Four Key Areas for Data Protection in Your Contact Center

Author:  Brett Williams, Director of Product Management at Aspect

We’ve all heard about the “mass hijackings” of consumer data that have occurred in recent years. Each case involved a serious security breach that resulted in the downloading (and subsequent misuse) of thousands of consumer records. While the main vulnerability in these types of cases has generally pointed to corporate systems such as mainframes, Enterprise Resource Planning (ERPs), and Customer Relationship Management (CRMs), it’s still extremely important that you consider the security of your contact center technology.

Of the 12 key compliance requirements set out by the Payment Card Industry Security Standards Council (PCI SCC), protecting stored cardholder data (requirement #3) is the place where the contact center can play the biggest roll. In order to reduce the exposure of your cardholder data, I recommend that you take a good look at the following key areas.

Your database – when cardholder data is imported within the database for outbound dialing, a person with access to the database can view this information. To protect your customer data, look for solutions that allow your center to place outbound calls from its own external database. Alternatively, if you import data for outbound dialing purposes, use access control and encryption to limit employee access to the data.

Agent and supervisor user interfaces – cardholder data is sometimes delivered to your agents’ desktops with screen-pops, and can be exposed as part of the supervisory desktop. Keep your customers’ information more secure by excluding sensitive data from outbound records and/or the user interfaces. If you must deliver the card holder data, make sure that it is delivered securely using Secure Sockets Layer (SSL) and ensure that any temporary files are encrypted.

Log files – cardholder data is often captured as part of a voice portal process, as part of an inbound call screen-pop, or in call data for an outbound call, and stored as log files. You can put some safeguards in place such as restricting access to your log files, or encrypting log files using standard encryption tools.

Recordings – cardholder data can be recorded as part of an agent-customer conversation, an automated speech-based self-service application, or an agent desktop screen recording. Presently, there are a few ways to protect your customers when it comes to recorded data. First, you can encrypt recordings and ensure that playback is conducted over SSL. You can also restrict access to the recording files during playback, archival or transfer. Alternatively, you can pause recordings when sensitive customer data is entered so that sensitive data is never recorded in the first place.

What tips and tricks have you already implemented to protect the customer data in your contact center? How can we help?

Comments (0)

(1 votes, average: 5.00 out of 5)

 Loading ...

How Serious Are You About Protecting Your Customer Data?

Author:  Brett Williams, Director of Product Management at Aspect

Any way you look at it, protecting your customers’ data is just good business practice.  As a consumer whose friends have had their personal information compromised, I look at data protection simply as the right thing to do. But for companies that aren’t convinced they should make changes based solely on altruistic ideas, here are a few other reasons to protect customer data: people are much more likely to do business with companies that keep important information, such as credit card numbers and social security numbers, safe; and, a breach can cost ridiculous amounts of money in combating bad press and fending off or settling lawsuits.  Oh yeah … there’s one more important reason to protect customer data – the Payment Card Industry Security Standards Council (PCI SSC).

A few years ago, the PCI SSC laid out the Payment Card Industry Data Security Standard (PCI DSS), a 12-step process designed to regulate and standardize the methods merchants use to protect credit card data. These are basic guidelines that companies should follow. Until now, participation in this program has been somewhat discretionary (but again, good practice) with punishments for non-compliance being imposed only by the credit card companies that created the guidelines.They range from things like hefty fines to credit card companies flat out refusing to conduct future business with your company.

Local government will soon be entering the game. Beginning on January 1, 2010, Nevada will become the first U.S. state to mandate complete compliance with the PCI DSS. Nevada’s law is not designed to punish those that do not comply.  Instead, it will protect those that do comply by shielding them against liability for damages resulting from security breaches.

What does this mean to the contact center industry? The good news is that IT departments largely handle many of the requirements relating to PCI DSS. These include things like building and maintaining a secure network and maintaining a vulnerability management program complete with anti-virus software and secure systems. But, the contact center can and should be supporting IT whenever possible, especially when it comes to protecting cardholder data.

Next week, we’ll talk a bit more about how you can help with PCI DSS compliance in your contact center. In the meantime, I’d like to hear your opinion on whether or not other states or federal governments should implement laws like Nevada’s.

Comments (2)

(No Ratings Yet)

 Loading ...

Is it Really Possible for Everything in Your Contact Center to be Real Time?

Author: Brett Williams, Director of Product Management

Last week, I wrote a bit about how workforce optimization can (and should) be used in conjunction with unified communications (UC) to support any contact center’s expert escalation strategy. After I posted my blog, I realized that I had left out another, extremely important use for this technology pairing – speeding up the ability to solve business issues.

It stands to reason that if you can see which colleagues are available, you can more readily reach them to resolve problems. That’s clearly true on the customer front. So, my question for you is: Why wouldn’t you take that concept one step further and apply it to improve your everyday contact center operations? For instance, your supervisors could use UC and workforce management capabilities to literally make staffing changes in real-time as they recognize the need for those changes through real-time service level monitoring. Let me give you an example of what I mean.

Here’s a specific situation concerning a large, multi-site financial services organization with a fraud-monitoring queue. Suppose an analyst monitoring the queue determines that call volumes are dramatically higher than anticipated, and has been told that a security breach was the root cause of the increased volume. Prior to UC, the analyst would have had to view a spreadsheet with a list of supervisors with agents that service the queue, view the supervisor’s schedules to determine which ones were working, look up the supervisors’ phone numbers in a directory, and dial their phone number.

That’s not the case anymore. Because UC-enabled workforce optimization solutions combine the logic that is stored within the application with the UC application, the analyst is able to communicate with the appropriate supervisor(s) with just a few clicks of her mouse. As a result, the analyst and the supervisor gain the ability to collaborate and instantaneously solve the problem. In addition, the supervisor can begin adding agents to the queue in a matter of seconds rather than minutes. As we all know, any timesaving is significant in critical situations.

Are there scenarios within your contact center where you can envision the benefits of these capabilities that you can share?

Comments (0)

(1 votes, average: 1.00 out of 5)

 Loading ...

Instant Communication is Exciting, but Optimizing Your Workforce is Key

Author:  Brett Williams, Director of Product Management at Aspect

We are in the midst of an exciting technology revolution.  One that is transitioning us from a world with finite boundaries where voice and data networks are separate, technologies are siloed and business processes are manual; to one of limitless possibilities where phone systems and software applications are combined, and can be easily integrated with routing platforms and other productivity tools. This new age is presenting a unique opportunity for companies to automate routine business processes, or achieve what many UC and interaction management experts refer to as communications enabled business processes (CEBP). But, tunnel vision for the combination of UC and interaction management platforms has caused some to temporarily overlook the importance of a UC together with workforce optimization, as well as the significant benefits that contact centers can achieve from this marriage.

Let’s back up for a minute and talk about one of the first CEBPs that came out of the contact center.  It involved the implementation of a structured process around customer escalations. The combination of UC and customer interaction management, has given contact center agents the ability to connect with experts outside their department for help resolving complex customer inquiries. Agents are now empowered to use their desktops to determine the presence of experts in the enterprise, and to instantaneously contact the appropriate people for assistance. From a business perspective, this is important because it provides contact centers with a structured, real-time collaborative environment, which enables them to resolve customers’ questions the first time, rather than requiring multiple follow-up calls.

Now, imagine implementing an expert escalation strategy without some sort of workforce optimization plan to back it up. There are a lot of management-related issues to think about. For example, experts should be scheduled at particular times of the day and week to ensure that they are available when escalations are most likely to occur.  This type of structured approach also keeps experts from being disturbed by escalations outside of their scheduled “escalation hours” so they can focus on their “day job” when not working on escalations. In addition, companies that are implementing a formalized expert escalation process  will require some sort of method for recording agent-to-expert and customer-to-expert interactions for both liability and quality control purposes. And finally, since the end goal of engaging with these experts across the enterprise is to improve customer satisfaction, there needs to be an effective process for measuring the performance of the experts and their impact on overall customer satisfaction and contact center efficiency. A workforce optimization solution can ensure that all of these things occur.

What does your expert escalation plan currently look like and what adjustments are you planning to make?  I’d love to hear from you!

Comments (0)

(1 votes, average: 4.00 out of 5)

 Loading ...