Taking a multi-layered approach to contact centre security

The current volume and sophistication of contact centre fraud means organisations now need multiple layers of protection if they’re going to stay secure.

Taking a multi-layered approach to contact centre security

The current volume and sophistication of contact centre fraud means organisations now need multiple layers of protection if they’re going to stay secure.

Kerry JohnsonProduct Manager - AI for Customer Experience, BT

Contact centre fraud is big business these days. According to the Association of Certified Fraud Examiners (ACFE) (PDF), 79% of organisations have reported an increase in the volume of attacks through their customer contact channels since the pandemic – with criminals quick to take advantage of the disruption and prey on the vulnerabilities of both agents and customers.

Scams are also becoming increasingly manipulative and more difficult to detect. And a growing number of attacks are becoming successful. According to Datos Insights, a third of contact centres experienced higher fraud costs in 2020 than they did just two years before.

With many different attacks coming in from different angles, you can no longer rely on any single layer of defence. A multi-layered approach is the only way to help combat this hostile threat landscape.

Understand the types of threat

A good starting point to achieving multi-layered security is increasing your understanding of the sophisticated exploits that are targeting contact centres today. We’re seeing a wide variety of techniques being used, often in combination.

For example, with synthetic identity fraud, fraudsters might steal identities or combine fake and real customer information to exploit the contact centre. They’ll even scope out vulnerabilities in systems or extract information using sophisticated techniques like Interactive Voice Response (IVR) mining which finds gaps in the IVR system using machine learning. Or, in the case of a social engineering attack, agents are manipulated into breaking security protocols or accidentally revealing information. Fraudsters will sometimes even go to extreme lengths to do this by using fake audio to simulate intense dilemmas or scenarios.

Build up the layers

Once you’re aware of the types of attacks that might be coming your way, there are some key practices you can encourage your people to adopt that will help layer up your defences:

  • The ‘least privilege’ principle: Limit agents’ access to only the systems and data they’re guaranteed to need to do their job. This will reduce the risk of both malicious and inadvertent data breaches.
  • Identity access management: Look at automating the management of both employee and customer identity to help balance convenience and security.
  • Authentication: Authenticating customers, and eliminating fraudulent callers before they get through, saves time and resources further down the line. Tools such as voice biometrics and call validation can be very effective at this.
  • Endpoint protection: Keep all endpoint devices updated and protected to stop malicious emails and software gaining access to your network.
  • Threat detection: Store and monitor logs for signs of malicious activity – this will help detect breaches quickly and reduce the risk of a bigger incident in the future.
  • Security training: Help your employees to become your ‘human firewall’ by educating them on the cyber risks and what to watch out for. Share the responsibility for security and help them feel confident to report suspicious activity and other security related concerns.

Avoid overwhelming agents

In reality, there’s only so much you can expect your people to do, especially when agents are already under pressure to meet customers’ growing expectations while reducing their call handling times. Burdening them with additional security measures, like manual authentication and verification procedures, will only increase friction in their working lives and create time-consuming and frustrating interactions with customers.

Instead, a call validation solution that analyses and flags suspicious callers before they get through can take some of the pressure off. Particularly when combined with Artificial Intelligence (AI)-powered authentication technology that uses biometrics to identify callers from key inherent characteristics like their voice, behaviour or touch.

Together, these two technologies can create a robust multi-factor authentication solution that increases IVR containment and boosts customer self-service, while also streamlining and improving the reliability of authentication. The end result provides better experiences, reduced contact centre costs and a lower risk of successful fraudulent attacks.

Our security credentials

We have a strong track record in helping our customers defend their contact centres against fraud. Our strategic partnerships with leading vendors in this area mean we can protect organisations and their customers. Solutions like Nuance Gatekeeper with BT and Fraud, security and compliance layer together brilliantly to provide a solid multi-factor authentication solution. And our wider security portfolio can provide the other essential layers of defence.

You can download our whitepaper to find out more about what these technologies could do for your contact centre security.