Securing inbound call center

Parinita0009
Tera Contributor

Hi SNOW community,

 

We are in the process of migrating to SNOW portal. In between this we came across a scenario to ascertain ways to secure our inbound call center. Meaning if an external caller directly calls to the IT helpdesk - what are the ways to confirm his/her identity over phone call. Currently most of the call centers ask for first/last name etc. but it somehow leads to a possibility that an hacker can impersonate the actual employee and might end up performing unwanted activities within the organization or even an attack for that matter.

 

I know SNOW as an application/web service does have security controls once the user is logged in but if it is via call, does SNOW have any possible security feature like - service codes (refer Netflix account security etc)

1 ACCEPTED SOLUTION

Hi @Parinita0009 

 

This answer is not completely mine but I checked with friends, 

use MFA

use some apps which can be OTP way and ask users to submit that during call.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

View solution in original post

8 REPLIES 8

Dr Atul G- LNG
Tera Patron
Tera Patron

 Hi @Parinita0009 

 

1st point, it is not SNOW .. it is SN or ServiceNow or NOW.

 

You mean, you need some kind of encryption?

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

Hi,

 

Thanks for correcting the solution acronym. However, I intend to understand if there is a way to confirm users' identity or perform validation checks when helpdesk center receives call from them for any issue. Currently one simply asks for first/last name followed by employee id - but thereby increases the risk of an attacker impersonating an employee and conducting various action items like changing password request etc

@Parinita0009 

 

Add some security questions if possible. Also this need to discuss with client /customer as well. What policies they have for other tools.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

I agree this could be one of the many ways but information like emails, or security questions to validate that they were talking to the right person comes under knowledge factors. And the problem is that these are all pieces of information about a person that are relatively easy to find or buy. Thereby, bringing me back to the original request. Do we have anything like dual/Mutual factor authentication that generates real time service codes at both Helpdesk and user end to validate the authenticity of a user over call.