Posts Tagged ‘identity authentication’

Using automated caller authentication to transform the customer experience

Posted on: March 13th, 2013 by art 56 Comments

There’s always been this notion that once a process or system is automated, the people who once performed that task will soon be out of a job. While some tools have certainly earned that reputation, when it comes to automating customer authentication over the telephone, it’s not about replacing people. Rather, it’s about proactively detecting spoofing risks, reducing call center expenses, and transforming authentication into a positive customer experience.

When caller authentication is not automated, this means contact center agents must perform a number of steps to verify that the caller is who they say they are. As we know, security questions are a drawn out identity-interrogation process that requires banking customers to answer a bunch of personal questions that can be beaten by clever social engineers.

Ultimately, this process drives up average call handling (ACH) times, increases operating costs, and can damage the important bank-customer relationship. And because personally identifiable information (PII) is not predictive of identity, knowledge-based authentication (KBA) methods, when used alone, can actually create a false sense of trust that puts company data and customers at risk.

A security tool like the TRUSTID® Physical Caller Authentication solution, however, automatically authenticates the caller using a combination of three core components, including:

 

  • Telephony databases (e.g., local number portability, numbering plans, carrier / line attributes, billing data, routing tables, HLR data, LERG tables, geospatial data, carrier and switch data)
  • Real-time telephone network forensics (e.g., call progress, call messages, network tones, SS7 and SIP signaling, DSP audio energy and voice analysis tools)
  • Specialized analytics (real-time delivery of proprietary credential scores that enable enterprise risk decisioning, customer-specific reason codes, caller data and reports for custom risk model and scoring)

Automatically validating the caller before the phone is answered doesn’t eliminate jobs, it provides stronger customer authentication while streamlining customer service.

What I mean by this is instead of using up valuable time and resources questioning customers over the telephone, call center agents are now free to immediately begin servicing and selling good customers at the initial “golden minute” of the telephone call.

By undetectably authenticating customers through their calling party numbers, TRUSTID helps financial institutions lower customer authentication expenses, reduce the cost of fraud as a result of telephone-based social engineering, and gets call center agents selling and serving customers, not identity-interrogating, which in the end can transform the overall customer experience.

Security processes should not compromise customer service

Posted on: February 27th, 2013 by art 66 Comments

For financial organizations that provide a service, what is it that keeps customers coming back? Since a product is not the competitive differentiator, is it speed? Convenience? Exceptional customer service? How about customer trust and confidence? And where does security factor in? For financial institutions, the answer to these questions could very well be all of the above.

With banks working overtime to safeguard their many customer channels, the one thing they want to make sure their security processes don’t do is interrupt their ability to deliver excellent customer service. Any disruption to the customer experience can have an impact on their ability to retain existing customers and win ones.

Today’s smarter, savvier banking customers expect more from financial institutions. They’ve become less tolerant when a bank falls short of meeting their high expectations. In fact, the 2012 U.S. Bank Customer Switching and Acquisition Study by J.D. Power and Associates found that year-over-year more customers are switching banks as a result of fees, poor service and unmet expectations.

While security can plan a key role in building customer confidence and loyalty, on the flip side, it can also have a negative impact if handled the wrong way. Take, for example, knowledge-based authentication (KBA). Once the standard for identifying banking customers over the telephone, KBA alone is no longer predictive for customer authentication. What can be equally as damaging is how a barrage of security questions interrupt the customer experience to the point that banks lose their customers’ trust and goodwill, and ultimately their business altogether.

Unlike KBA and other personally identifiable information (PII) security methods, which interrogate customers over the telephone, the TRUSTID® Physical Caller Authentication solution helps secure the telephone channel without call center agents saying a single word. By non-intrusively validating the Caller ID and ANI before the call is answered, TRUSTID doesn’t intervene in the customer experience at all. By automatically validating good customers before their call is answered, bank representatives can provide immediate customers service at the onset of each call. Immediately addressing customers’ needs leave them feeling respected and creates a senses of loyalty that they got what they needed, when they needed it, all in a timely manner.

In today’s remote banking environment, it’s no longer good enough to simply keep fraud or unwanted activity in check — fraud has to be contained without damaging the larger, broader relationship between banks and their customers. Establishing this not only creates a competitive differentiator, but allows financial institutions to open up new revenue opportunities with both existing customers and future customers.

 

How pre-answered caller authentication helps prevent telephone bank fraud

Posted on: February 20th, 2013 by art No Comments

Prevention vs. clean up. It’s a security question all financial institutions should ask themselves.

When it comes to providing a trusted customer environment, banks are typically better at resolving problems stemming from non-predictive authentication and fraud than preventing them. That’s because they continue to allow criminals to get their foot in the door.

What I mean by this is when banking customers place a call into a contact center, the very act of answering the telephone sets the stage for criminals to start their elaborate social engineering schemes. And once the dialog starts, anything goes.

Javelin’s director of security, Phil Blank, has long said when it comes to safeguarding customer environments, the biggest challenge is prevention. Done right, however, it can also have the biggest payback for both the bank and customer.

The typical scenario for customer calls looks something like this. A call center agent picks up the phone then proceeds to ask the caller their customer ID and social security number. Based on the level of information the customer is requesting, the bank representative may ask a number of challenge questions. At this point, they’ve already taken up a minute or more of the customer’s valuable time using knowledge-based authentication (KBA) methods that, quite frankly, can no longer assure that the person on the other end of the line is who they say they are.

In today’s many banking channels, criminals armed with the right personal and financial details they’ve collected over the Internet can convincingly impersonate an actual banking customer. In the telephone channel, for example, the very moment they’re able to talk with a call center agent, they have the upper hand.

Whether the caller is a valid banking customer or an impersonator, telephone interrogations impact banks and their customers in several ways, including:

 

  • Employee costs: Every second a bank has to validate and serve their customers counts. If a bank’s contact center agents still rely on KBA for customer identification, they’re likely overspending in many areas for identity authentication, including employee training, security systems and other internal processes.
  • Bank-customer relationship: Burdening customers with lengthy interrogations tests the goodwill of customers and impacts the overall customer experience. This can put a heavy toll on the profitable bank-customer relationship that’s important to any bank’s overall success.
  • Non-predictive authentication: Because personally identifiable information (PII) is used to socially engineer banks, it is not predictive for positively identifying customers calling into a contact center. Therefore, financial institutions should not rely solely on PII for identity authentication.

The TRUSTID® Physical Caller Authentication solution helps banking institutions solve these problems by validating all customer calls before they are answered. Using real-time telephone network forensics to proactively validate the physical location of the landline or mobile device calling the contact center, banks can determine the risk of each inbound call before it is picked up. This insight allows banks to eliminate the time spent authenticating bad calls and serve good customers faster and more seamless. As a result, preventing high-risk callers from reaching bank representatives builds a safer banking environment and strengthens the bank-customer relationship without having to worry about the time, resources and costs associated with cleaning up fraud after it has already happened.

Can banks prevent social engineers from lying?

Posted on: February 13th, 2013 by art

In a world where security technologies work around the clock to stop cyber threats, sometimes the most deceptive and under-appreciated bank crimes can stem from the ancient act of lying.

The opening minutes of the new film, “Identity Thief,” shows just how easy it can be to con someone into providing their private personal and financial details over the telephone. While it might seem unlikely that it could happen to you or your company, the scene illustrates how anyone answering the telephone, even a top accountant for a financial services firm, can be at risk.

We’ve spoke volumes about the various types of lies that criminals rely on to defraud banks. With most financial institutions fully invested in sophisticated hardware to detect and stop fraud over the Internet, the challenge of recognizing when someone is lying over the telephone can be a risk hard to deal with.

In the article, “Social engineering: Clear and present danger,” skilled liars are taking advantage of information shared over online social networking websites to socially engineer their way into the corporate world. One of the ways banking institutions have tried to combat social engineering is to strengthen security policies that make their employees and customers more aware of the dangers they potentially face, said Jason Hong, CTO at Wombat Security.

“The underlying strategy and rationale for social engineering attacks is to circumvent all of the security measures in place by tricking people. For this reason, it’s critical for organizations to train people to be aware of the tactics that bad guys use, so that they can identify them and know how to react in given situations.”

The problem with relying on individuals to identify a lier over the phone is through knowledge-based authentication (KBA), which are essentially challenge questions. The shortcomings of using personally identifiable information (PII) to detect criminals is that they can bypass them quit easily.

But what if you didn’t have to rely on intuition or defeatable security questions to detect when somebody is lying? Would if you could spot a social engineer before he starts to lie?

Without relying on KBA or your call center agents from having to determine whether someone is who they say they are, the TRUSTID® Physical Caller Authentication solution uses network-based forensic technology to automatically validate the caller’s phone location before bank employees pick up. By invisibly identifying whether a banking customer is real or not, financial institutions can eliminate the phone conversation a criminal depends on to socially engineering a bank.

How to turn telephone identity interrogations into better customer care

Posted on: February 6th, 2013 by art

How confident are you that the next time one of your call center agents answers the phone the call will be handled safely and efficiently? If your contact center still relies solely on a host of challenge questions to identify customers over the telephone channel, my guess is your security confidence level falls a few notches below where it should be.

We all know that the reliability of traditional knowledge-based authentication (KBA) today is not what it was a few short years ago. The Internet and social media websites let too much out of the bag these days. Anyone with criminal intentions can spend a little time collecting personally identifiable information (PII) and other public data they can use to socially engineer others over the phone. With the right answers to security questions, criminals can defeat KBA and other PII-based solutions designed to catch suspicious or criminal behavior over the telephone channel.

But what if you could verify the actual risk of the call before the phone is answered? How valuable of a security tool would this be in protecting your customers and confidential bank information? A lot, I would presume.

To put it another way, would if you could eliminate the thousands of hours spent each year on known high-risk calls and transfer all that time and resources into providing better care to your good customers? How much would that save on your annual operating costs, not to mention positively impacting the profitable bank/customer relationship? This is possible through the TRUSTID® Physical Caller Authentication solution.

By using real-time telephone network forensics to validate the physical location of the landline or mobile phone before the call is answered, TRUSTID helps financial institutions realize several security and cost benefits, including:

 

  • Reduce losses relating to fraudulent calls
  • Drop the average call handle (ACH) time
  • Spend more time servicing good customers
  • Spend less time identifying bad ones
  • Build trust and goodwill with customers
  • Improve the overall customer experience

When it comes to proactively identifying customers over the telephone, TRUSTID allows banks to non-intrusively authenticate good callers and instantly identify high-risk ones without relying on PII or costly identity interrogations. As a result, financial institutions have the ability to invisibly shut the door on criminal tactics such as spoofed calls and social engineering schemes to achieve a safer, more efficient banking experience for their customers.

In my book, continually improving the level of call center protection and spending more time and resources caring for customers is something both banks and customers can feel good about.

Despite heavy security investments, identity theft and fraud continue to proliferate

Posted on: March 27th, 2012 by art

The Federal Trade Commission recently published its annual 2011 report on consumer complaints. The report, “Consumer Sentinel Network Data Book,” lays out in extensive detail the types and frequencies of reported complaints to the FTC from consumers. Here are a few pertinent points from the report:

 

  • The CSN received over 1.8 million complaints during calendar year 2011
  • Identity theft was the number one complaint category in the CSN for calendar year
  • A total of 990,242 in 2011 complaints were fraud-related
  • For military consumers, identity theft was the number one complaint category
  • Government documents/benefits fraud (27%) was the most common form of reported identity theft, followed by credit card fraud (14%), phone or utilities fraud (13%), and bank fraud (9%). Other significant categories of identity theft reported by victims were employment fraud (8%) and loan fraud (3%).

Personally, I think it is very telling that the top two complaints are identity theft and fraud. These two categories are inherently related, connected at the hip, if you will, because criminals essentially steal identities to commit fraud.

The second important takeaway for me was that despite all of the heavy investment banks and other institutions are making to safeguard customer information, particularly in the online channels, identity theft and fraud continue to proliferate. This is quite alarming.

Over the past several months, I’ve written a number of blogs that talk about the need to bake cyber security and risk management into all customer channels, including ATMs, Internet and the telephone.

One of the reasons telephone fraud and social engineering have picked up in recent years is the fact that criminals now have the ability to access or change an address or account data that is necessary to perpetrate larger and more profitable online crimes. Once a criminal controls a customer’s information – primarily through the telephone channel – criminals use the newly acquired personally identifiable information (PII) to commit crimes through the online channel.

Financial Institutions that ignore the telephone channel as a primary source for fraud and don’t address the same security and authentication requirements as the online channel, will continue to put themselves at risk as the CSN report painfully articulates.

The fact is, if you want to automate business processes, enhance customer communications, and take advantage of new technologies, you have to “bake” cyber security and risk management across all customer channels.

Deploying an effective, non-intrusive identity authentication tool like the TrustID® network-based Physical Caller Authentication enables financial institutions to convert ANI and Caller ID into a powerful physical security and customer authentication tool that can be used to close the security gap that too many bank call centers still operate with today.

An identity authentication solution that helps banking institutions protect the telephone channel by making the phone number a valid “Something you have” authentication credential, is an essential piece of the FFIEC’s multi-factor authentication paradigm for identifying customers. By automatically validating the physical location of the caller before the phone is answered, financial institutions proactively identify fraudulent calls and address good customer inquiries faster, all without putting them through burdensome telephone interrogations that are required by other knowledge-based authentication (KBA) solutions.

Smartphone banking requires a secure telephone channel

Posted on: January 17th, 2012 by art

In recent years, there’s been a push for credit issuers to adopt chip-and-PIN technology to better protect their banking environments from credit card fraud. With mobile payments expected to increase in 2012, financial institutions need to also consider deploying caller authentication solutions that secure the telephone channel from advanced forms of Caller ID spoofing and other social engineering schemes.

In the Credit.com article, “6 Hot Credit Card Trends for 2012,” Beverly Blair Harzog, breaks down the most significant industry trends for the new year. While most of her points revolve around the upswing in credit card use, the one point that hit home with me was No. 6: “Technology rules the future.”

As more and more banks push for smart phone payments this year, technology and the telephone will converge like never before. To protect the telephone channel, banking institutions need to have authentication tools that can validate the growing number of customer transactions that are made over the phone, smart phones included.

With customers leveraging so many banking channels, financial institutions cannot afford to continue operating under the disillusion that traditional identity authentication tools like knowledge-based authentication (KBA) are keeping them safe from harm’s way. The way criminals spoof their Caller IDs and socially engineer bank call center agents today, relying solely on KBA and personally identifiable information (PII) is no longer predictive of identifying who is on the other end of the line. To identify and stop telephone fraud, banks need stronger caller identity authentication that validates each call coming into their contact center.

A customer authentication tool like the TrustID® network-based Physical Caller Authentication solution validates the physical location of the landline or mobile phone before the call is answered, allowing bank call center agents and IVR systems to instantly know whether the call is trustworthy or not, even before it is picked up.

So, with more mobile transactions on the horizon, using Caller ID and ANI as a valid credential for identifying customers over the telephone is becoming a critical part of any bank’s multi-factor authentication strategy. By securing the telephone as a safe way to transfer money, purchase products and share information, TrustID is helping financial institutions reduce fraud over the telephone, improve the customer experience with less intrusive customer interrogation, and deliver faster service at lower costs.

TrustID and Adeptra combine strengths to stop telephone-related bank fraud

Posted on: December 6th, 2011 by art

Securing and streamlining all banking channels oftentimes requires the collaboration of innovative technologies. This is the thinking behind TrustID’s new partnership with Adeptra, a leader in decision-making solutions for real-time consumer communications.

As the rise in identity theft increases the fraud risk of financial institutions using caller-interrogation procedures like knowledge-based authentication (KBA) to validate a customer’s identity, Adeptra sought an authentication solution that could quickly and non-intrusively validate a caller’s identity without impacting the customer experience. By validating Caller ID and ANI with the physical location of the caller before the call is answered, the TrustID® network-based Physical Caller Authentication tool was the right fit for helping Adeptra’s banking customers mitigate the risk of telephone-related fraud while reducing call handling times and contact center costs.

Integrating Adeptra’s Decision Engine with TrustID creates a robust platform for credentialing each caller’s identity while detecting and preventing Caller ID and ANI spoofing. As a result, banks and their customers experience a number of significant business benefits, including:

  • Minimize business risk: The ability to detect, address and prevent telephone fraud before it occurs reduces fraud-based losses and improves consumer confidence.
  • Reduce contact center costs: By shortening authentication procedures for unvalidated calls, and enabling suspicious calls to be addressed in a more cost-effective manner, the joint solution can reduce call center costs by 20%.
  • Combat telephone-based fraud: The joint solution works to combat several types of fraud including identity theft, voice phishing, social engineering, line takeover and account breakout.
  • Improve customer experience: As the authentication process takes place before the call is answered, it ensures a faster and more pleasant experience for genuine callers.

According to Adeptra’s CTO, Tony McGivern, the TrustID partnership provides a level of fraud prevention that enables banking institutions to secure the telephone channel and increase consumers’ trust in their brand.

“Our partnership with TrustID marks a significant step forward in financial institutions’ ability to combat fraud, reduce risk and increase consumer confidence. Knowing that an inbound call is coming from the genuine cardholder or account holder’s telephone is a reliable and practical authentication and a major contributor to fraud prevention.”

For today’s financial institutions, increasing performance and protecting confidential company and customer data is vital to maintaining a strong brand identity and retaining existing customers. A robust solution that combines an intelligent decision engine with pre-answer caller authentication reduces operating costs, minimizes fraud risks and improves the overall customer experience, all key components to achieving a highly secure, cost-effective and efficient banking enterprise.

Is your bank ready for the new FFIEC authentication guidelines?

Posted on: August 23rd, 2011 by art

I’m sure most financial institutions are aware of the newly published FFIEC guidelines around banking authentication. So, I won’t belabor you with another blog on the detailed requirements that will be measured and audited against starting January 2012. That said, what I’d like to focus on is the one requirement that calls for increased multi-factor authentication.

This guideline is very specifically about the use of a layered approach to authentication, and the need for improved challenge questions. As I’ve discussed, today’s challenge questions have been criticized by the regulators as being overly simplistic and easy to compromise. Soon, financial institutions will be reviewed (and held accountable) at how effective they are around their ability to detect, prevent and analyze risks associated with protecting customers’ data and their identity. At a minimum, they should be able to show they are aware of the risks and are taking steps to close the gap.

In her recent blog, “Are Banks Missing the Fraud Mark?” Information Security Media Group’s Tracy Kitten said:

“But has our attention focused so much on technological threats that we’ve forgotten to lock the garage, through which low tech schemes sneak in and steal millions upon billions of dollars every year? Sadly, yes… I’m not suggesting we steer attention away from the cyber fight. Cyber threats are definitely a growing concern. But we can’t leave windows of fraud opportunity open to low-tech schemes, either.”

Not only do I agree with Tracy’s views, I would add that as IT departments try to pinpoint what areas to focus on to ensure their systems are protected from evolving threats, many are overlooking the primary attack vector – the call center.

One of the reasons telephone fraud and social engineering have picked up in recent years is the fact that criminals now have the ability to gain or change an address or account data that’s necessary to perpetrate larger and more profitable online crimes. Once a criminal controls a customer’s information – primarily through the telephone channel – criminals use the newly acquired personally identifiable information (PII) to commit crimes through the online channel.

In the article, “PCI Council Issues Advice for Securing Card Data in Call Centers,” Jeremy King, European director of the Security Council, said one of the prime targets for criminals today are call centers. Today, preventing the stealing and changing of  personal and financial data in the call center is the smartest Internet security investment a bank can make.

The fact is, if you want to automate business processes, enhance customer communications, comply with the spirit of the FFIEC guidelines and take advantage of new technologies, you should “bake” cyber security and risk management into all customer channels, including the “low-tech” telephone channel.

One of the primary benefits of the TrustID® Telephone FirewallTM solution that I’ve written about is how it is invisible to the criminals and undetectable to upstanding customers. Knowing what inbound calls are high risk prior to answering the call provides banking institutions a huge advantage over the criminals, and an opportunity to dramatically improve the customer experience through reduced interrogation, otherwise known as knowledge-based authentication (KBA), while fulfilling the FFIEC’s multi-factor authentication best practices for identifying customers.

Because the TrustID firewall is completely transparent to both customers and criminals, and developed using data from a highly complex telephone network, it doesn’t provide crooks with any insight into how they are detected. As a result, customers go about their business without interruption and crooks have nothing to test against to breach the system.

A new approach to customer care

Posted on: August 18th, 2011 by art

In a previous post, I concluded that financial institutions who can significantly improve the consumer experience while simultaneously ensuring the safety of their customers’ money and personal information will win the hearts, minds, trust and, ultimately, business of their competitors’ customers.

While I believe this to be true, still, financial institutions are no longer the sole determinant of their brand. Today, customers are a prime driver of brand. If they are dissatisfied, they will walk, and follow up by posting their opinions on Google, Facebook, and everywhere else your prospective customers will see it. Because of social media, the consumer’s voice is louder than ever… and it’s about to get louder.

We are on the cusp of a major transformation in the financial services industry, where the success of the entire enterprise is dependent on the customer experience and its ability to service its customers’ needs. Over the next several years, we will see a market shift where financial institutions are no longer able to define their own brands. Instead, the consumer will define them. Banks that understand this shift, and alter their business processes to invisibly and non-intrusively improve the customer experience and ensure consumer safety, will gain a competitive advantage that will significantly improve top and bottom-line performance for their shareholders.

For example, take a look at some of the top reasons for customer dissatisfaction. If you eliminate product factors such as line assignment, fees or interest rates, one of the main reasons for customer dissatisfaction is poor customer service due to a lack of trust and respect for the customer’s time. This is often caused by highly disruptive “customer interrogation,” or knowledge-based authentication (KBA). Yet, banks and financial institutions continue to rely on this outdated, costly and time-consuming method to identify customers over the telephone. In an industry where seconds count for average handle time (AHT), it is a huge frustration for the customer. This is why it’s no surprise that KBA is having a negative impact on financial institutions and their brands.

How a customer feels during and after phone interactions is a significant differentiator, yet too many banks have lost sight of what consumers really want. Current fraud prevention strategies – many of which are still focused on KBA – are at odds with both customer care and the bottom line. KBA is no longer a viable and sustainable method for validating caller identity and is creating an even bigger disconnect between fraud prevention strategies and customer care goals. Instead of endless customer questioning, imagine your IVR picking up every call by saying:

“Thank you for calling (Company Name). For your security, we have validated your phone number. How may we assist you today?”

This streamlined telephone interaction can be a reality with the telephone firewall. The TrustID® Telephone FirewallTM solution provides financial institutions with a competitive differentiator that enhances the customer relationship while simultaneously improving fraud prevention.

By eliminating interrogation at the start of each inbound call and giving the customer more perceived control over the bank/customer relationship, TrustID is paving the way for financial institutions to transform the customer experience. Customers want to be trusted and respected, and demand both safety and convenience. The TrustID telephone firewall is paramount to a mutually trusting relationship between customers and their banks, and proves that the bottom line and customer service do not have to be at odds with each other.

  • REQUEST INDUSTRY BRIEFING PAPERS
  • VIEW DEMO
  • USE CASE
  • ANI SPOOFING TOOL

  • CISO Text

             

    Authentication without caller involvement materially improves the customer experience, especially for ‘premier accounts.’ TrustID will greatly assist with not only customer service, but also with board level compliance issues.

    – CISO, top 10 global bank

  • CISO 2 Text

             

    As less customer PII is made available to our contact  center advocates for identity validation, our enterprise risk of a costly data  breach is dramatically decreased.

              – CSO, global financial company

    Offshore agents are highly vulnerable to fraud schemes  and social engineering. TrustID’s solution enables informed routing decisions,  optimizing agent cost reduction programs.

             - CISO, top 10 global bank           

  • VP Quote text

         

    Since  it is now commonly sold by criminals, personal information for identity  authentication is no longer the single solution to identity resolution. The  value of knowing reliably that a customer is calling from their phone is far better security than knowing the last four digits of someone’s SSN.

    - VP of Card Fraud, large international bank