Work-From-Home Customer Service Agents: The Security Pros and Cons

Businesses realize many benefits from hiring remote call center agents. The biggest cost savings comes from reduced agent attrition; remote agent turnover is 10 percent compared to an in-house agent turnover rate of 30 percent or more. Hiring virtual call center agents helps companies staff their phones during off-peak hours, which lets in-house agents keep a more predictable schedule. It also helps managers meet demand during peak hours and high-volume seasons.

Unfortunately, the at-home agent model comes with potential security headaches. Call center managers can minimize security problems by combining a strong defensive posture, common-sense security policies, and effective supervision. The cost savings and morale bonus gained by hiring remote agents shouldn’t be undone by a costly data breach.

Security for Remote Agents Managers usually partner with agents during training, sometimes training remote agents onsite in the company’s main call center. After agents go home, however, managers rely on call auditing and metrics to evaluate agent performance.

Agents who don’t receive regular monitoring and supervisor follow-up can easily be tempted to go rogue. From simple PCI compliance issues to overt payment card fraud, poor supervision puts businesses on the hook for big-time losses.

Protecting customer payment information begins with the right call center technology. Businesses should provide remote agents with high-quality equipment and a good broadband connection, both for quality of service and security purposes.

They should train remote agents to never access the call center over public Wi-Fi and provide a VPN for logging into to the call center. These technologies provide a good starting place for security, but some industries need stronger measures. Cloud security, IVR, and call encryption can keep customer information safe.

Secure Cloud Telephony

Customer call data can include both personally identifiable information and sensitive financial information. If businesses suffer a data breach that gives attackers access to call recordings, customers can fall victim to fraud and identity theft.

Call centers should protect cloud data with solutions for private cloud and AWS security. Also, businesses should require all remote agents to activate and update antivirus software on any computer used to access the call center. This simple precaution keeps agents from spreading malware to the company network. It also keeps attackers from using screenshots and keyloggers to steal login credentials.

IVR for Payment Information

Set up an IVR system to take either spoken or keyed credit card numbers from customers. When a call requires agents to collect payment information, agents route the customer to IVR. The IVR system validates the customer’s credit card number and routes the call back to the agent. The agent never hears the card number or the touch-tones used to enter the card number. The company can encrypt the recording to protect customer information.

Phone Call Encryption

Whether businesses encrypt live calls or stored calls depends on what information they’re collecting. For example, calls dealing with personal health information or payment information require stronger security than calls dealing with everyday customer service issues. The most secure call encryption solutions start encrypting when the agent takes the call. Other solutions only encrypt calls after the agent hangs up and transmits the call to the datacenter for storage.

Safe Virtual Desktops

When remote agents login to the call center to access a virtual desktop, their local desktop access should be temporarily unavailable. This action prevents agents from taking screenshots of information presented on the virtual desktop, and it disables commands like “print screen” that can be misused. Also, an agent’s virtual desktop should only access needed information. Agents should be assigned administrative privileges only when absolutely necessary, and when an agent leaves the company, managers should delete the agent’s credentials.

Many companies implement multi-factor authentication as a protection against weak agent passwords. For example, after a remote agent logs in, the agent has to input a code, which is sent via text message or email. Companies can also use voiceprint technology, which ensures that the agent’s voice matches the login credentials. The technology can analyze mouth size, nasal passage length, and vocal tract dimensions, making it virtually impossible to duplicate an agent’s unique voiceprint.

Data Analysis

Call analysis helps to catch internal agent fraud, but it also protects agents from malicious callers. By monitoring historical voice data and call content for suspicious signs, companies can prevent many instances of fraud. Also, real-time analysis can alert remote agents to the presence of a suspicious caller. The agent can then transfer the call to a fraud prevention specialist.

Businesses should start with tools that can mine voice, email, and chat data to unearth suspicious interactions. These tools can send alerts to managers, who can then review the interactions in more detail later. If voice analysis suggests that an agent might engage in non-compliant behavior, managers can audit calls more closely. Then, they can decide whether the activity warrants additional training or whether it should be grounds for dismissal.

Training Remote Agents to Recognize Fraud

Criminal callers are masters of using social engineering to manipulate helpful agents. The best security tools in the world can’t thwart a fraudulent caller who tricks remote agents into violating policies. These callers often get through remote agent gatekeepers because companies use poor customer authentication techniques. Information such as an account number, address, date of birth, or the last four digits of a Social Security number are easy for criminals to steal. Companies can help by using the same voiceprint technology that’s good for verifying agents to verify legitimate customers.

It’s all too easy for criminal callers to use VoIP services to change phone numbers frequently. They can also spoof caller ID to make calls look like they come from legitimate sources. Most recently, attackers have started taking advantage of company SIP trunking systems to flood both onsite and remote customer service lines with junk calls. Businesses have to train agents to recognize and respond to fraud, but they have to do it without making agents suspicious of legitimate customers.

Great Service, Minimal Risk

Hiring remote agents is good for customers, and it’s a good staffing decision for many companies. By using technology and good training to mitigate threats, companies get the benefits of virtual agents with the security worries.