Has the WAHA Security Conundrum Been Cracked?


The Work At Home Agent (WAHA) model of contact center outsourcing is increasing in adoption. My colleague Melissa O’Brien is set to release some interesting findings of the growth of the WAHA model in the coming weeks. The growth that WAHA is set to enjoy, however, has been hard fought as there are key inhibitors (often perceived as opposed to actual) to the model. These include lack of control, service consistency, and most notably security.

For regulated industries, the idea of having a completely virtual workforce dealing with customer payment and other sensitive data fills them with dread. But what is the real story? Well, according to numerous service providers I’ve spoken to there is a lower average instance of security incidents from the WAHA environment as opposed to the traditional brick and mortar equivalent. We recently spoke to home based agent pure play BPO Granada’s new CEO Felix Serano and CTO AJ Flores. When asked about on the issue of security it turns out that Granada has not had a single security breach from its WAHA population over the last 12 months. Given the frequency of cyber threats we see in the news at present, this is encouraging.

So, what are service providers doing to address the security needs of clients in the WAHA environment?

  • Hiring the right people: Ultimately security needs to start with the right people. Due to the nature of the working model, at home programs are typically able to recruit a more seasoned and experienced type of candidate (the majority of WAHA hires are 35 years and up in age), enabling the potential for more sophisticated and more importantly trustworthy contact center support. Also, service providers generally tailor hiring approaches to target individuals with a university qualification.
  • Train: Next is to train agents on security protocols. Clean desk policies, not repeating information out loud when speaking to a customer– all these measures need to be reinforced to the agent, even in the work at home environment. Training is just as important in a brick and mortar facility, but from a cultural perspective is critical to ensure the concepts are digested with the absence of physical “team huddles” and the like.
  • Physical security measures: There are two overarching categories to look at from a WAHA physical security perspective. One is the Bring Your Own Device (BYOD) model and the other is using a service provider supplied thin client device. For the sake of this discussion we will look at the BYOD model as this has been gaining traction in recent years and is, by and large, the most cost effective WAHA model. In 2013 I did a report on the WAHA market, at that time we were seeing some extreme physical security measures rolled out by service providers. These included keyboards with integrated keyboard entry analysis, multi-layer biometric analysis, etc. These measures were all extremely costly and often not that effective due to limitations in the technology. Now what we are more commonly seeing is simple fish-eye cameras, installed at an agent’s home workstation, through which service providers can perform randomized audits. Another interesting side note is that brick and mortar service providers are seeing cyber thieves targeting call center agents outside of physical centers and extorting them to steal credit card information; in this sense, the physical security risk is heightened in a home agent model.
  • Software: This is where we have seen the biggest advances in security measures and hence why many of the more extreme physical security measures are no longer needed. A desktop layer, such as Citrix ZenDesktop, is used to replicate in-center desktops. This is then locked down to prevent cut and paste, print screen, etc. Payments and sensitive information are handled by an IVR system to exclude the agent. VOIP is often embedded into the desktop to provide continuity when transferring to IVR systems. Interestingly, Granada tracks the internet latency of agents and can automatically remove them from the workflow if internet speed drops below predefined parameters.

As I’ve mentioned, many of the security measures used in WAHA today seem much less extreme compared to what we saw a few years ago, however they are considerably more effective. With WAHA expected to grow rapidly over the next five years, it seems service providers have finally cracked the code for security and can now provide extended track records of fraudulent free delivery from this model. Service providers offering the WAHA delivery model seem to get it now that the key to security is as much about intelligent and foolproof software as it is finding and developing the right people.

Posted in : Contact Center and Omni-Channel


Leave a Reply

Your email address will not be published. Required fields are marked *

    Continue Reading