In contact centres, verifying customer identity is essential for data protection and privacy. With rising concerns over fraud and data breaches, businesses must implement measures to protect sensitive customer information.
Identity verification ensures that only the legitimate account holder can access their data, reducing the risk of unauthorized access. This is especially important in industries like telecoms, finance, and healthcare, where mishandling data can have serious consequences.
So, when a Quality Manager from a telecom company reached out to our Community, they sought information on security questions and best practices for verifying customer identity:
“I work as a quality manager for a telecoms company and I’m looking into DPA when monitoring agent/advisor calls.
Is there certain information an agent has to confirm to ensure they are speaking to the customer? Does this differ on Inbound calls and outbound calls?
Is there certain information an agent cannot give out over the telephone i.e. customer telephone number, customers address?”
Why Contact Centres Need to Use Security Questions
Contact centres handle sensitive customer information and must verify a caller’s identity before disclosing personal details.
Security questions help prevent fraud and ensure data is only shared with the account holder. In sectors like telecoms and financial services, it is essential to confirm the caller’s identity to comply with data protection laws such as the Data Protection Act (DPA).
Using security questions also helps contact centres maintain compliance with industry guidelines and protect customer privacy.
What Security Questions Should Be Asked and How to Decide?
Our industry experts provided some advice to help guide best practices for security questions in contact centres:
Follow FCC Guidelines
FCC guidelines must be followed to ensure proper identity verification. A caller needs to verify their name and the last four digits of the primary account holder’s social security number.
If a password is set, it becomes the primary method of security. If the caller is not the billing name or an authorized user, no access is granted, regardless of what information is verified.
For fully verified callers, account information that can be provided is limited. We cannot release any sensitive account details, but we can confirm them.
Information like balance, payments, usage, rate plans, and features can be shared, but personal data, such as specific phone numbers, call times, or dates, will not be disclosed.
The worst-case scenario is that someone might gain access to change a plan or service, which can easily be corrected.
However, releasing specific data could potentially help someone with malicious intent locate and harm the individual, which is why strict security measures are necessary.
Contributed by: Jeff
No Set Questions in the Data Protection Act
The Data Protection Act does not specify set questions for verifying identity; instead, it advises that companies take reasonable steps to confirm the identity of the caller.
In practice, most companies I’ve encountered or worked for typically ask for a postcode and date of birth after gathering the caller’s name and agreement/reference/account number.
As long as relevant security questions are asked, the company has met its responsibility. If someone calls and ‘pretends’ to be your customer is then they are the one breaking the law.
Contributed by: Carl
Get Customers to Set Their Own Security Password
Some organizations allow customers to set their own security password, which can be a highly effective method.
This password is often something personal to the customer and harder to guess, unlike common details such as a postcode, date of birth, or landline number.
Contributed by: Neil
Ask Account-Specific Security Questions
I work as a Trainer at a contact centre in Financial Services. We avoid using questions like date of birth, address, and name as proof of identity, as this information is too easily accessible online.
With just a name and a quick Google search, you can often find someone’s address and date of birth. Instead, we focus on asking questions that are more specific to the account itself. Does anyone else share this approach?
Additionally, we do not share account information via email, as email accounts can be easily created and may not be genuine, making it difficult to verify the actual customer.
Some companies may be able to do this, but only through a secure, password-protected network sent to a verified email address.
Contributed by: Lucy
Confirm 3 Pieces of Information
To ensure proper identity verification, our agents always ask callers to confirm three key pieces of information during both inbound and outbound calls.
This typically includes the caller’s name, address, and date of birth. By verifying these details, we can ensure that we are speaking with the correct individual before discussing any account-related matters.
Contributed by: Mark
Critical to Have Security Questions
It is crucial to confirm security questions to ensure that account-related details are shared only with the rightful account holder.
However, security checks may not be necessary for general queries, such as asking about new offers, as these do not involve sensitive account information.
For more sensitive inquiries, at least two strong checks should be used, such as:
- Billing address
- Landline telephone number
- Last recharge made
- Last bill paid
These checks help verify the caller’s identity and protect sensitive information from being accessed by unauthorised individuals.
Contributed by: Pinaz
Verify the Customer’s Identity Before Sharing Information
In response to what information cannot be shared with a customer, it’s important to note that an agent cannot disclose any personal information or data about the customer without first verifying their identity through a DPA (Data Protection Act) check. This ensures that sensitive information is only shared with the authorised individual.
Contributed by: Janette Coulthard
This article was made possible due to the great community of experts we have at Call Centre Helper, to get involved just join our LinkedIn Community and and if you aren’t already make sure you are following us on LinkedIn to see our latest content.
For more advice on call centre security, read these articles next:
- What Are the Best Security Questions for Call Centres?
- Top Call Centre Security Challenges and How to Fix Them
- 5 Examples of Contact Centre Fraud – And How to Prevent Them!
- 14 Ways to Improve Security for Customers
- 10 Techniques to Reduce Time Spent on ID and Verification
Author: Jonty Pearce
Reviewed by: Robyn Coppell
Published On: 20th Jan 2009 - Last modified: 5th Dec 2024
Read more about - Call Centre Questions, Call Handling, Janette Coulthard, Security
