Call Center IVR Authentication Methods Are About to Change

Self-service in the call center is intended to provide a simple and secure way for callers to access their accounts. Unfortunately, fraudsters are finding new ways to overcome the most commonly used IVR authentication methods.

IVR authentication methods are vulnerable to well-prepared fraudsters.
Fraudsters are finding new and inventive ways to defeat security in the IVR

For financial institutions, the risk of account takeovers is too high for this vulnerability in IVR security to remain unresolved. The good news is that organizations are taking note of this issue and looking for solutions. The 2022 State of Omnichannel Authentication Survey from Neustar found that more than half of respondents surveyed are concerned about gaps in security.

How Are Fraudsters Trying to Defeat IVR Authentication Methods?

One common way that IVR fraud activity shows up is via account mining or reconnaissance. Fraudsters call the IVR repeatedly to determine what private consumer information they need to buy, steal, or socially engineer to fool the system on subsequent attempts. Caller ID spoofing and ANI masking are also common. A recent Forrester report revealed that as many as 1 in 40 calls coming in through the IVR are fraud attempts. Creating a more secure IVR requires stronger authentication to defeat these efforts. 

At What Point Should Caller Authentication Happen?

Call center leaders are largely in favor of authentication through an automated system over authentication with a live agent. Again from Neustar, “Respondents overwhelmingly want to keep agents out of the authentication process.” Security is the primary reason. Knowledge Based Authentication (KBA) used when authenticating with a live agent is open to exploitation. This is especially true when fraudsters are well-equipped with consumer data. 

Agents who must use KBA (rather than more secure methods like voice authentication) are also put in the difficult position of having to make judgment calls with potentially disastrous consequences. It’s not surprising that contact centers would prefer to get the authentication step out of the way as quickly as possible in an automated manner rather than burdening agents.

How Important Is IVR Fraud Detection?

Detecting attempted IVR fraud is also a strong priority for contact centers, but isn’t always executed effectively. “An overwhelming majority of respondents (93%) want to detect fraud activity before or during engagement in the IVR, but only two-in-five have the tools to do so.” This is beginning to change with the advent of IVR authentication methods that don’t rely on what the caller knows, what device they have, or a one-time-passcode (OTP) they enter. In fact, the emphasis with new technology is on fraud prevention rather than simply detection.

AI Is Now Being Used to Improve IVR Authentication Methods

On the IVR caller authentication front, AI coupled with voice biometrics and machine learning is making it possible to verify callers by their unique voiceprint. Deployment tends to work well within the modern version of IVR, known as IVA. 

What Is Call Center IVA?

The call center industry is still deciding if IVA stands for Intelligent Virtual Agent, Interactive Virtual Agent, or even Intelligent Virtual Assistant. The common denominator is Artificial Intelligence (AI). Unlike a traditional IVR, an IVA can understand and respond to more complex queries in natural conversation and even detect caller sentiment. Intelligent virtual agents enable a human-like experience which encourages consumers to use more self-service. 

Preventing IVA Fraud Is Simple

By deploying voice verification directly in the IVA, contact center leaders can prevent account takeovers. Voice biometrics are far more secure than any previous authentication methods and aren’t vulnerable to mining, social engineering, or other common fraud techniques. With today’s technology, even a few seconds of spoken language is enough to confidently match a caller with their stored biometric data at a very high level of accuracy. 

Watch this quick video to see the simplicity of this process is demonstrated with IVA and Voice Authentication integration. 

Voice Authentication Shouldn’t Be Restricted to the IVR/IVA

New IVR authentication methods can be used in other channels as well. The beauty of voice verification using biometrics is that it works just as seamlessly for live agent interactions. By eliminating the lengthy and frustrating KBA process on ALL calls, security and efficiency improve along with caller satisfaction. 

To learn more and book a demo of IllumaShield™ voice authentication, contact our team today.