How to reach an agent , Aussie style, and 0870 numbers in the UK

Not strictly a European story, but interesting to see on the very good CallCentres.net site that covers APAC and Australia, a news story on how to reach agents directly.

It seems that such is the frustration with IVRs and self-service that an enterprising Aussie has set up a wiki type site called ihateholding.com so that consumers can share details of how to get straight through to a human. It's interesting to see how consumers really haven't bought into self-service the way much of the contact centre industry has. My suspicion is that consumers still need a lot of persuasion that self-service can benefit them and isn't just there for companies to save money.

To show how this can back fire badly, it's worth looking at non-geographic numbers in the UK. Originally these were introduced as a way of ensuring that consumers knew how much it would cost to call and so that a business could provide a single number for contact, regardless of where it's staff were located (or moved to). The problem was that once free local calls became more common in consumer telephone packages, a local non-geographic number meant that the consumer was now paying for something that free for them. Also consumers began to realise that non-geographic national numbers were costing them substantial sums in an era of otherwise falling telephone costs.

The consumer response (similar to Australia) was to set up the Say no to 0870 website, which was entirely designed to bypass national non-geographic numbers by instead giving the true, local number for each call centre. This was picked up by national media (especially by BBC Radio 2) and is now widely used in the UK and can save consumers significant sums.

The results for the users of non-geographic numbers have been less happy. One bank described to me how they had used non-geographic numbers to virtualise multiple contact centre sites in the UK. The idea was that by providing a non-geographic number they could virtualise their operations, use any agent anywhere in the UK to serve customers, and provide customers with a shorter wait time in queue. The problem was the Say no to 0870 website had had caused havoc with this by providing the local number for each contact centre so that calls were no longer queued centrally and customers ended up waiting longer.

The trouble is, that like the self-service example in Australia, the bank had never explained to consumers why the 0870 number might benefit them. As a result, consumer have seen something that appears to disadvantage them and have responded. It is arguable that this is all part of the consumer Web 2.0 response, and that these examples highlight how web 2.0 (or at least some technology changes, if you don't like the "web 2.0" term!) have empowered consumers.

Man in the middle fraud in call centres

Never one to post only on up to the minute stories, the blog was quite interested in the Finextra report a fortnight ago on "man in the middle" fraud in call centres. I just haven't had a chance to write on it until now.

Traditionally, man in the middle fraud has been more associated more with the web channel than the telephone channel (see for example "Man-in-the-middle phishing kits circulating freely on the Web" or "ABN Amro compensates victims of 'man-in-the-middle' phishing attack" from Finextra), so it's interesting to see the attack take place in the telephone channel. It's also interesting that the attack described in Finextra is very low tech compared with the programing knowledge required for the phisihing attacks. The telephone version of man in the middle is described as,

"....where a fraudster calls the victim claiming to work for their bank, warning that their account may have been breached or compromised. The criminal then puts the customer on hold and calls their bank, connecting the two while remaining on the line.

The bank then requests authentication information, such as social security number, passwords and other personal information. Once the personal information is provided, the fraudster quickly ends the conference line and informs the customer that the issue has been resolved.

Meanwhile, with the personal information gathered during the call, the fraudster can take over the customer's phone banking relationship and transfer money out of their accounts."

The interesting thing for me is that for this type of attack to be successful, it highlights how weak the process side of some banks can be. This attack depends on the banks authentication process revealing (a) all of the customer's authentication data each time and (b) not ensuring that customers have multiple levels of authentication. Most banks I've worked with probably wouldn't be caught by this kind of fraud, so I'm interested to see that there are banks out there that still lag so far behind.

It's far less sophisticated than some of the the attack I've seen recently, where fraudsters have built fake IVRs to pretend to be the bank and used VoIP diversion to fool customers into thinking they are calling a local number (see posts like "Contact Centre impersonation arrives in the UK") and probably far less likely to succeed. Similarly, targeted social engineering attacks are also more likely to succeed as these tend to rely on bypassing security procedures rather than attacking them head on.

I would argue that deception based attacks around identity impersonation (such as the one on Barclays discussed in the post "Security, Call Centres and Fraud") seems to be where the real threat remains, but I'm not so sure that the man in the middle approach is where the real threat lies. My suspicion is that combinations of phishing and contact centre impersonation will remain the fastest growing threat for some years to come.

British Telecom brings back contact centre jobs to the UK

Amidst all the gloom, it was good to see one positive news story. Yesterday, The Times reported that British Telecom was to bring at least 2,000 jobs back to the UK from India. In some ways it's a very significant move that, despite a recession and the cost problems at its Global Services arm, BT is not looking at running it's contact centre on the lowest possible cost base. In fact, BT is planning to close about half its Indian operation.

I was interested to see in the report that Ian Livingston (the BT CEO) denied that this was to do with customer service, despite a popular perception that BT hasn't got good customer service. The blog has looked at this previously (see the post from last year "CEOs of BT, the Royal Mail and Corel discuss telephone customer service"), and BT were quite open that they did not consider their customer service optimal.

I'm not sure this was a particular problem from their Indian operation, but it is certainly the case that Indian no longer represents the cheapest destination for offshoring and I've never thought India should compete for work on that basis. The problem is (as I've discussed in posts like "Indian Outsourcing, is it in decline?") is that many Indian organisations have competed on a cost basis and so have not necessarily delivered on quality or customer satisfaction. As a result, customer perception (regardless of the reality) is that many offshore contact centres are not going to meet their needs.

BT may have its own additional reasons for bringing the work back to the UK, such as wishing to minimise UK redundancies, but I think the CEO will appreciate any gains in customer satisfaction that this brings!

Scale and its problems in the contact centre

This week and last week I've been on site at the contact centres of some of the UK's biggest banks. These are also some of the UK's biggest contact centres, so it's been very interesting to see the challenge scale presents.

These organisations tend to have at least 10 million customers, which is a decent number if they all decide to phone you! What makes it even more challenging is that these 10 million customers have they data spread across thirty or more years of legacy systems.

It's interesting for me that the challenge of scale that this presents has been well addressed by telephony but the IT industry still lags behind to a certain extent. This might sound controversial, but if I explain that this is viewed from the perspective of customer service, it should become clearer. Contact Centre telephony (whether Cisco, Avaya, or Genesys) pretty much scales to run a very large customer service operation. It's taken twenty years of ACD development to get here (and the evolution of TDM technology to IP), but the telephony side of things works in terms of getting a call to anywhere that the organisation wants it to go.

By comparison, the availability of data and customer information (especially in real time) is still a real challenge. All the organisations I've been working with run 3270 sessions, or other terminal emulation, as so much of their data is still mainframe based. Processes similarly can be embedded in applications and present real challenges scaling to the wider enterprise. There is recognition that the process and application layer is now one of the choke points for customer service and IT System Integrators are starting to address it (see posts like "System Integrators write interesting things about contact centre for the downturn!"). The problem is that while mainframe was previously a very good answer to many of the scaling problems that organisations experienced, integrating yesterdays good solution into today's customer service requirements is still a struggle.

It's an interesting set of challenges and one I'll blog on further.

New offshore developments in the European Market

The blog is back from a week's sailing and is much refreshed. (Apologies to readers, but this is the European Contact Centre Blog, so please understand that the blog takes a European approach to getting enough vacation!).


I was very interested to see two new developments in contact centre offshoring while I was away. South Africa and Egypt may not be countries that instantly say "Europe", but both are making big plays for a share of the European outsourcing market.

The first was that South Africa did extremely well at the Contact Centre World EMEA awards on the 17th June. There were South African gold medals wins in the categories of Best Community Service Award for Kelly, Best OutSource Partner for The Institute of Performance Technology and in the the Best Supervisor for Zainool Abedeen Bux from Rewardsco Contact Centres. there were also a number of good silver medals and other runners up awards. There's a good report here at the Contact Centre World EMEA site or in the news section of the BpeSA Gauteng site. I've long thought that South Africa was potentially the next big thing for offshoring (see past posts like "Offshore - why I would go for South Africa over India") and the evidence seems to support this. I like the focus and the marketing on "business process offshoring". This is is a good differentiator over the "your mess, for less" approach of some of the Indian firms that have competed simply on the lower cost of Indian agents. Instead, a focus on process allows the South Africans to stress the value add potential of their work that comes with the cost advantages of their local labour market. I've always thought that with the widespread use of English and Dutch in South Africa (I know it's Afrikaans, but it will work for the Dutch/Belgian Flemish markets), that the South Africans have a potential advantage in any offshored work that required good language skills.

Meanwhile, on June 11th, Cisco announced that it was setting up a significant contct centre operation in Egypt that would to provide service for Europe and the Middle East. This is a 300 person centre which will provide customer service for Cisco's emerging markets customers in Arabic, English, French, German, Italian, Spanish, and Portuguese. This is a very interesting example of the power that government intervention and support can have, as the Egyptian Ministry of Telecommunications has been building up the country's contact centre and IT capabilities. The Egyptians were quite prominent at the UK's Contact Centre Expo last year (see my post "UK Contact Centre Expo Day 2") as the South Africans were the year before, which was what prompted me to write the "Offshore - why I would go for South Africa over India" post.

My suspicion is that there is enough market in Europe for both South Africa and Egypt to win share. I also suspect that this won't hurt the competent and forward thinking European call centres who understand the need to add value and be efficient. I suspect the casualties will be those older contact centres in Europe that weren't adding much value and are no longer meeting customer needs. Of course, one other important point is that both Egypt and South Africa have the opportunity to become regional hubs for Africa and they will both I suspect have opportunities to grow beyond the outsourcing market.

Contact Centre impersonation arrives in the UK

I wrote yesterday on the problems the Commonwealth Bank of Australia was having with a phishing attack that caused customers to call a fake contact centre that impersonated the bank's centre and captured their credit card details ("Phishing fraud steps up a new level with fake bank IVR & contact centre").

It now seems that this fraud has reached the UK. The BBC is reporting here that the Bank of Scotland has been targeted by fraudsters who have been able to divert customer calls. There's few details in the BBC report other than that the calls were diverted and that there is a theory that a former contact centre employee may be involved. An inside job does seem a strong possibility, and the infiltration of call centres by organised crime is a real risk. Although it wasn't widely covered, the BBC reported back in 2006 that Strathclyde Police believed that perhaps one in ten call centres had been targeted by organised criminals (article here). Normally, though, crime in contact centres has been opportunistic and carried out by individuals. A typical example was when the Barclays Chairman, Marcus Agius, had his details and money stolen by one of his own employees (covered on the blog in the post "Security, Call Centres and Fraud").

It is a worrying development if organised crime has, well, got itself more organised, and moved up from individuals stealing details to systematic attacks from the inside on the banks' contact centre systems.

Phishing fraud steps up a new level with fake bank IVR & contact centre

I normally focus the blog on Europe, but this story from Australia shows a very alarming new level of fraud. In this case fraudsters have targeted Commonwealth Bank of Australia customers with a fake IVR and call centre.

The story ( fully available at APCmag.com here ) is very worrying. It shows that fraudsters are graduating from e-mail phishing to a far more advanced form of fraud. While the e-mail is still the basic trigger for the fraud, a sophisticated use of VoIP (Voice over IP) and IVR systems is a new development. While most consumers are now knowledgeable enough of the risks of fraud to avoid clicking on e-mail links, phone numbers are much more trusted. This fraud relies on customers trusting local dial codes and the familiarity with entering information into the touchtone IVR system. APCmag describes the fraud as:

"An email sent out on 26th May included a phone number in Brisbane to call to unsuspend blocked Maestro cards, but as of today, the number is disconnected. However, another email received this morning has an 08 area code number that is still in operation. According to ACMA, the number is a GoTalk VoIP number, which anyone could have registered over the web using stolen credit card details. (We've tried contacting GoTalk to notify them of this problem but were not able to immediately reach our regular media contacts.)

We called it, and were alarmed that the computer on the other end recognised the fact that we were keying in bogus numbers — an indication that at a bare minimum, it is doing algorithmic validation of the numbers being entered, and in a worst case scenario is operating a live payment gateway system to immediately siphon funds from accounts."

At the moment, most consumers would see a local phone number and trust that to mean that their call was really going there. Few would understand the potential of Voice over IP to route the call anywhere in the world. Fewer consumers still would understand that an IVR system that answered a phone call and asked for identity verification and card details might not be what it seems.

Like most frauds, this is a clever exploitation of some basic technology, but an exploitation in a brand new way. It may be a one off, but I suspect it may represent a new development as the fight against e-mail based phishing becomes more successful. To date, security in call centre has been focused on internal threats and social engineering attacks (see my posts like "Security, Call Centres and Fraud" and "Call centre worker gaoled for data theft"), but no-one has yet impersonated a contact centre on this scale before.

In my view, it looks as if the ease with which IP protocol allowed websites to be impersonate will become a danger for voice.