Posts Tagged ‘identity theft’

Stronger customer authentication only way to mitigate risk of bank fraud

Posted on: December 19th, 2012 by art

Sitting at the core of every financial transaction is trust. Without it, or worse, relying on  unvalidated resources like personal identifiable information (PII) to identify customers, puts every banking transaction at risk.

brick wallThe recent article, “$850 Million Scheme Exploited Facebook: Authentication, Secure Browsing Would Have Reduced Losses,” illustrates just how important customer authentication is. Even after the FBI arrested 10 individuals residing around the world in connection with a banking Trojan that stole credit card and bank account details from Facebook users who were duped into opening phishing emails they thought were from their trusted online friends, security experts don’t believe it will stop attacks on the popular social networking website.

Much like any other banking channel, financial institutions need to strengthen their customer authentication if they expect to stop fraud in the financial services industry, said Neil Schwartzman of secure messaging infrastructure provider, Message Bus.

“Real two-factor authentication would have made a difference here, on the bank side and prevented some of the financial losses that resulted after PCs were infected. Within the next two to five years, we will see stronger authentication everywhere, because the banks are going to get sick of the losses.”

Many banking institutions today still take phone calls without adequately validating the incoming call. As a result, they are putting themselves, their customers and accounts at risk of fraud. In short, operating without at least two-factors of authentication is a losing proposition in today’s volatile remote banking environment.

Whether a bank is communicating with customers in person, online or over the telephone, two-factor authentication is absolutely paramount for preventing fraudulent transactions and the monetary losses relating to illegal bank transfers, identity theft and credit card fraud.

To mitigate fraud over the telephone channel, the TrustID® network-based Physical Caller Authentication uniquely validates inbound contact center calls before they are answered. By validating the actual location of the telephone, financial institutions that were once susceptible to Caller ID spoofing and social engineering schemes can once again use the Caller ID and ANI as trusted sources for authenticating customers over the phone. This allows banks to proactively identify which calls can be trusted and which calls are high-risk, while adding an extra layer of authentication to better protect their customers’ bank accounts and confidential business information from telephone fraud, no matter if the criminal is attempting to commit fraud domestically or internationally.

Criminals Still Turning to the Telephone to Perpetrate Bank Fraud

Posted on: May 15th, 2012 by art

When it comes to bank fraud, criminals may be leveraging technology to outsmart the latest online security tools, but they haven’t forgotten about the telephone. In fact, some studies suggest that crooks are finding more ways to use the phone to commit bank fraud.

In the UK Cards Association report, the payment card information resource found that telephone banking fraud losses increased 32% in 2011, from £12.7 million in 2010 to £16.7 million last year. In my experiences, these numbers are particularly relevant because the UK fraud experience is similar to that in the US, outside of counterfeit fraud where the UK has chip and PIN built into the cards.

To defraud financial institutions and banking customers, criminals need to collect personal security details. This data is seen by thieves as the keys to the vault, and they will do anything they can to get their hands on the information they need to access bank accounts.

Aside from mining social media websites like Facebook to gather data and build personal profiles on unsuspecting victims, criminals are turning to the telephone to dupe customers into divulging their personal information. Spoofing their Caller ID, crooks socially engineer customers by pretending to be bank representatives asking them to provide their account details such as passwords. This is the identity theft portion of the crime. Once they’ve collected enough details on a person, the next step is identity fraud.

There are many ways criminals can perpetrate identity fraud, both online and over the telephone channel. With banks offering more ways than ever for customers to bank online, in recent years financial institutions have invested heavily in security tools to protect online channels. While this has helped reduce online banking fraud losses (which fell 24% in the UK from 2010 to 2011), banking institutions need to consider solutions that help banks identify and stop fraud over low-tech channels, as well.

The TrustID® network-based Physical Caller Authentication is one solution that stops criminals that are spoofing their Caller ID from social engineering call center agents. By automatically validating the physical location of the incoming call before the phone is answered, TrustID instantly lets bank representatives know when the Caller ID or ANI is spoofed. This level of real-time telephone forensics allows financial institutions to determine whether the call is from a legitimate customer or a criminal who has manipulated their Caller ID to commit fraud. Doing so helps banks on several levels — from reducing telephone fraud losses and call center operating costs by eliminating the time to handle bad calls to achieving regulatory compliance through multi-factor authentication required by the new FFIEC Authentication Guidance.

Consumers: How to avoid dangerous and costly telephone scams

Posted on: May 1st, 2012 by art

Criminals are after your personal information and money, and the telephone is one of the most popular ways to do it.

Merriam-Webster first included the new slang word “phish” into its dictionary in 2005. Phish (verb): to send an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

Well, now there is an even newer word for the fast-growing risk. Vishing, or “voice phishing” is a type of scam that criminals use over the telephone to obtain consumers’ personal information and money. The way it works is a fraudster calls someone on the phone, but makes the call appear to be coming from someone else by “spoofing” or altering the Caller ID that the consumer sees on the display.

This scam has gotten so common that if your caller ID display indicates the call is coming from your bank, there is a reasonable chance that it is not.

In this type of Vishing attack, you will receive a call to your home or wireless phone from a “live” person or recorded message that appears to be coming from a known reputable institution. The caller will ask for money or your personal information.

Fraudsters are also luring victims to seemingly credible toll-free phone numbers where an automated recording asks for account information. Those who call the fake customer service number are greeted with a pirated recording of an automated voice system, ostensibly for the reputable institution, and are requested to enter their card number to authenticate themselves. They are then led through a series of voice-prompted menus that ask for their PIN code, card expiration date, date of birth, and other critical pieces of information. Once the victim enters these details, the scammer has enough information to commit identity fraud.

What do Vishing scams look like?

  • Typically, an incoming recorded telephone message using a spoofed Caller ID that matches the identity of a misrepresented organization.
  • An urgent email or text message from a known institution that directs you to a bogus toll-free number.
  • An invitation to punch your personal information on your telephone keypad. From there, criminals capture the key tones and convert them back to a numerical format.

Characteristics of Vishing:

The content of the incoming message generally is not personalized, and is designed to trigger an impulsive reaction such as:

  • Upsetting or exciting information
  • Demanding an urgent response
  • Using a false pretense

What data is at risk?

Any numerical personal information, including:

  • Payment card information (numbers, expiration dates, and the last three digits printed on the signature panel)
  • Personal identification number (PIN)
  • Social security number
  • Date of birth
  • Bank account numbers
  • Passport number
  • Driver’s license number

How crooks use your information?

Once your personal details have been stolen, fraudsters can use them to perform any number of identity crimes, including:

  • Taking control of your financial accounts
  • Open new bank accounts
  • Transfer bank balances
  • Apply for loans
  • Credit cards and other goods/services
  • Luxury purchases
  • Hide criminal activities
  • Receive government benefits, or
  • Obtain a passport

What can you do reduce your risk?

  • As a general rule, be suspicious when receiving any unsolicited incoming texts or telephone communications.
  • If an email or caller does not use your full name, it may be suspicious.
  • DO NOT use the number provided to call back.
  • If you are asked for sensitive information, hang up.
  • Never provide personal information in these circumstances.
  • Never rely solely on your telephone Caller ID function.

What to do if you suspect fraud:

  • Consumers have a role to play in stopping Vishing scams. You are encouraged to recognize, report and stop it.
  • Do not react immediately without thinking.
  • If this concerns you, investigate by using telephone numbers known to be valid. In the case of credit cards, for example, use the telephone number printed on the back of the card.
  • Never provide personal or financial information to non-validated sources.

Vishing scams target all types of individuals. It doesn’t matter if you are an employee, consumer or student, continuing to educate yourself about the latest fraud tactics that criminals use to steal personal or financial information can play a critical role in protecting your identity, money and confidential information from getting into the wrong hands.

Fraud prevention best security payoff for financial institutions

Posted on: December 21st, 2011 by art

The cold hard facts are today’s ever-changing fraud tactics enable criminals to remain one step ahead of many financial institution’s fraud teams. With thieves constantly cooking up new schemes to uncover vulnerabilities in banking channels, banks continue to find themselves in the unfortunate position of waiting to see what system loopholes will be exploited next.

While credit card companies do an effective job resolving problems after fraud has occurred, this does nothing to help financial institutions get in front of the problem. If banks want to stop playing catch up to ID fraudsters, they need a defense that prevents criminals from putting their plan in motion in the first place.

According to the article, “Banks lag in preventing ID fraud,” the banking industry is struggling to keep up with today’s innovative criminals when it comes to preventing identity fraud. The industry’s Top 25 banks have met just over 50% of the anti-fraud criteria to protect their customers.

Phil Blank, managing director of security, risk and fraud research at Javelin, said that while getting ahead of fraud is no easy task, preventative security would have a significant payoff because it would save banks and their customers a lot of time and money, which adds up when having to resolve fraud-related matters.

“It’s the hardest thing to do, but if you can prevent the fraud in the first place, the FIs don’t lose any dollars due to fraud. The consumer doesn’t lose any dollars or time and doesn’t end up with any legal issues due to the fraud. So for our purposes, prevention is much more important than detection or resolution.”

To get ahead of fraudsters in the telephone channel, banking institutions need to deploy an authentication solution that allows them to prevent criminals from socially engineering their contact center agents. The TrustID® network-based Physical Caller Authentication tool does this by automatically validating the physical location of the caller before the call is answered. By restoring the Caller ID and ANI as a trusted source for identifying and authenticating customers over the phone, financial institutions can proactively stop identity fraud and other criminal schemes committed over one of the industry’s most frequently used banking channels.

A new approach to customer care

Posted on: August 18th, 2011 by art

In a previous post, I concluded that financial institutions who can significantly improve the consumer experience while simultaneously ensuring the safety of their customers’ money and personal information will win the hearts, minds, trust and, ultimately, business of their competitors’ customers.

While I believe this to be true, still, financial institutions are no longer the sole determinant of their brand. Today, customers are a prime driver of brand. If they are dissatisfied, they will walk, and follow up by posting their opinions on Google, Facebook, and everywhere else your prospective customers will see it. Because of social media, the consumer’s voice is louder than ever… and it’s about to get louder.

We are on the cusp of a major transformation in the financial services industry, where the success of the entire enterprise is dependent on the customer experience and its ability to service its customers’ needs. Over the next several years, we will see a market shift where financial institutions are no longer able to define their own brands. Instead, the consumer will define them. Banks that understand this shift, and alter their business processes to invisibly and non-intrusively improve the customer experience and ensure consumer safety, will gain a competitive advantage that will significantly improve top and bottom-line performance for their shareholders.

For example, take a look at some of the top reasons for customer dissatisfaction. If you eliminate product factors such as line assignment, fees or interest rates, one of the main reasons for customer dissatisfaction is poor customer service due to a lack of trust and respect for the customer’s time. This is often caused by highly disruptive “customer interrogation,” or knowledge-based authentication (KBA). Yet, banks and financial institutions continue to rely on this outdated, costly and time-consuming method to identify customers over the telephone. In an industry where seconds count for average handle time (AHT), it is a huge frustration for the customer. This is why it’s no surprise that KBA is having a negative impact on financial institutions and their brands.

How a customer feels during and after phone interactions is a significant differentiator, yet too many banks have lost sight of what consumers really want. Current fraud prevention strategies – many of which are still focused on KBA – are at odds with both customer care and the bottom line. KBA is no longer a viable and sustainable method for validating caller identity and is creating an even bigger disconnect between fraud prevention strategies and customer care goals. Instead of endless customer questioning, imagine your IVR picking up every call by saying:

“Thank you for calling (Company Name). For your security, we have validated your phone number. How may we assist you today?”

This streamlined telephone interaction can be a reality with the telephone firewall. The TrustID® Telephone FirewallTM solution provides financial institutions with a competitive differentiator that enhances the customer relationship while simultaneously improving fraud prevention.

By eliminating interrogation at the start of each inbound call and giving the customer more perceived control over the bank/customer relationship, TrustID is paving the way for financial institutions to transform the customer experience. Customers want to be trusted and respected, and demand both safety and convenience. The TrustID telephone firewall is paramount to a mutually trusting relationship between customers and their banks, and proves that the bottom line and customer service do not have to be at odds with each other.

Telephone Spoofing: Have we only hit the tip of the iceberg?

Posted on: August 10th, 2011 by art

Last week, AT&T announced plans to make voicemail passwords opt-out in order to guard against telephone spoofing. In a recent blog, Bob Quinn, AT&T’s chief privacy officer, wrote:

“However, given the advent and, unfortunately, the wide availability of sophisticated telephone number spoofing technology that allows people to “fake” the telephone number they are calling from, we are moving in a new direction.”

My strong suspicion is AT&T is reacting to the recent, UK phone hacking scandal, which has completely blown the lid off of how easy it is to spoof telephones. While this is something we’ve been educating our readers about for awhile now, oftentimes it takes a high-profiled event like this to enlighten the rest of the world about the dangers and impact phone spoofing can have on its victims. More so, AT&T must react in order to safeguard the integrity of its systems, and also safeguard customers’ personal data, which is core in developing the trust of its customers and to bottom line profitability.

Unfortunately, AT&T’s decision to require passwords won’t stop telephone voicemail spoofing. AT&T will be subject to social engineering and spoofing of its own call centers. They will need to become aware of evolving tactics that criminals use to trick call center agents into updating or generating new passwords. AT&T will deploy some form of knowledge-based questions (KBA), which will add significant expense, frustrate good customers, and can still be beat by crooks. In my previous post, The death of knowledge-based authentication, it’s a vicious cycle; one in which erodes the confidence of customers.

The News of the World phone hacking scandal and AT&T’s response is a prime example of a problem many businesses face today. Whether they know it or not, the truth is we’ve really only hit the tip of the iceberg. Criminals are using the telephone channel to commit different types of spoofing, pretexting and social engineering schemes to gain access to customer information and other confidential and proprietary business assets. In fact, this type of illicit behavior occurs tens of thousands of times each day against banks and financial institutions, and if they aren’t careful, they too could fall victim to similar security breaches.

Today, the TrustID® Telephone FirewallTM solution is the only solution available that instantly authenticates inbound phone calls before the call is answered. By validating ANI and Caller ID through non-intrusive, undetectable caller authentication, businesses can proactively identify and stop criminals before they attempt to perpetrate fraud over the telephone channel. In doing so, business institutions can ensure customers are who they say they are without damaging their trust and goodwill through time-consuming, unpleasant KBA and telephone identity interrogation

While they don’t specifically mention the NoTW debacle that brought telephone spoofing into focus, AT&T’s change in direction is being driven by the risk to its brand if they do nothing. Today, every financial institution is in jeopardy of losing customers who are generally dissatisfied with their customer service experience and distrustful of their bank’s ability to protect their money and personal information. Protecting customers’ money and data is core to developing trust. As IT departments try to pinpoint what areas to focus on to ensure their systems are protected, many are overlooking one of the primary vectors for identity theft — the call center.

The recent phone hacking event should put every organization on notice to question whether they have the right strategy around spoofing. I’m sure AT&T has known for years that voicemail spoofing over its network is occurring. It may just be prudent to get ahead of any potential backlash. But like financial institutions and other industries, they cannot quantify it and probably felt the customer convenience or the cost to deploy passwords far outweighed the risk. Like many other businesses, AT&T is reacting to the potential brand risks of doing nothing, and they also need to maintain both the integrity of its system and the trust of its customers.

Why trust and customer care is critical to every bank’s bottom line

Posted on: August 2nd, 2011 by art

Over the past few years, the business landscape for financial institutions has changed dramatically, making the road to profitability much more challenging. As a result, financial institutions are competing harder than ever for customers. They are working diligently to find the balance between managing costs while complying with a multitude of new regulations.

Perhaps the defining factor for acquiring new customers and retaining existing ones, and one that plays heavily in the road to profitability, is trust. In the simplest terms, trust is defined as the reliance on the integrity, strength, capability and surety of someone, or the confident expectation of something.

Today, every financial institution is in jeopardy of losing customers who are generally dissatisfied with their customer service experience and distrustful of their banker’s ability to protect their money and personal information. Protecting and safeguarding their customers’ money and data is core in developing trust. As IT departments try to pinpoint what areas to focus on to ensure their systems are protected, many are overlooking one of the primary vectors for identity theft — the call center.

The telephone remains the most intimate form of communication. No other industry knows this better than the financial services industry. In 2011 alone, banks will take over nine billion inbound phone calls from customers. Unfortunately, financial institutions continue to place the onerous task of authentication clearly on the shoulders of their customers. The knowledge-based security questions designed to validate the identity of the person calling a bank’s call center are doing great harm to the goodwill of their customers and the critical bank/customer relationship by making the telephone channel an unpleasant experience. Financial institutions that grill callers with personal questions at the onset of a call — before a customer can clarify their needs — are setting the wrong example with current customers and prospects.

The stark reality of customer care is financial institutions are wasting significant time and money, as well as losing their customers’ trust and goodwill.

By validating the Caller ID and ANI (and removing the customer from this arduous process) before the call is answered, the TrustID® Telephone FirewallTM solution eliminates the need to bombard customers with a bunch of questions at the start of each call. By addressing a customer’s needs right out of the gate, financial institutions can enhance the trust and the larger, more profitable bank/customer relationship. Banks and financial institutions that can simultaneously improve the overall customer experience and ensure the safety of their customers’ money and personal information will win the trust of the customers, and in doing so, earn the right to service them.

Phone hacking scandal exemplifies stark reality of Caller ID spoofing

Posted on: July 26th, 2011 by Pat

The recent UK phone hacking scandal has completely blown the lid off of how easy it is to spoof telephones. While this is something we’ve been educating our readers about for awhile now, oftentimes it takes a single, high-profiled event like this to enlighten the rest of the world about the true dangers and significant impact phone spoofing can have on its intended Phone Hackervictims.

While the loss of privacy has been one of the biggest prices paid by the individual victims in the Murdoch case, businesses that leave their telecommunications networks open to hackers can feel the impact in other ways. With today’s more sophisticated criminals targeting customers’ personal information and company secrets, business losses can range anywhere from financial to brand integrity, which can lead to a whole subset of intangible costs.

What’s unfortunate about incidents like the News Corp./News of the World scandal is they could have been averted had the phone carriers been using the TrustID® Telephone FirewallTM solution. That’s right. By validating the physical location of a caller whether they are using the phone or a cellular device, the TrustID solution secures telephone systems against the threat of the Caller ID spoofing that led to the hacking of more than 4,000 phone numbers.

The NoTW phone hacking scandal is a prime example of a problem many businesses face today. Whether they know it or not, the truth is we’ve really only hit the tip of the iceberg. Criminals are using the telephone channel to commit different types of spoofing, pretexting and social engineering schemes to gain access to customer information and other confidential and proprietary business assets. In fact, this type of illicit behavior occurs tens of thousands of times each day against banks and financial institutions, and if they aren’t careful, they too could fall victim to similar security breaches.

Today, the TrustID Telephone Firewall is the only solution available that instantly authenticates inbound phone calls before the call is answered. By validating ANI and Caller ID through non-intrusive, undetectable caller authentication, businesses can proactively identify and stop criminals before they attempt to perpetrate fraud over the telephone channel. In doing so, business institutions can ensure customers are who they say they are without damaging their trust and goodwill through time-consuming, unpleasant knowledge-based authentication (KBA) and telephone identity interrogation.

The death of knowledge-based authentication

Posted on: July 22nd, 2011 by art

Financial institutions are losing money and customers due to the practice of knowledge-based authentication (KBA). Customers do not like to be interrogated, and interrogation is not in line with your bank’s mission and values statement (go ahead – re-read it). Regulatory bodies are calling for more advanced authentication to prevent fraud.  Governmental agencies are now calling for the death of KBA.

In last month’s regulatory developments, the National Institute of Standards and Technology (NIST) and the Federal Financial Institutions Examination Council (FFIEC) have started to crack down:

In view of the amount of information about people that is readily available on the internet and the information that individuals themselves make available on social networking websites, institutions should no longer consider such basic challenge questions (like mother’s maiden name) as a primary control, to be an effective risk mitigation technique.” [Source: Federal Financial Institutions Examination Council, June 22, 2011]

From NIST – SP800-63 Revision 3, June, 2011:

Instant KBA seems particularly problematic, because the combination of the establishment of identity and consummation of a transaction are compressed into a single session, because of the vulnerability of such systems to off-line research and because users get no chance to opt out of these risks…..Instant KBA is not acceptable when transactions result in the release of sensitive or private information related to an individual. Many remote Internet transactions the government provides or would like to provide to its citizens fall into the latter category of transactions.”

With customer satisfaction, profitability and brand at risk, the industry needs to move in a new direction. This major shift in thinking and practice can, however, be turned into competitive differentiator and profit driver.

In the past, KBA interrogation has caused a wide disconnect between fraud prevention strategies and customer care goals. Today’s financial institutions mostly fall into two categories. One, they’re doing too little authentication – e.g. asking only for the last four digits of the credit card and zip code, both of which can easily be found on a discarded credit card statement – and therefore exposing themselves to fraud loss and compliance issues.  Alternatively, they are over-interrogating, which frustrates customers and ticks away precious seconds of potential relationship building, selling and servicing time.

Since KBA is no longer a viable method for validating caller identity, and customers do not like to be interrogated, the ability to undetectably validate customers is a powerful new way to better service customers, minimize the risky handling of PII, and keep fraudsters in check. By non-intrusively identifying customers before a call is answered, the TrustID® Telephone FirewallTM solution simplifies the authentication process without relying on KBA and is paving the way for banks to transform the customer experience while meeting new regulatory scrutiny.

Oh, and by the way, please don’t shoot the messenger, we didn’t kill KBA. If you want to find the real culprits, try social networking, data breaches, contact data sharing, voicemail hacking, geo-tagged photos, internet search engines, smart phones, criminal data exchanges, public records, hackers, university research papers, social engineering, and criminals. They are the ones who killed KBA.

How reducing average call times can make banks millions

Posted on: July 13th, 2011 by art

This week’s blog helps put some numbers behind this fact.

One of the most expensive areas within any large operation is employee costs. As such, the labor dollars spent within customer care centers is a very large, yet very necessary and important expense. With that backdrop, let me ask the question: “What does a 20- or 30-second reduction in agent handling time mean to your bottom line?”

    “Of the 43 billion calls that U.S. contact centers will receive in 2007, 41 percent will involve a contact agent asking identity verification questions. Although this process takes only 20 to 30 seconds, the industry will spend $11.7 billion, and more than 11,000 years of contact center agent time this year, just checking caller identities.”

    - U.S. Contact Center Operational Review 2007, Contact Babel

Because of agent efficiency killing factors such as training, after call wrap-up, hold time, vacation, sick leave, idle time between calls, supervisory costs, recruitment, and lost revenues from inexperience due to staff turnover — every second saved in actual work time is worth 2.5 cents in savings — according to the same Contact Babel report. Simply put, Contact Babel says not spending time using knowledge-based authentication (KBA) to identify customers saves $0.60 on each of these calls.

But I think it gets better than that. By relying on “TrustID ANI” for authentication and not using up a caller’s patience with KBA interrogation, your bank can materially reduce IVR to agent transfers, thereby saving $3.50 on these calls using Contact Babel’s math.

So what is removing KBA interrogation and using TrustID ANI for caller authentication worth to your bank in just savings? My assumption:

Calls per year                Annual savings

10 million                        $2.8 million

25 million                           $7 million

50 million                          $14 million

100 million                        $28 million

500 million                      $141 million

But, even more importantly, in our highly competitive environment, what is it worth to your bank’s shareholders to make your customers happy?

Deploying the TrustID® Telephone FirewallTM solution does the lion’s share of inbound caller authentication by verifying the physical location of the ANI and Caller ID before the call is answered. This is done completely transparent to your customers and undetectable to criminals. By identifying the risk of the call prior to your IVR or agents having to speak with your customers, you can take seconds out of a large percentage of calls that significantly reduces operational expenses and allows your representatives to spend their valuable time servicing and selling, not interrogating your valued customers.

If you’d like to learn more about how our innovative tool can help your call center significantly reduce the time you spend authenticating inbound calls, or would like to see a demo, feel free to contact us today.

  • REQUEST INDUSTRY BRIEFING PAPERS
  • VIEW DEMO
  • USE CASE
  • ANI SPOOFING TOOL

  • CISO Text

             

    Authentication without caller involvement materially improves the customer experience, especially for ‘premier accounts.’ TRUSTID will greatly assist with not only customer service, but also with board level compliance issues.

    – CISO, top 10 global bank

  • CISO 2 Text

             

    As less customer PII is made available to our contact  center advocates for identity validation, our enterprise risk of a costly data  breach is dramatically decreased.

              – CSO, global financial company

    Offshore agents are highly vulnerable to fraud schemes  and social engineering. TRUSTID’s solution enables informed routing decisions,  optimizing agent cost reduction programs.

             - CISO, top 10 global bank           

  • VP Quote text

         

    Since  it is now commonly sold by criminals, personal information for identity authentication is no longer the single solution to identity resolution. The  value of knowing reliably that a customer is calling from their phone is far better security than knowing the last four digits of someone’s SSN.

    - VP of Card Fraud, large international bank