AT&T Breach Puts a Spotlight on Contact Center Fraud
AT&T this week was hit with a $25 million fine for data protection violations that occurred in 2013 and 2014 in several of its outsourced contact centers in Mexico, Colombia, and the Philippines.
The fine was part of a settlement that AT&T reached with the Federal Communications Commission (FCC) and stemmed from several incidences where employees at the contact centers reportedly passed the names, full or partial Social Security numbers, and other account information of about 280,000 U.S customers of AT&T to illegal third parties who then used the information to unlock stolen cell phones.
The $25 million fine is the largest data security enforcement action to date, according to an official statement from the FCC, which in October fined telecom companies TerraCom and YourTel $10 million each for consumer privacy breaches.
AT&T has been taking steps to inform affected customers, and is also terminating vendor sites as appropriate, changing policies, and strengthening operations, it said in a statement.
Meanwhile, contact center industry watchdogs are expecting some sort of backlash against the contact center outsourcing industry as a whole, and overseas contact center operations in particular.
The action against AT&T "is certain to place fraud prevention and risk mitigation at the top of enterprises' checklists when choosing a CRM services vendor. Both nearshore and offshore operations can expect more scrutiny on security matters, and outsourcers with strong fraud prevention programs have an opportunity to win business," said Peter Ryan, an industry analyst at Ovum, in an email.
Operators of overseas contact centers have already been facing tough times as more companies are looking to bring foreign contact center operations back to U.S. shores amid growing consumer and government pressure.
Ovum, in its 2015 CRM Outsourcing Business Trends Survey, uncovered a growing preference for local or regional contact center vendors, with the ability to better manage the relationship domestically placing high among considerations for prospective clients.
The firm also found that data protection is a concern for companies as they consider offshore locations, particularly in central and eastern Europe, Morocco, Egypt, and the Philippines.
In the wake of the AT&T incident, outsourcers will also have a unique opportunity to highlight their unique abilities to prevent and contain fraud as part of their value proposition, according to Ryan.
In fact, in Ovum's 2015 CRM Outsourcing Business Trends Survey, respondents indicated that an outsourcer's fraud prevention/security capabilities are crucial determinants in selecting a vendor partner (second only to agent language capabilities in a list of almost 20 choices).
"With many vendors having made large investments in developing improved technologies and processes to reduce data theft, now is definitely the time to place these capabilities at the forefront of promotional efforts when seeking new clients," Ryan says. "At least for the foreseeable future, augmented compliance around risk mitigation across verticals will be a reality that outsourcers will need to face head on."