The call centre security burden

Written by Matt Smallman, Director, Symnex Consulting &
Dan Miller, Lead Analyst & Founder, Opus Research

By smartnumbers

Every call centre needs to be sure that the person on the end of the phone is who they are claiming to be for most if not all calls. Even if goods, services, or money are not at immediate risk, some personal data is inevitably used in conversations between companies and their customers. Call centre leaders have a legal and moral responsibility to stop it from falling into the wrong hands.

The well-intentioned response to an organisation’s obligation to authenticate customers too often involves the nonsensical security processes we are all experience daily. Where our date of birth and mother’s maiden name are considered to be so secret and unknowable to anyone else (apart from the three other call centres you’ve spoken to this week) they are still regarded as the keys to the kingdom. Or we are forced through the mental gymnastics of figuring out the seventh and twelfth letter of the password we use with every organisation and online site. Some organisations even put us through the physical contortion of trying to read (and then input) a four-digit code from a text message they’ve sent to the same device we are trying to talk to them on.

It’s not that there aren’t better solutions. It’s just that most organisations haven’t chosen to implement them. They’ve tolerated the status quo for so long that many of their executives have become blind to the enormous cost, sometimes up to 20% of all talk time, and opportunity for better customer conversations lost through these completely ineffective processes. Sure, big banks have their fancy Voice Biometrics systems. Yet, the very nature of that technology, where a customer needs to enrol a voiceprint before being authenticated, makes it impractical for many organisations.

Perhaps consumers are to blame. Whilst we love to hate these processes, whose terrible customer service story doesn’t start with the security process and get worse from there, we are powerless to demand better. In practice, a surprising number of customers vote with their feet after a poor security experience.

The solution is right in front of us: Network Intelligence

The solution for most organisations has been sitting under their noses for a long time. Nearly every call we receive is already associated with an inbound number or caller identifier. We’re more than happy to answer our mobile phones with the caller’s name when it’s in our address book but refuse to let our call centre agents do the same for our best customers.

The more observant reader will remember we recently wrote about the many reasons not to trust number identification services. Yet, the reality is that there are exceptionally cost-effective technologies that solve the trust problem and give you confidence for 95% or more of the numbers you receive. In addition to the displayed number in a call centre platform, every call has an enormous amount of signalling data used to route it across the telephone network. Every hop leaves a tell-tale signature that is near impossible to fake without breaking the connection of the call itself.

From Network Intelligence to Network Authentication

This ‘metadata’ is unintelligible to me or you, but when you have enormous amounts of it, you can identify the patterns consistent with a genuine customer call and those that may have been faked or originated from a suspicious location despite their advertised number. The technology has been proven over the last decade and is responsible for most telephone fraud detection in retail banking. When associated with the telephone numbers most of us already hold for our customers, we can use it to authenticate their possession of their phone.

Using machine learning and network signalling data to identify anomalous behaviour so that we can trust a caller’s number is called “Network Authentication.” For companies that don’t have the benefit of frequent repeat callers or multiple enrolments of voiceprints, we expect it to be all the authentication required to complete the vast majority of service interactions for businesses of all sizes. Not only is it a vast improvement over the time-consuming, expensive and insecure knowledge-based authentication dance. It is a stronger line of defence against fraud loss and unwanted access to personal information.

You can read more about Network Intelligence in our eBook: “Network Intelligence A Modern Approach to Authentication and Fraud Prevention”

Matt Smallman is the author of a new book “Unlock Your Call Centre: A proven way to upgrade security, efficiency and caller experience” which includes a step-by-step process for understanding how your current security processes perform and how to effectively implement Network Authentication. It’s available now in paperback and electronic format. You can find out more and read a free chapter at https://www.unlockyourcallcentre.com/

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
__hstc	5 months 27 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_182830_12	1 minute	Set by Google to distinguish users.
_gat_UA-182830-12	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjSession_1990635	30 minutes	No description
_hjSessionUser_1990635	1 year	No description
_hjShownFeedbackMessage	1 day	Hotjar sets this cookie when a user minimizes or completes Incoming Feedback so that the Incoming Feedback loads as soon as it is minimized if the user navigates to another page where it is set to show.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
_OG_GDPR_COOKIE_	session	No description available.
AnalyticsSyncHistory	1 month	No description
li_gc	2 years	No description

The call centre security burden

By smartnumbers

Fraudsters are using the phone more than you realise

In fraud prevention the customer is the weakest link

Smartnumbers doubles down on Amazon partnership through AWS ISV Accelerate Program and Connect Ready designation

Fraud in contact centres is on the rise, but we’re well placed to tackle it