Call Center Predictions for 2017: Data Security and Compliance Will be a Top Priority

2016 was a record-setting year for data breaches in the United States. According to the Identity Theft Resource Center (ITRC), tracked data breaches increased by 40 percent in 2016, as more than 36 million records containing social security numbers (SSNs), credit/debit card numbers, protected health information (PHI), emails, passwords and usernames were compromised. In addition, identity fraud reached an all-time high, affecting more than 15.4 million U.S. consumers.

With cyberattacks and fraudulent activity showing no sign of slowing down, the call center – which regularly holds and processes personally identifiable information (PII), like payment card numbers and SSNs – must take on a more robust role in mitigating these risks. Just one data breach, whether from an inside or outside threat, could expose customers’ most sensitive information and create a public relations nightmare, as the organization struggles to repair its damaged reputation.

Fortunately, data security is taking a front seat in call centers’ priorities. In 2017, many of the forthcoming trends we see revolve around encrypting data and complying with current and pending regulations. We will also see more emphasis on the customer experience, as well as an increased use of remote agents. With these trends in mind, let’s take a look at our top five predictions for call centers in the year ahead.

1.    Data security will move to the top of the call center agenda. Increasing card-not-present (CNP) transactions and ongoing fraudulent activity (both from rogue agents and fraudulent callers) will put data security in the spotlight. Plus, there is an alarming amount of complacency among consumers regarding the security of their personal information. A recent Pew Research Center study found that despite trusting modern institutions to protect their data, many Americans rarely follow cybersecurity best practices themselves. The combination of these trends creates a perfect storm for exposing risks in the call center – the weakest link in the security chain. As a result, we predict that call centers will increasingly look not only to encrypt PII, but also to keep it out of their infrastructures completely. This is an important step toward protecting sensitive information and preventing brand-damaging data breaches.

2.    Companies will accelerate their preparations for the European Union’s General Data Protection Regulation (EU GDPR). May of 2018 may seem ages away, but companies and their call centers (which fall under the regulation’s scope) must begin preparing to comply with the EU GDPR now. Although it is an EU regulation, the GDPR actually affects any company that holds or processes data pertaining to EU citizens. U.S. companies cannot afford to be complacent – enterprises who do not comply face fines of up to €20 million or 4 percent of their global annual revenue (whichever is the greater). If more than half of U.K. organizations are not “fully aware” of the GDPR, one can only imagine the lack of preparation among U.S. organizations. We predict that as 2017 continues, companies will start to pay greater attention to the GDPR, as well as educating their business on the regulation’s ramifications.

3.    Call centers will continue to emphasize customer experience. Despite the increase in call center automation, personalized customer service remains a competitive differentiator. More call centers are finding that delivering a more efficient and superior customer experience involves an approach that blends self-service technologies with “live-agent” assistance. For example, when taking payment card numbers via phone, organizations should look to technologies that allow customers to discretely key in card data, while agents remain on the line to handle wrap-up tasks and assist when needed – thereby simplifying and streamlining the customer journey. This approach helps call centers balance average handling time (AHT) with other KPIs, such as first contact resolution (FCR) and of course, customer satisfaction scores. The data is secure, the agent is more efficient, the customer is happy, and the organization achieves additional cost savings as an inherent benefit of reduced AHT.

4.    Call Center activity will become more “uberized.” To expand call center operations and add staff quickly and easily, more companies are using remote, outsourced and work-from-home agents. These agents use telephony networks and secure VPN access to applications and payment gateways to serve customers in a virtually identical way to agents located in a centralized call center. Despite the benefits that this business model brings, it creates a whole new batch of security issues. Therefore, companies are taking greater strides to ensure the Payment Card Industry Data Security Standard (PCI DSS) and other security measures are extended to home and outsourced offices. This is achievable by adopting a secure platform that is scalable across the enterprise – even to remote workers – to protect customers’ PII. With the work-at-home agent pool expected to reach 160,000 employees globally by the end of 2017, securing outsourced environments will be crucial; hiring “good people” is no longer enough.

5.    Call centers will adopt a more proactive approach to compliance. Effective PCI DSS compliance involves more than simply checking a box. Over the coming year, call centers will take a more active and decisive approach to compliance (and therefore, security), investing in solutions that reduce the scope of PCI DSS. This is possible by decreasing the business’ exposure to payment card information. Such solutions also provide continuous compliance and security measures that keep customer information secure and companies’ names out of the news headlines as the victim of the next big data breach.

Looking at the upsurge in data breaches last year, it’s a safe bet that 2017 will not be without its fair share of challenges. More than ever before, we will see call centers turning to solutions that not only encrypt data at rest and in transit, but also keep sensitive information out of their business infrastructure altogether. After all, they can’t hack what you don’t hold.