Customer service (CS) and data security are two equally important aspects of any successful organisation. While a great customer experience (CX) will bring in more foot traffic, no amount of "wow" experiences and smiles will restore a customer's trust in your security capabilities once it is broken. This brings about the difficult discussion of choosing between prioritising CS or data security. But while many mistakenly believe that one must be compromised for the sake of the other, the reality is quite different. Organisations should consider data security to be a part of their CS and find a way to reach a solid middle ground in both areas. Good CS and strong data security are not mutually exclusive so long as an optimum balance is achieved between the two.
There are many types of imminent security threats. They can be internal or external, from an employee or a cyber-criminal, done accidentally or purposefully. Consequently, the pressure of protecting the organisation's reputation and its customers' data may sometimes push it towards sacrificing CS or vice versa. However, there are modern technologies that make monitoring and mitigating both internal and external risks possible without sacrificing the integrity of the organisation's CS. They include:
Analytics are mainly used to study customer data for personalisation and marketing. However, they can also be leveraged in the detection of irregular internal activities. The State of Data Security in Contact Centres Report says that half of security incidents in organisations are insider threats from employees. Such threats include fraud or negligent mistakes and accidents. According to a survey conducted by Information Security Media Group, it is possible to remedy this by using data to protect data. The study showed that 41 percent of participants were afraid that anti-fraud technologies would hinder their customers' experience. However, 65 percent were able to successfully deploy fraud management and monitoring technologies using automated data analysis and transaction monitoring software without intruding on customer service. Such technologies use data mining to classify and group data to automatically detect pattern inconsistencies, which indicate fraud.
Invisible security measures
Security does not have to be a complex and difficult process for customers anymore. Today, new technologies are being designed and developed for the customer's convenience, keeping in mind ease of use, accessibility and invisibility. This makes integrating security into the equation without disrupting the user experience more feasible. For example, when making a call to your bank, the call center representative must implicitly view you as a malefactor impersonating the real customer until they can prove otherwise. Consequently they will first need you to verify that you are who you say you are. The bank will ask you a series of questions and when it is satisfied, it will move on to answering your queries. However, technologies today aim to make the CX more seamless by making security much more inconspicuous using features like background voice recognition software for identification. This allows organisations to spend more time assisting customers rather than challenging their credibility and making them feel uncomfortable. In this way, security can remain behind the scenes unless there is a need for it to surface.
Transparency refers to the organisation's honesty. Customers need to know what their information is being used for, who has access to it and what that may entail. When calling a vendor, for example, an automated voice may inform you that the call is being recorded for training purposes. By continuing with this call, you are agreeing to this and are aware that others might hear the recording. However transparency is not limited to truthfulness, rather it includes providing customers with simple and straightforward security. The Head of Global Product Marketing at Vasco, David Vergara, said that consumers expect their transaction experiences to be simple yet secure and will seek this out when looking to buy a product. Consequently, organisations need to adapt multi-factor authentication solutions that do not hinder the customer experience. Transparency helps you build strong relationships with your customer base, while ensuring that their data is well fortified.
The State of Data Security in Contact Centres Report revealed that 30 percent of call agents continue to have access to their customers' payment details after the call is finished. What is worse is that 7 percent have been asked by an insider for sensitive information and 4 percent were asked by an outsider. This leaves the door wide open for fraud. A way to mitigate this risk without degrading the quality of CS would be by enforcing the Payment Card Industry Data Security Standard (PCI DSS) which set security standards that control what happens to sensitive authentication data.
Additionally, PCI DSS recommends deploying any available technologies that can minimise the storage and recording of sensitive data. This may include features such as stop/record so that payment information is not on record when the customer reads it to the agent. Other options include outsourcing the data processing aspect of payments to a third party or using dual tone multi-frequency (DTMF) technology which allows customers to input sensitive data into their phone keypad and tokenises numbers on the agent's screen while replacing the dial tones with flat tones. DTMF ensures that personally identifiable information (PII) does not enter the call centre records by making it impossible to identify manually and electronically. Not only do such options prevent employees from committing fraud, but they also ensure that there is no data in house for hackers to breach.
According to the report, some call centres today mitigate risks further by banning personal items such as phones, bags and writing materials from entering the call centre. Additionally, agents are required to walk through security scanners before entering or leaving the premises. But most of these restrictions will not be needed if the correct technologies are employed to both protect customers and provide them with great customer service.