When you outsource call centers you may have your own phone numbers, assigned operators, and perhaps even a dedicated information system for tracking data. Let's assume best case scenario: How does the data travel to your "dedicated" server? Over their shared infrastructure? Yes! Now now, I know what you're about to say... "they could just put those operators on a separate VLAN, problem solved." Typically that would mean one of three scenarios:
- That the phone and computer system is set up to dynamically change VLANs on the fly as operator desks are not "fixed" and often will need to handle more than one customer call at any time (they work in shifts and the person after you may get calls for a different client).
- They create a separate infrastructure for each client which is:
- expensive, which would decrease the call centers economies of scale
- inefficient, if a client doesn't get calls on the weekend those cubes sit idle
- They use VM, Citrix or some other virtual desktop environment which is expensive and difficult to maintain.
So how do we solve some of these problems?
- First and foremost, only contract with data centers that are (and can prove) compliance with various standards such as PCI.
- Second, purchase (or write) software that encrypts all data as it hits the disk or get put into the database. Make sure you have key management processes in place to ensure your organization that can see the data.
- Third, either have the operators hit the audio kill button during credit card transactions or have intelligent software that will go through and perform hygiene on the data as it is saved to archive.
- Fourth, don't be afraid to send some auditors down to the location and verify that your security standards and policies are being followed. The only way providers care about your data and security standards is if you make them.
No comments:
Post a Comment