26 May The Work of Call Center Security is Never Done
From international companies to nonprofits, Centrinex’s call center handles customer service calls for a wide variety of organizations. The scope of these organizations’ industries means we have to implement and follow several physical and digital security protocols to protect people’s personal and financial data.
We field many questions about the security we have in place. You would think it would be simple enough to answer them, but it isn’t, because nothing about digital or physical security is black and white. Rather, call center security is a constantly moving target because threats and regulations are constantly changing.
To further complicate already complicated security measures, Centrinex customizes its services to the unique needs of our clients and their customers. While Payment Card Industry (PCI) compliance tends to apply to our clients across the board, there are also situations where other industry regulations need to be met. For us, security procedures truly go by a portfolio-by-portfolio basis. If we have a client whose security protocol involves our call center representatives undergoing Secret Service-level background checks, so be it.
Our Ultimate Goal is to Protect All Clients’ and Their Customers’ Data, Not Only Credit Card Numbers
Every security measure Centrinex has in place is designed to protect not only credit card numbers, but also any non-financial data associated with our clients and their customers. Of course, not even the global tech giants can foresee every threat on the horizon, which is why we all must play the cat and mouse security game—just as one security threat is quelled, another one pops up. To that end, our leadership stays current on best practices and makes adjustments as needed when new threats emerge or regulations change.
Centrinex is PCI compliant, meeting these requirements:
- Safeguard cardholder data by implementing and maintaining a firewall.
- Create custom passwords and other unique security measures rather than using the default setting from your vendor-supplied systems.
- Safeguard stored cardholder data.
- Encrypt cardholder data that is transmitted across open, public networks.
- Anti-virus software needs to be implemented and actively updated.
- Create and sustain secure systems and applications.
- Keep cardholder access limited by need-to-know.
- Users with digital access to cardholder data need unique identifiers.
- Physical access to cardholder data needs to be restricted.
- Network resources and cardholder data access needs to be logged and reported.
- Run frequent security systems and processes tests.
- Address information security throughout your business by creating a policy.
Our main call center floor is considered a federally secure floor. The external windows are protected by glass break technology and the space is equipped with motion detectors, to name a few security points. Plus, there are two entrances that allow only authorized agents access to specific areas.
Centrinex’s call center representatives are assigned lockers in which they store their personal belongings, including mobile devices, prior to reporting to the main floor. We have clean desk and clean under desk policies.
Policies are in place that prevent call center agents from printing from their computers, and they cannot insert flashdrives in computers to save or print information.
In addition to using call recording technology, we have screen recording and capture software that allows for improved training, oversight and incident review/resolution.
On a regular basis, our leadership team reviews our security procedures and upgrades or updates as needed. For example, on weekends there are fewer agents working on our call center floor. Rather than have them spread out, like we practiced for social distancing or when more reps are working, we clustered them closer for easier management.
The point is is that we never think our call center security work is done. To do so would be to invite fraud and breaches. Instead we combat complacency with ongoing evaluations, implementing new ideas and technology to keep our clients and their customers’ data protected.