6 Security Questions to Ask Your BPO Call Center

6 Security Questions to Ask Your BPO Call Center

In today’s digitally connected world, having top-notch communication is essential for effective customer service. Customers expect top-notch service, which includes prompt response to their queries, or else they will move to your competitor.

However, a majority of growing businesses may not have the manpower or resources to manage an in-house call center, leaving existing staff to divide their attention between their daily responsibilities and phone calls which could affect the quality of both. If you are finding it hard to keep up with customers’ demand, as a result of increasing customer base, maybe it is time to let a dedicated BPO call center handle your customer care.

While outsourcing customer service functions can boost the quality of customer care and increase sales, it can also ruin your reputation if you partner with the wrong provider. BPO call center operations may be effective, but the landscape has evolved over the recent past; it has opened doors to several security risks.

In the modern business environment, organizations use a variety of technology platforms and software solutions to collect and share customer data. Without proper data protection measures, this situation could lead to data exposure, especially if agents share digital documents that have sensitive and confidential information. That is why data beaches are too common today.

Considering the amount of valuable information that BPO call centers collect every day, they are an attractive target for data mining attacks. It is, therefore, more critical than ever to assess the security measures put in place by a potential BPO call center partner. A simple data breach could cost you millions of dollars. Here are 6 security questions to ask your call center before signing any contract.

1. How strong are your Q & A security protocols?

A recent study found out that call center frauds have spiked by over 45%. The study attributes the increase to the use of deceptive tactics to lure individuals to divulge critical information. Reputable BPO call centers equip their agents with several security questions (open-ended questions and questions not found on documents), double-sided protection, and voice biometrics.

Open-ended security questions:

Agents can protect customer data by posing open-ended security questions that genuine customers can only answer. For instance, asking a banking customer “Do you have a checking or savings account?” limit the probability of a caller guessing the correct answer to 50%. But if an agent put the question this way “What type of account do you currently have with us?” or “How much money do you have in your account?” will further diminish the chances of guessing the right answer.

Questions not on documents:

Nowadays, it is easy for fraudsters to gain access to customers’ confidential information. Handbags and wallets can be stolen. Utility bills discarded while intact may end up in the wrong hands. To make it difficult for fraudsters to give correct answers, agents should ask for questions not found in documents such as “How long have you been banking with us?”

Double-sided security:

The kind of security questions asked by agents could also lead to information theft. In order to safeguard the customer from revealing sensitive information to agents, the company should not allow its agents to ask for customers’ passwords. Also, they should only ask for some data out of specific personal information, for instance, asking for certain digits out of their date of birth.

Tighten security with voice metrics:

Voice metrics simplify customer identification while providing a high level of security. The system uses the caller’s unique voice print to verify his or her identity. It provides significant benefits for both the customer and the center. Customer verification time is greatly reduced because they don’t have to remember everything about their accounts. On top of this, it is difficult for criminals to mimic customers’ voices.

2. How strong is your password policy?

How strong is your password policy?

Weak passwords pose security risks. A 2015 security study conducted by Trust Global found out that almost a third (28%)of security breaches are linked to weak passwords. A reputable BPO Call center should have a strong password policy for accessing individual documents and internal systems. Ask potential outsourcing firms to share with you the password policy they use on internals systems, digital documents, and self-service portals. As a rule of the thumb, assess if the company respect the following security standards:

  • Are passwords rendered unreadable through strong encryption?
  • Do access to personal computers, firewalls, servers, and other networking gadgets follow a strong password requirement, which expires after 90 days?
  • How does the company handle passwords for employees who have left the company?

3. Do you use multiple layers of defense?

Besides having a strong password policy, contact centers need to put in place multiple layers of defense. As cybercriminals get smarter, traditional databases and network security measures are not sufficient. Considering the volume of information hosted by BPO contact centers, it is a great security risk if there is no layered security system. A single authentication measure such as encrypting customers’ is not enough to create an attack-proof system. If a criminal gets past one layer of protection, he or she can also get through the second layer. You should, therefore, expect your BPO partner to have a continuous authentication system. It is important to encrypt not just customer data alone but also information sent to clients or between agents via email. This is important for the following reasons:

  • Emails erroneously sent to wrong persons cannot be accessed unless someone has authorization.  
  • Prevent the interception of emails.
  • Prevent unauthorized access by staff within the contact center like a compromised worker using stolen, but valid proof of identity. With multiple security layers, it becomes increasingly difficult for even the smartest hacker to get into the system.

4. Do you provide ongoing education to your agents?

The simplest loophole that criminals use to access sensitive information is by compromising staff. The fact that call centers have one of the highest staff turnovers further complicates the risk. Seek to understand if the company offer refresher training to their agents to ensure they operate by security guidelines, especially with regard to access and sending customer documents. Assess if the company emphasis to their employees the importance of ignoring unknown documents and links because hackers used these avenues to install malicious software on call centers.

5. How do you manage access at the document level?

The digital document management solution used by a BPO company should provide multi-layer access control. This arrangement enables the BPO center to compartmentalize and control access to various documents. Ask if the system specifies what rights each agent has over a document. Also, question the management of how they deal with certain private documents. In an ideal situation, private records are password protected, and the only access the call center has is the ability to send the information to the customer.

6. Do you have an incident response plan?

It is important that you find out how the company responds when there is a data breach. What kind of remedial measures does the company have to deal with such situations? What consultation or communication do you expect during such incidents? Sometimes incidents are inevitable, so you should be fully comfortable with the response plan the BPO Company has.

Conclusion

The above is just a few of the critical security questions you need to ask to gauge the preparedness of a potential BPO firm. By asking these questions, you are not only preventing your organization from being a victim of a security breach, but you are also safeguarding the trust given to you by your customers.

For more on security, see https://ansafone.com/soc2-certification-and-why-its-important/

Industry Awards and Affiliations