Report True Fraud Protection: Securing People, Process and Personal Data

Transcription

1 True Fraud Protection: Securing People, Process and Personal Data This report is available for download on Teleperformance s website. For more information about articles, cases, white papers go to:

2 Few words strike fear into the hearts of financial institutions, corporations and consumers alike, like the words security breach. Financial institutions and corporations alarmed by the potential loss of assets, information and clients, not to mention the bad publicity, must regularly revisit their security efforts and client confidentiality measures. Customers expect appropriate protection of their personal data, financial details and digital footprint, as well as the integrity of the institutions in which they have entrusted their information. They have cause for concern. Fraud is a multimillion dollar institution, often orchestrated by professional, organized attackers. In fact, these sophisticated rings are responsible for some 74 percent of fraud incidents. And the figure for annual loss caused by this type of theft worldwide is estimated at $3.5 trillion. What s more troubling is that these aren t necessarily thieves in the night. The overwhelming majority of fraud cases 90 percent have a point man on the inside. The largest cases involve internal staff. How is this possible in this age of heightened security and constant theft awareness? Although companies continue to increase their security attempts, many still are faced with these risks: employee access to sensitive client information (including credit card, bank account and social security numbers), large number of employees, and frequent turnover, or high percentage of new employees. Customers have little tolerance or patience for companies who put their data at risk. Approximately 80 percent of customers will reduce or churn their investment in a company after they have experienced fraud. When companies lose a handful of customers due to fraud it s problematic. When major corporations are the victims of elaborate, large-scale fraud attacks, there is a potential for massive loss of clients, assets and brand image. By arming themselves with strategic, rigorous and effective security measures, companies can protect themselves and their customers from this imminent threat. To do just that, Teleperformance has developed a suite of tools specifically designed to better monitor the access of our clients systems and data by our operations, shield against fraud and elevate the level of our clients overall security systems. 2

3 Teleperformance Security Tools Teleperformance has developed a suite of tools designed to closely monitor contact center employees and minimize access to sensitive information. They also enhance insight as well as provide a macro view of operations. 1. Secure Access Teleperformance Secure Access is a strategic solution that monitors and analyzes contact center agents activity in the critical systems that have sensitive information, and tracks any unusual behavior that could red flag for a fraud attempt. Assessment and Analysis The first phase in the Secure Access process is undergoing a Fraud Risk Assessment, which is a security evaluation designed to map the work process and identify weak areas or security gaps that could potentially leave the company vulnerable to fraud from within. This type of process analysis, or mapping, allows a company to take a closer look at the paths data travel within a company. It examines where information is stored, what type of information is stored where, who has access, how it is accessed and more. Leaks and vulnerabilities can occur at any point 1 and this type of analysis will reveal breaks in the armor that indicate where additional controls are needed 2. Teleperformance then analyzes the resulting data and determines what agent activity should be tracked, how it should be monitored, and what new alerts and security levels should be in place. This analysis is used to inform and help create a tailored fraud prevention program. Vigilance and Controls Many companies have already adopted some form of contact center controls including banning cell phones, pens, paper, and others. However, even after such rules are implemented, fraud still occurs. Instead, companies must rely on a comprehensive approach that includes contact center staff education, as well as monitoring and prevention. 4 In the second phase of Secure Access, Teleperformance develops a training program customized to reflect the needs revealed by the Fraud Risk Assessment. The training can include instruction on fraud prevention, proper procedure and data handling. Education and security awareness training is critical to increasing employee self-monitoring. 1 Informed employees can help companies be more vigilant about properly handling customer information. Secure Access also monitors agent workflow to ensure proper procedures are followed with each transaction. If an agent deviates from the standard procedure (such as unauthorized accessing of sensitive customer information), which can indicate potential fraudulent activity is taking place, the system will alert the security and/or management team. Indeed some major companies already utilize some form of security alerts, but mismanagement and lack of procedural follow through once an alert has been raised diminishes the efficacy of the entire security process. In a report by CEFAS, the U.K. s fraud prevention service, many fraudulent activities were noted by companies internal controls, however 40 percent went undiscovered until they were reported by the customer. 3 For an alert system to be valuable, it must be paired with additional security measures. In Secure Access process, when the security team receives any alert, security specialists review the agent s profile and can utilize in-office cameras to review the situation and assess whether the agent is indeed using their own account. If fraudulent activity is confirmed, the agent s account is blocked, relevant data is collected and human resources contacts authorities. What s more, security risks generate different alerts based on the severity of the threat. The most severe threats are analyzed immediately by Teleperformance s professionals via their 24-hour online security team. The entire process is swift and efficient. 1. Sans Institute. Data Leakage Landscape: Where Data Leaks and How Next Generation Tools Apply OSF Global Services, Mitigate BPO Security Issues New Voice Media Blog. Facing Up to the Nightmare of Staff Fraud in a Call Centre. Richard Pickering NICE Actimize Blog. Employee Fraud: Who s your bank s strategy owner? Mary Ann Miller

4 2. Secure Contact Another Teleperformance fraud security solution is Secure Contact, which provides a protected channel between the customer and the contact center agent for the secure exchange of personal identifiable information without verbally exposing the data to the contact center agent. This tool acts like a vault securing all the information and keeping it inaccessible to employees. Locked Away: Keeping Data Confidential It works by capturing payment and identity information, such as social security or credit card numbers, as needed by the specific transaction, but without exposing it to the contact center agent. Instead customers interact via an IVR (Interactive Voice Response) automated attendant. Secure Contact captures data, such as payment information, to complete the customer s transaction, without the contact center agents ever having seen the information. So while security and customer confidentiality is profoundly increased, there is no slowdown in work procedure. What s more, Secure Contact can be integrated into a company s existing systems such as CRM or billing via API. This type of need-to-know information accessibility is among recommended best security practices for companies dealing with outsourced contact centers, according to OSF Global Services 2. When certain outsourcing providers sidestep thorough employee vetting like background checks and resume verification, according to OSF, strategic solutions like Secure Contact eliminate the possibility that data could be compromised or stolen by the agent. A Protected Process Secure Contact can be utilized at key moments in the customer-agent transaction to fulfill the inquiry: At the Beginning: Before the contact center agent is put in touch with the customer, the IVR (automated attendant) confirms the customer s identity using secured information. Once identity is confirmed, the call can be transferred to a live agent. When the transaction requires the sensitive information to be used, the captured data is transferred to the CRM system automatically. The contact center agent s screen does not show the info, and each number is partially concealed. The agent can then confirm the information using the last digits of the relevant numbers (credit card, social security, account, etc). During the Transaction: IVR can be utilized in mid-transaction when a contact center agent requires the customer s personal data to complete their request. If a call with a live agent is already in progress, the agent can set up a conference call with the IVR which then collects the relevant data and pushes it to the CRM via Secure Contact. It is important to highlight that the agent cannot listen to the IVR during the conference, only to the customer in case support is needed. Once the data is in place, the agent can complete the customer call. At the End: Transactions can also be completed via an IVR. When a call with a live agent is in progress and only a simple transaction is needed to fulfill the customer s request, the agent can begin the transaction in the CRM system, leaving blank only those areas to be automatically filled by the IVR. Once the agent has completed his portion, he transfers the call to IVR and the customer is prompted to provide the needed information, complete the transaction and conclude their call. In fact, Secure Contact can be utilized at any time during the customer interaction and still be fully compliant with the strictest security standards across industries, including those set by HIPAA, PCI-DSS and Safe Harbor, among others. We are recognized in the market by leading analyst firms. Teleperformance has added innovation to contact center security that often surpasses the client s internal security controls for fraud prevention and early detection. In short, for companies that absolutely require the highest degree of data and customer information security, Teleperformance is indisputably the industry leader. Michael DeSalles, Industry Analyst, Frost & Sullivan 4

5 Teleperformance Security: Peace of Mind for Companies and Customers Personal and financial information is more widely used, and more frequently compromised than ever before. In the current business climate, both companies and consumers rely on digital transactions to shop, bank, pay bills and more. But every transaction leaves customers and businesses open to the potential for fraud. Statistics show that when customers are defrauded, they take their business elsewhere. Companies are intent on protecting their customers, assets and brand integrity, but face mounting challenges to their security systems daily. As fraudsters, thieves and hackers become more sophisticated and eager to involve company staff, companies must become wiser. By mobilizing Teleperformance Security, companies are setting in motion a strategic, multi-dimensional security system that prevents fraud from the inside out. Secure Access and Secure Contact safeguard their people, process and customers personal data via highly trained employees, cutting edge technology, streamlined and effective security processes, security management methodologies and stringent policies. When a businesses most valuable assets are protected, its leaders are free to pursue innovation, client acquisition (as opposed to loss prevention) and new strategies. Simply put, companies that invested in their continued success, invest in their security. 5

6 About Teleperformance Worldwide Leader in Multichannel Customer Experience We are a People company with a people-centric strategy, interacting with people all over the world. It s all about People. They are part of who we are and what we do. We analyze their behaviors. We understand their wants and needs. That s why we deliver outstanding customer experiences through integrated multichannel solutions to enhance customer experience results for our clients. 6

7 For more information: Follow us: