Call center authentication solutions have evolved in recent years to include many options for verifying customer identity over the phone. The time is right for new technologies to combat contact center fraud. According to Experian’s report on Optimizing Call Center Authentication, common requests made by fraudsters include:
- Credit line increase requests
- Money transfer transactions
- Travel notifications
- PIN or password resets
- Address changes
The cost of successful attempts is high, both in financial value and broken customer trust. For banks and credit unions, having more advanced ways to prevent account takeovers is proving invaluable. Here’s a look at traditional and emerging options for call center customer authentication.
Using Knowledge Based Authentication (KBA) for Call Center Identity Verification
KBA has long been (and remains today), the most common method for verifying a caller’s identity. Contact centers rely on data provided by credit bureaus and other data aggregators who supply sets of questions related to financial transactions and other personal information that only the caller should know.
Before the era of massive data breaches and the advent of social media publicized enormous amounts of previously private information, this method worked reasonably well for security. Today, it is too porous to be relied upon as a sole method of call center identity verification. Often, the same fraudster will call in multiple times and speak to different agents. Each time, the fraudster is armed with more personal information on hand to attempt an account takeover.
Identifying Contact Center Customers via Phone Number or Mobile Device
With a smartphone in every pocket, callers are now identified more easily than ever by their unique calling device. ANI matching has been used for a long time to correlate a customer’s caller ID with the phone number associated with their account and automatically pull up the appropriate records for the contact center agent. However, current methods of cerifying a caller’s device need to be much more sophisticated than “caller ID” (which has been easy to spoof for decades).
ANI validation is an additional step that checks to see if the ANI has been altered or manipulated. For call audio based authentication methods, both vocal and device characteristics can be combined into a unique AudioPrint™ and used as part of voice biometric verification. Because callers typically use the same device every time they contact customer service, this method provides multi-factor authentication with no additional friction.
Delivering One-Time Passwords (OTP) for Call Center Customer Authentication
A one-time password delivered by SMS (text message) offers additional assurance that a caller has their mobile phone on hand and is therefore who they claim to be. This method assumes that personal information may be accessible to fraudsters who purchase or seek out this data online. However, it is less likely that an identity thief would get their hands on both the account holder’s private information and their physical device to perform an account takeover.
OTPs can help mitigate the risk of data compromises compared to KBA alone. A randomly generated one-time password can’t be guessed or easily hacked, and is superior to a static password. At the same time, there is an increasing concern over phone forwarding, text intercept and man in the middle, SIM-swap, and OTP-phishing attacks. These fraudulent activities could allow bad actors to receive these passcodes even without the account holder’s device in hand.
Leveraging Biometric Call Center Authentication Solutions
Voice biometrics has emerged in recent years as a preferred method for call center fraud prevention. Thieves can steal or social engineer their way into answering security questions. They may also be able to fake having a device that belongs to the customer. In contrast, voice authentication does not rely on what customers know or what they have, but on inherent characteristics of who they are. There are two types of voice verification, active and passive.
With active voice authentication, callers go through an enrollment process during which they are prompted to say a specific phrase such as, “My voice is my password.” The voiceprint generated from this recording is used to match with the customer’s voice the next time they call and repeat the same phrase. While this method is significantly less burdensome than KBA, it may have a slower rate of user adoption than desired. For example, low enrollment may occur if customers have to call a specific phone number and complete multiple steps to store their voiceprint.
With passive voice verification, a voiceprint is captured during natural conversation with the caller’s consent, providing a frictionless enrollment process. The system recognizes their unique vocal characteristics independent of what is being said. On subsequent calls, the caller can be verified without the need for them to say a particular phrase or remember the answers to any security questions. The duration of conversation required for a match varies. The Illuma Shield system provides verification in less than 15 seconds on average while others are reported to take 37 seconds or more.
What Is the Best Choice for Call Center Fraud Prevention?
Biometric authentication is more secure than any other method available at this time. Passive voice verification is particularly convenient, resulting in high adoption rates and drives down operational costs by reducing average call handle time. While most voice authentication software is prohibitively expensive for all but the largest enterprises, this is not the case across the board.
Find out how Illuma makes state-of-the-art call center authentication solutions affordable for credit unions and community banks without a “big bank” budget. Contact us today for a demo.