1. Field of Invention
This invention relates in general to restricting the use of information and more specifically to ensuring the security of commercial transactions.
2. Description of the Background Art
Protecting electronically transferred information from unwanted use by third parties is becoming critical to the success of today's commerce. One approach is to prevent eavesdropping, or unwanted access to information. Another approach is to obscure, or otherwise limit the usefulness of information that might be intercepted. These approaches can be used together in varying ways to achieve a desired level of security. For example, anti-eavesdropping mechanisms include securing a communication link for coupling a user with an intended party (e.g., by implementing a security protocol such as H.325, IPSEC, etc.). Information can be obscured by encrypting the user information (e.g., by using symmetric or asymmetric keys) so that if intercepted, the encrypted user information will be more difficult for an eavesdropper to decipher.
User information misuse problems can arise in situations where, for example, a contact center agent rightfully acquires credit card or other user information for use in contact center services, but then uses the information for additional purchases or other unauthorized purposes. To make matters more complicated, the user might be unaware that he or she is communicating with a contact center rather than a seller or other product/service provider. The contact center might further be located outside of the country in which the person resides, or believes is one in which he or she is conducting financial or other business transactions. Furthermore, a contact center might have a high attrition rate and high turnover of agents, thus increasing the potential that a disgruntled agent might leave his or her job with a list of credit card numbers or other user information that he or she might then misuse. One current approach is for the agent to provide an identifier that identifies the agent to the user prior to the user supplying user information to the agent. However, this approach merely notifies the user as to the identity of an agent that might nevertheless misuse the user information. Worse yet, the identifier that the agent provides may well be ficticious.