What Security Requirements Should Call Centers Be Compliant With?

call center complianceIn the modern environment of robocalls and seemingly constant data breaches, transparency about security and privacy policies is paramount for businesses in all types of industries. That becomes even truer if you handle any type of personal data, ranging from patient health information to consumer credit card transactions. When it’s time to bring in outsourced call center assistance to help you keep up with volume, you have to be able to rely on your partner to uphold the same security and privacy you promise your customers.

If you’re looking for a new contact center outsourcing vendor, consider asking about the following security requirements and measures to ensure high-quality service your customers can trust.

  • PCI compliance: Businesses that handle credit card data and transactions must meet PCI compliance or face hefty fines and sanctions from the credit card processors. Plus, it’s just good business practice to protect consumer credit card data and reduce the chance that someone could be a victim of credit card fraud because your security was lax. If contact center services will involve accepting, arranging or otherwise handling credit card payments or info, ask how the vendor complies with PCI.
  • IVR security: Interactive voice systems and other automated measures may help call centers keep pace with volume and drive efficiencies to reduce costs. But ultimately, all of this automated interaction is run by computers, which means a great deal of data is being stored somewhere on networks or in the cloud. When evaluating a new outsourcing vendor, ask how they store, protect and manage automated call data.
  • Call recording storage: As part of quality assurance processes, many call centers record calls — and those files can be filled with audio versions of confidential or sensitive information. Ask how long a contact center keeps these recordings and why, and what security measures are used to protect them. If calls include highly sensitive information, such as credit card numbers, find out if there are technical or manual measures in place to redact or scrub that information from the calls.
  • File encryption: Depending on the nature of the contact center, the staff may need to send information and files outside of the center, including to other business partners, to your clients and to you. Work with any new outsourcing vendor to define the appropriate file encryption and transfer processes to protect data, your business and clients. That may require sending everything through a portal or using an email encryption service.
  • Controlled access to information: Not everyone in a contact center needs access to every piece of information, and controlled access is especially important in regulated industries such as finance or health care. Ask a potential outsourcing partner about password protections, log-in protocols and whether access to data and programs is logged for review.

Security isn’t something you can overlook in today’s cyber-sensitive environment, and any vendor that handles data and client calls or chats on your behalf should employ security measures that are equal to yours. Don’t wait until you’re already contracted with a call outsourcing company to ensure it can meet your requirements.

If you’re looking for an experienced call center partner that can deliver high-quality services while protecting your customers and data, contact Ameridial for a quote today.