Taking Steps to Stop Fraud in the Contact Center
May 02, 2014
May 02, 2014
Following prevention and detection, there are three additional layers to a security process focused on continuous improvement. These layers include response, education and governance. Many companies miss the last two and conclude their security process when the appropriate response has been taken.
Response and Consequences
Based on what you detect, it’s imperative that the response is appropriate. The security department within any organization will work in close partnership with the business leaders, human resources and legal counsel, often responding to threats through investigation and engagement with law enforcement.
Employees need to be made aware of the consequences of even the most minor fraudulent actions—from losing their jobs to going to jail.
Any instance of fraud, whilst directly impacting the consumer, can also indirectly affect the business through an irreparable breach of trust and loss of brand reputation. This would cause direct loss of revenue and potentially the need to downsize operations, resulting in job losses. If that business is the main employer in a town, the whole community can be affected by the actions of a single case of fraud.
Education Supplements the ‘Prevent, Detect and Respond’ Program
Education can help contact center employees to not only understand the personal risks, but the potential impact to their peers and colleagues, as well as the town they live in. But education is not just for employees, it’s also often an imperative for raising awareness of the organization that the contact center is contracted to serve.
In providing security awareness training to all levels of employee, the risks from direct insider threats can be mitigated and reduced. From the customer service representative handling customer data, through HR staff handling hiring, to the IT staff maintaining the antivirus and passwords on secured systems – everyone has a role to play in securing the contact center and protecting value.
Companies are very security conscious. It’s not unusual for them to be sensitive about what their contact center vendors do with data. One only has to look at the news to understand why data breach is something none of them wants to experience. But, it’s possible that they can be so focused on security through monitoring the vendor, that they overlook monitoring themselves. The contact center vendor that is vigilant about the security of how data is transferred to the contact center, as well as how it’s used once there, has a responsibility to educate their clients and raise awareness of identified threats, as well as their own staff.
Governance Closes the Loop
Crafting governance for security processes in the contact center requires going back to the beginning to reinforce what’s learned in order to build a stronger prevention program. This is the “last mile” in developing a continuous process of improvement for secure operations.
When an exception event is discovered, quite often the issue is system related but driven by operational processes. Let’s take an example:
An agent is tasked to complete a monthly sales quota. To incentivize the agents, they are rewarded with a commission for each sale. With each sale, the agent has the customer’s payment information. By using this information to make more purchases “on behalf” of the customer, the agent is able to boost their commissions and their progress toward quota and earning a bonus at the end of the month.
This issue is both a system and process issue for the accountability of the agent. In this case, metrics fraud used to bump target numbers. The quota process provided the temptation. The system allowed the agent to book additional sales without requiring each case (or sale) to be tied to a logged call.
The only way to close these gaps is by circling back once the gap is identified to correct it—both in the system and the process. This is why governance is critical. It is used to not only strengthen the prevention program, but also to inform methods that should be pursued for detection.
Security is Full Circle
While prevention, detection and appropriate response are critical to securing contact centers from fraud, education and governance complete the circle for a closed-loop process. With new hacks, economic hardships and temptations arising every day, it’s imperative that security protocols evolve in parallel.