bad password example

For customer experience (CX) programs to be effective, companies need to collect customer information. But the more data organizations collect, the more that data is at risk. Failure to protect customer information means not only a loss of customer trust, but can be costly for consumers and organizations alike.

Fraud is a pervasive problem, with both organizations and consumers needing to do more to protect themselves from hackers — who continuously improve their attacks both from a technical perspective, with new viruses and malware, and from a social perspective, with ever-more creative phishing attacks designed to trick a person into divulging account IDs and passwords.

According to the 2019 Preventing Fraud & Preserving CX with AI report by Call Miner and the Sitel Group, 46% of Americans say they have been a victim of fraud, while the vast majority (92%) think the risk of fraud is increasing in day-to-day activities.

Additionally, nearly one-third (31%) of Americans said they felt at risk for fraud when contacting a brand's customer service department; 47% said it was because they had to share personal information with a customer service agent. 

Consumers hold brands responsible for keeping their details safe, even if consumers aren’t careful about protecting passwords — making it easy for fraudsters to compromise an account.

Related Article: Finding the Signal in the Noise in the Security World

People Need Better Passwords

The National Cybersecurity Center in London analyzed passwords from hacked accounts. It found that 23 million people used “123456” as a password. Another 3 million used "qwerty," the first six letters on a keyboard, and 3 million others used "password."

Despite the possibility that weak passwords are a contributor to hacked accounts, the CallMiner/Sitel report found that more than four in five (86%) of Americans think brands could do more to protect customer information and prevent customer service fraud, and more than one quarter (28%) of Americans do not trust that the brands and companies with which they do business are handling their personal information securely. 

Related Article: Why You Shouldn't Make Fun of Mark Zuckerberg's Password

Fraud Costs Consumers and Businesses Over $5T a Year

Citing the Javelin Strategy & Research 2019 Identity Fraud, the Insurance Information Institute said the number of consumers who were victims of identity fraud fell in 2019 to 14.4 million, down from a record high of 16.7 million in 2017. However, identity fraud victims in 2018 bore a heavier financial burden: 3.3 million people were responsible for some of the liability of the fraud committed against them, nearly three times as many as in 2016. Moreover, these victims’ out-of-pocket fraud costs more than doubled from 2016 to 2018, to $1.7 billion. 

New account fraud losses also rose slightly, with criminals beginning to focus their attention on different financial accounts, such as loyalty and rewards programs —which are closely related to CX — and retirement accounts. 

According to the Experian 2019 Global Identity and Fraud Report, more than half (55%) of companies worldwide have reported losses due to online fraud in the last year. According to the Financial Cost of Fraud Report from global accounting network Crowe, fraud costs the global economy more than $5 trillion each year.

Related Article: I'm Dreaming of a Fraud Free Christmas

Fraud Prevention Tips

CX programs can take several steps to obtain the information they need, yet help protect their programs from fraud. In its 2019 US Consumer Data Beach Report, ForgeRock recommended:

  • Collect only what’s needed: Business opportunities directly correlate with user risk. For instance, a location service requires a user’s location while the service is being used, but everything beyond that point might count as a risk to be mitigated. Only collect the necessary information. The CX program doesn’t need credit card information. Similarly, social security numbers aren’t needed, so don’t collect them. The organization should inform the consumer in plain language why certain pieces of personal data are being collected and how they will be used. 
  • Educate the different departments: Payments and receivables might need credit card information, CX and marketing do not. But while the payments department might be aware of the inherent fraud risks, CX and other departments may not be aware. Fraud education across the organization is important. 
  • Ensure you have consumer consent for collecting consumer information: It is one of six lawful bases for processing personal data defined by privacy laws. Consumer consent gives an organization various freedoms and responsibilities and is the basis for building trusted, transparent digital relationships.

Customer Contact Week’s 2019 Contact Center Security & Fraud Prevention Report offers the following recommendations:

  • Leverage (and expand) a fraudster watch list to quickly identify known fraudsters.
  • Unify security across channels to prevent fraudsters from attacking the weakest link.
  • Coach customer service personnel on security.
  • Implement fraud security metrics to determine where fraud is happening and how much it is costing the business.

Various technology vendors also tout various solutions, but one thing they all agree on is “security in depth,” with multiple security precautions and increasing layers of security as the data becomes more sensitive. They also agree that corporate and consumer education is important, as is the need to continuously evolve security strategies and tools as hackers continue to refine their attacks.

Data breaches have long-term effects, in financial costs, impact on CX and the erosion of customer trust. “Breaches have caused deep fractures in trust with downstream business implications,” stated IDology CEO John Dancu in the IDology Seventh Annual Fraud Report.