Call Center security

Information security has emerged as a significant concern for banks, mobile phone companies and
other businesses that use call centers or business process outsourcing, or BPO. There have been
instances of theft of personal data reported from call centers.

India's NASSCOM has said that they take breach in security extremely seriously and will assist
the police in their probe.

Common countermeasures

There are three identifiable types of illicit activities concerning fraud emanating from call
centers:

 1. Crooks who pretend to be legitimate call centres.

 2. Hackers who gain access to call centre information through illegal means
 3. Call centre agents who illegally misuse the information they have access to in call centres.

While items 1 and 2 are mostly subject to police action, call centres can use internal procedures
to minimise risk. Such mitigation measures include but are not limited to:

 1. Creating a paperless environment, preventing employees from writing down and removing
information by ensuring that all work processes are done on the computer, without having to
record anything on forms or notes.
 2. Prohibiting the use of cellphones and cameras on the floor.
 3. Prohibiting paper, pens and digital recording devices from being brought onto the floor.
 4. Preventing internet access for employees on the floor.
 5. Limiting functionality and access of personal computers or terminals used by call center
agents (for example, disabling USB ports). Companies may also use data loss prevention
software to block attempts to download, copy, or transmit sensitive electronic data. [2]

How can you keep contact center communications secure?

Over the last decade, Internet-based communications like Voice-over-IP (VoIP), self-service
Web sites, e-mail, and collaboration applications have opened contact centers up to new security
concerns. And, the cost-reducing globalization of contact center resources has meant moving
operations to less-developed countries, where intellectual property and confidentiality laws are
not always rigorous.
 
Many centers are running on converged data networks, so they are subject to the security risks
associated with data networks, including unauthorized access, hacking, and denial of service
attacks. Traditional data security policies must be expanded to protect all information, including
IP telephony traffic. Security measures must diligently focus on:
 
  Integrity: Viruses, Trojan horses, and unauthenticated access can alter the configuration
integrity of networked resources. If intellectual property is compromised, it could be a
serious blow to your reputation.
 Availability: Any security incident can affect contact center availability. Every second of
downtime can be directly measured by lost revenue. Also, costs increase as live agent
calls go up due to downed IVR, Speech or Web servers.
 Compliance: Strict government regulatory requirements for privacy protection and
security measures have been imposed
 
security assessment identifies gaps that can be exploited by an attacker when voice and data
networks come together. Next focus on the complex task of designing a secure infrastructure and
helps ensure that the security measures defined in a policy are designed into the security
framework.
 

Reference

 Call Center Security How: to Protect Employees and Customers