blog

Is the “fear of Caller ID spoofing” costing your business?

Posted on: February 21st, 2012 by art No Comments

When we talk to senior executives of financial institutions about telephone spoofing and hacking, they often say they don’t believe spoofing happens very frequently. Like most of its other fraud counterparts (i.e., transactional fraud, card-not-present, identity fraud), telephone fraud is also the proverbial needle in the haystack. While phone fraud may or may not happen that frequently (I’m not sure anyone truly knows), but it does beg the question: What does spoofing actually cost the inbound call center industry? Or more directly: What does it cost your organization?

Because telephone fraud directly impacts business profits through higher operational costs, these are critical questions banking and other institutions need to be asking themselves.

The call center industry in the United States will take over 50 billion inbound calls in 2012. Of these, nine billion will go into financial services companies. As many organizations recognize that the use of Automatic Number Identification (ANI) is no longer a viable method for validating caller identity, they’ve had to take precautionary steps to authenticate these 50 billion calls. So, while Caller ID spoofing may not be easily quantified and may be perceived as low risk, the very “fear of spoofing”, or need to know who is on the other end of the call, is forcing call centers in all industries to enhance their current level of authentication over the telephone channel. This new level of authentication has been brought on by the demise of Caller ID and ANI, and has added billions of dollars in costs that did not exist a few short years ago.

The two primary factors that have driven up costs include:

Risk-based Verification: Organizations have deployed what they call “risk-based verification” processes. By this I mean inbound calls that typically could have been automatically handled in the IVR system without agent involvement and deemed high risk or a higher probability for fraud (for adding an authorized user to an account, address change with request for a card, ACH payment, etc.) are now routed to the floor for an agent to handle. This has created upwards of a 5-10% reduction in IVR servicing rates.

Knowledge-based Authentication: Inbound calls that were historically answered via a live call center agent now take longer as phone reps run them through some kind of security interrogation or knowledge-based authentication (KBA) process that requires customers to provide non-predictive personally identifiable information (PII) to identify them over the telephone.

These steps, all created by the fear of spoofing, can cost inbound call centers an increase of 15-20% in operating costs. It has even spawned the voice biometrics industry and other forms of expensive authentication tools.

To counter these cumbersome, unnecessary procedures that are increasing costs and testing the customer’s trust and goodwill, inbound call centers need to deploy a caller authentication solution that enables them to restore the Caller ID and ANI as trusted sources for identifying and authenticating customers.

The TrustID® network-based Physical Caller Authentication eliminates highly intrusive phone interrogations by automatically validating the Caller ID and ANI before the call is answered. Deploying an innovative tool like TrustID allows call centers in all industries to once again increase self-service, reduce agent handle times, and most importantly, lower bottom line expenses.

Tags: ANI, ANI Spoofing, automatic number identification, call center fraud, Caller ID Spoofing, KBA, knowledge-based authentication, personally identifiable information, Physical Caller Authentication, PII, risk-based verification, telephone channel, TrustID
Posted in ANI Spoofing, Authentication, Caller ID Spoofing | No Comments »

Customer Care: Key to building a strong financial brand in the digital age

Posted on: February 15th, 2012 by art No Comments

The financial services industry is experiencing a major transformation, where the success of the entire enterprise is dependent on a bank’s ability to quickly and non-intrusively serve their customers’ needs. Today, we’re entering a new age where unhappy customers can instantly express their dissatisfaction for a brand across the Internet at the speed of light. Moving forward, banking institutions will need more than a clever marketing spin to build and maintain a positive brand; they will need to protect their customers, enhance the customer experience and improve overall customer satisfaction, all at the same time.

Doing this over the telephone channel requires the ability to authenticate callers without hitting them with a bunch of knowledge-based authentication (KBA) questions before customers can even clarify their needs to call center agents. While KBA has long been used to identify customers over the phone, this method has become outdated, and is no longer predictive of identity. In fact, for banks that rely on KBA and personally identifiable information (PII) to identify customers over the telephone, the good work that fraud teams are doing to create a positive customer experience is being undermined by highly intrusive phone interrogations. This sets the wrong tone with customers and prospects. As a result, banks are:

Putting themselves and their customers at risk of phone fraud and social engineering schemes
Not respecting the customer’s time by requiring them to initially answer a bunch of security questions
Increasing call center operating expenses by adding seconds to the average handle time (AHT)
Doing great harm to their customers’ trust and goodwill by creating an unpleasant experience

In today’s digital age, to build a strong brand and improve the larger, more profitable bank-customer relationship, financial institutions need to provide a new level of customer care that eliminates unnecessary and costly banking procedures.

At TrustID, we are committed to making the telephone channel safe for financial institutions and businesses to serve their customers. By automatically validating the customer before the call is answered, the TrustID® network-based Physical Caller Authentication eliminates the need for customer interrogations at the beginning of each call. By using the phone as a valid “Something you have” authentication credential for identifying customers, we’re also helping banks improve the overall customer experience.

Over the next several years, brands will be defined by how banks protect and treat their customers. In an environment where every customer touch counts, none more so than the most personal channel, the telephone, a bank’s ability to quickly serve customers will have a huge impact on how banking customers perceive their brand. Financial institutions that understand this, and take steps to alter their banking processes to invisibly improve safety and the customer experience, will gain a hard-won competitive advantage by retaining existing customers and earning the business of new ones.

Tags: AHT, authentication credentials, average handle time, bank fraud, bank security, call center fraud, caller authentication, customer care, customer experience, customer satisfaction, KBA, knowledge-based authentication, personally identifiable information, phone fraud, Physical Caller Authentication, PII, telephone authentication, telephone channel, TrustID
Posted in Authentication, Banking Fraud, Call Center | No Comments »

New malware exposes bank security gap

Posted on: February 8th, 2012 by art No Comments

A new malware that values phone numbers more than banking credentials is bringing to light weaknesses in financial institutions’ call centers.

In the recent article, “Banking Malware Finds New Weakness,” instead of gathering personal credentials to socially engineer bank call centers, a new Zeus malware variant called Ice IX collects a banking customer’s telephone number to socially engineer individuals to divulge their phone carrier or service provider. Then, instead of calling banks armed with the customer’s banking credentials, they are using call-forwarding to automatically reroute post-transaction verification calls that banks make to customers, to their own phone numbers. In essence, banks are unknowingly talking to criminals, who verify fraudulent transactions.

As more telephone-related schemes continue to surface, fraud analysts like Gartner’s Avivah Litan are highlighting the fact that customer authentication via the phone channel is getting very little attention from U.S. financial institutions. The increase in online banking has many banks focusing all their resources on securing online banking and electronic funds transfers, basically leaving telephone fraud as a mere afterthought to online authentication.

By ignoring the telephone channel, which costs U.S. businesses over $60 billion in fraud losses each year, financial institutions are leaving themselves exposed to high levels of phone fraud largely because many considered “low-tech” fraud a lesser threat. But as we learned from last year’s DefCon event, the ease at which criminals can use the telephone channel to gain access to highly confidential company and customer data makes phone fraud a very serious and real threat to banks today.

We at TrustID continue to see an increase in spoofed calls to bank call centers all the time. This is why banks need to consider a caller authentication solution like the TrustID® network-based Physical Caller Authentication tool that automatically validates the location of landline and mobile calls to identify and stop phone fraud before it happens. In today’s banking environment where criminals seek every opportunity to take advantage of a bank’s security loopholes, writing off telephone fraud as a secondhand threat is, for lack of a better word, just plain criminal.

Tags: Avivah Litan, bank fraud, bank security, banking credentials, call center fraud, fraudulent transactions, online banking, phone fraud, Physical Caller Authentication, telephone authentication, telephone channel, TrustID
Posted in Authentication, Banking Fraud, Call Center | No Comments »

How data breaches make the telephone channel vulnerable to fraud

Posted on: February 1st, 2012 by art No Comments

A bank’s interactive voice response (IVR) system and contact center representatives both play an essential role in servicing customers over the telephone channel. While banking customer’s need only a few key pieces of personal information to access their bank accounts, if that data lands in the wrong hands, banks and their customer accounts can become vulnerable to phone fraud and other social engineering schemes.

A recent data breach with online shoe and apparel retailer, Zappos, illustrates the impact data compromises can have on businesses and their customers. In the article, “Zappos Sued Over Data Breach,” Zappos and its parent company, Amazon.com, face a class-action lawsuit after hackers gained unauthorized access to personal information on more than 24 million customer accounts. The suit alleges that the retailer, who was entrusted in safeguarding the plaintiff’s and class members’ personal customer account information, failed to adopt and maintain adequate procedures to protect information and limit its dissemination only for the permissible purposes set forth in the Fair Credit Reporting Act.

While protecting customers over the Internet is beyond the scope of what we do at TrustID, what I found most interesting about this particular story is the information the criminals reportedly compromised. When crooks get their hands on a customer’s name, address, email, the last four digits of their account number and telephone number, that’s when it becomes our business. You see, this is most of the data needed to access many of the top bank’s IVR systems and socially engineer call center agents. With this information in hand, criminals now have the data they need to illegally gain access to legitimate customer accounts or deceive call center reps into divulging more personal information.

While the bank plans to tag the compromised accounts, the truth is much of the damage has already been done. Even if the accounts are tagged, without authenticating every call coming into the call center, those accounts — not to mention all other calls — will remain high risk.

The fact is, until each incoming phone call can be validated, businesses and financial institutions are susceptible to advanced Caller ID spoofing threats because they make unvalidated Caller ID and ANI merely claims, not trusted credentials for identifying customers. This is the primary tool that allows criminals to perpetrate financial theft and identity fraud over the telephone. To stop this growing threat, banking institutions need an authentication solution that actually restores trust to telephone commerce by validating Caller ID and ANI.

The TrustID® network-based Physical Caller Authentication tool does this by validating the physical location of the caller before the phone is answered. That’s something that customer identity solutions like knowledge-based authentication (KBA) cannot provide. By knowing the exact location of the landline or mobile phone used to place the call, TrustID enables businesses to answer each call with the confidence of knowing it’s a trustworthy credentialized customer. Having advanced insight to each call also allows organizations to proactively investigate potentially fraudulent calls with fewer resources, deliver faster, more cost-efficient calls, and improve the customer experience, all of which builds stronger brands and drives revenue.

As we continue to see fraud-related class-action lawsuits like Zappos and the News Group Newspapers (NGN), which recently settled to pay $1 million to dozens of individuals as a result of the News of the World phone-hacking scandal, having an effective authentication solution that provides a valid credential for callers as part of a multi-factor authentication strategy is becoming essential for mitigating risks and reducing financial losses caused by data breaches and social engineering schemes.

Tags: ANI, Bank Call Center, bank fraud, caller authentication, Caller ID Spoofing, data breach, Fair Credit Reporting Act, identity fraud, IVR systems, KBA, knowledge-based authentication, News Group Newspapers, Physical Caller Authentication, telephone fraud, telephone spoofing, TrustID, Zappos data breach
Posted in ANI Spoofing, Authentication, Caller ID Spoofing | No Comments »

Is your bank’s current authentication strategy enough to avoid liability?

Posted on: January 24th, 2012 by art No Comments

As bankers, we all know that trust is at the core of the bank-customer relationship. Without the trust and confidence of our customers, we don’t have customers. It’s that simple. That said, there’s something else that can come between banks and their customers, a little something called “good faith”.

According to one U.S. District Judge, the inability to act in good faith by adhering to requirements under Uniform Commercial Code (UCC) Article 4A for accepting and processing fraudulent payment transfers has cost a bank substantial financial loss, and could ultimately cost them customers and future profits as a result of damage to the bank’s reputation.

In the article, “Court Says Bank Must Pay After Customer Is Hacked,” a Michigan judge ruled that a bank did not carry its burden of proving that it acted in “good faith” in acting in accordance with reasonable commercial standards of fair dealing in processing fraudulent transactions. As a result, the court ruled that the bank had to pay the Plaintiff $560,000 in damages.

While the bank did satisfy several UCC requirements for authenticating transfers through a security procedure that was commercially reasonable, it failed to provide enough evidence of meeting reasonable commercial standards for responding to phishing-related fraud, in which the Plaintiff lost $1.9 million from 93 fraudulent transfers after an employee was tricked into entering their confidential security token identification and other online credentials.

Had the financial institution acted in accordance with the reasonable standards, the judge said it would have been able to identify the fraudulent transactions based on the customer’s volume and frequency of orders, the large overdraft, and the destination and identities of the beneficiaries.

“A bank dealing fair with its customer, under these circumstances, would have detected and/or stopped the fraudulent wire activity earlier.”

With so much attention on meeting the updated Federal Financial Institutions Examination Council (FFIEC) authentication guidelines, banking institutions need to ask themselves if their current authentication strategy is putting their business, customers and reputation at risk. If so, they may be legally liable, even if the fraudulent payment transfers submitted to the bank are initiated by valid customer credentials.

Today, it is more important than ever that financial institutions take a proactive, multi-layered approach against bank fraud across all banking channels, including the telephone channel. Doing so helps ensure their bank is in accordance with the required standards for identifying fraudulent transactions, and is essential for building and maintaining a high level of trust and confidence with their customers.

An identity authentication solution such as the TrustID® network-based Physical Caller Authentication tool helps banks protect the telephone channel by making the phone number a valid “Something you have” authentication credential, an essential piece of the FFIEC’s multi-factor authentication paradigm for identifying customers. By automatically validating the physical location of the caller before the phone is answered, banks proactively identify fraudulent calls and address good customer inquiries faster, all without putting them through burdensome telephone interrogations that are required by other knowledge-based authentication (KBA) solutions.

While TrustID’s automatic caller authentication secures the telephone channel and helps bank’s meet the FFIEC’s requirements for increased multi-factor authentication, financial institutions are better equipped to protect their business, shareholders’ investments and customer accounts from fraudulent transactions, which as we know can result in long-term reputation damage and significant financial losses.

Tags: bank fraud, customer authentication, Federal Financial Institutions Examination Council, FFIEC guidance, FFIEC requirements, fraudulent bank transfers, fraudulent payment transfers, KBA, knowledge-based authentication, multi-factor authentication, Physical Caller Authentication, TrustID
Posted in Authentication, Banking Fraud | No Comments »

Smartphone banking requires a secure telephone channel

Posted on: January 17th, 2012 by art No Comments

In recent years, there’s been a push for credit issuers to adopt chip-and-PIN technology to better protect their banking environments from credit card fraud. With mobile payments expected to increase in 2012, financial institutions need to also consider deploying caller authentication solutions that secure the telephone channel from advanced forms of Caller ID spoofing and other social engineering schemes.

In the Credit.com article, “6 Hot Credit Card Trends for 2012,” Beverly Blair Harzog, breaks down the most significant industry trends for the new year. While most of her points revolve around the upswing in credit card use, the one point that hit home with me was No. 6: “Technology rules the future.”

As more and more banks push for smart phone payments this year, technology and the telephone will converge like never before. To protect the telephone channel, banking institutions need to have authentication tools that can validate the growing number of customer transactions that are made over the phone, smart phones included.

With customers leveraging so many banking channels, financial institutions cannot afford to continue operating under the disillusion that traditional identity authentication tools like knowledge-based authentication (KBA) are keeping them safe from harm’s way. The way criminals spoof their Caller IDs and socially engineer bank call center agents today, relying solely on KBA and personally identifiable information (PII) is no longer predictive of identifying who is on the other end of the line. To identify and stop telephone fraud, banks need stronger caller identity authentication that validates each call coming into their contact center.

A customer authentication tool like the TrustID® network-based Physical Caller Authentication solution validates the physical location of the landline or mobile phone before the call is answered, allowing bank call center agents and IVR systems to instantly know whether the call is trustworthy or not, even before it is picked up.

So, with more mobile transactions on the horizon, using Caller ID and ANI as a valid credential for identifying customers over the telephone is becoming a critical part of any bank’s multi-factor authentication strategy. By securing the telephone as a safe way to transfer money, purchase products and share information, TrustID is helping financial institutions reduce fraud over the telephone, improve the customer experience with less intrusive customer interrogation, and deliver faster service at lower costs.

Tags: ANI, banking industry, Caller ID Spoofing, credit card fraud, customer authentication, identity authentication, KBA, knowledge-based authentication, personally identifiable information, Physical Caller Authentication, PII, smartphone banking, telephone channel, telephone fraud, telephone spoofing, TrustID
Posted in ANI Spoofing, Authentication, Banking Fraud, Caller ID Spoofing | No Comments »

New white paper explains why knowledge-based authentication is no match for telephone fraud

Posted on: January 10th, 2012 by art No Comments

For years now, accepting a certain percentage of fraud loss has been a way of doing business. That’s largely because criminals have gotten so good at avoiding detection that companies have had no choice but to eat losses they couldn’t recover. But while yesterday’s fraud losses made little impact on annual revenues, things are vastly different today.

With fraud and other social engineering crimes outpacing risk mitigation strategies across all customer channels — costing U.S. businesses $62 billion a year — organizations can no longer afford to accept fraud as a price of doing business. It’s simply costing them too much business, negatively impacting customer trust, and damaging their brands, all at the same time.

While customer channels like the telephone have been protected by telephonic authentication like knowledge-based authentication (KBA), the methods that we know today are dying. In fact, they can work to the strength of criminals, who collect personal information online and use it to socially engineer businesses and financial institutions. That said, companies that still rely solely on traditional authentication tools that can be easily defeated are putting both their business and customers at risk.

Today, advancements in Caller ID and ANI spoofing undermine the reliability of multi-factor identity authentication, thereby threatening the telephone channel as a secure way to conduct business. In TrustID’s new white paper, “The Three Types of Lies: Lies, Damned Lies, and Caller ID,” we provide detailed accounts of how Caller ID spoofing not only has a greater impact on business revenues, but is also compromising downstream decision making and creating new application risks in the financial services industry. The paper covers:

The use of calling party numbers for location and identity authentication
Why Caller ID and ANI spoofing may be putting your enterprise, customers and bottom line at risk, and what you can do to stop it
How automatic caller authentication solutions can combat the growing spoofing threat to prevent fraud and increase call center efficiencies
Real-world business use case

Overcoming the lies that criminals engineer to perpetrate fraud over the telephone is essential to stopping these costly threats. So, how can a contact center agent tell when a caller is lying? They can’t, even when interrogating them with a bunch of personal questions. There are just too many Caller ID spoofing tools that make it easy for criminals to deceive phone representatives.

While innovative spoofing and social engineering threats will continue to impact business profits, they don’t have to. There is an identity authentication tool that enables businesses and banking institutions to recognize thieves before the call is answered. The TrustID® network-based Physical Caller Authentication tool does this by validating the incoming Caller ID and ANI with physical information without relying on KBA or personally identifiable information (PII), both of which are no longer predictive for positively identifying customers over the telephone.

Tags: ANI, Caller ID Spoofing, KBA, knowledge-based authentication, personally identifiable information, Physical Caller Authentication, PII, telephone fraud, telephone spoofing, TrustID
Posted in ANI Spoofing, Authentication, Caller ID Spoofing | No Comments »

A layered approach to customer authentication just makes sense

Posted on: January 3rd, 2012 by art No Comments

Today marks the 2012 deadline for financial institutions to adhere to the new FFIEC guidelines. While I’ve spent a significant amount of time blogging on this critical guidance, I still feel compelled to help educate the need for an enterprise layered approach when thinking how to best authenticate your banking customers. Excluding the telephone channel in your overall security strategy, I strongly contend, would be leaving your organization and customers at risk.

There is no question that industry experts are recommending an enterprise approach. In a recent BankInfoSecurity article on the FFIEC authentication guidance, Joe Rogalski, information security officer and VP of First Niagara Bank, advocates an enterprise-level approach to security.

“It’s good to look beyond the requirements, to make sure you’re doing the best thing for your institution.”

The simple reality to fraud prevention is criminals will never stop searching for the weakest leak in your fraud defense. If you fail to evaluate your risks holistically, across all channels, it will always be an uphill battle against the crooks. A bigger risk would be if you fall behind your competition in setting the right course to prevent fraud. Criminals are constantly testing financial institutions, trying to locate the best opportunity to commit a crime. I think it’s safe to say that nobody wants to fall too far behind the industry in the ongoing battle to thwart fraud.

In my role at TrustID, I’ve been able to regularly monitor and evaluate the volumes coming through our systems. Without question, the criminals are stepping up their attacks via the telephone channel. This makes perfect sense when you consider the fact that the banking industry is so locked down on protecting the online channel that they’ve, by and large, ignored the telephone channel.

The fact is, you can gain access to many IVR’s with the account number, last four digits of the Social Security number, zip code or date of birth. Getting access to customer account data made available via the IVR is extremely valuable to criminals, who can also acquire other transactional level data that can be used in out-of-wallet questioning either online or when the call is transferred to a bank representative.

In the article, Gartner Research analyst and fraud expert, Avivah Litan, also made several notable comments and recommendations related to authentication:

Tackle the Basics. A lot of banks are busy implementing out-of-band authentication, Litan says. Yet, they’re still struggling to detect and prevent ACH and wire fraud. Rather than investing millions of dollars in out-of-band solutions, she recommends that institutions focus on core security requirements first. Address identified weaknesses with basic and well-understood solutions.

This is a key fundamental, but often overlooked, point. While out-of-wallet questions do have their place in the authentication process, they can be frustrating to customers, expensive (increasing average call handle times) and, over time, can be beat by criminals. Any fraud prevention tool that criminals can see, chances are they will ultimately test their way into.

A second important point in the article is:

Show Metrics of Progress. Experts agree that regulators won’t expect to see 100% conformance in 2012. But institutions must prove they will reduce risk over time. Even if more technology investments are needed, proof of progress will satisfy auditors. “I think institutions are not measuring the potential exposure they may have, and the potential losses which they’ve managed to mitigate against their existing losses. “If they can demonstrate that they have mitigated potential losses, even if exposure increased because of more attacks, then they can show that their measures of protection are improving. It demonstrates effectiveness.”

The reality is, authenticating customers has become problematic. Since Automatic Number Identification (ANI), the use of personally identifiable information (PII) and knowledge-based authentication (KBA) are no longer viable methods for validating caller identity, not to mention the fact that customers don’t like the interrogation that inherently comes along with these processes. As a result, financial institutions need to consider more innovative, cost-effective solutions rather than continually modifying old technologies or simply adding new security questions that challenge the trust and goodwill of their customers.

One of the primary benefits of the TrustID® network-based Physical Caller Authentication tool is how it is invisible to criminals and undetectable to upstanding customers. By non-intrusively identifying customers and knowing which inbound calls are high risk before a call is answered, banks gain a significant advantage in the fight against fraud without crooks even knowing it. With innovative thieves constantly on the prowl to identify new gaps or vulnerabilities in authentication systems, TrustID provides another layer of security to protect the telephone channel and help financial institutions fulfill the FFIEC’s multi-factor authentication recommendations for identifying customers.

Tags: customer authentication, FFIEC guidance, KBA, knowledge-based authentication, multifactor authentication, out-of-wallet questions, personally identifiable information, Physical Caller Authentication, PII, TrustID
Posted in Authentication | No Comments »

With less than a week to go, is your bank FFIEC compliant?

Posted on: December 27th, 2011 by art No Comments

Since the 2012 deadline was set for financial institutions to adhere to the new FFIEC guidelines, banks have been taking steps to make sure they meet the security regulations. But with the New Year less than a week away, just how close are banks to complying? According to a Dec. 16th Credit Union Times article, roughly half of the banking institutions recently surveyed by Guardian Analytics say they are ready for the FFIEC guidance, which means a lot of banks are probably still scrambling to meet the approaching deadline.

In the Guardian’s FFIEC Online Banking Security Readiness Study, 84% of banks surveyed said they plan to invest in new technology to address the enhanced expectations. But while 57% of respondents said they have completed a risk assessment and 59% have devised a way to fill any online banking security gaps, only 43% have actually purchased solutions.

According to the report, one of the reasons banks and credit unions aren’t fully prepared for the new guidelines may be a lack of fully understanding the minimum requirements around layered security and authentication. While the FFIEC’s Supplement to the Authentication has outlined how banks will soon be accountable for detecting and responding to suspicious activity and enhancing controls of administrative functions for business accounts, 41% of those surveyed were unable to identify anomaly detection and 56% were unable to identify enhanced controls.

On average, respondents ranked the level of protection as the top driver for choosing a technology solution, followed by customer convenience. For banks looking for an authentication solution that does both, the TrustID® network-based Physical Caller Authentication tool knocks both out of the park, while helping financial institutions meet the FFIEC’s multi-factor authentication paradigm for identifying customers, which recommends banks deploy at least two of the following categories for customer authentication:

1. “Something you know” (e.g., password, personal identification number [PIN], personally identifiable information [PII])

2. “Something you are” (e.g., fingerprint, retinal pattern, DNA)

3. “Something you have” (e.g., ID or ATM card, security token, telephone)

By invisibly detecting criminals before the call is picked up by a bank’s content center IVR or agent, TrustID makes the telephone number a trusted “Something you have” credential for validating Caller ID and ANI. In doing so, TrustID also reduces highly intrusive telephone interrogation practices that are required by knowledge-based authentication (KBA) solutions.

In other words, when it comes to enhancing the level of protection and improving the customer experience in all banking channels, including the telephone channel, TrustID provides a win-win proposition while helping banking institutions achieve new FFIEC guideline requirements for increased multi-factor authentication.

Tags: ANI, Caller ID Spoofing, customer authentication, FFIEC, FFIEC guidance, online banking security, Physical Caller Authentication, telephone channel, telephone fraud, TrustID
Posted in Authentication | No Comments »

Fraud prevention best security payoff for financial institutions

Posted on: December 21st, 2011 by art No Comments

The cold hard facts are today’s ever-changing fraud tactics enable criminals to remain one step ahead of many financial institution’s fraud teams. With thieves constantly cooking up new schemes to uncover vulnerabilities in banking channels, banks continue to find themselves in the unfortunate position of waiting to see what system loopholes will be exploited next.

While credit card companies do an effective job resolving problems after fraud has occurred, this does nothing to help financial institutions get in front of the problem. If banks want to stop playing catch up to ID fraudsters, they need a defense that prevents criminals from putting their plan in motion in the first place.

According to the article, “Banks lag in preventing ID fraud,” the banking industry is struggling to keep up with today’s innovative criminals when it comes to preventing identity fraud. The industry’s Top 25 banks have met just over 50% of the anti-fraud criteria to protect their customers.

Phil Blank, managing director of security, risk and fraud research at Javelin, said that while getting ahead of fraud is no easy task, preventative security would have a significant payoff because it would save banks and their customers a lot of time and money, which adds up when having to resolve fraud-related matters.

“It’s the hardest thing to do, but if you can prevent the fraud in the first place, the FIs don’t lose any dollars due to fraud. The consumer doesn’t lose any dollars or time and doesn’t end up with any legal issues due to the fraud. So for our purposes, prevention is much more important than detection or resolution.”

To get ahead of fraudsters in the telephone channel, banking institutions need to deploy an authentication solution that allows them to prevent criminals from socially engineering their contact center agents. The TrustID® network-based Physical Caller Authentication tool does this by automatically validating the physical location of the caller before the call is answered. By restoring the Caller ID and ANI as a trusted source for identifying and authenticating customers over the phone, financial institutions can proactively stop identity fraud and other criminal schemes committed over one of the industry’s most frequently used banking channels.

Tags: ANI, ANI Spoofing, bank fraud, Caller ID, Caller ID Spoofing, ID theft, identity theft, Physical Caller Authentication, telephone fraud, TrustID
Posted in Authentication, Banking Fraud, Call Center, Caller ID Spoofing | No Comments »