Is your customer data at risk? 4 questions to ask yourself when outsourcing ecommerce customer service
Choosing the right customer service outsourcing partner is the key to success. Cost and customer experience are likely to be paramount when requesting support, but security should be an equally high priority when making the decision.
Cyber attackers are getting smarter, which means retailers need to weigh risks more carefully than before when looking for partners, especially when deciding to outsource customer service.
The retail industry is a global leader in data breaches. In his current data security report, a French tech company found that 71 percent of retailers surveyed said they had suffered a data breach at some point, and 39 percent had been affected in the past 12 months. Neiman Marcus, J.Crew, and Macy’s have all fallen victim to hackers in recent years.
The reputational damage of a single cybersecurity attack can erode your customers’ brand trust and result in lost revenue. According to IBM Cost of a data breach reportthe average cost of a single data breach in the United States was $9.05 million in 2021. IBM also reported a 10 percent increase in the average cost of a breach from 2020 to 2021, with a significant factor being the vulnerabilities that remote workers were introducing into the workplace.
How does this relate to outsourcing customer service operations? The future of the customer service contact center is undoubtedly removed. In fact, research shows that the majority (67 percent) of contact center providers expect to maintain remote or hybrid work in the future. The advantages of remote contact center agents are significant general, but the security threats are real and must be addressed.
Before you engage a business process outsourcing (BPO) partner to support your customer service operations, ask them the following four questions to ensure you’re not putting your customers, your brand, or your business at risk.
1. Is your company PCI compliant?
That PCI Security Standards Council (PCI SSC) supports the development, improvement, storage, dissemination and implementation of certain security standards for the protection of account data. Established in 2006, PCI SSC is a global forum composed of representatives from leading credit card companies including American Express, Discover, JCB International, Mastercard, UnionPay and Visa.
If you are planning to outsource your customer service, the BPO you choose should at least be compliant with all of them PCI standards. Compliance with the standards improves cardholder data security and reduces fraud. PCI SSC regularly updates standards in response to industry feedback and emerging threats; Your BPO should do the same.
2. How do you process payments?
Speaking of payments, while following PCI standards makes the BPO accountable for protecting cardholder data, you should also delve a little deeper into the specifics of whether or how the company chooses to store payment information.
A best practice for BPOs is to have a policy that does not allow customers’ credit card information to be stored in their systems. This ensures that the customer’s payment and personal details are not vulnerable should your BPO’s systems ever be breached.
With many contact center workers now working remotely, you should also consider how BPO protects customer payment information in remote environments. For example, my company takes an extra security step to ensure that we protect customer payment information using a secure Interactive Voice Response (IVR) system when customer payments are processed over the phone. Instead of giving an agent their card number, customers are directed to the secure IVR to enter card details via the keyboard while the agent is put on hold without hearing or seeing the customer’s payment details.
3. What about personal data?
A customer’s credit card number isn’t the only customer information your partner should keep safe — what about other personally identifiable information (PII) like addresses, email addresses, and phone numbers? A good outsourcing partner treats all personal data with great care.
For example, many third-party customer service providers use a sentiment analysis tool to review calls with customers to ensure agents are providing the best possible service. Quality teams regularly use call logs to review agent performance — which means they could have access to any PII data exchanged during the call. As a best practice for keeping customer data secure, your outsourcing partner should use technology to automatically remove any PII or payment information from the transcript and recording before it is reviewed by the quality team.
4. What are you doing to protect your remote agents?
Ask your prospective BPO if they have systems and policies in place to protect their remote agents from cyberattacks and keep their systems secure. Key considerations should include:
- Multi-Factor Authentication (MFA): Does your BPO require agents to log in via MFA to ensure redundant layers of protection for any systems or hardware that require login?
- Virtual Desktop Infrastructure (VDI) and Virtual Private Network (VPN): Does your BPO have a VDI solution that enables secure delivery of virtual desktops from a central server that limits agent access to the brands it supports? As an extra layer of protection, do all agents have to log into a VPN to access their systems?
- Bring your own device (BYOD): Does your BPO allow agents to use their own devices? If so, what systems and policies are in place to protect the company’s systems and customer data?
Outsource with confidence
Security should always be a top priority for the BPO partners you work with. When you choose a customer service partner, you have a responsibility to your customers to critically evaluate their data security practices and policies. A good BPO partner will invest in policies and technology that ensure the highest level of data security for the brands they support, and will evolve to combat emerging threats such as those created by remote working environments.