How Secure Is Your Call Center?

By Art Coombs

It’s a typical Sunday afternoon, and Jane is headed to the grocery store to pick up a few items for the week. She completes her shopping and heads to the checkout lane, where she meets Nathan, the clerk who is eager to help her with her grocery purchase.

After the usual question, asking if she found everything okay, Nathan provides Jane with her total shopping bill. He then asks if she will pay with cash or card, and she says, “Debit card, please.”

Nathan hits a button and says, “Okay, go ahead and read your card number to me while I type it into my register.” Jane is uncomfortable with this. After all, her credit card number is personal information. However, without another option (and she really needs to get the groceries home to make dinner), she quietly reads the card number to Nathan. As the line of customers builds behind her, Nathan then reads the card number back to her to make sure he entered it correctly. The people behind Jane all lean in a little closer and listen as this critical sequence of numbers is read aloud.

The transaction continues, and Jane becomes even more uneasy when she is asked to give the expiration date, the billing zip code, and the three-digit code on the back of the card. All of her sensitive information is now “out there,” and the people in line behind her, as well as Nathan, all have an opportunity to lift her number. As consumers, we never know where or when a fraudster might try to use our data.

Jane receives her receipt, heads to the car, and loads up her groceries. When she gets home, she puts an alert on her card because of her concern after the payment experience in the grocery store.

Now, this story is highly unlikely in today’s world.

In fact, credit card processing at the grocery store or other retail stores has advanced to a point where the card never leaves the customer’s hand, and all information is confirmed on a keypad that only the customer can see. Yet the scenario above happens hundreds of thousands of times in call centers every day.

However, the story illustrates something consumer research has proven: Customers are well informed about security and uncomfortable about verbally sharing sensitive information over the phone.

In a recent study commissioned by The Summit Group, more than a thousand people were asked about their comfort level when engaging in credit card transactions over the phone. Nearly 70 percent of consumers stated they are “somewhat” or “very uncomfortable” giving their credit card information over the phone. And that comfort level decreases significantly if the call center is located outside of the United States. Yet most will continue the transaction and verbally share sensitive information.

In a recent article published by The CNP (Card Not Present) Report, security professionals identified their own company’s employees as their biggest security threat, but most feel their organizations are not taking adequate steps to address the problem, according to recent research. The survey, conducted by Experian Data Breach Resolution and the Ponemon Institute, found 55 percent of respondents said their company had experienced a “security incident” that originated with a negligent or malicious employee. Sixty percent of the companies said their employees are not knowledgeable about how they contribute to their organization’s security, and only 35 percent reported that senior management makes employee security awareness a priority.

Technology solutions exist that are easy to implement into current systems. For example, there are technologies that allow customers to enter sensitive information via their telephone keypad. Agents will see dots on their screen and hear monotones as the information is entered. Credit card numbers are sent directly for processing, and notification is given to the call center agent once the charge is approved. It is the call center equivalent of swiping a credit card when shopping in a retail store. The customer maintains control of his or her information, and the clerk or call center agent never sees or hears it, eliminating the temptation for credit card theft.

Call center operators and merchants would be wise to enhance their security protocol with technology, as many consumers will opt for other ways to make their purchases. With better security protocols, people may feel more comfortable engaging in phone transactions, which will result in more buyers and more revenue. Additionally, for current customers, having an alternative will increase customer satisfaction and likely result in increased spending among customers.

Art Coombs is president and CEO of KomBea Corporation (, which has been helping call centers become more compliant, secure, and efficient for over twelve years. He has been developing and marketing tools that blend human intelligence and automation to improve call center phone interactions.

%d bloggers like this: