The call center agent’s desktop is a collecting ground for personally identifiable information (PII), and sometimes efforts to control the secrecy of this data falls short and also inhibits customer service delivery.
Consider the agent’s desktop/workstation and all the elements at play, including the phone (which is likely connected to a call recording system), their desktop, and all the applications they must navigate through in order to help a customer. All of these areas are potential failure points in terms of mishandling PII, which if stolen, would put the customer at risk and the business in hot water.
Desktop Elements Exposed to PII include:
Agent PC – Anything the agent puts on the desktop in terms of PII has a high potential for exposure by anyone who might have access to that machine.
File Folders – Whether desktop or network based, any PII housed in file folders is easily accessible to unauthorized users if they wished to access it.
Internet/Web-Based Applications – Any PII housed in a web application (CRM e.g.) is protected only as far as the web application provider itself has security/privacy protocols in place. You are relying on their web-based app to keep your customers’ data safe.
Network – PII that is captured and stored (even in a secure server) at some point must traverse your network to get there. This opens the door to data theft and misuse, while it’s in transit.
PII is something no one really wants to handle, but its capture is necessary for processing orders. In some of the large call centers we have visited, we have heard from agents themselves that they wish they didn’t have to handle PII at all. It makes them nervous in terms of potentially having fingers pointed at them if there were to be a data breach. These agents would love a better way to capture credit card data, for example, without them having to be exposed to it.
You’ll notice in the paragraph above I didn’t say PII was necessary to capture and store, because it isn’t. With DTMF data capture, PII can now be securely captured via the customer’s telephone keypad and sent directed to the payment processor, never even touching the original company’s network.