Call centers are under attack by fraudsters. In the latest Call Center Commerce Tracker, PYMNTS examines the latest strategies for fighting back, including voice authentication and anti-spoofing techniques. Plus, Michael Kropidlowski of Aspect tells PYMNTS how masking tools are helping to mitigate one of the biggest risks of all: the call center agents themselves.
Companies are being forced to fight fraud on new fronts as consumers increasingly crave quick, multichannel access to banks, airlines, healthcare providers, retailers and others. In response, customer service agents, particularly in call centers, have to be readily available, all while protecting sensitive information from would-be bad actors.
Fraud can be fierce in the call center space, and when it strikes, costs quickly pile up. That doesn’t just include direct financial losses to companies, but also the loss of opportunities and potential revenue when consumers’ trust is broken after they become the victims of cybercrime.
In this month’s Call Center Tracker feature story, PYMNTS caught up with Michael Kropidlowski, director of product marketing for call center solution provider Aspect Software, to discuss how call centers are equipping themselves for the fight against fraud.
Frustrating fraudsters, without frustrating customers
As fraudsters continue to increase their efforts to make off with customers’ credentials, many companies have responded by adding new layers of authentication, including passphrases and security questions, to channels like SMS messages and call centers, Kropidlowski said.
Companies must walk a tightrope while adding new authentication processes, he noted, as, although this combats against the fraudsters the company intends to keep at bay, this can produce friction for genuine customers. If customers get tired of repeatedly having to log in anew and answering several security questions each time they want to access their accounts on a company’s website or app, they may take their business somewhere else, Kropidlowski said.
“Companies are responding by adding more layers of security,” he said. “It’s a big pain for the customers at times.”
To help bridge the gap, businesses need to educate customers on why they’re imposing security measures and work to make it clear that these extra steps are in the consumers’ best interest. Other useful strategies include drawing on a mix of protection methods, including not just knowledge-based authentication, but also biometric measures such as voice recognition, Kropidlowski noted.
Preventing agent fraud
When customers call a company, seeking a live agent’s assistance, their calls are typically answered by someone who is eager to help.
While unlikely, there is always the possibility that a so-called customer service agent may actually be a bad actor seeking to steal sensitive personal or payment information. To remove any such risks, Aspect offers an IVR solution that is designed to process sensitive information, while preventing that same information from ever reaching an agent’s ears during the call.
With this approach, customers are asked to input their credit card information via their phone’s keypad, rather than sharing it with an agent. The agent’s audio is cut off, and the call recording pauses, preventing the agent from hearing the key tones.
“If someone is calling in and wanting to make a payment with their credit card, if a company doesn’t have a way to do that while masking that information, there’s an immediate risk there,” Kropidlowski said. “Keeping the human out, where they don’t even have access to numbers, is the most secure way.”
This masking approach, he noted, can be used on anything from payment information to Social Security numbers. No matter what details are entered, the information is sent directly to the payment processor or other responsible company, without ever being stored at the call center or revealed to the agent.
Speed and security with SMS
Although those solutions can help customers interacting with agents during a phone call, SMS fraud is becoming increasingly popular — and for good reason. The immediacy of SMS enables companies to extend purchasing, bill pay opportunities and other services to consumers right when they’re in the mindset to act.
This, Kropidlowski said, can offer customers greater convenience while also reducing the risk that the customer will forget to complete a transaction.
“By making it convenient, customers are more likely to pay, purchase — whatever the scenario is — and have that done right then and there, versus saying, ‘Oh, I’ll go log on to my computer later’ and then they forget and it’s a late payment or they never make the purchase,” he said.
For instance, an airline’s call center might use SMS to send customers a notification that their flight has been canceled. The airline can then capitalize on the channel by also providing a link to three new flight options and asking the customer to select one.
However, companies have to be aware that a device could become stolen. To reduce the risk of device thieves accessing a customer’s account, call centers can send notifications that don’t contain sensitive information, but rather provide a link to a company-branded one-time-use web page, where consumers must authenticate themselves before proceeding further, Kropidlowski noted. This could help customers securely view health records, make a payment on their cable bill or update their address with a company.
As with the over-the-phone masking solution, this approach routes the sensitive part of a transaction — the handling of healthcare or financial information — around the call center and directly to the company’s portal. It also helps prevent app fatigue for consumers who are tired of downloading yet another app, or simply no longer have the storage space on their phone.
As customers move between self-service channels like SMS or phone calls with live agents more frequently, providing convenient service means remembering who the customer is and what she has done previously on any channel. Otherwise, customers have to start their transaction relationship from scratch each time.
Effectively storing and accessing customer relationship information, and having it ready when that customer calls in, will mean a seamless multifactor experience for the customer. It also means keeping things such as virus protections, firewalls and other database securities robust, both to protect static data and data in transit, Kropidlowski said.
Whether they are serving airlines, healthcare providers, banks or retailers, call centers play an increasingly important role in helping businesses get ahead. And with fraud not going away any time soon, call centers will need to continue to be on the alert for the newest ways to dial up their defenses and eliminate opportunities for bad actors to strike.