Cutting-Edge Compliance Controls For Your Contact Center
Compliance isn’t a nice-to-have. It’s a must have.
Rules seem to be ever-changing. Increased litigation is happening as a result. The prospect of rising fines is a very real possibility and a problem you never want to be dealing with. And with more agents working remotely than ever before, maintaining compliance can be even more challenging.
What strategies and tools are you currently employing to mitigate risk? What key controls are you implementing to address CFPB, FDCPA, PCI, TCPA, and other compliance requirements?
In this post, we’ll be taking a look at a range of cutting-edge compliance controls you can use for your contact center. It’s all about maximizing your risk mitigation. And it pays to make sure you’re good to go.
Find Security in the Cloud
A cloud-based contact center solution can dramatically simplify how you can implement key compliance controls. With the power of the cloud, all controls can be configured on-demand and available for all of your dialing systems.
Your outbound dialing system should offer a range of customizable options for maximum risk mitigation, as well as ease of use. By choosing the right cloud-based system, you’ll unlock access to the proper and necessary types of compliance controls.
These types of compliance controls and tools should include:
- State Dialing Settings: Ensure you’re adhering to the rules and regulations set out on a state-by-state basis.
- Time Zone Settings: Make certain you’re only dialing customers at permissible times each day.
- Maximum Dial Attempt Settings (Account & Phone): Limit the number of times your system can dial a certain customer’s phone number or numbers on record.
- Do Not Call (DNC): For customers who have placed themselves on a DNC list, it’s critical that these numbers are blocked or removed from your system.
- Zip-Area Mismatch: If some customers on your list have moved to different time zones, but maintained their original cell phone number, you’ll know it’s still okay to dial.
- Cell Phone Scrubs: Effective list management is key, and you should be able to easily or even automatically scrub any customer numbers that should not be called.
- PCI-DSS 3rd Party Payment Lines: The right cloud solution should be third party PCI-certified, with end-to-end PCI-compliant payment lines offering the ability to take payments securely.
Your manual dialing system should be designed for deep TCPA risk-mitigation. Achieving TCPA compliance depends not only on the dialing system used, but on other factors as well, including the caller’s obtaining of consent for calling a consumer’s mobile phone on an automated system. If your solution does not equip you with an array of tools and dialing systems to achieve TCPA compliance, you need to find one that does.
Take Payments the Secure Way
Are you currently taking payments in a way that ensures the highest level of data security, allowing you to drive performance while also keeping compliance top of mind?
We understand you may want to simplify your contact center’s payment processing and strengthen your risk mitigation and PCI compliance efforts. PCI compliance remains a top concern for contact centers whose business relies on taking payments.
Meeting these compounding PCI requirements involves tackling encryption, data storage and call/screen recordings, a feat which could easily cost millions. Additionally, those that don’t comply may find themselves facing heft penalties, with noncompliance fines ranging from $5K – $100K per month.
Consider implementing an interactive voice response (IVR) that places customers into a secure IVR to process payments, and automatically eliminates all visibility into payment info from the agent desktop. In this way, you’ll be able to strengthen your PCI compliance and risk-mitigation strategies, while also offering a simplified payment processing experience for both customers and agents.
Enable Smarter Dialing Supervision
For greater control over compliance, you’ll want a solution that enables you to have greater control of your dialing. You need to have the ability to supervise your dialing attempts in order to maximize your contacts in a compliant fashion.
You must think beyond the idea of “max attempts” and replace that with a much more advanced approach, allowing you to limit contact through specific rules and regulations.
With the right advanced solution, you have the ability to set a maximum number of contact attempts to an account and/or a phone number as part of your dialing compliance plan.
You should also be able to enable automatic, preventative dialing controls across the entire agency network. Ideally, these controls should be incapable of being overridden, and should include: enterprise, state, place of employment, day/hour/minute, multi-day, and multi-week.
Make Sure To Listen (and Watch)
If you’re not already recording agent calls, why not? By automatically recording all agent-handled calls, you can always keep a pulse on your agents and customers. Call recording should begin right after a call is connected to an agent and capture everything the caller hears during the conversation.
Especially if more of your agents have shifted to a remote work environment, call recording is one of the best ways to stay at arm’s length with your agents, offering opportunities for effective feedback to be given and insights to be gained.
Your dialing system should also provide robust call recording capabilities, including:
- Inbound/Outbound/Blended Call Recording: The ability to record should be available across all of your systems without any silos or roadblocks.
- IVR/Self-Service Call Recording: It’s great to record customer conversations with an agent; it’s even better when you’re able to record every customer interaction, even during self-service.
- Dynamic Call Recording Retrieval: Just as the name suggests, you want to have dynamic retrieval options for quick and easy access to call recordings.
- Speech Analytics enabled: There’s potentially a lot to learn from each call, so you should be able to easily unlock the vast amount of insights within your call recordings.
We’ve seen how important it is to listen, but consider adding sight to sound for a complete picture of agent interaction with customers. Your dialing system should offer easy-to-configure screen recording for each agent desktop, with the ability to capture everything happening on the agent’s entire screen. Ideally, screen recording should start when an agent enters the app and end when the agent selects a termination code, or if the session gets disconnected.
Report, Report, Report
With the right cloud technology powering your dialing system, you should be equipped to enable a centralized repository for all call activity, which could significantly simplify audit exercises.
Your on-demand reports should include:
- Indexed Call Recording: Are you easily and efficiently able to search your call recordings? If so, how far back does your system allow you to go. A best practice to consider is having a solution that enables you to search call recordings from up to 2 years ago in one query. You should also have the ability to enter multiple accounts in a single search for maximum ease of use. This level of granularity for call recording storage increases flexibility and control, while allowing easy retrieval of call recordings for audit purposes.
- Call Detail Records: Contact centers can generate millions of call detail records every month, including interactions with agents as well as interactions via messaging or self-service channels. Does your dialing solution provide powerful applications, infrastructure, plus best practices to dig into such large sets of data? The right business intelligence tool can simplify the access and analysis of information and return insights to improve decision-making and optimize performance.
- Performance Analytics: End reliance on spreadsheet-based reporting and make faster, smarter decisions with the right performance analytics on your side. Quickly uncover performance improvements and find better ways to measure and drive ROI. And lower the cost of performance analytics, giving you access to actionable reports to transform your operations.
- Speech Analytics: Uncover customer insights, improve targeted training, and create more effective quality monitoring. With a dialing solution that offers 100% call recording of all inbound, outbound, and blended call activity, you can make the most out of speech analytics whose effectiveness is dependent on the ability to leverage call recordings.
Keep Your Information Secure
Now it’s time to get a bit more technical. Well, maybe a lot more. But when it comes to information security, “technical” helps equal “safe.”
You need to be able to maintain robust controls and processes when it comes to information security. The right cloud solution will continue to maintain its PCI-DSS QSA certification, even amid rising audit requirements. Which means you could offload a significant cost and resource burden.
The solution’s comprehensive policies and controls should be audited and documented in a SOC 2 report by a third party auditor to ensure a robust stance on information security, mapped to High-Trust and HIPAA. Ideally, it will be heavily invested in securing data across the numerous points of a call transaction.
As we mentioned above, we’re about to get highly technical, but bear with us. Use the following checklist to see if you’re currently employing multiple approaches to encryption:
- User Access Encryption Level: HTTPS, SRTP and VPN tunnels are encrypted by default
- Methods of Encryption: 256 bit VPN tunnels, minimum 128-bit (https); 256 bit with 3DES, AES; all internal admin access is subject to two-factor authentication
- Encryption For Recordings: Recordings are encrypted at rest by default and optionally with the customer’s public key, which can only be decrypted by the customer’s private key–a key that the customer retains and has exclusive control over
- Session Encryption: SSL/TLS (strong versions per PCI-DSS) encrypted as a protocol; all user sessions use SSL encryption (TLS v1.2)
Whew, that did get technical there for a second. If you don’t know whether or not you’re implementing multiple encryption approaches, that’s okay. Share this list with someone on your tech team and see if they can help you verify.
Trust In a Proven Solution
Strongly consider a solution that undergoes customer audits each year.
Some systems undergo more than eighty customer audits annually, including by the largest and most complex contact center operations, some using third party auditing firms. This is a level of security that means you’re able to put your trust in a proven industry solution that can evolve and keep up with ever-changing rules and regulations.
These audits should be wide-ranging and comprehensive, covering information security, physical security, data protection, financial condition, employment practices, legal environment, data center operations, corporate structure, and more.
By employing such a platform, it exemplifies your commitment to a robust information security and corporate best practices stance—and plays a big role in your contact center’s success.
There you have it, a comprehensive look at a range of cutting-edge compliance controls you can use for your contact center. With more agents working remotely, and with more customers calling in during these trying times, it’s never been more important to consider how you’re managing compliance and maximizing risk mitigation during this “new normal” we’re all facing.
We hope you find these recommendations helpful as you think about your own agents, customers, and contact centers. Remember, it pays to be compliant. In more ways than one.
For a deeper dive into the topic of compliance, check out our new Compliance eBook. It breaks down the subject in easy-to-understand language, helping to demystify and distill compliance in a way that makes it accessible and approachable.
LiveVox is a leading provider of enterprise cloud contact center solutions, managing more than 14+ billion interactions a year across a multichannel environment. With over 15 years of pure cloud expertise, we empower contact center leaders to drive effective engagement strategies on the consumer’s channel of choice. Our leading-edge risk mitigation and security capabilities help clients quickly adapt to a changing business environment. With new features released quarterly, LiveVox remains at the forefront of cloud contact center innovation. Supported by over 450 employees and rapidly growing, we are headquartered in San Francisco with offices in Atlanta, Denver, Bangalore, and Colombia. To learn more, schedule a demo today.