Why protecting data is key in retail customer experience
By Tim Critchley, CEO, Semafone
The retail industry is one of the most frequently targeted sectors for data breaches. In fact, for the past two years, it has been singled out as the industry who has suffered the most data breaches.
The repercussions of a data breach can be dire for a retailer's reputation and extremely costly to the business. Target, for example, was recently forced to pay an $18.5 million settlement for the 2013 breach it suffered that affected roughly 40 million customers. The fines were high, but the reputational damage was even more significant as Target's profits plummeted in the days after the fallout.
Similarly, Home Depot agreed to pay $27.25 million to those affected by its 2014 data breach, and the total costs to the retailer are estimated to be more than $179 million once legal fees and other costs are taken into account.
To protect customers' most sensitive data, as well as their own brand reputation, retailers must step up their data security efforts or risk losing customers' trust, patronage and business. Case in point: a 2016 KPMG survey showed 19 percent of consumers would stop shopping at a retailer that had been a victim of a cyber security hack, even if the company took the necessary steps to remediate the issue.
Retail call centers in the bull's eye
Retailers are actively rolling out new technologies to prevent cyberattacks and data breaches. One example is the move to EMV-enabled chip cards. While chip card technology has been successful in deterring fraud at the point of sale, it has had the unintended consequence of causing criminals to turn instead to channels where card-not-present (CNP) transactions take place, such as the call center.
Often deemed the "low-hanging fruit" by fraudsters, call centers are seeing an increase in fraudulent activity, especially those that operate in the retail industry. Recent research shows retail call center fraud nearly doubled last year.
And it's not only outside hackers who are posing threats. Retail call centers must be on high alert for insider fraud committed by customer service representatives (CSR) or agents. This could involve a rogue CSR copying down a caller's payment card data for personal use or even selling it to a third party. Moreover, not all insider threats are malicious. An agent could accidentally open a phishing email that exposes sensitive data throughout the network to illicit third parties.
The challenge for retail call centers, perhaps more so than in any other industry, is how to effectively protect customer data while providing a positive customer experience. After all, customer service is expected to overtake both price and product as the key brand differentiator by 2020.
Keeping sensitive data out of the call center
To help protect against data breaches, many call centers have begun implementing technologies that shield payment card data and other sensitive personal information from agents, such as interactive voice recognition (IVR) systems. However, these technologies are known to create customer frustration and increase average handling time (AHT), as often customers don't know how to correct a miskeyed number and simply hang up the phone (leading to a lost sale). Even when information is input correctly, the customer's data may still touch or be stored in various call center systems such as the CRM, leaving it vulnerable in the event of a breach.
Retail call centers should not sacrifice customer service for data security. Fortunately, new technologies and data security practices can allow call centers to have the best of both worlds. Using dual tone multi-frequency (DTMF) masking, retail call centers can have customers input their payment card numbers using their telephone keypad. The touch tones are replaced with flat tones, concealing the card data from both CSRs as well as call recordings. Yet, at the same time, CSRs remain on the line and in full voice communication with the customer to help with any issues that may arise and ensure a positive customer experience.
There is no need to transfer customers to an IVR system, pass them onto another agent, put them on hold or send them an email to complete their payment. Equally important, the payment card data is encrypted and relayed directly to the payment processor so it never touches the call center's infrastructure. By not processing or storing payment card information, the call center becomes a much less appealing target to fraudsters.
While the threats of cyberattacks and fraud remain, the good news for retailers is that they do not have to sacrifice positive customer experience for stronger data security — even within the area that has long been considered their weakest link, the call center. DTMF masking solutions can keep payment card data from ever touching the call center environment, allowing both customer service and strong data security to co-exist.
By adopting new technology solutions in call centers retailers can reduce the risk of becoming the next Target (in more ways than one) and making headlines as the victim of a massive data breach, while ensuring their customers remain happy shoppers.