Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management
    • Networking

    How to Ensure Your Call Center Security

    Written by

    Ron Settele
    Published November 13, 2008
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Identify theft remains a major problem in the United States, with Americans losing $45.3 billion last year. In 2007 alone, 8.4 million adult Americans, or one in 27, were the victims of identity fraud.

      While this is a drop of 11 percent from the $51 billion lost in 2006, it’s still a significant issue for consumers. Contact centers and IVR (Interactive Voice Response) / voice portal systems are particularly vulnerable since existing methods of confirming callers’ identities are insecure.

      The pressures

      Understandably, consumers today are concerned about security. When it comes to access to voice self-service systems, they are not satisfied with PIN numbers and content knowledge alone for identity verification. Compared to current authentication methods, an increasing number of consumers feel that the use of their voiceprint would go a long way in making their transaction more secure and convenient. Most consumers would enroll their voiceprint with their financial institution, for example, if given the opportunity.

      The politics

      Established in 1979, the Federal Financial Institutions Examination Council (FFIEC) is a “formal interagency body empowered to prescribe uniform principles, standards and report forms for….financial institutions.” In 2001, the FFIEC provided specific guidance on authentication in an Internet banking environment. In 2005, it updated that guidance to include high-risk services performed through telephone banking systems and call centers attached to financial institutions. As financial institutions enhance their Internet banking security, threats will migrate to other access channels–mainly the telephone.

      The insurance and health care industries are being similarly impacted by the Privacy Rule under HIPAA (Health Insurance Portability and Accountability Act of 1996). HIPAA itself protects “individually identifiable health information” held or transmitted, in any form, whether electronic, paper or verbal. HIPAA’s Privacy Rule establishes regulations for the use and disclosure of Protected Health Information (PHI), which is any information about an individual’s health status, including biometric identifiers such as finger and voiceprints.

      Both of these policies are forcing organizations to a heightened awareness of how to address critical security issues.

      The possibilities

      Until very recently, you could always count on being prompted for your account number and the last four digits of your social security number when accessing a self-service system. In many cases, the same would be true when speaking to a live agent. Times have certainly changed! There are now many methods available to enhance caller authentication. However, no single method is adequate. Utilizing multiple “factors” to authenticate the identity of a caller is advised.

      What is a factor? The FFIEC places factors into three specific categories:

      Category #1: Something the user has, such as an ID card, security token, software token, phone or cell phone

      Category #2: Something the user knows, such as a password, passphrase or PIN number

      Category #3: Something the user is (such as voiceprint, fingerprint or retinal pattern)

      In some cases, providing access with a single-factor, multi-item authentication would be considered adequate. In this case, challenging the caller with pieces of information that only they would be likely to know are used. These solutions are typically simple to implement and could be deemed adequate for callers accessing information that is not considered sensitive.

      But that’s where the rub is! Opinions differ widely as to what types of information should be deemed sensitive. And, with the proliferation of information that can be accessed via the Internet, could single-factor, multi-item authentication ever be viewed as secure enough?

      Multifactor and risk-based authentication solutions

      These concerns by the consumer are pushing enterprises to consider multifactor and risk-based authentication solutions. Using something the user “knows” in combination with something they “are,” provides a much more secure environment in which callers can access account information and transact business. The ability to compare and verify a voice sample from the caller against the voiceprint found in the customer profile (for the account being accessed) significantly increases the likelihood that the right person is attempting to access the account.

      Even more secure authentication methods are available if other parameters are taken into account. What if, on top of the multifactor authentication method described above, the system also took into account the number from which you were calling? Or how about whether or not the transaction you are performing is typical based on past behavior? How about taking into account the “Superman Effect?” What do I mean by that? It’s when someone tries to access your account from Los Angeles and then tries again just an hour later from New York City.

      Risk-based authentication can take all of these parameters into account and more. How about taking into account access attempts from the Internet and the contact center? Solutions such as these are available today and can be tailored to meet your business needs. Market and regulatory pressure is building to require enterprises to deliver more secure access to customer account information. How secure is your customers’ information?

      Ron Settele is a Customer Authentication Specialist within the Relationship Technology Management (RTM) business unit at Convergys Corp. He has more than 23 years of experience in providing product management and product marketing leadership at high-technology solutions providers such as MCI and Alcatel.

      During his six years at Alcatel, he led both product management and product marketing teams that delivered and marketed telephony offerings to the carrier market. Prior to that, while at MCI, he led a team of product managers that defined solutions to provide sophisticated calling features.

      Ron holds a U.S. patent for intelligent routing of international call traffic. He earned a Bachelors of Engineering in Mechanical Engineering from Stevens Institute of Technology. He can be reached at Ron.Settele@convergys.com.

      Ron Settele
      Ron Settele
      Ron Settele is a Customer Authentication Specialist within the Relationship Technology Management (RTM) business unit at Convergys Corp. With over 23 years of experience in product management and product marketing at leading high-tech companies like MCI and Alcatel, he specializes in developing secure authentication solutions and fraud prevention strategies for enterprise telecommunications and customer service environments. During his tenure at Alcatel, Ron led product teams focused on secure telephony solutions for carrier networks. At MCI, he managed teams responsible for designing advanced communication security features to protect user data and prevent fraud. He holds a U.S. patent for intelligent routing of international call traffic, demonstrating his expertise in optimizing secure telecommunications. Ron frequently contributes insights on call center security, identity fraud prevention, and customer authentication best practices. He has been involved in industry discussions on mitigating cybersecurity threats in contact centers and securing customer interactions against fraud. He earned a Bachelor’s in Mechanical Engineering from Stevens Institute of Technology and continues to explore advancements in cybersecurity for enterprise communications.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×