Posts Tagged ‘Automatic Caller Authentication’

Authenticating banking customers without involving your customers

Posted on: December 14th, 2011 by art

The basis of last week’s NY Times article, “Banks Rely Too Heavily On Social Security Numbers, Report Finds,” stems from the annual Javelin Strategy & Research Banking Identity Safety Scorecard, which looked at the consumer security practices of 25 large banks and credit unions.

In a review of these banks, Javelin found that too many are still using customer Social Security numbers for authentication purposes, a practice that Phil Blank, managing director of security, risk and fraud for Javelin, says hands over key information that criminals use to perpetrate identity theft.

“Customers must provide their Social Security number when opening a bank account, but it shouldn’t be used routinely for other purposes, because telling people to keep their number private but habitually asking for it sends the wrong message. This is something the financial institutions really need to do some work on. The consumer should not be trained that it’s O.K. to give up your Social Security number.”

While I’m sure most financial institutions are aware of the newly published FFIEC guidelines around banking authentication, which go into effect January 2012, I’m a bit surprised that more banking institutions have not yet modified the use of personally identifiable information (PII) like the Social Security number, date of birth or mother’s maiden name for customer authentication.

The stark reality for financial institutions is the customer authentication processes that are being deployed across all channels today are insufficient. With customer satisfaction, profitability, compliance and brand at risk, the industry needs to move in a new direction. Regardless of what drives financial institutions to modify their existing procedures, they will be scrutinized if the current processes used to authenticate customers are not enhanced.

Authenticating customers has become rather problematic. Since Automatic Number Identification (ANI), the use of PII and knowledge-based authentication (KBA) are no longer viable methods for validating caller identity, not to mention the fact that customers don’t like the interrogation that inherently comes along with these processes. Financial institutions need to consider more innovative, cost-effective solutions rather than continually modifying old technologies or simply adding new KBA questions that challenge the goodwill of their customers and add time to every call.

The ability to undetectably validate customers over the telephone channel is a powerful new way to better service customers, minimize the risky handling of PII, and keep fraudsters in check. By non-intrusively identifying customers before a call is answered, the TrustID® network-based Physical Caller Authentication tool simplifies the customer authentication process without relying on KBA, and is paving the way for banks to transform the customer experience while meeting new regulatory scrutiny.

One of the primary benefits of TrustID that I’ve written about is how it is invisible to the criminals and undetectable to upstanding customers. Knowing what inbound calls are high risk prior to answering the call provides financial institutions a huge advantage over the criminals, and provides banks an opportunity to dramatically improve the customer experience through reduced interrogation while fulfilling the FFIEC’s multi-factor authentication best practices for identifying customers.

When push comes to shove, isn’t fraud protection really customer service?

Posted on: November 2nd, 2011 by art

Today, too many financial institutions separate fraud protection and customer service as though they were two entirely different entities. They’re not, and here’s why.

Of course, protecting your banking customers from telephone fraud is one of the most important functions any financial institution can do. After all, losing the sacred trust of customers can directly impact sales, as well as damage a bank’s corporate reputation, resulting in the loss of future revenue from new customers and retaining existing ones.

The way banks service customers is another critical component that’s essential to retaining customers and building a strong brand reputation. In today’s highly competitive marketplace, maintaining strong customer satisfaction is required for any financial institution. The ability to seamlessly assist customers over various channels, none more important than the telephone channel, plays an essential role in the success of any business, let alone the financial services sector.

That said, we at TrustID have always believed that not only are identity authentication and customer service closely linked, when it comes to daily business operations they are essentially one in the same. That’s right. In today’s age where banks face potential fraud at every customer-facing channel, the ability to secure those channels while delivering a flawless customer service is critical to the entire customer experience. Any disruption that traditional authentication processes like knowledge-based authentication (KBA) creates along the way can directly impact the customer experience and how customers perceive the bank.

This is why having the ability to non-intrusively secure the telephone channel while delivering superior customer service is a clear differentiator for today’s financial institutions. Successfully executing one without the other can have a significant impact on your customers and the profitable bank-customer relationship.

The TrustID®  Automatic Caller Authentication product was designed with both in mind. By validating the physical location of the caller’s ANI and Caller ID before a bank’s call center agent picks up the phone, this critical line of communication is secured before any dialogue between the customer and bank occurs. As a result, customers aren’t put through several minutes of security questions (or what we commonly call, “telephone interrogation”) to confirm that the caller is who they say they are.

As I’ve discussed many times, relying on personally identifiable information (PII) to identify customers — which is exactly what KBA solutions do — is no longer predictive, or an effective defense, against today’s more advanced social engineering schemes. The key is not approaching fraud protection and customer service as two separate components. Instead, leveraging an identity authentication solution like TrustID allows financial institutions to invisibly identify and stop telephone fraud before it happens. Doing so improves the level of customer service that is critical to protecting customers, reducing fraud rates, and maintaining the sacred trust between banks and their valued customers.

Are banks doing enough to combat identity theft?

Posted on: October 26th, 2011 by art

Identity theft fraud has been with us for many years now and continues to be the No. 1 threat for financial institutions, not to mention an ever-growing concern for both consumers and regulatory agencies.

Just this year alone, we have seen regulatory agencies such as NIST (National Institute of Standards & Technology) and the FFIEC come out on record indicating that the use of knowledge-based authentication (KBA) as a single source of customer authentication is insufficient. The 2011 Symantec Global State of Security Survey report highlighted a number of online-related concerns, and stated that IT executives have a heightened awareness (49%) of hacking, spoofing, and the rise of social engineering. There have also been related articles in the New York Times and Boston Globe that have highlighted the ease at which criminals can use rudimentary telephone spoofing tools to break into banks and gain access to customers’ personal information.

Despite all this, we continue to read what seems like daily incidents related to identity theft that is costing banks millions in losses and creating all sorts of regulatory risks that can potentially cause irreversible damage to a bank’s corporate reputation. This seemingly never-ending rise in identity theft begs the question: Are banks doing enough to protect their customers?

To me, it appears banks are getting hit heavily across all channels when it comes to identity theft. The struggle may not be that banks aren’t working diligently to solve these issues. The challenge most likely is determining when and where to apply resources, or simply that banks haven’t recognized the cross-channel nature of identity theft. The problem is if you really don’t know how the criminals are beating you, it’s very difficult to know how to prevent it.

In support of this point, this past week the Identity Theft Assistance Center (ITAC) issued results from an informal consumer study it conducted among its members. The results of the study may help all of us gain some insight into the questions above:

The study surveyed about 2,700 U.S. victims of ID theft, and the most striking trend ITAC gleaned from the results is that the vast majority, nearly 70 percent, has no idea how their identities were stolen. Of the 760 or so victims who did know how their identities were taken, more than 25 percent linked their compromises to a cyberattack or a socially engineered scheme.

In the ITAC survey, most victims weren’t sure if their phone had been hacked, their bank account credentials compromised, or if a neighbor or family member somehow gained access to their social security number. With no idea of where the trail starts, it’s challenging at best for IT professionals to know what to focus on first.

Most financial fraud links back in one way or another to identity theft, and that’s something that every financial services provider and institution needs to become aware of. Until banks grasp the fact that the telephone channel is a weak link today, they will continue to fight an uphill battle. Deploying an effective, non-intrusive identity authentication solution like the TrustID®  Automatic Caller Authentication product enables financial institutions to convert ANI and Caller ID into a powerful physical security and authentication resource that can be used to close the security gap that too many bank call centers still operate with today.

  • REQUEST INDUSTRY BRIEFING PAPERS
  • VIEW DEMO
  • USE CASE
  • ANI SPOOFING TOOL

  • CISO Text

             

    Authentication without caller involvement materially improves the customer experience, especially for ‘premier accounts.’ TrustID will greatly assist with not only customer service, but also with board level compliance issues.

    – CISO, top 10 global bank

  • CISO 2 Text

             

    As less customer PII is made available to our contact  center advocates for identity validation, our enterprise risk of a costly data  breach is dramatically decreased.

              – CSO, global financial company

    Offshore agents are highly vulnerable to fraud schemes  and social engineering. TrustID’s solution enables informed routing decisions,  optimizing agent cost reduction programs.

             - CISO, top 10 global bank           

  • VP Quote text

         

    Since  it is now commonly sold by criminals, personal information for identity  authentication is no longer the single solution to identity resolution. The  value of knowing reliably that a customer is calling from their phone is far better security than knowing the last four digits of someone’s SSN.

    - VP of Card Fraud, large international bank