As digital security concerns mount, the adoption of Multi-Factor Authentication (MFA) solutions becomes increasingly critical for protecting online identities and data.

Traditional MFA approaches, while beneficial, face new challenges as cyber threats evolve. Next-Gen MFA solutions stand at the forefront of this evolution, enhancing security protocols beyond conventional systems. Next-Gen MFA addresses the weaknesses of previous technologies by incorporating advanced authentication methods, such as biometrics and behavioral analytics, to provide a stronger defense against unauthorized access.

The benefits of multi-factor authentication with a next-gen approach extend far beyond enhanced security. Modern MFA systems improve user experience by offering seamless authentication processes that significantly reduce the hassle of remembering complex passwords. By integrating factors like device recognition or geographical location data, next-gen solutions can perform risk-based assessments and provide a frictionless login experience for legitimate users. Meanwhile, companies deploying a Next-Gen MFA solution are positioned to meet stringent regulatory compliance requirements with greater ease, thereby safeguarding not just their systems, but also their reputations.

Consequently, these advanced authentication measures also offload some of the burdens on IT departments, which traditionally face high volumes of password reset requests. With next-gen MFA, organizations can streamline access management and enable a more autonomous and secure environment for users to operate within. This strategic shift not only fortifies the defense against cyber threats but also aligns with modern expectations for convenience and rapid access in a digital-first world.

Enhancing Security and Reducing Fraud

Next-generation multi-factor authentication (MFA) offers robust defenses against cyber threats, effectively bolstering an organization’s security posture. By leveraging MFA, businesses can significantly mitigate the risk of unauthorized access and ensure compliance with stringent industry standards.

Preventing Unauthorized Access

To protect sensitive data and systems, it is crucial to prevent unauthorized access. Next-gen MFA safeguards against this by requiring multiple forms of verification before granting access. This multi-layered defense strategy makes it challenging for hackers to compromise user credentials, as the likelihood of them having access to multiple authentication factors is low. Advanced methods like biometric authentication and tokens add substantial barriers against unwarranted entry, thus reducing the frequency and severity of cyberattacks and breaches.

Advanced Authentication Methods

Modern MFA systems employ a variety of advanced authentication methods, often categorized into something the user knows (knowledge), something the user has (possession), and something the user is (inherence). Biometric options such as fingerprint and facial recognition are becoming increasingly popular due to their uniqueness to each user, making credential stuffing and phishing attacks much less effective. Passwordless solutions are also on the rise, which use hardware or soft tokens to authenticate a user, thereby eliminating the vulnerabilities associated with traditional passwords.

Compliance and Industry Standards

Adherence to regulatory compliance and industry standards is a top priority for sectors such as healthcare, finance, and any organizations that handle personal data covered by GDPR or subject to the Federal Financial Institutions Examination Council’s guidelines. The Payment Card Industry Data Security Standard (PCI DSS) also requires protective measures like MFA to combat card-not-present fraud. Implementing an up-to-date MFA solution helps organizations meet these requirements and maintain a strong security posture, while also embracing zero trust principles that assume no implicit trust is given to anything inside or outside the network boundaries.

Operational Benefits and User Experience

Next-Gen Multi-Factor Authentication (MFA) solutions enhance operational efficiency and user satisfaction by providing secure access while also offering ease of use and flexibility. These advancements in authentication technology are tailored to meet the ever-evolving infrastructure and strategic needs of modern organizations.

Convenience and Flexibility

Next-Gen MFA solutions leverage a range of factors such as smartphones, push notifications, and biometrics to verify user identity, substantially increasing convenience for users. The use of smartphones allows for authenticator apps that generate one-time passwords (OTPs) or push approvals, eliminating the hassle of remembering complex usernames and passwords. This flexibility supports remote work environments by enabling secure access from any location, further simplifying the login process through mechanisms like single sign-on and FIDO2 technologies.

Integration with Modern Infrastructure

Adapting to modern infrastructure, Next-Gen MFA seamlessly integrates with web applications, cloud services, and software agents. Organizations benefit from a unified security approach that includes smart cards and other credentials, ensuring a robust security posture. Deploying MFA across various platforms allows for secure access while embracing best practices that keep the technology infrastructure agile and responsive to change.

Strategic Advantages for Organizations

By adopting Next-Gen MFA, organizations gain strategic advantages including a fortified identity security framework and a reduction in dependency on traditional credentials like passwords and security questions. This enhances the overall security posture against identity-based attacks. Furthermore, it reduces pressure on IT departments by diminishing the need for password assistance calls. Effective training and communication about MFA implementation are essential to maximize these benefits, streamlining IT operations and promoting a culture of security best practices.

Conclusion

Next-generation Multi-Factor Authentication (MFA) solutions offer enhanced security by adding multiple layers of verification, thwarting unauthorized access more effectively than traditional methods. They are designed to be user-friendly, often requiring just a tap or a quick response to a secure message. For businesses, next-gen MFA is a scalable security measure that grows with the organization, encompassing all access points and protecting against various cyber threats. The integration of biometrics and advanced authentication techniques reinforces the notion that modern MFA solutions are indispensable in safeguarding both employee and company data in an increasingly digital world.

The call came in early Sunday morning: “Our systems are down after a cyber-incident, and we need to get our contact centre back up immediately. Our customers cannot phone us, which is a major problem as all our other systems are down, so we are completely cut off.”

This was the desperate plea from a major, global healthcare solutions company – and one of our customers here at Sabio – after a devastating ransomware attack had crippled their internal IT infrastructure. This attack took down their on-premise contact centre, resulting in them having no access to critical customer data and communications. It was a nightmare scenario.

Our customer took immediate action – shutting down certain systems and seeking assistance from external cybersecurity and forensic IT experts. But what about the contact centre solution that is vital to its operations?

This is where Sabio comes into the picture. And we had a plan…

Within hours of that distress call, our team spun up a 100-seat cloud-based contact centre solution ready to support multiple European countries powered by the Twilio Flex platform.

By the start of business Monday morning, our client’s customers throughout Europe could once again reach service agents, thanks to Sabio’s quick action, extensive contact centre knowledge and the flexibility of the cloud.

The Sabio Advantage 

Our preparedness was no accident. We maintain detailed playbooks for these exact crisis scenarios and recently helped a multinational home emergency repairs and improvement specialist following a similar cyber incident earlier in 2023.

On that occasion, Sabio launched new Contact Centre Platforms in the UK and US within 24 hours after a cyber-attack hit the Home Emergency Specialist’s outsourced contact centre platform provider. The speed and agility shown by Sabio meant customer service was maintained, and policyholders continued to receive the support they needed.

Whether due to ransomware, natural disasters or simple human error, we know that system outages, even in public cloud solutions can occur. But with the right cloud-based tools and experience, we can get customers back online by providing replacement contact centre and automation solutions in a matter of hours, not days or weeks.

In this most recent case, we provided a complete and modern cloud contact centre platform, including identity management provision (including Multi-Factor Authentication), within 8 hours. This enabled secure agent access from anywhere (i.e. the agent’s homes) without reliance on existing potentially compromised credentials. It was the fastest and most resilient way to restore customer service capabilities.

A Cautionary Tale

The attack on our customer, a Fortune 500 company and S&P 500 member, shows that no organisation is immune to the growing threat of cyber-attacks.

Between January and March 2023, Sophos – a cybersecurity software specialist – commissioned an independent survey of 3,000 IT/cybersecurity leaders employed by organisations operating across 14 countries. It found that it cost companies on average $1.82 million to recover from a ransomware attack — and that doesn’t even include paying a ransom. For companies with annual revenue of less than $10 million, the average cost of recovery was $165,520. For companies with annual revenue greater than $5 billion, the average cost of recovery approached $5 million. On top of all this, 84% of private sector organisations hit by ransomware said the attack had caused them to lose revenue as a result of lost business opportunities.

So, whether for large enterprises or small businesses, the need for preparedness and business continuity planning has never been greater. Events that seemed unthinkable years ago are now lurking around every corner.

At Sabio, we make it our business to implement contact centre technology and truly understand your business and customer journeys. We’ll work with you to identify and create contingency plans should the worst-case scenario happen, and your customers need peace of mind you’re on top of it.

And if the worst does indeed happen – and it can happen to anyone – you can trust us to bring calm, confident and rapid support when needed. That’s the Sabio way.

Don’t wait until you’re pleading for urgent help on a Sunday morning.

Reach out today, and let’s build cyber resilience and contact centre business continuity plans together. Your customers are counting on it…

In the meantime, read in full how we helped another customer, a multinational home emergency repairs and improvement specialist, recover after a cyber-attack rendered their contact centre platform inactive in the UK and US.

About the Author

Rob Scutchings is Chief Technology Officer at Sabio Group.

Sabio Group is a global digital customer experience (CX) transformation specialist with major operations in the UK (England and Scotland), Spain, France, Netherlands, Malaysia, Singapore, South Africa and India.

The Group, which includes ‘makepositive’, delivers solutions and services that seamlessly combine digital and human interactions to support exceptional customer experiences.

Through its own technology, and that of world-class technology leaders such as Avaya, Genesys, Verint, Twilio, Google, Amazon and Salesforce, Sabio helps organisations optimise their customer journeys by making better decisions across their multiple contact channels.

The Group works with major brands worldwide, including Aegon, AXA Assistance, Bankia, BBVA, BGL, Caixabank, DHL, loveholidays, Marks & Spencer, Rentokil, Essent, GovTech, HomeServe, Sainsbury’s Argos, Telefónica, Think Money and Transcom Worldwide.

From 2020-2022, a combination of global events brought about significant disruptions to society and business that will take time to overcome.

But not all these disruptions were harmful; in fact, some of them only accelerated trends that were occurring. For example, the increased reliance on virtual meetings, remote work, and virtual learning strained internet capabilities, and software companies such as Zoom saw a dramatic uptick in usage.

While some organizations chose to piecemeal their online and virtual roles, some were early adopters of virtual meeting tools that connected people from all over and fully integrated with other processes within the organization.

The benefits of virtual meeting tools are that you can increase connectivity, accessibility, interaction, and security. In addition, having secure virtual meeting tools can help individuals in your organization stay on track, increasing productivity while lowering the overhead of being in person.

What’s more, remote work is not something that was a flash-in-the-pan. In fact, remote options are immensely popular.

In a recent survey, McKinsey & Company found that 35% of job holders work from home full-time, with another 23% doing so part-time. Additionally, 13% of people say they have the option to work remotely but choose not to. Those statistics equate to over 93 million people having the choice of working from home 1-5 days a week.

Another key takeaway from the survey is that when offered, over 87% of workers responded that they would like the opportunity to work from home regularly, with an average of 3.3 days a week of remote work.

What’s surprising is that most industries support remote work, but digital industries provide initiatives to encourage and sometimes demand it from their employees.

The increase in remote options and virtual learning creates a ton of cost-effective options but also comes with an increase in risk. Threats online will continue to grow as long as the trend of work, finance, and education increases online as well.

In fact, the growing threat of online security has jumped in recent years, with the most current industry report claiming that over 93% of all online activity is accessible by third parties.

In 2021, cyber-attacks increased by 15% over the previous year, and these stunning statistics add importance to organizations’ need to adopt better security protocols.

To start, an organization needs to understand the causes of these attacks. Hackers can generally access and compromise your systems through misconfigurations, human error, poor maintenance, and unknown assets.

Once the root potential of exposure is understood, organizations can turn their attention toward addressing the risks.

To address these growing cyber-security concerns, governments, corporations, and individuals are taking increased steps with their online security protocols and budgets.

In some instances, governments have increased regulations and requirements to protect the privacy and data of individuals online.

There are specific steps your organization can take to protect all the online activity, especially since the most risk is associated with user error within the organization and not the particular software and IT protocols installed.

The best strategy to minimize your organization’s online exposure involves layering external security protocols and internal processes.

Security and IT specialists suggest 5-strategies to include in your security processes;

• Implement VPNs for all connections
• Update security software regularly
• Enforce password rules
• Retire unused services
• Leverage existing security options

In greater detail, let’s explore each of these to understand better how you can educate your team and workforce to protect their data and that of your organization.

Implement VPNs: Utilizing virtual private networks (VPNs) gives your organization a near-impenetrable online access channel. Using a VPN becomes even more critical as you have remote and mobile access to your servers and files through public and less secure WiFi.

Update security software regularly: Hackers try to access breaches in security that often occur when software hasn’t been patched and updated. Updating periodically and often limits the possibility of exposure.

Enforce password rules: Strong passwords are the first line of defense against compromised access in your organization. Regular password updates and specific regulations that require highly secure passwords will enhance any other security protocols you install.

Retire unused services: When services expire, any user logins, applications, and credentials can become an access point for hackers. Once unused or expired services occur, delete all user credentials, access, and other functions.

Leverage existing security options: When you receive third-party software and apps, they usually have highly specified security features. Utilize the third-party security features and incorporate them within your security protocols for added layers of cybersecurity.

With the increased use and demand of online access and remote work, it becomes more important than ever to provide the best IT security you can and the training and understanding your employees need to keep your operations safe.

Today’s customer services teams conduct most of their daily operations online. The internet has made it much easier to connect with customers and solve their problems, but it also poses some unique security risks.

A cyber attack would not only hinder your ability to provide customer service, but it could also cause serious financial and reputational damage. To prevent cyber attacks, customer service teams should implement security measures to protect themselves while working online. One of the easiest ways to do this is via Managed IT services, which allow you to outsource many of your most pressing IT tasks. Here are some of the cyber threats that customer service teams face as well as five things you can do to improve your security levels.

Why are customer service teams vulnerable to attacks?

When compared to other parts of an organization, customer service teams are often the most vulnerable to cyber attacks. This is because customer service teams are public-facing, so employees frequently contact people outside of their own organization. This makes it much easier for hackers to observe how a customer service team operates and develop an effective scam.

What types of attacks should customer service teams watch out for?

One type of attack that customer service teams often encounter is phishing. Phishing happens when a hacker pretends to be a trusted third party and tricks an employee into sharing their username, password, or other valuable pieces of personal information.

This typically happens via email or social media message, but can also happen over the phone. Phishing attacks that happen over the phone are called voice phishing or “vishing”. Customer service teams often use third-party apps as part of their work, which makes them vulnerable to phishing.

Additionally, hackers may run phishing attacks posing as your organization and targeting your customers. This can seriously damage your company’s reputation, even if the hackers never actually gain access to your systems.

Malware is another type of attack that is often targeted at customer service teams. Malware is a form of destructive or malicious software that can collect personal information, damage your systems, and more. Malware often downloads surreptitiously when a user clicks an unsecured link. One particularly dangerous type of malware is ransomware, which blocks users from collecting their most valuable pieces of data until they pay a ransom.

Finally, customer service teams should watch out for distributed denial of service (DDoS) attacks. These attacks happen when hackers overwhelm your system with requests, causing an outage. Many cyber criminals use DDoS attacks as a distraction while conducting other more invasive attacks. As cyber threats evolve, it’s becoming increasingly important for organizations to have a strategic approach to cybersecurity measures. One effective strategy is beginning with a clear and comprehensive cybersecurity RFP template. Using an RFP helps organizations better define their security needs, ensuring they select the most suitable security vendors for their operations.

These are just a few of the cyber threats that can affect customer service teams. Hackers are constantly developing new strategies to keep up with new technology advancements. This is why it’s so important for customer service teams to update their cybersecurity strategies regularly.

5 Ways To Improve Your Customer Service Security

1. Vet your third-party vendors carefully.

Many customer service teams rely heavily on third-party vendors to stay productive. While third-party services can help you work more efficiently, they can also pose potential security risks.

Before committing to a contract with third-party providers, conduct a thorough review of their security practices to ensure you are on the same page. You may also choose to include a clause about security practices in your contract for extra protection.

2. Provide security training sessions for your customer service representatives.

Your customer service reps are your company’s first line of defense against cyber attacks. Ideally, your cyber security team should be able to identify phishing messages and potentially dangerous links online. Unfortunately, many customer service teams are so focused on handling customer requests that security falls by the wayside.

Hosting security training sessions throughout the year empowers your team to make safe choices when working online. Many security threats and scams are easy to prevent, but your team needs to know what to look for and what steps to take. Trainings are also an easy way to keep your customer service team and your IT team connected and encourage open communication.

3. Use secure networks and devices.

Ideally, your customer service team should be working from secure devices with firewalls, anti-virus software, VPNs, and other security programs. However, many customer service teams are working from home these days, which can make this difficult to implement.

To help keep your teams safe while working remotely, provide them with computers and mobile devices that are specifically for work. Consider providing secure home internet connections if your team members don’t already have them. By supplying your own devices, you can ensure that they are configured for secure operations.

Encourage your team to work from home, rather than working from vulnerable public WiFi connections. If a team member does need to work on the go, a secure hotspot is a better choice than public WiFi.

4. Update your systems regularly.

Cyber criminals are constantly developing new strategies, and you’ll need to update your systems frequently in order to keep up. It’s particularly important to keep your software programs updated, as each update fixes potential vulnerabilities.

It’s also important to reassess your security strategy each year to make sure it’s still working as intended. You may need to add new layers of protection or adjust your existing strategy to address new challenges.

5. Use two-factor authentication.

Two-factor authentication is easy to implement, and it’s also a very effective way to protect your data. With two-factor authentication, users need to enter two pieces of information to access their accounts, rather than just a password. The second piece of information is typically a numerical code sent via email or text message. This ensures that even if your password gets into the wrong hands, hackers still won’t be able to access your account.

Customer service teams are very vulnerable to outside threats, so strong security measures are extremely important. If you don’t have the resources in-house to manage your cybersecurity strategy, consider partnering with a Managed IT firm. Managed IT firms can help you monitor and update your systems, install security tools, and more.

About the Author 

Carl Mazzanti is Co-Founder and President of eMazzanti Technologies, CISSP, Microsoft Gold Partner and WatchGuard Platinum One Partner, leading one of the premier IT consulting services for businesses throughout the New York metropolitan area and internationally. The firm manages the Cyber Security coverage for over 400 active organizations ranging from professional services firms to high-end global retailers.

eMazzanti is all about delivering powerful, efficient, Cyber Security tools and outsourced IT services, such as computer network management and troubleshooting, threat hunting, PCI DSS compliance, security awareness implementations, mobile workforce technology, malware remediation, cloud computing, and business continuity and disaster recovery.

The implementation includes 8×8 Secure Pay, an essential XCaaS component powered by PCI Pal, which provides an important layer of security and compliance for credit card payments over the phone.

Instead of call centre agents requesting card details, customers key-in payment details directly onto their phone’s keypad – maintaining the highest level of privacy for customers.

National Express services 21 million passengers per year in the UK and needed an integrated cloud communications and customer engagement solution capable of meeting their security and data privacy requirements, which weren’t met by their previous vendor.

Additionally, their contact centre agents, of which 80 percent work remotely, required a solution that was tightly integrated with their CRM system and able to accept secure payments over the phone without compromising privacy, regardless of where the employee or the customer was located.

Lawrie Neal, Salesforce System Administrator at National Express, LTD, said: “For us, it’s about having a better customer experience with tools that are intuitive and easy for our staff, regardless of whether they’re in the office or working remotely. 8×8’s integration with PCI Pal has been a game-changer for us. It allows us to provide an easy and secure experience for our customers while maintaining compliance with PCI data security standards.

“By choosing 8×8, we’ve been able to improve productivity and efficiency, reduce the time to resolve customer requests, improve payment security, and create an overall more seamless and enjoyable experience for our customers.”

8×8 XCaaS integrates cloud contact centre, voice, team chat, video meetings, and CPaaS embeddable APIs capabilities in a single-vendor solution. This provides National Express’ employees, contact centre agents, and administrative staff with a cutting-edge suite of cloud communications tools. These capabilities help to strengthen the employee experience and deliver optimal customer service, anywhere and on any device.

Furthermore, with the new 8×8 Agent Workspace, National Express’ contact centre agents benefit from a simplified interface to help them work faster and improve customer service levels. Seamless data synchronisation with Salesforce provides agents with context and a rich history of customer interactions to further improve customer satisfaction.

Darren Gill, Chief Revenue Officer of PCI Pal said, “We are delighted to work with our partner 8×8 to support National Express in maintaining PCI DSS compliance and securing payments. The company needed a solution that would not only enable its agents to accept payments over the phone when working in a hybrid environment, but would meet the company’s ongoing data privacy requirements. Since achieving these goals, the feedback we have received from National Express has been extremely positive.”

For more information regarding PCI Pal, visit www.pcipal.com, call +44 207 030 3770 to arrange a demonstration or follow PCI Pal on LinkedIn: https://www.linkedin.com/company/pci-pal/.

Customer Support Representatives have too much on their plate.

Whether you’re making a change to your bank account or reaching out to your wireless provider about a SIM card, identity verification is a major part of ensuring that only authorized people can change your account.

But today’s protection methods aren’t robust enough to stand up to impersonators or properly verify a caller’s identity. Customers can forget passwords or be exposed if a cybercriminal releases their password in a data breach can leave customer accounts wide open to exploitation. And it shows – over the past four years alone, identity theft reports have more than doubled, and general fraud reports have nearly quadrupled.

At Nametag, we’ve been studying today’s threat landscape to enable our partners to formalize their identity verification processes and protect their customers from digital fraud and potential impersonators.

Today’s Customer Experience

As cybercrime continues to escalate, a customer support team can be the only line of defense between a fraudster and your customer’s Personally Identifiable Information (PII) at times.

This puts both your representatives and your customers in a difficult position. While your customers grow frustrated with time-consuming authentication methods and obvious security questions (like birth dates, social security numbers or mothers’ maiden names), your overtaxed Customer Service Representatives aren’t just struggling to meet their efficiency metrics, they are also trying to get their clients the answers and support they need. They’re also unnecessarily anxious about whether callers are who they claim to be.

As fraud grows prevalent, customers are also expressing valid concerns about their digital security. They care about protecting their data and seeking control over what information they’re sharing with companies.

CSRs aren’t fraud detectives. Here are the tools they need.

Nametag’s Multi-Factor Identity technology is designed to streamline your customer support processes while giving your customer support team the speed and security they desperately need. We understand that your Customer Support Representatives aren’t fraud detectives. So we give them the convenient toolkit they need to leverage secure identity verification.

When a customer calls, your team can verify your customer’s identity with a portal designed for their needs. When a support call starts, your customer support representative can generate and send a smart link through text, email or chats. Your customer can almost instantly use a real-time selfie and their government-issued ID to prove that they’re real.

This empowers your reps to save time and offer a better experience to your clients. Minimize friction and drastically reduce fraud with one go-to solution for identity verification.

Looking Ahead

The Nametag team is dedicated to empowering businesses to offer secure identity verification and fraud prevention to their customers. Our solutions are designed to help you eliminate time-consuming, informal authentication that enables criminals and impersonators to steal information and identities. To learn more about how your customer support center can leverage our customer ID portal in minutes, you can schedule a demo with us at the link below.

About the Author

Aaron Painter is the CEO of Nametag Inc, the company who invented “Sign in with ID” as a more secure alternative to passwords. After watching too many friends and family members fall victim to identity theft and online fraud, Aaron assembled a team of security experts to build the next generation of online account protection. Nametag has a mission to bring authenticity to the internet and enable people to build more trusted relationships. They believe security should be centered around you, the user, and that your identity – like your privacy – is a valuable asset worth protecting.

One-time passcodes, or OTPs, sent to mobile phones are the cornerstone of many organizations’ customer authentication strategies.

This is in large part due to the positive reputation it has with consumers: it’s convenient and assumed that these codes are secure. But with the increasing prevalence of mobile malware, man-in-the-middle attacks, phishing, SIM card swaps, call forwarding and other fraud techniques, mobile OTPs are becoming a progressively less reliable means of protecting customer accounts.

Fraudsters are using an increasing number of ways to compromise consumer phones, and businesses are feeling the impact. A recent Forrester survey of 300 North American fraud prevention decision-makers indicates that phone-related fraud is rife: almost every respondent reported that their organization had experienced mobile fraud in the past year. SMS OTP fraud attacks were among the most commonplace, even though one of the main reported challenges from these companies was that they lack the tools to accurately detect OTP fraud. It’s a near certainty that the true extent of the problem is severely under measured.

The high cost of fraud…

Customer authentication fraud loss rates exceeded 5% last year for nearly half of survey respondents, indicating that they lost more than 5 cents of every dollar earned. And, as mobile transactions gain ground, the share of fraud costs from the mobile channel is rising, jumping from 5% to 39% of fraud costs in U.S. e-commerce between 2020 and 2021, according to the LexisNexis True Cost of Fraud Study.

Direct fraud losses balloon with the addition of related costs such as chargeback fees, interest, and merchandise replacement and redistribution. LexisNexis calculates that in 2021, every $1 of fraud cost U.S. retail and e-commerce merchants $3.60 — up from $3.36 in 2020 and $3.13 in 2019.

And even these figures are dwarfed by the indirect costs of false declines, negative customer experience, loss of customers and damage to brand reputation.

…and fraud prevention

Fraud prevention is always a balancing act, with merchants attempting to verify buyers’ identities and block fraudulent purchases while at the same time trying to avoid rejecting legitimate orders or creating so much friction that customers are driven away. This is especially true across digital channels where customers can take their business elsewhere with just one click.

Many industry analysts believe that the majority of declined transactions are actually legitimate orders, representing a massive loss of potential revenue to merchants. A report by Sapio Research suggests that for every $1 in credit card fraud, e-commerce merchants lose $13 in false declines. But other sources estimate that false-decline losses are actually up to 70 times the fraud losses.

What’s more, 39% of consumers say they will never go back to a merchant that declines a transaction — leading to a significant loss in lifetime customer value. And 28% say they will report their negative experience on social media, potentially influencing other prospective customers as well.

A precise, low-friction approach

Unfortunately, the vulnerability of the mobile channel has weakened OTP effectiveness. The significant rise of SMS OTP fraud puts both the organization and the customer at risk. New strategies are needed that complement the ease and convenience of authentication via SMS text messaging or callbacks. The question becomes, how do you flag potential fraudsters before sending that one-time passcode to a customer device?

The majority of survey respondents are looking to answer that question with technology partners who can enhance OTP authentication security while maintaining a user-friendly experience for consumers. Just three in 10 decision-makers surveyed by Forrester believe that their companies’ ability to prevent authentication fraud is optimized, and nearly seven in 10 have already begun investing in technology to help prevent OTP incidents. Respondents identified the following capabilities as either mission-critical or important: identifying high-risk phone numbers, detecting if a phone scam is active before sending an OTP, using a decision engine to determine the lowest-risk channel (mobile app vs. SMS, for instance) and then sending the OTP via that channel, and obtaining a low-risk phone number when the initial phone number is identified as high risk.

The above trends are leading to the increased adoption of phone takeover risk solutions. These tools provide companies with real-time intelligence to determine whether sending an OTP to a phone number presents a high or low risk. It signals if common fraud tactics, such as SIM swaps, call forwards and reauthorized assignments, may have recently occurred. Understanding if a device or interaction is at high risk for these types of fraud allows the vast majority of one-time passcodes to be safely sent and received while stopping fraudsters from receiving these same passcodes after hijacking consumer phones.

Protecting the Customer Experience

As more consumers embrace mobile transactions, organizations need tools that help make the use of one-time passcodes, one of the most universal and widely adopted authentication processes, safer from bad actors. These solutions will ensure a difficult experience for fraudsters while maintaining a positive authentication experience for customers — thus laying the foundation for greater trust, enhanced brand value and market share growth.

About the Author

Shai Cohen leads TransUnion‘s Global Fraud Solutions Group. Cohen has spent decades in the IT and cybersecurity industries leading business units and software engineering and product management teams. He joined TransUnion from RSA, where he was the general manager of its Fraud and Risk Intelligence business. Previously, Cohen served in leadership roles at EMC and Intel.

As contact centres embrace the world of remote and hybrid working, Rob Crutchington, Managing Director of Encoded, discusses how the cloud, open banking and the latest SCA regulations help protect the customer, agents and merchants when taking payments.

 The new world of hybrids

There has been a rapid change in recent years in how people live and work. Hybrid has become a new daily term. From increased demand for hybrid cars to the hybrid model of office and home working, now embraced by many organisations.

This shift to remote working across the board is supported by the data presented in the recent UK Contact Centre Decision-Maker’s Guide 2022, published by ContactBabel, which reports that 99% of UK contact centres expect some of their agents to be remote working. Another survey amongst 300 Contact Centre professionals conducted by Calabrio, a workforce optimisation solution provider, cites that workforce flexibility is now a necessity.

There is no doubt that a more dynamic work environment has benefits for employees as well as organisations. Contact centres report high levels of employee satisfaction with new working arrangements, alongside increased productivity, service flexibility and operational cost savings. According to the Calabrio report, 9 in 10 of the contact centres surveyed have half of the workforce working remotely since the pandemic (previously 1 in 3) and 85% will continue to work like this.

Increased demand on customer services teams also accelerated the introduction of new technologies such as chatbots and webchat. However, there is no doubt that talking to an agent remains the gold standard of service. Customers want to speak to a person if they have a complex issue or question or for the simple reassurance of personal contact. This is particularly true when dealing with payments. With so many instances of fraud being reported, many customers believe that talking to an actual person can help to minimise the risk of identity theft.

How secure is homeworking?

Having agents working from home can present security issues for contact centres. With fraud on the increase, how can customers be reassured that the agent’s home network and PC is secure? After all, they may be dealing with highly valuable personal identification information, which if it fell into the wrong hands, could have serious implications on a customer’s financial (not to mention emotional) wellbeing.

Organisations that have successfully implemented home working teams report that new technology and security awareness amongst agents is essential. Not only for collaboration with co-workers, but also enabling secure access to the CRM systems to collect and update customer data.

Security of data is something that many companies rely on agent training to manage, but it is important to have systems in place that protect the agent and the customer from theft. Fortunately, technology solutions are addressing these issues, from cloud-based applications that enable secure remote working, to payment solutions that protect customer’s conversations and card data.

Think Cloud first

Even before the pandemic, companies were starting to shift to the cloud. According to the recent UK DMG, 71% of UK contact centres now use one cloud-based application, with many planning to invest further in the technology. Cloud-based communications systems are more flexible, robust and secure than traditional on-premises solutions and don’t need additional IT staff or investment in expensive hardware.

Cloud solutions can provide the reassurance that customer card data is stored securely off site. It can also help companies meet PCI DSS compliance by helping to ‘descope’ the requirements.

A Fraud Prevention Platform helps combat Fraud

How agents manage payments during a call is important in terms of customer experience (CX).  Fortunately, there are technology solutions available that can facilitate and protect payments and ensure smooth customer journeys.

For example, if a transaction is declined, an agent can advise the customer that an additional level of validation is required. Using Encoded’s Fraud Prevention Platform card holder identity can be verified using a variety of validation methods, including 3D secure, which is an additional security layer used in e-commerce credit and debit card transactions.

As well as helping to combat fraud, it helps to increase the number of transactions processed, reduces the number and costs of declined payments (good for the customer and the merchant) and provides a positive customer experience.

Open banking opens up choice

Open banking, along with the different payment channels now available, has given customers real choice and control over how they pay. The great thing about open banking is that it helps customers manage and make more of their money by allowing secure access to their banking and other financial data, wherever they are. All of the firms enrolled in open banking are regulated, which means they can exchange information quickly and securely via open APIs while ensuring customer data is protected at all times.

Faster payments enhance customer satisfaction, but they are also essential for optimum cashflow, vital for any business. Encoded’s Gateway Services work with open banking, increasing speed and security of transactions. It bridges the gap between merchants and payment acquirers and banks.

When paying online, customers can enter their card details, which are submitted by Encoded’s solution via the least cost acquirer. As with other Encoded solutions, the Gateway helps meet PCI DSS compliance as it de-scopes the data. Adherence with PSD2 and Strong Customer Authentication (SCA) gives added protection to the customer.

 Trusted Payment Solution Providers ensure Compliance

There is no doubt that remote working is here to stay. For employees and customers this has given flexibility and choice, while for organisations this has meant changes in HR, operational and financial policies and processes.

Fortunately, technology provides the bridge between flexibility and responsibility. Working with trusted payment solutions from regulated providers helps with PCI DSS compliance and data security, protecting both the merchant/contact centre and the customer.

About the Author

Rob Crutchington is Managing Director of Encoded.

Encoded is a leading Payment Service Provider and pioneer of new and innovative secure payment solutions for contact centres.  Encoded offers a range of card payment solutions designed to help organisations comply with PCI DSS, GDPR and the newly introduced Payment Services Directive (PSD2).

Encoded’s solutions are trusted by many of the world’s leading brands including Samsung, Mercedes-Benz and BMW, as well as a host of UK utility companies such as Green Star Energy and Severn Trent Water.  Solutions include:  Agent Assisted Card Payments, E-Commerce Payments, IVR Payments, Mobile Apps, PayByLink Mobile Payments and Encoded Gateway Services.  For further information please visit www.encoded.co.uk

The UK Contact Centre Decision Makers Guide (DMG) 2022 highlights the latest trends in contact centres. Reviewing this year’s report, Rob Crutchington discusses the challenges of balancing customer service with ID verification to prevent fraud and how it continues to be a concern for organisations.  

One of the notable findings cited in this year’s ContactBabel DMG report is that the average cost of an inbound call is £5.42 which represents 35% more than email and 78% more than webchat. What’s more, inbound calls to a live agent are still used by the majority (63.5%) of organisations for customer interactions, followed by those using email (17%) and webchat (6.8%). So why is voice still the preferred communication channel of choice?

While webchat may enable faster resolution for straightforward enquiries, there is no doubt that talking to an agent remains the gold standard of customer service. A significant proportion of customers want to speak to a person because they need help with online options, they have a complex issue or for the simple reassurance of personal contact. Many customers also believe that the security of speaking to a human can help to reduce fraud and identify theft. Some less ‘tech-savvy’ demographics simply prefer to talk.

Tackling fraud can cost

A large part of the cost of a call for organisations is caller authentication. According to the latest DMG report, 63% of all calls require a security and identification process to be completed first, while a staggering 98% of calls were reported to be authenticated by agents. This means that organisations are spending a significant amount of time and money on agent-handled identity and verification (ID&V) checking.

The finance sector is an obvious target for fraud, yet in the survey the retail and utilities sectors also reported it as a problem. In fact, half of all large contact centres and 55% from small operations stated that they were concerned about external fraud, defined within the survey as the caller pretending to be another person.

Three ways to combine secure payments with gold standard CX

Fraud prevention is high on the contact centre agenda, as is providing a great customer experience (CX).  Providing personal service is an important way for organisations to reassure customers that they take security seriously, particularly when handling payments.

Fortunately, there are ways to use technology to help combat fraudulent activity, meet the required security regulations and provide gold standard customer service. Three examples are:

1. Agent Assisted Payments with pause and resume recording – enable contact centre agents to process card payments without being exposed to sensitive card data. This is still ranked highly and reported to be used by two thirds of organisations.  Using Agent Assisted Payments in conjunction with fraud risk management technology, such as Encoded’s patented Fraud Prevention Platform (FPP), an agent can advise the customer that additional identity validation is required and simply send a secure link (email or text).  Once the customer acknowledges the link, the transaction is verified in the same way as a secure ecommerce payment from a trusted device.  This smooths the CX process and helps to increase the number of transactions completed.

2. IVR Payments – Mid-call IVR (or agent-assisted IVR) is viewed as a more customer-friendly approach, where the caller may have additional questions or the requirement for reassurance and confirmation after the payment process, perhaps around delivery times or other queries not related to the payment process. The DMG report showed this method is used by just over one-fifth of respondents.

3. Paybylink – offers an alternative way for the customer to pay and is gaining traction as a self-service method of fraud reduction. The agent sends a secure payment link by email or text, which provides a pre-populated payment form for customers to complete payment.  This relatively new method is now used by 13% of those who replied to the survey.

Meeting the CX agenda

In the past, average call duration and cost-per-call were considered the most important metrics in contact centres. Today ContactBabel reports that nearly half of respondents choose customer satisfaction ratings as the most important measurement.

The contact centre remains a key customer touchpoint and an important frontline channel for customer enquiries and transactions. Business processes and metrics need to support this focus on customer service including balancing the ID&V question with CX. When choosing payment solutions it is important to meet customer service goals, as well as ensuring that critical processes are secure to reduce fraud, meet regulatory compliance and provide a great customer experience.

For more information on Encoded’s PayByLink and Fraud Prevention Platform solutions visit www.Encoded.co.uk

About the Author

Rob Crutchington is Director of Encoded.

Encoded is a leading Payment Service Provider and pioneer of new and innovative secure payment solutions for contact centres.  Encoded offers a range of card payment solutions designed to help organisations comply with PCI DSS, GDPR and the newly introduced Payment Services Directive (PSD2).

Encoded’s solutions are trusted by many of the world’s leading brands including Samsung, Mercedes-Benz, BMW and Virgin, as well as a host of UK utility companies such as Green Star Energy and Severn Trent Water.  Solutions include:  Agent Assisted Card Payments, E-Commerce Payments, IVR Payments, Mobile Apps, PayByLink Mobile Payments and Encoded Gateway Services.  For further information please visit www.encoded.co.uk

These days, many small business owners use digital tools to manage virtually every aspect of their company, including key pieces of customer data.

While these digital tools make it much easier and more convenient to manage your business, they can also leave you vulnerable to cyber attacks if you don’t have the proper security measures in place.

Today’s consumers know this, and they are more concerned than ever about the safety of their personal data. Keeping your customers’ data safe and secure is essential if you want to keep their business and maintain a good reputation. Unfortunately, many business owners don’t take steps to protect their systems from these attacks until it is too late. In this article, we’ll talk about ways to keep your customers’ data safe from cyber attacks and why it is so important.

What is a cyber attack?

A cyber attack is an attack against a computer, smart device, or digital network. There are many different types of cyber attacks, including phishing attacks, spyware, ransomware, and many others. These attacks are usually carried out with the intent of getting access to valuable financial or personal information, or getting access to the computer systems themselves.

Cyber attacks have become increasingly sophisticated in recent years, as hackers have had to work to outsmart robust security systems. These attacks can happen to any business, whether you’re an entrepreneur just starting out or a corporation with an international presence.

Why is cybersecurity so important for customer loyalty?

As technology has become more advanced, many customers opt to do their shopping online and use digital services to manage many aspects of their daily lives. In fact, over 80 percent of consumers shopped online in some capacity in 2020. Because of this, consumer data has become extremely valuable. Many companies use key pieces of consumer data to create personalized marketing strategies. However, many cyber criminals seek out these pieces of consumer data for their own financial gain. When they are successful, it can compromise your customers’ privacy, financial security, and even their physical safety in extreme cases.

Today’s customers know how much their data is worth, and they also know what’s at stake if that data is compromised. As a result, they seek out companies with robust cybersecurity systems that protect their data. In particular, they look for companies that communicate clearly and that they can build a trusting relationship with as part of the customer experience.

What are the best ways to protect customer data from cyber attacks?

There are many steps you can take to keep your customer data safe and build trust with them. Here’s what to keep in mind as you are implementing your security system for your website.

• Only collect the data that you need. This may seem simple, but it can go a long way towards building customer trust and keeping that data safe. Many customers are reluctant to provide data, so only asking for what you need is a good way to build trust. Additionally, this will make you less of a target to hackers, because you’ll have much less valuable data in your systems.

• Invest in a reliable security system. Cyber attacks can be very detrimental to your business in the long run, so investing in a good security system now can help you save money. This means investing in a dedicated server system as well as a reliable anti-virus program and updating them regularly. If you aren’t sure where to start, hire a security professional to help you implement this type of system.

• Limit access to valuable data. Only the team members that need consumer data to do their jobs should have access to it. You may also want to limit the types of devices your employees can use to access this type of data. The fewer access points there are, the harder it is for hackers to make their way in.

• Create a data policy and communicate openly about it. Before collecting any data from your customers, put a data policy in place that specifies what type of data you will be collecting, how you will use it, and what steps you will take to protect it. Once you have a policy in place, make sure you stick to it and communicate it clearly to customers. This helps build trust among customers.

Consumer data protection is something that every business should take seriously, whether you’re a solopreneur or an established corporation. Taking preventative steps to keep your customers’ data safe not only protects them, but it also protects your businesses’ reputation and financial security.

About the Author

Ashley Lukehart has been writing about the impact of technology and IT security on businesses since starting Parachute in 2005. Her goal has always been to provide factual information and an experienced viewpoint so that business leaders are empowered to make the right IT decisions for their organizations. By offering both the upsides and downsides to every IT solution and consideration, expectations are managed and the transparency yields better results.