Authenticating caller party numbers shouldn’t be a masquerade ball

Posted on: May 15th, 2013 by art 2 Comments

The challenge of spotting criminals over the telephone channel often plays out like a game of cat and mouse. Crooks use false information to mask their true identities. After spoofing their caller ID to make it look like someone else is calling, they try to convince call center agents they are genuine banking customers.

Armed with enough personally identifiable information (PII) to apply for credit, activate bank cards, transfer funds and defeat PII-based authentication solutions, many criminals continue to successfully socially engineer bank representatives by correctly answering the security questions required by more traditional knowledge-based authentication (KBA) tools.

From an authentication standpoint, the call center environment has somewhat turned into a masquerade ball of disguises, where it’s anybody’s guess as to who is who. The financial services industry can no longer operate within a guessing game environment anymore. Fielding more than 50 billion calls a year, call centers need to have the appropriate tools in place to quickly and accurately authenticate all inbound calls.

As criminals do everything they can to slip past PII-based authentication solutions, it’s more important than ever for financial institutions to deployed effective security measures to identify customers in real time.

Using a patent-pending telephone firewall that includes telephony databases, real-time network forensics and specialized analytics, the TRUSTID® Physical Caller Authentication tool authenticates the calling party number before the call center agent picks up. This allows banking institutions to prevent spoofed calls from being routed to bank representatives, and in doing so, call center agents don’t waste their time interrogating known high-risk calls. Instead, they spend more time servicing good customers and improving the overall customer experience.

With the volume of customer calls increasing every year, operational efficiency is becoming a key component in the authentication process. By invisibly identifying risky calls and not interrupting the customer service process with unnecessary telephone interrogations, TRUSTID helps banks unmask criminals before they’re allowed into the party.

 

Tags: , , , , , , , , ,
Posted in Banking Fraud, Call Center, Caller ID Spoofing | 2 Comments »

The cost of bank fraud and operational inefficiency

Posted on: May 8th, 2013 by art No Comments

When we talk about call center authentication, we’re essentially talking about two things — accuracy and efficiency.

Sure, there are many tools that are designed to identify customers in their own way. But what differentiates one solution from another is the speed and accuracy that it takes to validate calls. In the end, authenticating customers over the telephone channel comes down to how quickly we can analyze risk, which is the indicator that helps banks agents determine whether or not the caller is who they say they are.

While caller ID spoofing can impact banks in many different ways, including bank fraud, the bank-customer relationship and damage to a corporate brand, the time takes to validate customers over the telephone channel can be just as important, and costly. Relying on traditional knowledge-based authentication (KBA) to verify customers over the telephone can also have a negative impact on banks due to the amount of time it takes to verify customers.

For financial institutions that depend on KBA to identify customers over the phone, here are a few things to consider:

  • First, there’s the cost of customer trust and goodwill. By this I mean disrupting the customer experience. For example, an authentication solution that require customers to first answer a bunch of challenge questions can be very disruptive to the process. Of course customers want to know they are being protected, but by taking too much of their valuable time to verify who they are before their needs are addressed can test the customer’s patience. Having a solution that automatically validates callers before the phone is picked up can eliminate unnecessary security questions that can impact the profitable bank-customer relationship.
  • The average call handling (ACH) time is important to every contact center. You can bet every call center manager knows their ACH time because it plays a critical role in their operating costs. The more bank call centers can lower their ACH time, the more money they can save on operations. This underscores the need to deploy fast, accurate solutions for validating callers.
  • Finally, without the ability to accurately identify callers, banking institutions are pretty much operating in the dark. What’s so problematic about this scenario is that authentication solutions that rely on personally identifiable information (PII) are essentially operating on blind faith, which puts both their customers and systems at risk. With personal information so accessible over the Internet today, PII-based authentication solutions should no longer be the basis for customer identification.

The bottom line is there are various costs that come with authenticating customers. Cost in the form of trust, cost in the form of labor and operational expenses, and cost in the form of fraud. All of this can weigh in the balance of how fast call centers can authenticate callers without disrupting the overall customer experience.

There will always be a cost for authenticating customers over any bank sales channel, including the call center. However, banks should not have to accept telephone fraud, lost customers and operational inefficiencies as the cost of doing business.

Tags: , , , , , , ,
Posted in Authentication, Call Center | No Comments »

Contact centers taking a lead role in the overall banking experience

Posted on: May 1st, 2013 by art No Comments

Long are the days of waiting in long lines to cash checks or make routine bank deposits. In today’s multi-channel marketplace, the way customers want to bank is changing, and in turn, so are the ways financial institutions service customers.

For many of us, walking into our bank’s branch office is becoming a rare occurrence, anymore. More and more customers are banking remotely because of the ease, speed and convenience it has made on our busy lifestyles. Along with that, the primary role of bank contact centers is shifting from informational and troubleshooting centers to sales and purchase-related activities.

The recent article, “Talking Up Sales in the Contact Center,” addresses some key changes that are taking place in the banking environment, including:

 

  • Customers are making less branch visits, but still want a live conversation with a bank representative when opening accounts
  • Remote banking is maturing from a transactions service to a full shopping and banking experience in a multi-channel marketplace
  • Bank contact centers are playing a central role in customer acquisition and cross-selling
  • Higher averages sales conversion ratios are taking place in contact centers (2%) than walk-in branch traffic (typically around 1.5%)
  • Despite years of investments in branch selling, the best sales conversion ratios have only a fraction of the potential of the contact center

With callers typically setting aside 15 minutes for help, if the bank agent can address their needs and service them in the first few minutes, a customer will likely have time to listen to additional banking services that go beyond their initial needs. This is one example of how banks can improve customer satisfaction and their bottom line.

With progressive contact centers fast becoming the largest branch for banking, the article suggests banks need to “strengthen their sales strategies and back up their commitment with the appropriate investments in people, processes and technology.”

Another way many leading financial institutions are enhancing the banking experience through the telephone channel is through the TRUSTID® Physical Caller Authentication tool, which verifies the risk of the call pre-answer so when the banks agent picks up they can immediately begin serving the customer.

Unlike traditional knowledge-based authentication (KBA) tools that interrogate customers with a bunch of challenge questions during the first minute of the call, TRUSTID validates the risk of the call before it is answered to help banks take advantage of the “golden minute” of the phone conversation. These precious few seconds present the highest likelihood of positive engagement to immediately address the customer’s needs and use the time saved to sell additional products and services.

Too many financial institutions continue to lose the opportunity by relying on time-consuming security questions to validate callers. This outdated method uses up valuable resources, drives up call center costs, and is destroying the trust and goodwill of their customers, which ultimately impacts the bottom line.

Moving forward, every banks’ success will be determined by its ability to constantly change with the market and meet growing customer demands. The TRUSTID Physical Caller Authentication solution helps them get there by averting fraud without wasting valuable time and resources interrogating customers over the telephone channel. By deploying tools that keep each customer’s needs upfront and center, banks can better serve their customers, sell new services, drive down operating costs, and generate more revenue through customer loyalty.

Tags: , , , ,
Posted in Call Center | No Comments »

Study finds banks not meeting customer demands

Posted on: April 24th, 2013 by art 13 Comments

Customer service has always been at the root of customer satisfaction. In the financial services industry, without providing an exceptional customer experience banks simply won’t be able to retain current customers or attract new ones.

While we known the impact dissatisfied customers can have on a bank’s brand and overall success, a recent study by Cisco found that banks are falling short of meeting customer demands for more personalized service.

In the article, “Banks Fall Short On Delivering Personalized Service for Customers, Study Finds,” Cisco’s Customer Experience Report found that 69% of U.S. customers would be willing to give their bank more personal information if it resulted in better overall service. However, 58 percent of bankers said they had enough personal information on their customers. These somewhat conflicting views show that financial institutions are not meeting their customers’ expectations.

Customers in the study cited that the most important areas of personalized service were identity theft protection (77%), personalized advice to increase their savings (73%), more financial education (67%) and an assessment of their personal financial health compared to other customers (47%).

Cisco’s financial services marketing manager, Al Slamecka, said the problem with fulfilling customer needs is not a lack of personal data, but rather gaining a better understanding of customers across the organization.

In recent years, balancing customer service with enterprise demands has been a challenge for many financial institutions. From a customer’s point of view, it can often look as though customer service has taken a back seat to the bottom line. While banks are working hard to meet growing customer demands across all banking channels, providing an efficient, customer-friendly experience that addresses the customer’s needs is critical to a bank’s brand and improving the overall customer-bank relationship.

At TRUSTID, we understand how the success of a bank’s entire enterprise is directly dependent on the customer experience. That’s why our TRUSTID® Physical Caller Authentication tool is designed to invisibly verify customers over the telephone channel to streamline the interaction between customers and banks. By proactively validating the Caller ID and ANI before the inbound call is answered, bank contact center agents can immediately begin servicing the customer’s needs the moment they pick up. As a result of providing highly secure, convenient and efficient service over the telephone is one example of how financial institutions can give customers the trust and respect they want and deserve from their bank.

Tags: , , , , , , , ,
Posted in Authentication | 13 Comments »

Alternative authentication methods needed in today’s call center environment

Posted on: April 17th, 2013 by art 4 Comments

The need for alternative methods to identify customers over the telephone has been a long time coming. In my opinion, every day that a bank waits to add new authentication solutions into the mix is another day criminals can take advantage of defeatable security tools.

You see, crooks want financial institutions to continue to use things like security questions to identify customers. That’s because they’ve pretty much mastered the art of beating knowledge-based authentication solutions. When banks rely on personal information that, ideally, only the customer should know, they put themselves at a disadvantage because today’s digital world exposes more personal identifiable information (PII) than every before.

Combing the Internet, today’s thieves are able to collect enough information on an individual to correctly answer challenge questions and socially engineer bank call center agents into divulging sensitive financial data; enough data, in fact, to access other people’s bank accounts.

Even the FFIEC (Federal Financial Institutions Examination Council) recognizes that more information is needed to identify bank customers today. While the FFIEC authentication standards include “something you know” (password, PII) methods, they strongly recommend combining that with at least a second layer of authentication to improve the level of verification for identifying customers over the phone. That would come in the form of either “something you have” (telephone, ID card, security token) or “something you are” (fingerprint, DNA, retinal pattern) that takes separate approach to verify customers.

What differentiates the TRUSTID® Physical Caller Authentication tool from other solutions is it goes straight to the heart of the crime — the telephone — to proactively validate the Caller ID and ANI as the phone rings. By identifying the physical location of the phone making the call, TRUSTID gives banks real-time intelligence on inbound calls before they are answered. This works as the first layer for authenticating customers.

If TRUSTID’s real-time telephone network forensics authenticates the call as genuine, it routes the call to a call center agent without interrupting the customer experience. If it determines the call is spoofed, the bank can route the call based on the risk it poses to the system. By better understanding the risk of each call, TRUSTID provides a critical extra layer of authentication that’s sorely needed in today’s call center environment, as well as to help fulfill the latest federal security requirements.

Tags: , , , , ,
Posted in Authentication, Call Center, Caller ID Spoofing | 4 Comments »

Call centers warned about Telephony Denial-of-Service (TDoS) attacks

Posted on: April 10th, 2013 by art No Comments

Imagine a call center without the ability to take inbound calls or make outbound calls. That’s the impact that growing Telephony Denial of Service (TDoS) attacks can have on targeted call centers. Sort of the cousin to online DoS attacks, TDoS as designed to incapacitate call centers after initial calls for fraudulent transactions are made.

According to the article, “Telephony Denial-of-Service Attacks Prompt Federal Attention,” the Department of Homeland Security and FBI recently issued a “situational awareness bulletin” after a number of TDoS attacks were targeting public safety and emergency services call centers. The alert warned that criminals were phoning the call centers impersonating agencies to collect outstanding payday load debt of $5,000. If the targeted employees didn’t agree to pay, the caller would launch the attack that flooded the call center with enough traffic to disable any incoming or outgoing calls for a period of time.

While the recent attacks have targeted public safety telephone lines, the complaints don’t stop there. Many believe criminals are expanding the types of industries they are targeting. In the memo, the DHS said attackers are “targeting various businesses and public entities, including the financial sector and other public emergency operations interests, including air ambulance, ambulance and hospital communications.”

Using network-based forensics to verify in real-time the exact location of the telephonic device calling bank call centers, we at TRUSTID has seen similar TDoS attempts. Because spoofing Caller ID and ANI is a key component to TDoS attacks, curbing these attacks requires the ability to understand if inbound calls pose a risk before the phone is picked up.

In doing so, financial institutions need to find a better way to authenticate their customers over the telephone channel and protect their call center agents from answering spoofed calls in the first place. The TRUSTID® Physical Caller Authentication solution validates whether all inbound calls can be trusted, or if they are high risk. By knowing if a call is trustworthy or not before it happens, banks can mitigate their risk of TDoS attacks and other social engineering scams without having to invest precious time and resources on known fraudulent calls.

Tags: , , , , , , , ,
Posted in Authentication, Call Center, Caller ID Spoofing | No Comments »

Are you relying on outdated authentication tools?

Posted on: April 3rd, 2013 by art No Comments

Those of us in the telephone authentication industry can see the shortcomings of the different types of customer identification methods. While this has been evident for some time now, what continues to be an uphill battle is educating financial institutions about the risks of using outdated and ineffective authentication tools to identify customers over the telephone channel.

At last month’s BAI Payments Connect Conference, business leaders from around the globe met to discuss how various forms of fraud impact banks – from account-opening fraud to social engineering and call center fraud. No matter what channel criminals choose, the conclusion among fraud experts is bank fraud is on the rise.

Ori Bach, a call center monitoring expert with NICE Systems, echoed what we’ve been saying all along — knowledge-based authentication (KBA) and Caller ID are broken, call center fraud is up, and untrained personnel are falling for preventable tricks. Collectively, all of these pieces are contributing to increasing fraud losses.

I don’t mean to beat a dead horse, but I can’t stressed enough how important it is to continue informing financial institutions about the risks they face using beatable authentication methods, particularly those that depend on personally identifiable information (PII).

At TRUSTID, we agree with all of Bach’s conclusions, including:

 

  • KBA is not predictive: With personal information available via social websites such as Facebook, PII-based methods for authentication is diminishing. As a result, KBA can no longer be the single solution for identifying customers over the phone.
  • Caller ID is broken: With a wide availability of spoofing tools, calling party number spoofing has become a low cost and power penetration tool used to impersonate identity and actual location over the telephone channel.
  • Untrained call center agents are easily fooled: If bank representatives aren’t up to speed with the latest fraud techniques, they will continue to fall for Caller ID spoofing and social engineering scams.

As stewards of customer authentication for the banking industry, part of our job is to continue educating financial institutions about the many risks of fraud, and the real dangers if using outdated authentication tools. Each week, I have eye-opening conversations with fraud managers that still rely on old-school methods to identify customers. Over time, this essentially puts both their bank and customers at greater and greater risk.

The unfortunate part is many of these fraud risks are preventable. By implementing a multi-factor authentication strategy that doesn’t rely on PII to identify customers, banks can reduce their risk against many of today’s fraud techniques that result in millions of dollars in fraud losses each year.

Tags: , , , , , ,
Posted in Authentication | No Comments »

Phone-based authentication should enhance the customer experience, not erode it

Posted on: March 27th, 2013 by art 50 Comments

Should banks add phone-based authentication? Any financial institution that provides services over the telephone channel needs to have some way to authenticate every call coming into their call center. While the answer to that question is pretty evident, the bigger question banks should be asking themselves is what type of solution best fits their business model.

With fraud protection the top priority for authenticating customers over the telephone, another criteria for phone-based authentication is that it shouldn’t interrupt the customer experience. According to the recent article, “Two Factor Or Not To Factor? An Online Security Conundrum,” the main argument against phone-based authentication is it adds friction to the sign-in process. Does it? Well, it depends on the type of service being used.

Of course consumers want both a secure and seamless way to gain access to their banking accounts. After all, who wants to answer a bunch of challenge questions every time they go to access their account? While there are various authentication methods financial institutions can choose from, many can still delay the process by a few minutes. This lengthy phone interrogation can test the goodwill of customers, giving them the impression that their needs aren’t not the top concerns of banks.

One of the main objectives of an effective telephone authentication solution should be to quickly and non-intrusively verify customers without them knowing it. We at TRUSTID believe customer authentication should not impede the user experience at all. In fact, we think it should enhance it.

By combining innovative technology with the keen understanding of what customers expect from remote banking services, the TRUSTID® Physical Caller Authentication tool uses real-time telephone network forensics to invisibly validate the Caller ID and ANI before the call is answered. Achieving customer verification without requiring customers to answer security questions allows call center agents to immediately begin addressing the customer’s needs the moment the phone is picked up.

Imagine the impact on your business operations and customer relationships if you could validate them before the call is answered. Not only would you maintain and strengthen the confidence and goodwill of your customers, you could also save operating expenses through lower average call handling (ACH) times that other knowledge-based authentication (KBA) methods simply can’t do.

In other words, when it comes to customer authentication, the value of putting your customers’ needs first and delivering safe, exceptional service that exceeds their expectations can create a more satisfied banking experience without eroding it with costly and cumbersome challenge questions.

Tags: , , , , , , , ,
Posted in Authentication, Call Center | 50 Comments »

All banking channels need to be prepared for customer impersonators

Posted on: March 19th, 2013 by art 1 Comment

I’ve often spoke about the many dangers of depending on personally identifiable information (PII) for customer authentication. As we recently learned from the high-profiled credit report celebrity hacking, relying on accessible personal information such as date of birth, mother’s maiden name and Social Security number can put a company’s customers and corporate data at serious risk.

In the article, “FBI Investigating Hackers Who Posted ‘Secret Files’ Of Celebrities, Politicians,” the consumer credit reporting agency, Equifax, released a statement last week confirming that the sensitive financial data that hackers posted on celebrities and political figures was the result of a security breach to the credit reporting agency’s annualcreditreport.com channel, not a break-in to their computer system.

Using PII that could have been accessed through any number of online social networks or public information websites, the perpetrators had enough personal identifying details to correctly answer the challenge questions required to access their intended victims’ private financial files, said Equifax spokesperson, Timothy Klein.

“Our initial investigation shows the perpetrators had the PII of the individuals whose files were accessed and were therefore able to pass the required authentication measures in place. We have launched a full investigation into this matter and we are also working closely with law enforcement authorities on this matter.”

In recent years, cybercriminals impersonating genuine customers or conducting similar social engineering schemes across other sales channels have been responsible for the illegal exposure of tens of thousands of credit reports. These compromises can all lead to identity fraud, account hijacking and other identity-related crimes.

Because customer-impersonating scams are conducted remotely, they can easily be performed over the telephone channel, as well. Social engineering against call center agents is a threat that all financial institutions should not only be concerned with, but adequately prepared for. If we are to learn from incidents like what occurred last week, it’s that relying on knowledge-based authentication (KBA) is not an effective defense against such criminal tactics.

Bank contact centers, which handle billions of calls each year, need an authentication method that goes beyond telephone interrogations such as defeatable security questions. What they need is a security tool that allows them to proactively identify callers before the phone is picked up.

A security tool like the TRUSTID® Physical Caller Authentication solution identifies high-risk calls before the phone conversation begins. Through TRUSTID’s real-time telephone network forensics, banks are able to invisibly identify the physical location of the landline or mobile phone while it is still ringing.

This automated process uses the Caller ID and ANI as trusted sources for validating customers over the telephone. By restoring the usability of calling party numbers to authenticate customers over the phone channel, financial institutions can identify high-risk calls faster, as well as instantly confirm legitimate calls so bank representatives can begin serving customers at the start of each call, without relying on non-predictive and risky PII methods.

Tags: , , , , , , , , , , , ,
Posted in Authentication | 1 Comment »

Using automated caller authentication to transform the customer experience

Posted on: March 13th, 2013 by art 49 Comments

There’s always been this notion that once a process or system is automated, the people who once performed that task will soon be out of a job. While some tools have certainly earned that reputation, when it comes to automating customer authentication over the telephone, it’s not about replacing people. Rather, it’s about proactively detecting spoofing risks, reducing call center expenses, and transforming authentication into a positive customer experience.

When caller authentication is not automated, this means contact center agents must perform a number of steps to verify that the caller is who they say they are. As we know, security questions are a drawn out identity-interrogation process that requires banking customers to answer a bunch of personal questions that can be beaten by clever social engineers.

Ultimately, this process drives up average call handling (ACH) times, increases operating costs, and can damage the important bank-customer relationship. And because personally identifiable information (PII) is not predictive of identity, knowledge-based authentication (KBA) methods, when used alone, can actually create a false sense of trust that puts company data and customers at risk.

A security tool like the TRUSTID® Physical Caller Authentication solution, however, automatically authenticates the caller using a combination of three core components, including:

 

  • Telephony databases (e.g., local number portability, numbering plans, carrier / line attributes, billing data, routing tables, HLR data, LERG tables, geospatial data, carrier and switch data)
  • Real-time telephone network forensics (e.g., call progress, call messages, network tones, SS7 and SIP signaling, DSP audio energy and voice analysis tools)
  • Specialized analytics (real-time delivery of proprietary credential scores that enable enterprise risk decisioning, customer-specific reason codes, caller data and reports for custom risk model and scoring)

Automatically validating the caller before the phone is answered doesn’t eliminate jobs, it provides stronger customer authentication while streamlining customer service.

What I mean by this is instead of using up valuable time and resources questioning customers over the telephone, call center agents are now free to immediately begin servicing and selling good customers at the initial “golden minute” of the telephone call.

By undetectably authenticating customers through their calling party numbers, TRUSTID helps financial institutions lower customer authentication expenses, reduce the cost of fraud as a result of telephone-based social engineering, and gets call center agents selling and serving customers, not identity-interrogating, which in the end can transform the overall customer experience.

Tags: , , , , , , , , , , , , , , , , , ,
Posted in Authentication, Call Center, Caller ID Spoofing | 49 Comments »
  • REQUEST INDUSTRY BRIEFING PAPERS
  • VIEW DEMO
  • USE CASE
  • ANI SPOOFING TOOL

  • CISO Text

             

    Authentication without caller involvement materially improves the customer experience, especially for ‘premier accounts.’ TrustID will greatly assist with not only customer service, but also with board level compliance issues.

    – CISO, top 10 global bank

  • CISO 2 Text

             

    As less customer PII is made available to our contact  center advocates for identity validation, our enterprise risk of a costly data  breach is dramatically decreased.

              – CSO, global financial company

    Offshore agents are highly vulnerable to fraud schemes  and social engineering. TrustID’s solution enables informed routing decisions,  optimizing agent cost reduction programs.

             - CISO, top 10 global bank           

  • VP Quote text

         

    Since  it is now commonly sold by criminals, personal information for identity  authentication is no longer the single solution to identity resolution. The  value of knowing reliably that a customer is calling from their phone is far better security than knowing the last four digits of someone’s SSN.

    - VP of Card Fraud, large international bank