The government’s charge to slash public spending by £17 billion between now and 2014 is a task I do not envy. While it’s been acknowledged that technology can play a part in this process, the role of security has been somewhat overlooked.
In recent years the public sector has been rife with high profile data losses and security breaches: consider that in 2008 fraud in this sector alone cost UK taxpayers £17.6 billion, and accounted for 58 per cent of all fraud loss, according to the National Fraud Authority.
Experian has recently estimated that £1 billion of those fraud losses could be tackled in the near term through better controls and more accurate data matching in environments such as call centres. In fact, the UK public sector works with hundreds of call centres for a range of services such as child benefits, council tax, parking permits, etcetera.
In this article, we will explore security’s role in cutting costs via the call centre operation. Specifically, we’ll take a look at how private sector organisations have been reducing costs through their call centre operations and what public sector IT managers can learn from them in order to meet the daunting budget goals that they have been set.
Taking a micro view
In recent years, we’ve seen financial services companies investing heavily to ensure that call centre environments that enable access to personal financial data are better protected. In tandem, they continue to be equally focused on reducing caller verification time in order to lessen the overall cost of running the centres.
For example, a FTSE100 retail bank in the UK recently managed to reduce its call handling times in selected circumstances by up to 30 percent through the use of a knowledge-based verification process to validate user identities.
Speeding up the verification process whilst ensuring calls are still secure can be challenging. There are of course many areas for consideration within call centres, including a layered approach to security, efficient archiving and storage. However, for the sake of this article we’ll focus on a few key learnings from the private sector and pitfalls to avoid.
Since the beginning of the year, we have uncovered several fraudulent call centres. The incentive to target the telephone channel for the purposes of committing fraud has increased due to the extensive efforts made by various business sectors to improve consumer authentication within the online channel.
In response to the increase in phone channel fraud, many financial services organisations have begun to implement additional layers of security in this channel.
However, public sector organisations should not wait for the next threat to present itself. It is crucial that they take a look at how fraudsters have been successful so far and plan ahead to mitigate attacks before they occur.
While technology vendors and end-users seek new and innovative technologies to protect confidential data, the fraudsters are equally focussed on finding new ways to circumvent these evolving defences.
Use dynamic data
A major challenge in creating a robust identify verification process lies in selecting the types of information that the process will rely on: static data, such as birth-dates, mothers’ maiden names, NHS numbers, is far too freely available, and can be easily accessed by any number of third parties.
Organisations would be better advised to use a variety of dynamic data involving behavioural patterns, because it is more difficult for fraudsters to gather such data through phishing and go on to exploit it elsewhere.
For instance, whenever the child support agency calls, the operator asks me several questions pertaining to my national insurance number, date of birth, address, the name of my child, the name of my bank, etcetera.