A blog for all things retail and licensing.
TwitterFacebook

Keeping Consumer Information Secure

Guest Blog by Ken Davidson

Almost every customer interaction in retail involves contact with confidential consumer information. From the McDonald’s drive-through window to financial transactions on Wall Street, keeping customer information private is a top priority. But protecting this information from misuse by hackers and criminals is not always easy. Last year, information leaks compromised more than 180 million records, according to research by Javelin Strategy and Research, Pleasanton, Calif.

When companies are making the decision to outsource customer care to a contact center, they must be able to trust that the selected partner will do everything possible to protect their customers’ information. Although most contact centers understand the importance of privacy, the amount of time and monetary investment put forth in implementing secure processes, procedures and policies can vary significantly.

When looking for a contact center partner that places a high priority on security, it is advisable to start with organizations who have achieved payment card industry data security standards (PCI DSS) Level 1 certification. PCI DSS Level 1 certification proves that a company has met the stringent objectives for security management, policies, procedures, network architecture, software design and other critical protective measures as set forth by the members of the payment card industry.

The next step is to look at a contact center’s agents, network infrastructure and office environments. Virtual contact centers – or organizations using home-based employees – actually have several significant security advantages in these areas due to their innovative use of technology.

High Quality Agents

Efforts to prevent fraudulent activity begin with thoroughly vetting every employee before they are hired, including background and criminal checks. Virtual or at-home contact centers have a distinct advantage in this area because agents are hired from a nationwide talent pool, rather than a limited geographical area allowing them to be highly selective. Also, the demographics of home-based agents – they frequently are slightly older with higher levels of education than agents at brick-and-mortar centers – have been shown to contribute to lower levels of fraud.

One of the most feared incidents for any information-intensive company is the theft of customers’ personal and account information by hackers. To prevent unauthorized access, a company’s network infrastructure should consider utilizing the industry’s best practices including, but not limited to:

  • Back-to-back firewalls at the boundaries of the service provider and enterprise network infrastructures;
  • Multi-factor authentications to ensure that network users are who they say they are; and
  • Controlled authorization, including role-based access control, to give access only to resources required to perform job functions.

Office Environment

The third factor to consider when evaluating security is the processes in place at the office level. Whether it is a large physical center or a home office, the following procedures help protect information:

  • Locking down a computer to prevent information from being copied, logged, transmitted or otherwise retained;
  • Regularly installing system, security and anti-virus patches and updates;
  • Verifying all operating systems, applications and security software are installed correctly and operating properly; and
  • Masking personal data by having customers enter sensitive information directly via the telephone keypad.

In summary, retailers must select a contact center partner that places the utmost importance on protecting consumer information, including hiring the right agents, implementing the right processes and achieving PCI DSS Level 1 certification. Although nothing can absolutely protect against fraud, call centers that have made the investment and implemented appropriate measures provide an important additional layer of support to retailers serious about security.

Ken Davidson is the chief information security officer of Alpine Access Inc., which provides customer service and technical support to Fortune 1000 companies in the financial services, telecommunications, technology, healthcare, retail, travel and hospitality sectors. For more information, visit www.alpineaccess.com.

Retail Merchandiser magazine is pleased to present the points of view of many different industry stakeholders. If you would like to contribute your own guest blog to our site, please contact the editor at russ.gager@phoenixmediacorp.com.