All CX teams can benefit from a strong data security strategy, but customer service operations, which take in unprecedented amounts of data, have unique vulnerabilities to consider.
Call centers are a two-way street, with customers sharing and receiving potentially sensitive information. Their data comes from multiple channels, including phone, live chat or email, and may pass through an agent or a chatbot. Each customer service journey carries its own risks.
A good security strategy starts by mapping out all of a call center’s operations, according to Saz Kanthasamy, principal researcher at the International Association of Privacy Professionals. A company that understands each of its channels can craft better ways to protect them.
“It’s really important to build that picture so you understand the full estate,” Kanthasamy told CX Dive.
Agents and chatbots each have strengths and weaknesses when it comes to managing data security, according to Brian Cantor, managing director of digital at Customer Management Practice. A strong overall strategy includes best practices for each.
Specialized agents reduce risk
Call centers want to make inquiries as painless as possible, including ensuring agents have the right information to understand and help customers with minimal repetition. However, this data-driven approach introduces security vulnerabilities, according to Cantor.
“We want the agent to be armed with more data than ever,” Cantor told CX Dive. “We want to make it as easy as possible for them to access this information. Those two collectively, without appropriate risk management, are a recipe for potential data problems.”
Even well-intentioned employees can be vulnerable to social engineering — fraudsters attempting to trick agents into revealing sensitive information — and training often glosses over security best practices due to time constraints, according to Cantor. He encourages companies to safeguard data by having agents specialize in certain types of calls.
"For instance, you can have one person who's just dedicated to billing disputes,” Cantor said. “You can only give them access to the information they need for billing disputes, and so it enables better control.”
Automation enables greater specialization, too, according to Cantor. Chatbots and other self-service tools can take on the bulk of general, low-priority inquiries and let agents focus on calls that require specific kinds of sensitive data.
Call centers also benefit from general data access best practices, experts told CX Dive. Workers should use multi-factor authentication to sign into whatever software they use, and call centers should monitor and record the data they access.
Chatbots benefit from limits
Chatbots carry their own risks. Making a generative AI-powered chatbot more useful than its clunky ancestors requires feeding it customer data, but this introduces new vulnerabilities into call centers.
“Understand that as you adopt less human, more AI driven technology — more automation and more digital touchpoints — how that transforms your exposure,” Cantor said.
As a baseline, leaders can run a suite of assessments before a chatbot goes live, according to Kanthasamy. This can catch potential security flaws in the program before they lead to a data breach, as well as help leaders identify the least amount of data necessary to offer a good chatbot experience.
A chatbot can’t leak information it doesn’t use.
However, chatbots do need access to some sensitive information to make them worthwhile as self-service tools, according to Cantor. A chatbot without the authority to resolve any real problems will be little more than an annoyance for many customers.
The first line of defense to keep this data safe is protecting the chatbot from bad actors, Cantor said. Chatbots should require customers to authenticate their identity before they initiate any actions involving personal information. Mandatory logins and two-factor authentication add friction for customers, but they keep fraudsters away.
Chatbots also need very clear boundaries on what they can or cannot handle, according to Cantor.
Call centers can train chatbots to identify certain keywords as signs that it is collecting too much information or entering a high-stakes conversation, Cantor said. At that point, it is time to hand the inquiry to an agent with a message that shows the company is taking security seriously.
By playing to the strengths of agents and chatbots, companies can improve customer service while keeping personal data safe.