The creation of modern technologies enabled people to experience a luxurious life compared to the past century. However, through the use of the new technology, criminals can easily penetrate through the protective security and steal one’s identity with a single click of the mouse button. As amended by the FCC (Federal Communications Commission) of the United States, all American telecommunication companies must implement strict policies in securing the collected data of their customers to avoid identity theft. Identity theft as the majority knows it is the stealing of one’s information either through the internet on via phone (FCC.gov., 2012).
“Customer’s security is in your hands,” these words surely applies to almost every job, whether being a cashier at Walmart, bank teller or perhaps being one of the customer service representative of Verizon. Verizon is committed in safeguarding all the information they collect from their customers. According to the official website of Verizon, the information such the CPNI other ready-available information of the customer are generally used in maintaining the customer’s account. Whether the customer is subscribed to receive a weekly promotional offers from Verizon or for security verification on the phone, Verizon uses these information as their reference of the customer in their vast database. All contact centers of Verizon follow the company’s policies in safeguarding the information of the account holder. For every call, all Verizon customer representatives must be able to pull up the records of the customers using the ready-available information provided by the customer during the call. It is highly forbidden to reveal all internal information about it nor to talk about it to anyone. For examples, birthdays, maiden names, phone number, billing address and social security numbers are called ‘ready-available information. These are the common information that a Verizon rep asks a customer to verify the security. Once the security has been fully verified, the caller and the agent can proceed directly to the business.
Since the creation of contact centers, social engineering has become a widely distinguished problem for all businesses. Similar to identity theft, social engineering happens mostly on phone conversation and live calls. For example, a criminal will pose as the customer and calls Verizon to modify their orders or worse, change their billing address. For the past five years, Verizon exerted efforts in training its own employees to handle difficult situations of social engineering (Verizon.com., 2014). During the training period, Verizon provides useful resources such as handouts, and records of live calls. The most important part of the training is to allow the agents to listen to a sample call so that they can analyze and distinguish the possible social engineering attempt. Moreover, all information given by the customer during the sign-up are shared internally within the Verizon company premises. Of course, in order for a representative to access these information, a Verizon customer must give his or her own email or phone number.
Afterwards, there will be further security questions such as the last four digits of the social security, billing address and the first and last name on their Verizon account. For device registration, to safeguard their identity, Verizon representatives normally ask for the Wi-Fi MAC and the serial number of the internet modem. The modem mac address is also required during the registration and activation process. Likewise, these information are linked to the customer’s account as part of their information database. Additionally, Verizon representatives especially the ones who are working in sales and billing are required get the credit card details of their customer via phone. Verizon uses a secure IVR (Interactive Voice Recording) used in entering credit card information into the database.
The Clean-Desk policy is strictly implemented by the telecommunication companies to make sure that none of their employees will attempt to steal the customer’s information. Objects such as ballpens, cellphones and cameras are forbidden to bring inside the production floor.
“When registering on Verizon website, we may assign an anonymous, unique identifier. This may allow select advertising entities to use information they have about your web browsing on a desktop computer to deliver marketing messages to mobile devices on our network. We do not share any information that identifies you personally outside of Verizon as part of this program.” (Verizon, 2014). Also, in resetting the passwords of their wireless connection or the Verizon account, all customers should undergo the manual security verification to ensure the safety of their accounts. If a customer forgot his Verizon password, he or she can reset it provided that he or she can pass the security questions (CPNI). The CPNI information is the miscellaneous information collected by the company’s websites that is not available to the majority. The CPNI questions are very private and mostly refers to personal data of the person such as the date of their marriage, first pet, first crush and first job. If the customer fails to authenticate his identity during the call he or she will be tagged as a ‘repeat caller’ and abusive if ever that the quality assurance department verifies that the call was absolutely a social engineering scheme. Phishing information over the phone are forbidden by the USA Patriot Act. Money laundering and identity theft are deemed as illegal by the government and thus, it is required to be reported. The KYC (Know-Your Cusmer) is one of the steps suggested by the act to ensure that the caller’s identity is valid (Guide to U.S. Anti-Money Laundering Requirements: Frequently Asked Questions, 2012). Moreover, similar to the telecommunication companies, Verizon desires to protect the customer’s data over the web by encrypting all of the information into a much higher version. It is the customer’s duty as well to safeguard their identity as well to prevent criminal act.
FCC.gov. (2012). FCC Enforcement Advisory VOIP CPNI. Retrieved 12 November 2014, from http://www.fcc.gov/document/fcc-enforcement-advisory-voip-cpni
Guide to U.S. Anti-Money Laundering Requirements: Frequently Asked Questions. (2012) (5th Ed.). Retrieved from http://www.protiviti.com/en-US/Documents/Resource-Guides/Guide-to-US-AML-Requirements-5thEdition-Protiviti.pdf