Professional Documents
Culture Documents
Call Center Security
Call Center Security
Information security has emerged as a significant concern for banks, mobile phone companies and
other businesses that use call centers or business process outsourcing, or BPO. There have been
instances of theft of personal data reported from call centers.
India's NASSCOM has said that they take breach in security extremely seriously and will assist
the police in their probe.
Common countermeasures
There are three identifiable types of illicit activities concerning fraud emanating from call
centers:
While items 1 and 2 are mostly subject to police action, call centres can use internal procedures
to minimise risk. Such mitigation measures include but are not limited to:
1. Creating a paperless environment, preventing employees from writing down and removing
information by ensuring that all work processes are done on the computer, without having to
record anything on forms or notes.
2. Prohibiting the use of cellphones and cameras on the floor.
3. Prohibiting paper, pens and digital recording devices from being brought onto the floor.
4. Preventing internet access for employees on the floor.
5. Limiting functionality and access of personal computers or terminals used by call center
agents (for example, disabling USB ports). Companies may also use data loss prevention
software to block attempts to download, copy, or transmit sensitive electronic data. [2]
Over the last decade, Internet-based communications like Voice-over-IP (VoIP), self-service
Web sites, e-mail, and collaboration applications have opened contact centers up to new security
concerns. And, the cost-reducing globalization of contact center resources has meant moving
operations to less-developed countries, where intellectual property and confidentiality laws are
not always rigorous.
Many centers are running on converged data networks, so they are subject to the security risks
associated with data networks, including unauthorized access, hacking, and denial of service
attacks. Traditional data security policies must be expanded to protect all information, including
IP telephony traffic. Security measures must diligently focus on:
Integrity: Viruses, Trojan horses, and unauthenticated access can alter the configuration
integrity of networked resources. If intellectual property is compromised, it could be a
serious blow to your reputation.
Availability: Any security incident can affect contact center availability. Every second of
downtime can be directly measured by lost revenue. Also, costs increase as live agent
calls go up due to downed IVR, Speech or Web servers.
Compliance: Strict government regulatory requirements for privacy protection and
security measures have been imposed
security assessment identifies gaps that can be exploited by an attacker when voice and data
networks come together. Next focus on the complex task of designing a secure infrastructure and
helps ensure that the security measures defined in a policy are designed into the security
framework.
Reference