Posts Tagged ‘FFIEC’

Researchers find flaw in two-factor authentication system

Posted on: March 6th, 2013 by art 45 Comments

The idea behind two-factor authentication is to provide a multi-layered security defense that allows good users to safely access their accounts while preventing criminals from illegally accessing other peoples’ accounts. In theory, this is a sound method that many of today’s financial institutions use to authenticate their customers over various banking channels.

Implementing more effective security initiatives is also the byproduct of stronger federal regulations like the FFIEC (Federal Financial Institutions Examination Council), which recommends banks deploy at least two-factors of authentication as defined by its 2011 Supplement to the Authentication.

Sometimes, however, even effective security measures can fall short of their goal.

This was widely illustrated last week when researchers announced they found a loophole in Google’s two-factor authentication system. In the article, “Google Two-Factor Authentication Bug Allowed Account Hijacking,” Duo Security reported that the search engine giant’s two-step verification system for authenticating users had a flaw that could allow accounts to be hijacked — the vary thing the security platform was designed to prevent.

This is yet another case where a company that has done their due diligence to implement a multi-layered security strategy still had vulnerabilities within its system that could allow criminals to sneak past their authentication processes.

This is why financial institutions need to understand the importance of having at least two-factors of authentication, which still may not be enough to secure online account. Shortcomings like those revealed last week could apply to other customer channels, as well.

Take, for example, the telephone. Today, banks still use knowledge-based authentication (KBA) solutions to identify their customers over the phone. For many, KBA (“something you know”) is a critical piece to their verification strategy. It’s also part of the FFIEC’s two-factor authentication criteria, along with “something you are” (fingerprint, DNA, retinal pattern) and “something you have” (ID card, security token, telephone). Unfortunately, KBA has become a solution that thieves have proven to beat time and time again.

Designed to ask callers security questions that only the customer would know, crooks can now slip past KBA methods by combining identity theft with social engineering. By correctly answering challenge questions, criminals can ironically break down a security barrier that’s precisely designed to prevent criminals from getting through in the first place.

I’m not saying that using passwords, personally identifiable information (PII) or PIN numbers are worthless for customer authentication, but exposure to social engineering schemes over the telephone can pose a weakness in two-factor authentication systems. It’s vulnerabilities like these that the FFIEC recommends at least two factors of authentication for defending banking networks and their customers from today’s criminal threats.

10 bank fraud lessons of 2012

Posted on: December 26th, 2012 by art

As much as we’d like to think that remote banking is safe, the reality is threats across all customer channels still exist. If we aren’t ready for them we could find ourselves victims of these often preventable crimes.

Persistent criminals proved throughout the year that they aren’t going to stop anytime soon. With new and emerging threats facing financial institutions every day, banks need to stay one step ahead of today’s tenacious criminals. Throughout 2012, we’ve covered many issues around the threats and authentication solutions that directly affect call center environments.

As we gear up for a new year, I wanted to take a look back at some of the lessons of 2012, and what we learned that can help us better protect our customers and business information moving ahead. Here are some of the top stories and lessons we discussed:

1. Continued education is essential for fighting bank fraud: With crooks cooking up new schemes all the time, bank fraud teams need to keep up with the latest criminal trends and tactics.

2. Financial institutions could face liability for failing to prevent fraudulent transfers: Several court cases have ruled against banks for failing to detect and stop bad transactions despite having fraud defenses in place.

3. Exceptional customer service has become a banking necessity: The way banks service their customers can have a direct impact on customer satisfaction and retention.

4. Customers want a quick, safe and hassle-free banking experience: The best banking experience is one that resolves issues in a timely fashion without requiring anything from the customer.

5. FFIEC compliance means understanding true multi-factor authentication: To meet the FFIEC standards, banks need to understand the three categories for multi-factor authentication.

6. Out-of-band verification is counterproductive to compliance and security efforts: Knowledge-based authentication tools increase expenses, frustrate customers and don’t always stop criminals.

7. Ignoring the telephone channel leaves banks susceptible to social engineering: With all eyes on online banking, financial institutions need to also turn their focus on the call center.

8. Call center service has a direct impact on a bank’s bottom line: As one of the most frequent touch points for customers, poor service over the telephone can impact a bank’s ability to retain existing customers and attract new ones.

9. A single layer of authentication is an open door to phone fraud: Any bank call center still relying on a single layer to identify customers is setting themselves up for trouble.

10. The call center is a growing target for bank criminals: Security analysts agree that call centers are once again becoming a sweet spot for fraudsters.

With the demise of Caller ID and ANI, banking institutions need to take proactive steps to ensure they meet new authentication guidelines to better detect and stop fraudulent transactions before they happen. They also need to continually educate themselves about fraud trends and re-evaluate their current security strategies to make sure they have the most effective authentication methods in place to stop evolving forms of fraud over all customer channels.

As we move into 2013, we appreciate you reading the TRUSTID blog. We look forward to discussing these and other important issues that affect the financial services industry, and what we can do to better protect our customers and banking environments in the years to come.

The changing face of customer authentication

Posted on: September 26th, 2012 by art

During the past month I’ve met with the executive leadership at top tier banks (and other industries) who have direct oversight and accountability for their institution’s customer authentication policy and strategy. What I’ve heard very clearly is that there is a massive change taking place in customer authentication, and there will soon be different rules and different economics in customer service and authentication, particularly in banking. In the authentication industry, there will also be different players.

What we now know is that authentication based on “Something you know,” also known as KBA (knowledge-based authentication) — which interrogates customers with out-of-wallet questions such as “What are the last four digits of your SSN?” — is ineffective at informing a bank who it is communicating with on the other end of the transaction.

We’re told that this is true because any capable criminal can and does repeatedly pass through current identity-interrogation protocols. There’s no impediment and no real barrier thanks to the Internet, data breaches and social media sites such as Facebook, Plaxo and Ancestry.com. These companies publish boat-loads of your customer’s personal information for criminals to read, and that’s why determined criminals can beat KBA telephone interrogations 100% of the time.

I was shocked to hear repeatedly this same point of view from these leaders. While this is insightful, another thing we’ve learned from our work is that the problem is solvable. It’s solvable in both a customer friendly and bank-cost positive way.

More specifically, what we and our customers have learned is this; over 90% of incoming telephone calls present phone numbers that can be converted into very high-quality identity tokens that banks can use to provide higher quality authentication. It also turns out that about 5% of incoming telephone numbers have been intentionally altered, and that anyone can anonymize themselves this way. Even worse, phone number alteration, also referred to as spoofing or phone hacking, allows criminals to gain repeated unchecked illegal access. While I’m not saying 5% of incoming calls are fraudulent (after all, there are legitimate reasons to alter telephone numbers), you can bet that there are criminals lurking in this 5% pool of incoming calls.

TRUSTID may be the only firm that has insight into these facts. We wouldn’t know this information if we didn’t operate as a telecommunications carrier, as we do, and have access to real-time telephone network forensics technology that we’ve developed and is now in production. We are also the only firm that has the technology to tell banks (and other industries required to authenticate customers) in real time which phone numbers are suitable as high-quality, identity-predictive authentication tokens.

So, by converting unvalidated telephone numbers into identity tokens, the authentication process becomes completely automated. By allowing financial institutions to know with great certainty who is on the other end of a call before an agent or IVR answers the phone, TRUSTID allow bank systems and their people to immediately start servicing and up-selling customers.

Our goal at TRUSTID is to simultaneously enable our clients to provide the best customer service experience possible, help grow their share-of-wallet and profitability, and reduce their call center costs by tens of millions of dollars each year. Giving banks the ability to authenticate customers without disrupting the customer experience or falling victim to social engineering can be a powerful way for them to secure their network while also meeting FFIEC demands.

The TRUSTID® Physical Caller Authentication tool is a highly complementary method for identifying customers over the telephone channel. By validating the physical location of the Caller ID and ANI, TRUSTID is making the telephone number a trusted “Something you have” credential for identifying customers while helping banks meet the true definition for multi-factor authentication.

Why customer authentication needs to go straight to the source

Posted on: September 5th, 2012 by art

As financial institutions diligently perform ongoing risk assessments, there has been a lot of push for banks to implement out-of-band authentication solutions to protect their corporate assets and private information.

While I agree it’s important for banking institutions to invest in a layered security strategy to fight everything from card fraud to corporate account takeover, it is my opinion that placing too much emphasis on a verification method that is expensive and frustrating to customers is misleading financial institutions into investing in a solution that, over time, can ultimately be defeated by criminals.

The BankInfoSecurity article, “Banks’ Top Anti-Fraud Investments,” makes some valid points in the types of anti-fraud strategies that banks and credit unions need to deploy to better identify fraud and other malicious activities. However, instead of spotlighting out-of-band authentication, banks would be better off focusing on their core security requirements first rather than investing millions of dollars in out-of-band authentication, or so says Gartner fraud and security analyst, Avivah Litan.

What financial institutions should really be considering are solutions that validate and identify the criminal’s actual device, such as the telephone, that is used to commit bank fraud over the phone channel. As contact center agents field billions of calls each year, banking institutions need to secure the call center, which remains prone to fraud and other advanced social engineering scams.

By focusing on the “something you have” component, fraud managers are going right after the weapon being used to commit the crime without having to employ out-of-wallet security questions or conduct long telephone interrogations that are vulnerable to clever scams that can fool these and other knowledge-based authentication (KBA) techniques.

The thing that distinguishes the TRUSTID® Physical Caller Authentication tool from other anti-fraud solutions is it goes straight to the source of the crime — the telephone’s physical location — to invisibly validate the Caller ID and ANI before the call is even answered. Having this level of real-time intelligence to determine if a caller is genuine or a risk can play a key role in a bank’s ability to identify and reduce fraud rates.

Why costly fraudulent bank transfers are driving FFIEC conformance

Posted on: July 4th, 2012 by art

There are a number reasons why today’s financial institutions need to enhance their authentication capabilities and comply with the FFIEC Authentication Guidance. One of the first that comes to mind is small businesses. With many banks’ customer base made up of small businesses — yes, the same small businesses that are increasingly being targeted by criminals — having a multi-factor authentication defense in place plays a critical role in protecting both their customers and confidential business information.

The United Bank & Trust has ten thousand reasons why it has invested in more layered security controls to meet the new authentication requirements. In the recent article, “Bank’s Road to Stronger Authentication,” a single incident could have cost United Bank & Trust upwards of $10,000 in monetary loss, not to mention irreversible damage to its brand, had it not stopped a fraudulent transaction from getting through, said Marsha Whitehouse, VP of treasury management for the Ann Arbor-based bank.

“It just takes one transaction. That incident that we caught could have cost us over $10,000. And it’s not just the monetary loss; it’s the reputational risk you have to deal with.”

To comply with the FFIEC’s security recommendations, the bank employs a two-factor authentication process that combines a knowledge-based “something you know” authentication tool with a “something you have” telephone solution. While multi-factor defenses like these can protect customer channels from harmful activity such as fraudulent wire transfers and account takeovers, relying on automated customer callbacks to confirm clients over the telephone can leave banks susceptible to social engineering scams that take over phone lines and transfer bank calls to a different number within the criminal’s control.

With financial institutions using outbound return calling to authenticate large financial transactions and ACH transfers, line takeover can pose a threat to a bank’s use of customer callbacks. To eliminate the risk of line takeovers, deploying a proactive telephone authentication solution like the TrustID® network-based Physical Caller Authentication tool can reduce the need for customer callbacks because it automatically verifies customers before the call is answered.

By using the Caller ID and ANI as a trusted source to authenticate bank customers over the phone, TrustID allows banking institutions to non-intrusively validate customers and invisibly recognize and stop criminals from perpetrating criminal activity over the telephone channel. As a result, banks have a complementary “something you have” authentication tool that helps them comply with FFIEC regulations while reducing fraud losses and providing a better overall customer experience.

“Pre-answered” caller validation reduces risk and cuts operating expenses

Posted on: June 13th, 2012 by art

According to a new KPMG survey, regulatory challenges and the sluggish economy have many bank executives reexamining their existing business models to see how they can increase operational efficiency and shave costs. Typically, what ends up happening is businesses evaluate several solutions for specific functions. For example, they’ll look at a number of security tools for fraud prevention, and different operating systems to improve business efficiency and productivity.

Based on the survey findings, when it comes to minimizing business risks, meeting new regulatory compliance and becoming more efficient, many of today’s financial institutions are focused on the online channel, said Judd Caplain, national account leader of KPMG LLP’s Banking and Capital Markets practice.

“Banks are interested in making investments in IT to further increase operational efficiency and regulatory reporting, better connect their various platforms and systems, and gain a more holistic view of their customers who may use several of the bank’s products and services. Projects that utilize data more effectively to inform risk management decisions, support strategic initiatives, and comply with regulations, as well as enhancing technology platforms that touch the customer, are also an area of focus.”

But investing in multiple solutions to handle different aspects of their operations can be an expensive undertaking for banks. To cut costs and minimize fraud risks, one area bank execs should consider — but often overlook — is their call center operations and security.

With the U.S. call center industry expected to receive over 50 billion inbound calls in 2012 (nine billion going into financial services companies alone), the telephone channel is one of the financial industry’s most frequently used customer service channels. Deploying solutions that make the call center more efficient and reduce the level of risk on each call is critical to any bank’s operations, customer service and bottom line.

One of the most expensive areas within any large operation is employee costs. As such, the labor dollars spent within bank call centers is a very large, yet very necessary and important expense. But unnecessarily putting customers through extensive and cumbersome interrogation processes to identify each caller can have a significant impact on operating budgets.

That said, in the call center industry every second validating and serving customers counts. Unfortunately, financial institutions continue to rely on traditional methods of knowledge-based authentication (KBA) that don’t decrease the time spent authenticatin and serving customers over the telephone, and quite frankly are no longer predictive of identifying customers in the age of social engineering. But a solution like the TrustID® network-based Physical Caller Authentication tool simultaneously performs a number of critical call center functions that minimize business risk, reduce customer authentication time, help meet authentication regulations like FFIEC, and create more efficient customer service.

By using Caller ID and ANI as a trusted source for automatically validating customers before the phone is picked up, TrustID shortens authentication procedures in such a cost-effective manner that it can reduce call center expenses by 20 percent. When you have trusted resources that don’t rely on the mishandling of personally identifiable information (PII) to identify customers, it doesn’t make sense to perform lengthy interrogations on each call when the customer authentication can all be done before the call is answered. That’s the type of security, efficiency and cost savings that TrustID provides for its banking customers.

Fighting phone fraud: Looking at the full spectrum of customer authentication

Posted on: June 6th, 2012 by art

The threat of social engineering is changing the face of customer authentication, particularly around the call center. This is nothing new, of course. I’ve often spoke about the rapid growth of inbound telephone fraud, and the need for banks to deploy an enterprise-wide approach to fighting fraud and the associated costs and risks of using knowledge-based authentication (KBA) questions or voice biometrics.

The primary problem of relying on KBA to catch fraud is it can be learned by criminals. Criminals can instantaneously share somebody’s personal information globally and use it repeatedly to their advantage. Because cell phones and landlines are readily available and are being used to place calls into a bank’s call center, static Tokens, PINS and KBA — which are not always readily available — have a difficult time stopping fraud.

The recent article, “Voice Biometrics as a Fraud Fighter,” captures many of the concerns I’ve written about. In it, Gartner fraud analyst, Avivah Litan, explains how KBA processes are becoming ineffective against today’s threats. While financial institutions and other industries are seeking solutions to aid them in combating call center fraud, I believe they need to take a broader look at the full spectrum of authentication, not just the fraud component. The real issue at hand is the ability to validate who you are doing business with over the telephone. Unfortunately, the fear of not knowing who is on the other line of the call (or IVR) is driving up operational expenses and damaging the important relationship between banks and their good customers.

Deploying KBA or voice biometrics without giving the complete call cycle a thorough, detailed review can be a recipe for disaster. The problem that arises when you don’t understand the various solutions or the best point in the call cycle to deploy security tools is it can increase operational costs and customer dissatisfaction. And through it all, it still doesn’t guarantee the deployed technology will stop the fraud it is intended to thwart.

We all know KBA methods have long relied on personally identifiable information (PII) to distinguish an individual’s identity over the telephone. A person’s phone number, address, billing zip code, date of birth, and the last four digits of their Social Security Number were ways banks and financial institutions could connect personal information with a specific customer. But in today’s digital age this information is shared over the Internet via public records and social networking sites like LinkedIn, Facebook and Plaxo. It’s also available on criminal data exchanges, which makes it easily accessible for criminals to steal and create new and innovative social engineering schemes. As a result, the use of PII as a sole factor for identity authentication has become risky, expensive, and is not predictive of identity banking customers. Here’s why:

 

  • Risky: Today, identity thieves can put together enough personal information to socially engineer a bank, and even secure credit in another person’s name. Financial institutions that rely on KBA are susceptible to the risky handling and use of PII by criminals out to defraud banks and their customers for monetary gain.
  • Expensive: The risks that degradation of PII-based authentication creates can result in heavy penalties and costs if the information is lost, given away or stolen. This increases the cost of training, systems security and other internal processes.
  • Not Predictive: Because PII is used to socially engineer a bank, it is not predictive for positively identifying customers calling into a bank’s call center. In other words, knowledge-based authentication that relies on PII cannot be used as a reliable source of information for identity authentication.

As I’ve said, the issue of using KBA (“Something You Know”) goes well beyond deployment costs. It’s also about determining when in the call flow process it is best utilized. Today, every call coming into a call center is essentially unvalidated. Because banks can no longer use Caller ID or ANI as trusted sources to identify customers over the telephone, they try to assess the risk of the call based on what the customer is asking for rather than the actual risk of the incoming call source. The end result is they don’t know which calls to trust or not trust.

The reality is most call centers still interrogate or punish good customers in order to stop a few bad ones. Since they don’t know which calls are riskiest, they put all customers through varying degrees of interrogation. But they don’t have to. There are alternative solutions available today that validate callers so far upstream that banks don’t have to put their customers through rigorous security questions using KBA or voice biometrics.

The TrustID® network-based Physical Caller Authentication tool is one solution that reduces the need for expensive and ineffective KBA by automatically verifying the physical location of the telephone before it is answered. Using Caller ID and ANI as validated sources to instantly authenticate legitimate customers and identify fraudulent ones before criminals can talk with bank representatives, addresses the ever-growing issues of call center authentication while simultaneously reducing telephone fraud triggered by advanced social engineering schemes.

A single layer of authentication is an “open door” for bank fraud

Posted on: April 10th, 2012 by art

In today’s fraud landscape, a single layer of authentication can be an open door invitation to fraud. These may sound like harsh words, but the fact of the matter is, they’re true. Any financial institution that relies on one security technology is going to run into trouble. If not today, then some time down the road. It’s really just a matter of time.

The recent Investors.com article, “Zappos Breach Shows Hacker Hits Just Keep Coming,” hits the nail on the head in regard to layered security. Despite technology improvements, even the most secured companies with layered security can be penetrated to a certain degree, said Amir Orad, CEO of the financial services security firm, Nice Actimize.

“It shows the value of layered security. One has to assume that some of the layers will be breached — if not today, then tomorrow.”

Having a multi-layered defense that includes two-factor identification technology can make a big difference in how far a perpetrator gets and how much confidential customer or company data they get away with. This is why the new Federal Financial Institutions Examination Council (FFIEC) security guidelines call for banks to use layered authentication to minimize the risk of fraud. More specific, having at least two of the following three categories is essential to meeting this authentication criteria:

     1. “Something you know” (e.g., password, PIN number, personally identifiable information [PII])

     2. “Something you are” (e.g., fingerprint, retinal pattern, DNA)

     3. “Something you have” (e.g., ID or ATM card, security token, telephone)

Most banks use both passwords and knowledge-based authentication (KBA) techniques (security questions) to identify customers. The problem is both of these methods fall within the same (“Something you know”) category. This not only leaves financial institutions susceptible to criminals who know all the information, they are not in compliance with the FFIEC’s new multi-factor authentication recommendations.

When it comes to one of the most widely used banking channels today — the telephone — the TrustID® network-based Physical Caller Authentication tool takes a unique approach to authenticating customers dialing into a bank’s call center. Instead of relying on what the caller knows, TrustID makes the telephone number a valid “Something you have” credential by automatically validating the claim of Caller ID and ANI before the call is answered. This, combined with authentication methods that use KBA, PII or PIN numbers to identify customers, gives banks a critical layer of defense needed for protecting customer and company data, and at the same time, helps them meet the FFIEC’s guidelines for true multi-factor authentication.

 

Despite heavy security investments, identity theft and fraud continue to proliferate

Posted on: March 27th, 2012 by art

The Federal Trade Commission recently published its annual 2011 report on consumer complaints. The report, “Consumer Sentinel Network Data Book,” lays out in extensive detail the types and frequencies of reported complaints to the FTC from consumers. Here are a few pertinent points from the report:

 

  • The CSN received over 1.8 million complaints during calendar year 2011
  • Identity theft was the number one complaint category in the CSN for calendar year
  • A total of 990,242 in 2011 complaints were fraud-related
  • For military consumers, identity theft was the number one complaint category
  • Government documents/benefits fraud (27%) was the most common form of reported identity theft, followed by credit card fraud (14%), phone or utilities fraud (13%), and bank fraud (9%). Other significant categories of identity theft reported by victims were employment fraud (8%) and loan fraud (3%).

Personally, I think it is very telling that the top two complaints are identity theft and fraud. These two categories are inherently related, connected at the hip, if you will, because criminals essentially steal identities to commit fraud.

The second important takeaway for me was that despite all of the heavy investment banks and other institutions are making to safeguard customer information, particularly in the online channels, identity theft and fraud continue to proliferate. This is quite alarming.

Over the past several months, I’ve written a number of blogs that talk about the need to bake cyber security and risk management into all customer channels, including ATMs, Internet and the telephone.

One of the reasons telephone fraud and social engineering have picked up in recent years is the fact that criminals now have the ability to access or change an address or account data that is necessary to perpetrate larger and more profitable online crimes. Once a criminal controls a customer’s information – primarily through the telephone channel – criminals use the newly acquired personally identifiable information (PII) to commit crimes through the online channel.

Financial Institutions that ignore the telephone channel as a primary source for fraud and don’t address the same security and authentication requirements as the online channel, will continue to put themselves at risk as the CSN report painfully articulates.

The fact is, if you want to automate business processes, enhance customer communications, and take advantage of new technologies, you have to “bake” cyber security and risk management across all customer channels.

Deploying an effective, non-intrusive identity authentication tool like the TrustID® network-based Physical Caller Authentication enables financial institutions to convert ANI and Caller ID into a powerful physical security and customer authentication tool that can be used to close the security gap that too many bank call centers still operate with today.

An identity authentication solution that helps banking institutions protect the telephone channel by making the phone number a valid “Something you have” authentication credential, is an essential piece of the FFIEC’s multi-factor authentication paradigm for identifying customers. By automatically validating the physical location of the caller before the phone is answered, financial institutions proactively identify fraudulent calls and address good customer inquiries faster, all without putting them through burdensome telephone interrogations that are required by other knowledge-based authentication (KBA) solutions.

Authenticating banking customers in a mobile world

Posted on: February 29th, 2012 by art

Is your banking institution prepared for mobile transactions? If not, you’ve got some work to do.

According to the article, “How Safe Is Paying With Your Phone?”, mobile banking is here. More alarming, however, is that Consumer Reports estimates that nearly 30% of Americans that use their phones for banking, accessing medical records and storing other sensitive information do not take precautions to secure their phones. This leaves customers and banks susceptible to various forms of identity, financial and bank fraud schemes.

As financial institutions offer more ways for consumers to bank, they need to take proper security measures to protect their customers and secure all of their banking environments, including the telephone channel. With more mobile transactions on the way, banks need to utilize a multi-factor authentication defense to make sure their growing platforms for communicating with customers are secure.

I think the new FFIEC guidelines are pretty clear on the type of layered approach that’s needed to authenticate banking customers in a mobile world. Deploying at least two factors of authentication for identifying customers over the telephone is essential to stopping more harmful forms of identity fraud that, according to Javelin’s “2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier”, climbed 13% in 2011.

By automatically validating the physical location of a landline phone or mobile phone, the TrustID® network-based Physical Caller Authentication tool fulfills the FFIEC’s “Something you have” (e.g., ID or ATM card, security token, telephone) credential for identifying customers over the phone channel.

Combined with other authentication solutions that cover either the “Something you know” (e.g., password, personal identification number, personally identifiable information) or “Something you are” (e.g., fingerprint, retinal pattern, DNA) authentication categories outlined by the FFIEC, TrustID is a complementary tool for helping financial institutions achieve the recommended multi-factor authentication paradigm for identifying customers.

  • REQUEST INDUSTRY BRIEFING PAPERS
  • VIEW DEMO
  • USE CASE
  • ANI SPOOFING TOOL

  • CISO Text

             

    Authentication without caller involvement materially improves the customer experience, especially for ‘premier accounts.’ TrustID will greatly assist with not only customer service, but also with board level compliance issues.

    – CISO, top 10 global bank

  • CISO 2 Text

             

    As less customer PII is made available to our contact  center advocates for identity validation, our enterprise risk of a costly data  breach is dramatically decreased.

              – CSO, global financial company

    Offshore agents are highly vulnerable to fraud schemes  and social engineering. TrustID’s solution enables informed routing decisions,  optimizing agent cost reduction programs.

             - CISO, top 10 global bank           

  • VP Quote text

         

    Since  it is now commonly sold by criminals, personal information for identity  authentication is no longer the single solution to identity resolution. The  value of knowing reliably that a customer is calling from their phone is far better security than knowing the last four digits of someone’s SSN.

    - VP of Card Fraud, large international bank