Events Training Consulting Newsletters Webcasts Blogs
Subscriptions
Current Issue
Past Issues
Join Our Mailing List
Contact Us
Home
 
 
 
Magazine
New Customer Management Insight Digital Publication
Call Center Magazine Archives
FREE Webcasts
Podcasts
Vendor Guide
Multimedia Content
Online Advice
eNewsletter Alerts
ICMI Forum
ICMI Jobs
Training
Consulting
Newsletters
Publications/Tools
Industry Research
QUEUETIPS
Conferences
ICMI Global Report
Call Center Knowledge Online
Join ICMI
Members Only
Vendor Guide
Industry Information
About ICMI
Download the ICMI Catalog
 
 
TechEncyclopedia

A Banner Year for Identity Theft

2006 was a banner year for identity theft -- at least it was for me.

By Paul Stockford

print this article print this article
email this article e-mail this article
.

.

12/01/2006, 5:00 AM ET

Reality Check

To begin with, I was one of 25 million veterans of the armed forces whose personal information was stolen from the Department of Veteran's Affairs (VA) in May of this year. If you're not familiar with this story, apparently an employee of the VA downloaded to his laptop computer personal information about all veterans discharged since 1975 including name, social security number, date of birth, spouse information and some disability ratings. What this individual intended to do with this information on his laptop was never fully explained, but the upswing is the laptop was stolen while all this information was resident on its hard drive.

The information on each individual veteran contained on that computer's hard drive was the equivalent of a starter set for an experienced identity thief to begin hacking into 25 million bank accounts. With that bit of stolen information on each individual, an experienced criminal could belly up to a fraudulent financial fricassee courtesy of 25 million veterans and one government employee.

As soon as the story hit the evening news, all 25 million of us started receiving letters from the VA that were supposed to reassure us that everything was all right. For example, the government's solution to the problem of the theft of 25 million private personnel files -- I kid you not -- was to require all VA employees to complete the "VA Cyber Security Awareness Training Course" and the "General Employee Privacy Awareness Course" by June of 2006. Yeah, that'll nip the problem right in the bud.

We were also assured that although the information stolen was exactly what identity thieves needed to practice their craft, there was no evidence that the missing data was being used illegally nor was it necessary to cancel credit cards and bank accounts. With a crack squad of government employees on the case, I knew there was no need to worry.

About a month later I received a call from a contact center agent from Wells Fargo Bank wondering if I'd been making any charges to an oddly-named company in New York City. Apparently these charges, outside of my normal spending patterns, had raised a red flag at the bank and an agent was assigned to follow-up with me. As it turned out, the charges were fraudulent and the bank canceled my account immediately and issued me a new card.

Rather than take a chance using this new card right away I decided I'd better start using a different credit card for a while. About a month later I was using this different card to pay for a new set of prescription lenses in my eyeglasses. The salesperson trying to finalize the sale told me that the charge was being rejected, which I found odd since I had virtually no other charges on that particular credit card. When the salesperson called the bank for verification, the agent on the other end asked to speak to me and told me that some odd charges on my card had raised red flags at Jupiter Bank and further charges were suspended. Once again, the card was cancelled immediately and a new card issued to me.

With identity thieves able to efficiently capitalize on an opportunity to steal with such rapid efficiency using only small bits of personal information, I began wondering if contact center executives had considered the potential for identity theft in the customer care center. After all, personal and financial information is often gathered from customers as a matter of routine in many contact center transactions, and in many instances the transactions are recorded.

"Fraud used to be the contact center industry's dirty little secret," said Fred Stevens, president of contact center consulting firm Call-Lab. "Fraud happens because a large number of people in a typical call center have access to credit card and other consumer information," he continued, "But fraud occurs in retail and other back office environments as well. Now is a good time for contact centers to start examining their anti-fraud measures to ensure they are best-of-breed."

I have managed to dodge a couple of identity theft bullets so far this year, but it turns out that identity theft is becoming a major problem in the U.S. today. For example, the U.S. Federal Trade Commission (FTC) reported that they received more than 255,000 complaints regarding identity theft in 2005. That's up from 247,000 cases reported in 2004. Total fraud reported, which includes identity theft, topped 686,000 cases in 2005. Only 11 percent of the victims in these cases were aware that their personal information had been taken before discovering that they were victims of identity theft.

According to a 2003 survey also conducted by the FTC, the average out-of-pocket loss for a victim of identity theft was $500, but the average loss to businesses per victim was nearly ten times that amount at $4,800. An average of 30 hours per victim was spent resolving the problem for a total of 297 million hours lost in 2003 as a result of identity theft. Multiply these numbers times the 255,000 cases of identity theft reported in 2005 and we're looking at a recipe for disaster for any business cursed with a case of identity theft.

At the ACCE show in September of this year, Envision Telephony, Inc., of Seattle, WA introduced a product specifically aimed at eliminating as much as possible the threat of identity theft in the contact center. Called Envision Identity Protection -- this solution works with Envision's contact center recording and performance management technologies to ensure that sensitive customer data such as date of birth, Social Security Number, driver's license number, credit card numbers and bank account numbers are protected.

Envision's approach is not so much to look at the agent as the potential perpetrator of identity theft, but to look toward protecting sensitive customer data from the roving hands of anyone who might be able to get hold of recorded transactions after the fact. In other words, they acknowledge that the agent must be trusted with sensitive data as part of the job. Envision sees that the potential for disaster is in the post-recording distribution, ethical or otherwise, of recorded transactions. Envision Identity Protection ensures that sensitive customer data is not passed along to wherever recorded transactions may end up.

Identity theft has been called the crime of the decade due to its rapid rise and ubiquitous presence. As hard as it may be to face up to, it seems to me that the sooner contact center executives acknowledge that the threat of identity theft exists in the contact center and publicly outline steps taken to minimize that threat to customers, the better off the industry will be. Let's hope the industry follows Envision Telephony's lead in proactively addressing the potential problem of identity theft in the contact center rather than waiting for an embarrassing snafu, to use a military expression, to force the customer care industry into taking action.

-Paul Stockford is Chief Analyst at Saddletree Research. You can reach him at pstockford@saddletreeresearch.com

http://www.callcentermagazine.com

Copyright 2006 CMP Media LLC. All rights reserved. 12/1/06, Issue # 1912, page 16.


.

Free CallCenter Insider Newsletter

Your Email Address


Optional Areas of Interest
International News
Advice/Tips
Technology
Agent Development
IVR