Contact centers handle massive amounts of sensitive customer information on a daily basis. With all of those calls that are transcribed and recorded, there are a number of people beyond the agent who can access calls and customer information. As a result, putting the proper compliance processes in place to protect customer data is mission-critical. Technologies like speech analytics and AI can significantly streamline this process.
But first, why is protecting customer data in contact centers important?
- Customer data can be leaked, stolen, or used without consentAT&T will pay $25 million after call-center workers sold customer data (link). On at least three occasions, outsiders paid AT&T call center employees to provide them with sensitive customer information, according to the Federal Communications Commission.
- For every breach in compliance, financial lawsuits and stiff penalties are imposed.
- Along with the financial implications, compliance breaches also cause a loss of trust and brand reputation.
What kinds of sensitive data is handled today?
Today, contact centers most commonly use sensitive customer information to verify the customer or manage a financial transaction. There are a number of types of customer information contact centers gather, including:
- Personally identifiable information (PII): information relating to an individual including name, age, date of birth, social security number, race, driver’s license number, and marital status.
- Payment Card Industry (PCI) Data Security Standard: credit card information.
- Personal health information (PHI): healthcare-related information including demographic details, insurance details, medical history, and medical results.
- Other: less-sensitive but still identifiable information including delivery dates, order numbers, and shipping information.
How do contact centers handle sensitive customer data today?
Despite the heavy penalties and loss of brand reputation dangers of a compliance breach, many contact centers still use outdated compliance practices and risky workflows.
For example, a common compliance QA practice is stop and resume, where the agent manually stops the call recording when they’re getting ready to receive sensitive information from the customer. This is highly prone to human error.
Beyond compliance processes that take place on-call (like the example above), there’s a wider trend of reactive compliance monitoring.
This is where issues are only caught after they’ve already taken place as compliance, risk, and fraud teams identify them through manual call monitoring. The issue here lays in speed as compliance breaches are identified days after they take place.
As Neal Topf, President of Callzilla, put it:
The speed in which we’re able to react to what’s happening is critical, and we continue to aim to reduce it. Take a scenario where an agent is coached on compliance days (or up to a week) after an evaluation is completed. There could be severe fatal errors in that time period that need to be addressed, that simply aren't.
AI-powered compliance: key methods and use cases
AI services have dramatically enhanced compliance capabilities.
From being able to rapidly (and proactively!) monitor 100% of calls with speech analytics, to comprehensive reporting, to automation, contact centers can now harness the power of AI to ensure end-to-end compliance.
Let’s look at the most critical AI-enabled compliance methods contact centers use today.
AI-powered redaction
Redaction is an AI service that allows contact centers to select sensitive data entities and censor (redact) them on both call audio and call transcripts. This means that anyone reviewing the call transcript or recording will not be able to hear or read sensitive information that the customer provides.
AI-powered redaction begins with entity detection, where the AI service identifies the type of named or numerical entity that should be automatically redacted. This could be a credit card number, a phone number, a first name, etc.
Being able to accurately identify the type of entity is key, as contact centers need to be able to specify exactly what entity to redact with high accuracy.
If the entity type is numeric, you can use numeric redaction to redact any numeric mention from your call and transcripts. However, you might miss out on critical numeric information required for agent performance. To go a step further, you can use selective redaction, which only redacts only sensitive parts of the conversation. It works for both named and numeric entity types. This solves the issue of over-redaction or under-redaction and allows contact centers to customize automated redaction to their unique needs. For example, you might want to redact the account number but keep the loan interest rate visible.
Keyword phrase monitoring
In some cases, specifically in highly-regulated industries like financial services and collections, compliance monitoring takes place by understanding what is said on the call.
Common examples include the Mini-Miranda on collections-related calls, or mandatory compliance and recorded line dialogues in insurance or other financial services related calls.
In a nutshell, the contact center AI service is monitoring 100% of voice calls for the exact phrase that an agent is required to say on every call.
For example, say the agent is required to quote the Mini-Miranda disclosure at the start of every collections call by stating that they are calling to collect a debt, and that any information revealed in the call will be used to collect that debt.
The contact center will set up keyword monitoring to identify that the agent read the Mini-Miranda script. If the agent does not use the exact permissible languages, supervisors can look at the call and more proactively coach the agent around the dialogue.
However, the reality is that humans speak with many different variations. Here, too, AI can help by auto-suggesting a variety of phrases that allow agents to remain in compliance without sounding overly robotic or scripted.
Impactful use cases: how contact centers ensure compliance today
Debt relief company creates a culture of compliance
Investing in compliance monitoring and agent performance coaching is critical to creating a culture of compliance. That’s done by building processes and programs around the proactive monitoring of compliance, catching and mitigating risk before it becomes a widespread problem.
Doing so starts with 100% call coverage - monitoring every client interaction that takes place rather than just a small percentage. Then, using those valuable insights, driving improvements across the organization.
Like Vince Trotter, VP Operations at National Debt Relief said:
You can’t make business decisions based on 3% of the interactions. In our world, compliance is critical. You can run into a place where you could lose your license and your ability to do business in some states, if you get caught just one time, saying the wrong thing. We want to measure compliance on 100% of the calls.
ERC signals for and stops fraud in its tracks
With remote work, fraud and risk management teams have had to adjust to the new normal and change the way they work. In today’s competitive consumer market, securing the online customer journey cannot come at the expense of a negative customer experience. This is where voice insights help to not only protect the customer, but to protect your brand perception, as well.
AI-Powered Fraud Detection
Leveraging AI-powered keyword monitoring for fraud detection is helping outsourced business processing companies to exceed service level agreements and protect customer information by ensuring process adherence remotely.
Validating Payment Processing Requirements
With visibility into 100% of voice interactions, ERC validates if agents are complying with payment processing requirements. ERC quality assurance teams use the Moments tab in the Observe.AI platform with a ‘payment compliance’ moment which then alerts QA managers if agents are in need of assistance.
Identifying Fraudulent Behaviors
With the use of this ‘payment compliance’ moment, ERC has been able to identify fraudulent behaviors and ended up finding more than 12 instances of attempted fraud against their client which were flagged for immediate escalation. ERC is now able to act swiftly against fraud attempts with the data to back their success, which they leverage as a top differentiator to retain clients and grow their business.
Root Insurance ensures mandatory compliance dialogues
In 2019, high growth auto insurance startup Root Insurance experienced tremendous growth, needing a platform that helped them scale coaching and service improvement at scale. Root insurance leverages the Moments feature to mitigate compliance risk through mandatory compliance dialogue tracking across their entire organization. With a proactive approach to coaching agents on common mistakes to avoid during onboarding, they’re able to reduce compliance breach.
In addition, faster processes have enabled them to reduce onboarding time by 20%, allowing QA managers to get agents ramped, compliant, and answering calls at a faster pace.
Contact center AI lets us filter through thousands of calls, pinpoint pain points, analyze customer feedback, and act with urgency to improve our user experience and strategically plan innovative efforts based around the customer, for the customer. In essence, voice becomes a critical element for our brand’s continued success.
—Kyle Kizer, Manager Customer Service Operations, Root Insurance
Final Words.
With remote settings serving as the new way of working, it’s become increasingly difficult to protect sensitive information and prevent fraud with traditional methods. AI and automation enable contact center teams to build processes that can save organizations tens of millions of dollars in hefty fines. With proactive measures against security threats, contact centers can save costs, protect their financial health, and be better equipped to withstand unexpected economic challenges.