The challenge for call centres over recent months has been how to balance the safety of employees and support them working remotely, with a lack of access to secure systems that could connect them to customer files, policy documents, and payment processes.
Many of the systems they rely on have not been developed for migration to a remote model. So when it comes to managing data securely and in a compliant fashion, there has been concern that in order to offer a claims service, staff and agents in many call centres would be receiving calls diverted to them on their mobile phones as they worked from home.
Banking and insurance company call centres have obligations to meet the Payment Card Industry Data Security Standard (PCI DSS). This seeks to protect customer credit card data over landlines, mobile phones, through Chat or use of apps. Normally managed within the call centre estate, PCI DSS ensures that wherever agents are required to process cardholder data, the transactions are monitored, logged and secured.
Adherence to PCI DSS is sporadic at the best of times with legacy technology or conversely new cloud-based systems being cited as barriers. However, it takes only one weak point for a customer’s data to be stolen or a website or mobile app to be hacked with long-term consequences. PCI DSS is not enshrined in law but fines for non-compliance can still be weighty and the impact on a brand is serious.
Covid-19 or not, call centre operators have a duty to ensure that agents working from home are equipped to do so, not least by using secure endpoints.
They can do this by implementing a protocol that guarantees all devices used by agents to process and access customer data have a blanket, high security posture – one that reflects the security standards employed within the corporate perimeter.
Standard anti-virus products will not do the trick. The particular vulnerability of endpoints means that solutions have to specifically protect data entry on BYOD and unmanaged devices, particularly into remote access apps like Citrix, VMWare, WVD, web browsers and Microsoft Office applications. Browsers that access the corporate network should be locked down, including URL whitelisting, enforced certificate checking and enforced https.
No special configuration is required. Just a simple download and install from pre-configured software will deliver a far more effective and speedy resolution to the threat. Call centre IT managers can select proven anti-keylogging software that can protect every keystroke into any application and prevent screen-scraping malware from stealing customer credentials, payment and sensitive personal and credit card data. It is also important that there is access to a portal that allows simple configuration by administrators – this is after all something that needs to be managed remotely.
As life begins to take on some semblance of normality again, customers contacting call centres will be expecting high standards, regardless of whether the agent they speak to is working in a physical call centre environment, or from their kitchen at home. Increasingly, it will become unacceptable to use Covid-19 as a reason for not delivering a secure, compliant service. Now is the time for companies to address areas of weakness and take advantage of the opportunity to implement processes and changes that will allow agents to work remotely with confidence in the future and ensure that customer data is fully protected at every stage in its journey through the banking or insurance system. To read the full article, please go to: https://www.financederivative.com/protecting-customer-data-in-physical-or-remote-call-centre-environments/