How effective are challenge questions in identifying banking customers?

Posted on: April 25th, 2012 by art

Over the past year, I’ve written extensively on the issues with using simple challenge questions or more elaborate “out of wallet” or knowledge-based authentication (KBA) questions to identify banking customers.

In the recent interview with Tracey Kitten of BankInfoSecurity, “FFIEC: How Well Do Banks Conform?” Gartner analyst and fraud expert, Avivah Litan, expounds on some of these same industry challenges as they relate to the new FFIEC Guidance. She mentions that many banks are:

“Moving from simple challenge questions to follow the explicit guidance in the FFIEC update about using the more elaborate KBA or out of wallet type questions provided from public data aggregators.” 

Avivah added that out of wallet questions can be expensive, and that it “remains to be seen how effective they work.”

Having had oversight of such processes during my career, I truly can appreciate the dilemma that banks and other institutions face. They are under extreme regulatory pressure to ensure they are adequately protecting their customers from identity theft, and as a result, they are authenticating every customer they interact with. But there needs to be a balance between managing fraud exposure, negative customer experience, and operational costs.

As I talk to many senior fraud and operations executives, the real struggle is not just what type of authentication products to utilize, it’s knowing when to deploy them and what customers to use them against. Every call that comes into banks today is not a credentialed call. They cannot be trusted, period. As such, the challenge is answering these critical questions:

 

  • Which calls should be trusted?
  • Which calls should required challenge questions?
  • At what stage of the interaction should authentication tools be used?
  • What are the costs and customer impact to using these tools?

Answering these important questions of what tool to use, and when to use it, is critical to a bank’s overall operation. It’s what will determine the operational costs, customer experience and fraud protection. Deploying technology without fully understanding the impact and effectiveness of new tools has driven up customer dissatisfaction and, in part, what has driven the FFIEC Guidance specifically related to Authentication.

While there is certainly a place for KBA and voice biometric, this is where the TrustID® network-based Physical Caller Authentication tool takes a unique approach to authenticating customers dialing into a bank’s call center. Rather than base the level of customer authentication on what the caller is requesting such as adding an authorized user, TrustID allows banks to route the incoming call based on the authenticity of the actual call. By making the Caller ID and ANI a trusted resource for identifying customers over the telephone, TrustID provides a strong certainty that the incoming call is truly the customer. Doing so also eliminates the conversation criminals rely on to socially engineer bank representatives.

By automatically validating the physical location of the caller before the phone is answered, financial institutions can proactively identify fraudulent calls and address good customer inquiries faster, all without putting them through burdensome and costly telephone interrogations that are required by KBA solutions. In turn, if the TrustID solution deemed the incoming call as either spoofed, altered, or determined the source of the call was not trustworthy, then regardless of the customer request the bank may want to put the call to a representative for a second level of questioning.

Now that the bank has a much smaller population of customers they need to deploy expensive KBA towards, they can reduce costs, dramatically improve the customer experience through reduced interrogation for the majority of good customers, and fulfill the FFIEC’s multi-factor authentication best practices for identifying customers.

Today it is paramount for banks to develop a mutual ongoing trust with their customers. By allowing financial institutions to invisibly identify and stop telephone fraud before it happens, TrustID improves the level of customer service that’s critical to protecting customers, reducing fraud rates, and maintaining the sacred trust between banks and their valued customers.

Tags: , , , , , , , , , , ,

Comments are closed.

  • REQUEST INDUSTRY BRIEFING PAPERS
  • VIEW DEMO
  • USE CASE
  • ANI SPOOFING TOOL

  • CISO Text

             

    Authentication without caller involvement materially improves the customer experience, especially for ‘premier accounts.’ TrustID will greatly assist with not only customer service, but also with board level compliance issues.

    – CISO, top 10 global bank

  • CISO 2 Text

             

    As less customer PII is made available to our contact  center advocates for identity validation, our enterprise risk of a costly data  breach is dramatically decreased.

              – CSO, global financial company

    Offshore agents are highly vulnerable to fraud schemes  and social engineering. TrustID’s solution enables informed routing decisions,  optimizing agent cost reduction programs.

             - CISO, top 10 global bank           

  • VP Quote text

         

    Since  it is now commonly sold by criminals, personal information for identity  authentication is no longer the single solution to identity resolution. The  value of knowing reliably that a customer is calling from their phone is far better security than knowing the last four digits of someone’s SSN.

    - VP of Card Fraud, large international bank