In 2015, the FCC (US) fined AT&T $25 million for data breaches where employees stole private information belonging to over 280,000 customers, including social security numbers and account-related data. The UK regulator, OFCOM, fined XS Remarketing/Debt Masters Direct £150,000 in 2015 for making silent and abandoned calls. Fines issued by the Information Commissioner’s Office (ICO) in the UK against nuisance call firms trebled in 2015 to over £1.14 million. Non-compliance is a critical business risk factor for new call center entrepreneurs and established businesses. One bad decision can have serious consequences and sink a business.
New call centers need to be compliant to win the trust of clients, and to win their business. There is also the wider issue of trust from consumers.
“86% of consumers believe agents will misuse their personal card details.” (OnePoll)
We believe it’s everybody’s interest to end nuisance calls, to respect privacy and to handle data securely, in line with regulations and best practice. Everything we can do to put the right agents in touch with the right end customers as quickly and easily as possible benefits individual businesses and the reputation of our whole industry.
EU-level and different countries’ regulations and codes on distance sales, telesales, direct marketing, predictive dialing, blacklisting, do not call lists, and data handling, security and privacy etc. make for a complex web. The good news is that many of these issues can be easily tackled with the right choice of compliant call center software.
For LeadDesk and our customers, compliance is not an option. As we have entered new markets and new customers have joined our network, we have added compliance services, tools and workflows to LeadDesk call center software. We have had to. Our customers demand it. Regulators demand it. And our tools help agents close more, and close faster, while being compliant.
hese are the most pressing compliance issues facing new call center entrepreneurs and established businesses in a changing regulatory environment:
Being compliant with e.g. PCI guidelines means have network security in place, such as an effective firewall and additional layers of protection. These should restrict traffic from unsafe networks and prevent cardholder data from being connected to the internet.
It’s common for EU countries to have a Do Not Call list. This is typically a national list where people can add their home or business number. There are usually heavy fines for call centers that call numbers on this list. It’s also best practice for clients and their call centers to keep their own blacklists of contacts who ask not to be called again. LeadDesk has useful automated processes to sync contact lists with DNC and blacklists to take the effort out of list compliance and eliminate risk.
To meet PCI-DSS standards you need to not record credit card CCV security numbers during call recordings. The simplest method is to provide agents with call recording pause functionality so that recordings do not capture the audio of the CCV number. It is also possible to use API-driven automation and touch tone DTMF dialing to enter masked numerical data so it is not recorded or audible to the agent.
“For customer service improvement purposes, this call will be recorded.”
We are all familiar with this announcement. But this is typically used in inbound IVRs. It is not common to hear this in outbound calls. Some call centers require subcontractors and agents to sign a notice of consent acknowledging that conversations might be recorded and monitored.
It’s best practice for contact center compliance to have tiered permissions for different contact center roles. LeadDesk software includes the ability to limit e.g. team leader access to data from specific offices, agent access to specific campaigns, manager access to specific admin panels etc.
Different countries have different maximum abandoned call rates for predictive dialers. Abandoned calls are typically defined as when no agent is on the call within two seconds of it being picked up or answered. Countries’ maximum abandonment rates vary (many EU countries require less than 3% of all connected calls to be abandoned). Compliant call centers should keep logs and reports so they can prove they have been complying with the applicable local rate. The LeadDesk predictive dialer includes unique algorithms for rapid outbound calling, live monitoring and full reporting and can be easily set to meet any abandoned call rate requirement.
The way your call center workstations are set up can have an effect on the level of security you need. Workstations come in contact with contact and credit card data and they are potentially vulnerable to keyboard logging. Physical workstations should typically have enterprise-grade security software to prevent such malware and virus attacks, as well monitoring for critical files.
For PCI-DSS compliance you don’t need to have your agents in a separate room or have agents that handle credit card data separated from your other agents. However, for e.g. PCI-DSS 3.2 compliance, agent security awareness training is required. This training makes agents aware of security risks and the potential implications of their actions. It covers e.g. remote access security, password strength, phishing emails, social engineering, secure browsing and BYOD (Bring Your Own Device) security.
Please note that regulatory requirements for call centers, including, for example, distance sales, telesales, transactions, data security and privacy regulations, vary from country to country.
It is important to be aware of the regulations and legislation in your market that are applicable to your business circumstances. In each country there are call center associations that provide useful information, such as CCMA (UK), CCV (Germany), Nordma (Norway), ASML (Finland), Kontakta (Sweden), CCMA (Netherlands) etc.
In addition to call center associations, our experts in our local LeadDesk sales offices around Europe also offer advice and best practice from working with hundreds of leading European call centers. Get in touch to discuss the latest regulatory changes and your needs…
The information and opinions within this website are for information purposes only. They are not intended to constitute legal or other professional advice, and should not be relied on or treated as a substitute for specific advice relevant to particular circumstances. LeadDesk shall accept no responsibility for any errors, omissions or misleading statements on this website, or for any loss which may arise from reliance on materials contained on this website.