Personalise your experience

Get the latest insights relevant to your sector.

Blog · 29 Nov 2022

Taking a multi-layered approach to contact centre security

The current volume and sophistication of contact centre fraud means organisations now need multiple layers of protection if they’re going to stay secure.

Kerry Johnson
Product Manager - AI for Customer Experience

Contact centre fraud is big business these days. Since the pandemic, 79% of organisations have reported an increase in the volume of attacks through their customer contact channels, with criminals quick to take advantage of the disruption and prey on the vulnerabilities of both agents and customers.

Scams are also becoming increasingly manipulative and more difficult to detect. Between 2019 and 2021, ‘true identity’ theft where attackers impersonate customers, was found to have increased by 82%. And, a growing number of attacks are becoming successful, with a third of contact centres experiencing higher fraud costs in 2020 than they did just two years before in 2018.

With many different attacks coming in from different angles, you can no longer rely on any single layer of defence. A multi-layered approach is the only way to help combat this hostile threat landscape.

Understand the types of threat

A good starting point to achieving multi-layered security is increasing your understanding of the sophisticated exploits that are targeting contact centres today. We’re seeing a wide variety of techniques being used, often in combination.

For example, with synthetic identity fraud, fraudsters might steal identities or combine fake and real customer information to exploit the contact centre. They’ll even scope out vulnerabilities in systems or extract information using sophisticated techniques like Interactive Voice Response (IVR) mining which finds gaps in the IVR system using machine learning. Or, in the case of a social engineering attack, agents are manipulated into breaking security protocols or accidentally revealing information. Fraudsters will sometimes even go to extreme lengths to do this by using fake audio to simulate intense dilemmas or scenarios.

Build up the layers

Once you’re aware of the types of attacks that might be coming your way, there are some key practices you can encourage your people to adopt that will help layer up your defences:

  • The ‘least privilege’ principle: Limit agents’ access to only the systems and data they’re guaranteed to need to do their job. This will reduce the risk of both malicious and inadvertent data breaches.
  • Identity access management: Look at automating the management of both employee and customer identity to help balance convenience and security.
  • Authentication: Authenticating customers, and eliminating fraudulent callers before they get through, saves time and resources further down the line. Tools such as voice biometrics and call validation can be very effective at this.
  • Endpoint protection: Keep all endpoint devices updated and protected to stop malicious emails and software gaining access to your network.
  • Threat detection: Store and monitor logs for signs of malicious activity, this will help detect breaches quickly and reduce the risk of a bigger incident in the future.
  • Security training: Help your employees to become your ‘human firewall’ by educating them on the cyber risks and what to watch out for. Share the responsibility for security and help them feel confident to report suspicious activity and other security related concerns.

Avoid overwhelming agents

In reality, there’s only so much you can expect your people to do, especially when agents are already under pressure to meet customers’ growing expectations while reducing their call handling times. Burdening them with additional security measures, like manual authentication and verification procedures, will only increase friction in their working lives and create time-consuming and frustrating interactions with customers.

Instead, a call validation solution that analyses and flags suspicious callers before they get through can take some of the pressure off. Particularly when combined with AI-powered authentication technology that uses biometrics to identify callers from key inherent characteristics like their voice, behaviour or touch.

Together these two technologies can create a robust multi-factor authentication solution that increases IVR containment and boosts customer self-service, while also streamlining and improving the reliability of authentication. The end result provides better experiences, reduced contact centre costs and a lower risk of successful fraudulent attacks.

Our security credentials

We have a strong track record in helping our customers defend their contact centres against fraud. Our strategic partnerships with leading vendors in this area mean we can protect organisations and their customers. Solutions like Nuance Gatekeeper with BT and Smartnumbers Protect with BT, layer together brilliantly to provide a solid multi-factor authentication solution. And our wider security portfolio can provide the other essential layers of defence.

If you’d like to find out more about what these technologies could do for your contact centre security, please download our whitepaper.