By Tim Critchley, CEO, Semafone
Retail is one of the most frequently targeted sectors for data breaches. In fact, it is the industry with the largest single share of incidents investigated in Trustwave’s Annual Global Security Report for two years running. The repercussions of just one breach can be dire, especially from a reputational standpoint. As the National Retail Federation (NRF) points out, retailers are often the ones who grab the headlines for a data breach, likely because they are names consumers know and trust.
For example, this May, the U.S. clothing store Brooks Brothers made headlines for a year-long security incident involving malicious software that could potentially compromise customers’ payment card information. Even more notorious is Target’s data breach that affected roughly 40 million customers and led to an $18.5 million settlement with 47 U.S. states and the District of Columbia. But the reputational damage was even more significant, as Target’s profits plummeted in the days after the fallout.
To protect their customers’ most sensitive data — as well as their own brand reputation — retailers need to step up their data security efforts or risk losing customers’ trust, patronage, and business. In fact, a 2016 KPMG survey showed 19 percent of consumers would stop shopping at a retailer that had been a victim of a cybersecurity hack, even if the company took the necessary steps to remediate the issue.
Retail Call Centers Are Prime Targets
Retailers are rolling out new technologies to prevent cyberattacks and data breaches. One example is the recent move to EMV-enabled chip cards. While chip card technology has been successful in deterring fraud at the point of sale, it has had the unintended consequence of causing criminals to turn instead to channels where card-not-present (CNP) transactions take place, such as the call center. Often deemed the “low-hanging fruit” by fraudsters, call centers are seeing an increase in fraudulent activity, including those that operate in the retail industry. Recent research shows retail call center fraud nearly doubled last year.
Furthermore, it’s not only outside hackers who are posing threats. Call centers must be on high alert for insider fraud committed by customer service representatives (CSR) or agents. This could involve a rogue CSR copying down a caller’s payment card data for personal use or even for selling to a third party. Moreover, not all insider threats are malicious. An agent could accidentally open a phishing email that exposes sensitive data throughout the network to illicit third parties.
The challenge for retail call centers, perhaps more so than in any other industry, is how to effectively protect customer data while also providing a positive customer experience along the way. After all, customer service is of utmost importance in the retail industry and will overtake both price and product as the key brand differentiator by 2020.
Removing Data From The Call Center
To help protect against data breaches, many call centers have begun implementing technologies that shield payment card data and other sensitive personal information from agents, such as interactive voice recognition (IVR) systems. However, these technologies are known to create customer frustration and increase average handling time (AHT) as many times customers don’t know how to correct a miskeyed number and simply hang up the phone (leading to a lost sale). Even when information is inputted correctly, the customer’s data may still touch or be stored in various CRM systems, leaving it vulnerable in the event of a breach.
Call centers should not have to sacrifice customer service for data security. Fortunately, new technologies exist that allow call centers to have the best of both worlds. These technologies give customers greater control over their personal data by allowing them to enter payment card numbers, social security numbers (SSNs), and other sensitive data directly into their telephone keypad. The most important aspect here is the use of dual tone multi-frequency (DTMF) masking, which obscures the numbers from both CSRs and call recordings by replacing touch tones with flat tones. Though it conceals the card data from CSRs, they are still able to remain in full voice communication with callers to help with any issues that may arise. Therefore, there is no need to transfer customers or place them on hold to collect payments. Furthermore, card data can be relayed directly to the payment processor so it never touches the call center’s infrastructure.
Technology In Use
One highly popular U.S. consumer brand recently found success with such an approach. Although it had all the proper call center security controls in place, the company wanted to go the extra mile to ensure its customer’s data is safe. It required a solution that would not only remove sensitive information from the call center environment, but also (and more importantly) provide the best possible customer experience in the process.
With a DTMF masking solution, the retailer is achieving these goals. CSRs never hear or enter customer payment card information, and callers have complete control over their data. Meanwhile, the CSR stays on the line with the caller to provide a smooth transaction and customer journey. There is no need to transfer customers to an IVR system, pass them onto another agent, put them on hold or send them an email to complete their payment. Additionally, the solution is integrated with several different third-party payment systems, including a third-party hosted page that captures card information for service payment plans. As a result, customers know their data is secure, no matter which additional products or services they purchase through the company.
While the threats of cyberattacks and fraud remain, the good news for retailers is they do not have to sacrifice the customer experience for stronger data security — even within the area that has long been considered their weakest link, the call center. New technologies like DTMF masking solutions keep payment data and other personal information from ever touching the call center environment, allowing both customer service and strong data security to co-exist. By adopting these types of new technology solutions in their call centers, retailers can reduce the risk of becoming the next Target (in more ways than one) and making headlines as the victim of a massive data breach, while ensuring their customers remain happy shoppers.