Shielding Your Bank’s Call Center from DDoS Attacks

Shielding Your Bank’s Call Center from DDoS Attacks

While every call center manager is grateful for the work that his or her agents do each and every day, some industries in particular need to take extra care in ensuring that the call center software provided to agents can help them counter the very real threat of a distributed denial-of-service (DDoS) attack. One such space is the financial industry. 

Such an attack involves a process in which an attempt is made to make a machine or network unavailable to its users. While the service is being denied, the hacker is then able to access account information, remove funds, change passwords and create a whole mess of problems for the user. All the while, the agent is being blocked from accessing the accounts in question.

Shirley Inscoe, senior analyst at research firm Aite Group, noted in a recent interview with ABA Banking Journal that intruders will use a DDoS to then flood call centers when they know they’re overwhelmed. “The contact centers are trying to assist customers as quickly as possible,” Inscoe said. “Security may not be at its best. Contact people may be taking short cuts in their authentication procedures. So the criminals strike particularly at those times.”

An advanced multi-channel approach to verification is exactly what many bankers are realizing is necessary to combat these threats. From voice biometrics to text to chat to e-mail, banks should be consistently updating these new lines of communication to better defend themselves. “That’s why call centers have become centers,” Inscoe said.

It’s important for call center agents to remain on guard and, even if they’ve established a relationship with a customer, it’s important that they always follow the set procedure and never take short cuts. Inscoe provides her final advice:

First of all, contact center personnel shouldn’t do something they shouldn’t do, even if they’ve exchanged emails with this client before. They should honor their own policies. Second, it’s important, when they are emailing back and forth with a client, to have some additional level of authentication occasionally, particularly if there is a request for a monetary transaction of a larger value than has happened before.

Therefore, any short cut taken could be the difference between efficiently helping a customer and allowing an intruder into the accounts of a financial institution.

Previous/Next articles