Resolving customer issues over the telephone is the job of help desk employees. But as pressure builds to assist more callers in shorter periods of time, cutting corners around security and customer identification could lead to more data compromises.
In the article, “Is Your Company’s Help Desk Helping Hackers?” a survey of more than 900 IT professionals found that help desk personnel are proving to be easy prey for social engineers posing as individuals to get help desk employees to divulge private information they can use to access customer or employee accounts. According to the 2013 Help Desk Security and Privacy Survey conducted by the Internet security training company, SANS, help desk representatives are the perfect target for phone fraud because the vary nature of their job is to quickly resolve issues such as password resetting and restoring email.
“As help desks are ordered to help, they are ripe for others who want to take advantage of their mission. For decades, the help desk has been a backdoor to enterprise network resources through social engineering.”
While the first layer for identifying customers over the telephone typically includes asking callers a series of personal questions, this method is easily circumvented by today’s criminals who, because of social networking websites like Facebook and Twitter, are better equipped to defeat knowledge-based authentication (KBA) solutions.
The article suggests that the human factor is one of the top reasons criminals target help desk personnel. However, most of this can be avoided if some of the common help desk inquiries like password resets and status checks were automated. Instead of relying on challenge questions to detect fraud over the telephone channel, automating certain authentication processes can help reduce some of the help desk vulnerabilities.
The TRUSTID® Physical Caller Authentication tool is a fraud detection solution that automatically validates the physical location of the telephonic device as the phone rings. Within seconds, TRUSTID determines the authenticity of the caller’s phone number to identify it as either a legitimate or spoofed call. All this happens in real time without relying on personally identifiable information (PII) or impacting the customer experience. And by eliminating the entire interrogation process, help desk personnel can assist more legitimate callers while reducing their overall risk of answering spoofed calls that can ultimately result in fraud losses.
Tags: customer identification, fraud losses, help desk, help desk security, KBA, knowledge-based authentication, phone fraud, Physical Caller Authentication, PII, social engineers, TrustID