27th May 2024

Security is a human problem

By Grant White

In the CCMA’s recent report, contact centre security expert Matt Smallman shares his thoughts on  the challenges of customer authentication 

The following is based on Matt Smallman’s ‘afterword’ in the CCMA’s report, Balancing fighting fraud with customer experience. To read the full report, click here.

As someone who spends their life thinking about customer security experiences, getting a reality check from the front line is always healthy, and this year’s survey is no exception. 

It’s a powerful reminder that security is, first and foremost, a human problem, not one of process or even technology. For example, while security experts know the One Time Password via text message authentication method is both insecure and inefficient, consumers still perceive it as the most secure and usable. 

Consumers’ refuse to see themselves as a weak link in the security process even when they sabotage it by, as the survey shows, sharing their secret information across many organisations. 

They just don’t believe bad things will happen until they do. And when they do, a traditional dependence on knowledge-based authentication by most organisations has trained them to correlate friction and effort with security. 

Unfortunately this all comes back to bite us in the contact centre, where automated systems and frontline agents must handle the fallout of security process failures in other channels but also prevent themselves from being exploited. 

And while the rate of suspicious calls is very low, less than 1 in 500 calls, even in high-risk organisations, successful compromises receive significant management attention. As a result, agents can become paranoid and hyper-vigilant, which change the nature of their interactions with your customers. 

Further, the cognitive dissonance created by being forced to interrogate every customer as if they were a fraudster (when the numbers suggest they would be lucky to speak to one a month) at the same time as trying to help them is a significant source of workplace stress. 

Fortunately, we appear to be at a tipping point. More consumers than ever, either personally victims of fraud or frustrated by their inability to access services, now acknowledge that security is a shared responsibility. 

Similarly, leading CCMA members are following the data to develop risk-based approaches that intelligently tailor the security experience to the customer and context. 

But there is still work to do. And whilst we do need to take security decisions out of the hands of agents, we shouldn’t underestimate the role of consumer perception as we transition to new security approaches. Methods such as voice biometrics and network authentication, for example, may deliver higher levels of security with lower levels of effort but are highly dependent on user adoption to be effective. 

Ultimately, unlocking your contact centre’s security processes means recognising the complex interplay between security, customer perception, and agent experience. 

Matt Smallman is the author of “Unlock Your Call Centre: A proven way to improve efficiency, security and caller experience” and founder of SymNex Consulting, where he helps organisations transform their call centre security experiences. 

To find out more, read the report.