It’s no surprise that customer data security is on everyone’s mind. It should be.
While enterprise business solution customers tend to be more savvy, there is still a need to underscore the security of these solutions.
No one wants to be the company that lets personal data get into the wrong hands.
While agents in the contact center are often the target of "social engineering" attempts by fraudsters to gain access to sensitive customer information, it turns out that the agents aren't the only target.
Where Many Companies Go Wrong
There are few call center technologies that hold more sensitive customer information than the IVR. After all, customers are often asked to enter account numbers, passwords and financial information. Companies often go wrong in one of several ways:
- They store customer data on their application, which leads to data being copied to and stored in places that no one even knows about.
- They don’t clean data from one allocated spot before they move on to another customer transaction.
- They don’t properly secure the connections required to communicate sensitive customer information from a database to an application.
Getting It Right in Real-Time
To avoid the fallout from such errors, it’s important to treat customer data that enters the IVR cloud differently, and the nature of a real-time IVR transaction makes it possible. By working in real-time, the IVR can ensure that nothing is held, written or stored, and each call is kept in its own allocated space with its own resources. The call should be contained in that space during any necessary transactions, such as the retrieval of information from a customer’s database through a secure connection, and all relevant information should be returned to that memory space.
Once the call is completed by disconnection or transfer to a live agent, it’s house-cleaning time: the data is wiped before the space is allocated to another call. This way, the call center can ensure there are no memory leaks that allow sensitive customer information to bleed out into the rest of the system.
A prominent customer of Contact Solutions, a large East-Coast city, uses our solution to enable self-service payment of parking tickets. Rather than retaining sensitive customer information and storing it, we conduct transactions in real-time. Customers arrive in the IVR system and enter information via the menu.
At this time, we retrieve information about the customer’s balance or previous transactions from the city’s database via a secure connection, bring it back to the IVR application and present it in real time to the customer, who then pays the ticket or otherwise completes the transaction. We then release that information without storing it.
Why Is This Important?
As many of the recent cloud services breaches have revealed, customer data ends up in places where it’s not supposed to be. Malware on point of sale systems, for example, sends the information to a dummy server that collects it and then periodically sends it to a hacker. Masking the information before it leaves the system ensures this can’t happen. The resulting logs that contain important information about how the application is performing don’t contain data that would be useful to anyone.
Critical Features to Consider
Before you plunk down an investment in an IVR platform, ask your provider some crucial questions. While most solutions on the market today will claim to comply with base levels of security and data privacy regulations, there’s more to it than that. Consider this:
Does the provider segment its network and systems in a way that provides the highest possible level of security? It’s tempting for many solutions providers to take shortcuts that allow them to charge more than they should for less robust and less secure solutions.
Does the solutions provider perform vulnerability testing? The company should be able to “think like hackers” to ensure that no information that could be of value to criminals can ever be exposed or exploited.
Are the solution’s security protocols updated regularly? Technological innovation slows down for no one, and hackers always seem to be ready to exploit faults before the solutions providers are even aware of the problems.
Does the provider have a full time security engineer? (This is my job at Contact Solutions.) Security is a complex and changing environment. It’s hard to keep up on the important issues if security is your second job. And if you cannot keep up, security gaps will open.
Your Customers Expect It
There’s a reason that data breaches make global headlines. When they happen, customers feel betrayed. When it comes to your IVR, choose wisely: ask the right questions and ensure you get the right answers before you turn your precious customer database over to anyone. While it may not be able to help you with your Home Depot credit card or those pictures you let your college roommate take of you during that toga party in 1998, a properly secured IVR platform can ensure that when your customers are in the IVR cloud, their identities and their private transactions aren’t going anywhere.
