’s recommended approach is to remove the risk of fraud by preventing sensitive data from entering the contact centre environment, something that can be replicated for the home-working environment. Put simply, the technology sits between the customer and the agent, preventing sensitive payment details from ever entering the agent's home environment, but still allowing the communication between the two to continue uninterrupted and for the payment to be concluded successfully. As a result, it removes the whole environment from the scope of PCI DSS.
As an effective interim measure, a similar solution can be used that removes just the agent, their screen, and any call recordings from the scope of PCI DSS. This simpler approach allows the customer to effectively type their own payment information into the agent’s payment screen, using a patented process, but with the details being shielded from view of the agent. It’s simple, but highly effective.
Whichever new working practices organisations adopt, security should remain at the heart of the operation, ensuring the business, the customers’ data and the contact centre agents are protected, secure and compliant.
Latest News Items
Monday, 16 November 2020 Cyber Essentials certification shows Eckoh’s cyber security commitmentEckoh proves its security integrity for client, partner and employee reassurance
Thursday, 05 November 2020 An Update on Eckoh’s response to COVID-19We wanted to give you an update on our response to COVID-19.
Thursday, 13 August 2020 Significant UK Contract WinSix-year Capita and TfL contract renewal worth £4m