Contact center compliance isn’t a nice-to-have. It’s a must-have.
Rules seem to be ever-changing. Increased litigation is happening as a result. The prospect of rising fines is a very real possibility and a problem you never want to be dealing with. And with more agents working remotely than ever before, maintaining compliance can be even more challenging.
What strategies and tools are you currently employing to mitigate risk? What key controls are you implementing to address CFPB, FDCPA, PCI, TCPA, and other compliance requirements?
In this post, we’ll be taking a look at a range of cutting-edge compliance controls you can use for your contact center. It’s all about maximizing your risk mitigation. And it pays to make sure you’re good to go.
What is compliance?
If we want to avoid the undesirable consequences of being non-compliant, we must first understand exactly what’s meant by compliance in the first place.
Compliance means operating under the requirements of all laws and regulations that apply to an industry. Laws of various types have been put into place to protect consumers, workers, and markets. Compliance regulations can cover data security, customer privacy, working conditions, transparency, fairness, and more.
Being compliant means following these laws. More specifically to the topic at hand, call center compliance means putting these regulations into practice during all communications with customers.
There are a few key pieces of regulation pertaining to contact center compliance that are important to know about.
The Telephone Consumer Protection Act regulates communications made for marketing purposes and prohibits calls made in a certain manner.
The National Do Not Call Registry, or DNC, is a list of consumers who have opted out of receiving telemarketing calls. Together, TCPA and DNC are a critical set of guidelines for call centers to comply with.
PCI refers to the Payment Card Industry Data Security Standard. It governs the way companies process, store and transmit credit card information.
The Fair Debt Collection Practices Act puts restrictions on the actions companies and third parties can take in attempts to collect on a debt.
These are just a few of the many call center compliances contact centers need to be aware of.
Find security in the cloud
A cloud-based contact center solution can dramatically simplify how you can implement key compliance controls. With the power of the cloud, all controls can be configured on-demand and available for all of your dialing systems.
Your outbound dialing system should offer a range of customizable options for maximum risk mitigation, as well as ease of use. By choosing the right cloud-based system, you’ll unlock access to the proper and necessary types of compliance controls.
These types of compliance controls and tools should include:
- State Dialing Settings: Ensure you’re adhering to the rules and regulations set out on a state-by-state basis.
- Time Zone Settings: Make certain you’re only dialing customers at permissible times each day.
- Maximum Dial Attempt Settings (Account & Phone): Limit the number of times your system can dial a certain customer’s phone number or numbers on record.
- Do Not Call (DNC): For customers who have placed themselves on a DNC list, it’s critical that these numbers are blocked or removed from your system.
- Zip-Area Mismatch: If some customers on your list have moved to different time zones, but maintained their original cell phone number, you’ll know it’s still okay to dial.
- Cell Phone Scrubs: Effective list management is key, and you should be able to easily or even automatically scrub any customer numbers that should not be called.
- PCI-DSS 3rd Party Payment Lines: The right cloud solution should be third-party PCI-certified, with end-to-end PCI-compliant payment lines offering the ability to take payments securely.
Your manual dialing system should be designed for deep TCPA risk mitigation. Achieving TCPA compliance depends not only on the dialing system used but on other factors as well, including the caller’s obtaining of consent for calling a consumer’s mobile phone on an automated system. If your solution does not equip you with an array of tools and dialing systems to achieve TCPA compliance, you need to find one that does.
Take payments the secure way
Are you currently taking payments in a way that ensures the highest level of data security, allowing you to drive performance while also keeping compliance top of mind?
We understand you may want to simplify your contact center’s payment processing and strengthen your risk mitigation and PCI compliance efforts. PCI compliance remains a top concern for contact centers whose business relies on taking payments.
Meeting these compounding PCI requirements involves tackling encryption, data storage and call/screen recordings, a feat which could easily cost millions. Additionally, those that don’t comply may find themselves facing heft penalties, with noncompliance fines ranging from $5K – $100K per month.
Consider implementing an interactive voice response (IVR) that places customers into a secure IVR to process payments, and automatically eliminates all visibility into payment info from the agent desktop. In this way, you’ll be able to strengthen your PCI compliance and risk-mitigation strategies, while also offering a simplified payment processing experience for both customers and agents.
Enable smarter dialing supervision
For greater control over compliance, you’ll want a solution that enables you to have greater control of your dialing. You need to have the ability to supervise your dialing attempts in order to maximize your contacts in a compliant fashion.
You must think beyond the idea of “max attempts” and replace that with a much more advanced approach, allowing you to limit contact through specific rules and regulations.
With the right advanced solution, you have the ability to set a maximum number of contact attempts to an account and/or a phone number as part of your dialing compliance plan.
You should also be able to enable automatic, preventative dialing controls across the entire agency network. Ideally, these controls should be incapable of being overridden, and should include: enterprise, state, place of employment, day/hour/minute, multi-day, and multi-week.
Make sure to listen (and watch)
If you’re not already recording agent calls, why not? By automatically recording all agent-handled calls, you can always keep a pulse on your agents and customers. Call recording should begin right after a call is connected to an agent and capture everything the caller hears during the conversation.
Especially if more of your agents have shifted to a remote work environment, call recording is one of the best ways to stay at arm’s length with your agents, offering opportunities for effective feedback to be given and insights to be gained.
Your dialing system should also provide robust call recording capabilities, including:
- Inbound/Outbound/Blended Call Recording: The ability to record should be available across all of your systems without any silos or roadblocks.
- IVR/Self-Service Call Recording: It’s great to record customer conversations with an agent; it’s even better when you’re able to record every customer interaction, even during self-service.
- Dynamic Call Recording Retrieval: Just as the name suggests, you want to have dynamic retrieval options for quick and easy access to call recordings.
- Speech Analytics enabled: There’s potentially a lot to learn from each call, so you should be able to easily unlock the vast amount of insights within your call recordings.
We’ve seen how important it is to listen, but consider adding sight to sound for a complete picture of agent interaction with customers. Your dialing system should offer easy-to-configure screen recording for each agent desktop, with the ability to capture everything happening on the agent’s entire screen. Ideally, screen recording should start when an agent enters the app and end when the agent selects a termination code, or if the session gets disconnected.
Report, report, report
With the right cloud technology powering your dialing system, you should be equipped to enable a centralized repository for all call activity, which could significantly simplify audit exercises.
Your on-demand reports should include:
- Indexed Call Recording: Are you easily and efficiently able to search your call recordings? If so, how far back does your system allow you to go. A best practice to consider is having a solution that enables you to search call recordings from up to 2 years ago in one query. You should also have the ability to enter multiple accounts in a single search for maximum ease of use. This level of granularity for call recording storage increases flexibility and control, while allowing easy retrieval of call recordings for audit purposes.
- Call Detail Records: Contact centers can generate millions of call detail records every month, including interactions with agents as well as interactions via messaging or self-service channels. Does your dialing solution provide powerful applications, infrastructure, plus best practices to dig into such large sets of data? The right business intelligence tool can simplify the access and analysis of information and return insights to improve decision-making and optimize performance.
- Performance Analytics: End reliance on spreadsheet-based reporting and make faster, smarter decisions with the right performance analytics on your side. Quickly uncover performance improvements and find better ways to measure and drive ROI. And lower the cost of performance analytics, giving you access to actionable reports to transform your operations.
- Speech Analytics: Uncover customer insights, improve targeted training, and create more effective quality monitoring. With a dialing solution that offers 100% call recording of all inbound, outbound, and blended call activity, you can make the most out of speech analytics whose effectiveness is dependent on the ability to leverage call recordings.
Keep your information secure
Now it’s time to get a bit more technical. Well, maybe a lot more. But when it comes to information security, “technical” help equal “safe.”
You need to be able to maintain robust controls and processes when it comes to information security. The right cloud solution will continue to maintain its PCI-DSS QSA certification, even amid rising audit requirements. Which means you could offload a significant cost and resource burden.
The solution’s comprehensive policies and controls should be audited and documented in a SOC 2 report by a third-party auditor to ensure a robust stance on information security, mapped to High-Trust and HIPAA. Ideally, it will be heavily invested in securing data across the numerous points of a call transaction.
As we mentioned above, we’re about to get highly technical, but bear with us. Use the following checklist to see if you’re currently employing multiple approaches to encryption:
- User Access Encryption Level: HTTPS, SRTP and VPN tunnels are encrypted by default
- Methods of Encryption: 256 bit VPN tunnels, minimum 128-bit (https); 256 bit with 3DES, AES; all internal admin access is subject to two-factor authentication
- Encryption For Recordings: Recordings are encrypted at rest by default and optionally with the customer’s public key, which can only be decrypted by the customer’s private key–a key that the customer retains and has exclusive control over
- Session Encryption: SSL/TLS (strong versions per PCI-DSS) encrypted as a protocol; all user sessions use SSL encryption (TLS v1.2)
Whew, that did get technical there for a second. If you don’t know whether or not you’re implementing multiple encryption approaches, that’s okay. Share this list with someone on your tech team and see if they can help you verify.
Trust in a proven solution
Strongly consider a solution that undergoes customer audits each year.
Some systems undergo more than eighty customer audits annually, including by the largest and most complex contact center operations, some using third-party auditing firms. This is a level of security that means you’re able to put your trust in a proven industry solution that can evolve and keep up with ever-changing rules and regulations.
These audits should be wide-ranging and comprehensive, covering information security, physical security, data protection, financial condition, employment practices, legal environment, data center operations, corporate structure, and more.
Employing such a platform exemplifies your commitment to a robust information security and corporate best practices stance—and plays a big role in your contact center’s success.
There you have it, a comprehensive look at a range of cutting-edge compliance controls you can use for your contact center. With more agents working remotely, and with more customers calling in during these trying times, it’s never been more important to consider how you’re managing compliance and maximizing risk mitigation during this “new normal” we’re all facing.
We hope you find these recommendations helpful as you think about your own agents, customers, and contact centers. Remember, it pays to be compliant. In more ways than one.
For a deeper dive into the topic of compliance, check out our new Compliance eBook. It breaks down the subject in easy-to-understand language, helping to demystify and distill compliance in a way that makes it accessible and approachable.
LiveVox cloud service solutions
LiveVox is a cloud contact center solution that makes it easy for organizations in healthcare, financial services, telecom, collections and more to maintain compliance and mitigate risk.
The more channels you give customers to contact you, the more complex your compliance needs become. Our 100% cloud-based platform helps you control your contact attempts, capture consent, make required disclosures and keep a comprehensive record of your activities to lower your total risk profile.
Here are a few of our call center compliance-friendly features.
Additional communication channels should increase customer satisfaction, not company risk.
LiveVox’s omnichannel platform leverages best practices to meet the demands of savvy, digital-first customers while keeping compliance at the forefront.
It’s no secret that personalized communications mean happier customers, but they’re also a best practice for compliant interactions. Our unified CRM helps you track customer communication preferences across all channels and capture consent at every touchpoint.
As your staff grows, it becomes more difficult to keep an eye on everyone’s activities. LiveVox offers built-in compliance controls and performance management tools that simplify the process of keeping your entire staff on the right side of the law.