Posts Tagged ‘multifactor authentication’

The changing face of customer authentication

Posted on: September 26th, 2012 by art

During the past month I’ve met with the executive leadership at top tier banks (and other industries) who have direct oversight and accountability for their institution’s customer authentication policy and strategy. What I’ve heard very clearly is that there is a massive change taking place in customer authentication, and there will soon be different rules and different economics in customer service and authentication, particularly in banking. In the authentication industry, there will also be different players.

What we now know is that authentication based on “Something you know,” also known as KBA (knowledge-based authentication) — which interrogates customers with out-of-wallet questions such as “What are the last four digits of your SSN?” — is ineffective at informing a bank who it is communicating with on the other end of the transaction.

We’re told that this is true because any capable criminal can and does repeatedly pass through current identity-interrogation protocols. There’s no impediment and no real barrier thanks to the Internet, data breaches and social media sites such as Facebook, Plaxo and Ancestry.com. These companies publish boat-loads of your customer’s personal information for criminals to read, and that’s why determined criminals can beat KBA telephone interrogations 100% of the time.

I was shocked to hear repeatedly this same point of view from these leaders. While this is insightful, another thing we’ve learned from our work is that the problem is solvable. It’s solvable in both a customer friendly and bank-cost positive way.

More specifically, what we and our customers have learned is this; over 90% of incoming telephone calls present phone numbers that can be converted into very high-quality identity tokens that banks can use to provide higher quality authentication. It also turns out that about 5% of incoming telephone numbers have been intentionally altered, and that anyone can anonymize themselves this way. Even worse, phone number alteration, also referred to as spoofing or phone hacking, allows criminals to gain repeated unchecked illegal access. While I’m not saying 5% of incoming calls are fraudulent (after all, there are legitimate reasons to alter telephone numbers), you can bet that there are criminals lurking in this 5% pool of incoming calls.

TRUSTID may be the only firm that has insight into these facts. We wouldn’t know this information if we didn’t operate as a telecommunications carrier, as we do, and have access to real-time telephone network forensics technology that we’ve developed and is now in production. We are also the only firm that has the technology to tell banks (and other industries required to authenticate customers) in real time which phone numbers are suitable as high-quality, identity-predictive authentication tokens.

So, by converting unvalidated telephone numbers into identity tokens, the authentication process becomes completely automated. By allowing financial institutions to know with great certainty who is on the other end of a call before an agent or IVR answers the phone, TRUSTID allow bank systems and their people to immediately start servicing and up-selling customers.

Our goal at TRUSTID is to simultaneously enable our clients to provide the best customer service experience possible, help grow their share-of-wallet and profitability, and reduce their call center costs by tens of millions of dollars each year. Giving banks the ability to authenticate customers without disrupting the customer experience or falling victim to social engineering can be a powerful way for them to secure their network while also meeting FFIEC demands.

The TRUSTID® Physical Caller Authentication tool is a highly complementary method for identifying customers over the telephone channel. By validating the physical location of the Caller ID and ANI, TRUSTID is making the telephone number a trusted “Something you have” credential for identifying customers while helping banks meet the true definition for multi-factor authentication.

Why customer authentication needs to go straight to the source

Posted on: September 5th, 2012 by art

As financial institutions diligently perform ongoing risk assessments, there has been a lot of push for banks to implement out-of-band authentication solutions to protect their corporate assets and private information.

While I agree it’s important for banking institutions to invest in a layered security strategy to fight everything from card fraud to corporate account takeover, it is my opinion that placing too much emphasis on a verification method that is expensive and frustrating to customers is misleading financial institutions into investing in a solution that, over time, can ultimately be defeated by criminals.

The BankInfoSecurity article, “Banks’ Top Anti-Fraud Investments,” makes some valid points in the types of anti-fraud strategies that banks and credit unions need to deploy to better identify fraud and other malicious activities. However, instead of spotlighting out-of-band authentication, banks would be better off focusing on their core security requirements first rather than investing millions of dollars in out-of-band authentication, or so says Gartner fraud and security analyst, Avivah Litan.

What financial institutions should really be considering are solutions that validate and identify the criminal’s actual device, such as the telephone, that is used to commit bank fraud over the phone channel. As contact center agents field billions of calls each year, banking institutions need to secure the call center, which remains prone to fraud and other advanced social engineering scams.

By focusing on the “something you have” component, fraud managers are going right after the weapon being used to commit the crime without having to employ out-of-wallet security questions or conduct long telephone interrogations that are vulnerable to clever scams that can fool these and other knowledge-based authentication (KBA) techniques.

The thing that distinguishes the TRUSTID® Physical Caller Authentication tool from other anti-fraud solutions is it goes straight to the source of the crime — the telephone’s physical location — to invisibly validate the Caller ID and ANI before the call is even answered. Having this level of real-time intelligence to determine if a caller is genuine or a risk can play a key role in a bank’s ability to identify and reduce fraud rates.

Can banks be found negligent for not meeting FFIEC guidelines?

Posted on: May 8th, 2012 by art

Over the past year, a lot of attention has been placed on the FFIEC Authentication Guidance, and the recommendations for safeguarding confidential company and customer information.

In many ways, security guidelines tend to supersede actual legislation because they provide specific direction on what steps financial institutions need to make to protect their critical assets from fraud. But now there’s new cause for concern if banks don’t adhere to the FFIEC guidance: Class action lawsuits.

In the BankInfoSecurity article, “FFIEC: Impact on Consumer Accounts,” Joseph Burton, information security legal expert with Duane Morris LLP, warns that if banks and credit unions don’t expand their security beyond commercial accounts to also include retail accounts, they could expose themselves to legal woes by consumers whose online accounts are breached or hijacked by phishing or other social engineering techniques.

Burton said many banks typically don’t worry about reasonable security and negligence on the retail side because the Electronic Funds Transfer Act (Regulation E) protects consumers against paying for unauthorized transactions. But while Regulation E doesn’t address a bank’s liability on consumer accounts, the FFIEC’s Authentication Guidance does.

“The FFIEC was a godsend to plaintiffs in that regard — a guidance, a near-regulation — that if you have banks not following it, you’ve got the perfect storm to declare them negligent… You’re dead today if you don’t take the FFIEC guidance on both levels.”

According to Burton, the FFIEC makes no distinction between education for commercial versus retail accounts. This would mean that banks focusing only on enhancing authentication techniques to protect customers and members hit by corporate account takeovers can potentially be found negligent if they ignore security for consumer or retail accounts.

In 2009, the case Shames-Yeakel vs. Citizens Financial Bank found the bank liable under a theory of negligence because it was responsible for protecting the account, as well as the account holder, from identity fraud. Because the compromised account was a commercial account being used for personal payments, the court did not consider Regulation E.

With the line between commercial-use and consumer-use becoming more and more blurred, Burton added that financial institutions that lack layers of security and multifactor authentication on both the commercial and retail side could potentially be found negligent if they are hit with a lawsuit.

“Shames-Yeakel is a case very similar to one that consumer accounts would be involved in. I see potential liability, based on negligence, and the bank’s failure in that case to follow the FFIEC guidelines. That, to me, is evidence of negligence.”

Closely following the guidance to the letter of the law for both commercial and retail accounts is the best way to meet the FFIEC’s multifactor authentication best practices for identifying customers and protect themselves from legal woes that stem from breached retail accounts that could lead to class action suits.

With today’s innovative criminals perpetrating ACH fraud against commercial and consumer accounts across all banking channels, financial institutions need to deploy authentication solutions that enable them to proactively identify criminal activity on all fronts, including the telephone channel. The TrustID® network-based Physical Caller Authentication tool is a front-line defense that identifies and stops criminals before they cross enemy lines.

By automatically validating the Caller ID and ANI before the incoming call is answered by a bank’s contact center agent, TrustID allows financial institutions to stop criminals before they can attempt to socially engineer bank representatives over the phone. Combined with other traditional methods of authentication to identify customers, TrustID provides banks and businesses with an extra layer of defense to protect banking accounts and meet the FFIEC’s guidelines for true multifactor authentication.

Unvalidated Caller ID Claims Leave Bank Call Centers at Risk

Posted on: March 6th, 2012 by art

Financial institutions can train their contact center agents to spot the latest social engineering schemes. They can also implement comprehensive knowledge-based authentication (KBA) solutions that interrogate customers with a bunch of personal questions. Yet, despite all of these security investments and processes, banks that rely on these two components to identify customers remain vulnerable to telephone fraud because neither validate the Caller ID and ANI.

Using an assortment of stealthy malware and data mining techniques to access personal information over the Internet, today’s criminals come fully prepared to defeat banking institution’s security defenses. Once they have the data they need, it doesn’t take much to fool call center representative. That’s because without the ability to validate the Caller ID and ANI, banks have no way to completely determine whether the call is coming from a legitimate customer or impostor.

To make matters worse, banks that use non-predictive personally identifiable information (PII) instead of validated Caller ID and ANI credentials to identify customers, can actually make themselves more vulnerable to telephone scams. Once criminals know they can socially engineer a bank, they will continue to exploit the vulnerability, increasing fraud exposure that will eventually cost the bank money, brand equity and, ultimately, customers.

To protect the telephone channel, financial institutions cannot go on believing the lies created by fraudsters and perpetuated by unvalidated ANI and Caller ID claims. They need to deploy an important second factor of authentication like the TrustID® network-based Physical Caller Authentication tool, which validates the physical location of the landline or mobile phone before the IVR system or live bank agent answers the call.

Adding a real-time network forensics and advanced data analytics solution like TrustID not only re-establishes the Caller ID and ANI as a trusted credential for identifying customers over the phone, it gives financial institutions a much needed multi-layered security defense to combat more sophisticated forms of telephone fraud.

Authenticating banking customers in a mobile world

Posted on: February 29th, 2012 by art

Is your banking institution prepared for mobile transactions? If not, you’ve got some work to do.

According to the article, “How Safe Is Paying With Your Phone?”, mobile banking is here. More alarming, however, is that Consumer Reports estimates that nearly 30% of Americans that use their phones for banking, accessing medical records and storing other sensitive information do not take precautions to secure their phones. This leaves customers and banks susceptible to various forms of identity, financial and bank fraud schemes.

As financial institutions offer more ways for consumers to bank, they need to take proper security measures to protect their customers and secure all of their banking environments, including the telephone channel. With more mobile transactions on the way, banks need to utilize a multi-factor authentication defense to make sure their growing platforms for communicating with customers are secure.

I think the new FFIEC guidelines are pretty clear on the type of layered approach that’s needed to authenticate banking customers in a mobile world. Deploying at least two factors of authentication for identifying customers over the telephone is essential to stopping more harmful forms of identity fraud that, according to Javelin’s “2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier”, climbed 13% in 2011.

By automatically validating the physical location of a landline phone or mobile phone, the TrustID® network-based Physical Caller Authentication tool fulfills the FFIEC’s “Something you have” (e.g., ID or ATM card, security token, telephone) credential for identifying customers over the phone channel.

Combined with other authentication solutions that cover either the “Something you know” (e.g., password, personal identification number, personally identifiable information) or “Something you are” (e.g., fingerprint, retinal pattern, DNA) authentication categories outlined by the FFIEC, TrustID is a complementary tool for helping financial institutions achieve the recommended multi-factor authentication paradigm for identifying customers.

A layered approach to customer authentication just makes sense

Posted on: January 3rd, 2012 by art

Today marks the 2012 deadline for financial institutions to adhere to the new FFIEC guidelines. While I’ve spent a significant amount of time blogging on this critical guidance, I still feel compelled to help educate the need for an enterprise layered approach when thinking how to best authenticate your banking customers. Excluding the telephone channel in your overall security strategy, I strongly contend, would be leaving your organization and customers at risk.

There is no question that industry experts are recommending an enterprise approach. In a recent BankInfoSecurity article on the FFIEC authentication guidance, Joe Rogalski, information security officer and VP of First Niagara Bank, advocates an enterprise-level approach to security.

“It’s good to look beyond the requirements, to make sure you’re doing the best thing for your institution.”

The simple reality to fraud prevention is criminals will never stop searching for the weakest leak in your fraud defense. If you fail to evaluate your risks holistically, across all channels, it will always be an uphill battle against the crooks. A bigger risk would be if you fall behind your competition in setting the right course to prevent fraud. Criminals are constantly testing financial institutions, trying to locate the best opportunity to commit a crime. I think it’s safe to say that nobody wants to fall too far behind the industry in the ongoing battle to thwart fraud.

In my role at TrustID, I’ve been able to regularly monitor and evaluate the volumes coming through our systems. Without question, the criminals are stepping up their attacks via the telephone channel. This makes perfect sense when you consider the fact that the banking industry is so locked down on protecting the online channel that they’ve, by and large, ignored the telephone channel.

The fact is, you can gain access to many IVR’s with the account number, last four digits of the Social Security number, zip code or date of birth. Getting access to customer account data made available via the IVR is extremely valuable to criminals, who can also acquire other transactional level data that can be used in out-of-wallet questioning either online or when the call is transferred to a bank representative.

In the article, Gartner Research analyst and fraud expert, Avivah Litan, also made several notable comments and recommendations related to authentication:

Tackle the Basics. A lot of banks are busy implementing out-of-band authentication, Litan says. Yet, they’re still struggling to detect and prevent ACH and wire fraud. Rather than investing millions of dollars in out-of-band solutions, she recommends that institutions focus on core security requirements first. Address identified weaknesses with basic and well-understood solutions.

This is a key fundamental, but often overlooked, point. While out-of-wallet questions do have their place in the authentication process, they can be frustrating to customers, expensive (increasing average call handle times) and, over time, can be beat by criminals. Any fraud prevention tool that criminals can see, chances are they will ultimately test their way into.

A second important point in the article is:

Show Metrics of Progress. Experts agree that regulators won’t expect to see 100% conformance in 2012. But institutions must prove they will reduce risk over time. Even if more technology investments are needed, proof of progress will satisfy auditors. “I think institutions are not measuring the potential exposure they may have, and the potential losses which they’ve managed to mitigate against their existing losses. “If they can demonstrate that they have mitigated potential losses, even if exposure increased because of more attacks, then they can show that their measures of protection are improving. It demonstrates effectiveness.”

The reality is, authenticating customers has become problematic. Since Automatic Number Identification (ANI), the use of personally identifiable information (PII) and knowledge-based authentication (KBA) are no longer viable methods for validating caller identity, not to mention the fact that customers don’t like the interrogation that inherently comes along with these processes. As a result, financial institutions need to consider more innovative, cost-effective solutions rather than continually modifying old technologies or simply adding new security questions that challenge the trust and goodwill of their customers.

One of the primary benefits of the TrustID® network-based Physical Caller Authentication tool is how it is invisible to criminals and undetectable to upstanding customers. By non-intrusively identifying customers and knowing which inbound calls are high risk before a call is answered, banks gain a significant advantage in the fight against fraud without crooks even knowing it. With innovative thieves constantly on the prowl to identify new gaps or vulnerabilities in authentication systems, TrustID provides another layer of security to protect the telephone channel and help financial institutions fulfill the FFIEC’s multi-factor authentication recommendations for identifying customers.

Multi-channel authentication essential for stopping bank fraud, meeting new regulations

Posted on: November 16th, 2011 by art

One of the top functions of any fraud professional is understanding the threat landscape. Fighting fraud day in and day out, you know that threats are always changing. On top of that, you’re tasked with complying with new guidelines that are constantly being developed to counter evolving banking scams.

Of course, meeting both objectives requires the ability to protect all of your banking channels while simultaneously complying with ongoing regulations. Understanding this is a great first step, but for financial institutions this is where the real challenge begins: Finding the right authentication vendor that can help you do both.

In the recent BankInfoSecurity.com article, “FFIEC: Evaluating Vendors,” financial services security consultant, Christopher Beier, discusses what banking institutions should look for when evaluating which security vendors and technologies best fit their business model to prevent attacks and comply with the latest guidelines. Some of his recommendations include:

 

  • Industry expertise: How well does the vendor understand the financial services industry, and the security and compliance challenges facing today’s banking institutions?
  • Proactive protection: Is the technology proactive or reactive in identifying and stopping evolving forms of banking fraud?
  • Ease-of-use and deployment: Is the solution easy to deploy and manage or does it create additional work and increase operational expenses?
  • Use a variety of solutions: Because using similar security solutions won’t stop new and different types of fraud, does the vendor help stop fraud in specific banking channels?

While Mr. Beier provides some excellent points around what financial institutions should look for when considering an authentication solution, the fundamental issue I have with this and other similar views is the general lack of attention on the telephone channel.

As one of the most frequently used banking channels (over 9 billion customer calls into North American financial institutions each year), banks need to understand that while criminals are taking advantage of advanced technologies to defraud banks over the Internet, they are also using the personal information they obtain online to socially engineer banks via the telephone channel. With so much focus on online threats, the telephone channel is the most overlooked by today’s banking fraud professionals.

This is where TrustID steps in. By non-intrusively validating the Caller ID and ANI before the incoming call is picked up by a bank’s IVR or call center agent, the TrustID® undetectable, network-based Physical Caller Authentication tool provides proactive security without impacting the customer experience or requiring time-consuming and costly operational procedures to authenticate customers over the telephone. By making the phone number a valid “Something you have” authentication credential, TrustID helps financial institutions fulfill the new FFIEC multi-factor authentication requirements that are quickly approaching.

Couple that with lightweight deployment and low-cost software as a service (SaaS) integration that doesn’t require any capital expenditures, and the TrustID automated system achieves all of the essential components necessary for keeping criminals in check over the telephone channel and executing a multi-factor authentication defense against various fraud attacks.

In our book, this is a win-win for financial institutions and their banking customers, and why we believe TrustID is one of the best authentication investments any bank can make.

A new approach to customer care

Posted on: August 18th, 2011 by art

In a previous post, I concluded that financial institutions who can significantly improve the consumer experience while simultaneously ensuring the safety of their customers’ money and personal information will win the hearts, minds, trust and, ultimately, business of their competitors’ customers.

While I believe this to be true, still, financial institutions are no longer the sole determinant of their brand. Today, customers are a prime driver of brand. If they are dissatisfied, they will walk, and follow up by posting their opinions on Google, Facebook, and everywhere else your prospective customers will see it. Because of social media, the consumer’s voice is louder than ever… and it’s about to get louder.

We are on the cusp of a major transformation in the financial services industry, where the success of the entire enterprise is dependent on the customer experience and its ability to service its customers’ needs. Over the next several years, we will see a market shift where financial institutions are no longer able to define their own brands. Instead, the consumer will define them. Banks that understand this shift, and alter their business processes to invisibly and non-intrusively improve the customer experience and ensure consumer safety, will gain a competitive advantage that will significantly improve top and bottom-line performance for their shareholders.

For example, take a look at some of the top reasons for customer dissatisfaction. If you eliminate product factors such as line assignment, fees or interest rates, one of the main reasons for customer dissatisfaction is poor customer service due to a lack of trust and respect for the customer’s time. This is often caused by highly disruptive “customer interrogation,” or knowledge-based authentication (KBA). Yet, banks and financial institutions continue to rely on this outdated, costly and time-consuming method to identify customers over the telephone. In an industry where seconds count for average handle time (AHT), it is a huge frustration for the customer. This is why it’s no surprise that KBA is having a negative impact on financial institutions and their brands.

How a customer feels during and after phone interactions is a significant differentiator, yet too many banks have lost sight of what consumers really want. Current fraud prevention strategies – many of which are still focused on KBA – are at odds with both customer care and the bottom line. KBA is no longer a viable and sustainable method for validating caller identity and is creating an even bigger disconnect between fraud prevention strategies and customer care goals. Instead of endless customer questioning, imagine your IVR picking up every call by saying:

“Thank you for calling (Company Name). For your security, we have validated your phone number. How may we assist you today?”

This streamlined telephone interaction can be a reality with the telephone firewall. The TrustID® Telephone FirewallTM solution provides financial institutions with a competitive differentiator that enhances the customer relationship while simultaneously improving fraud prevention.

By eliminating interrogation at the start of each inbound call and giving the customer more perceived control over the bank/customer relationship, TrustID is paving the way for financial institutions to transform the customer experience. Customers want to be trusted and respected, and demand both safety and convenience. The TrustID telephone firewall is paramount to a mutually trusting relationship between customers and their banks, and proves that the bottom line and customer service do not have to be at odds with each other.

Telephone Spoofing: Have we only hit the tip of the iceberg?

Posted on: August 10th, 2011 by art

Last week, AT&T announced plans to make voicemail passwords opt-out in order to guard against telephone spoofing. In a recent blog, Bob Quinn, AT&T’s chief privacy officer, wrote:

“However, given the advent and, unfortunately, the wide availability of sophisticated telephone number spoofing technology that allows people to “fake” the telephone number they are calling from, we are moving in a new direction.”

My strong suspicion is AT&T is reacting to the recent, UK phone hacking scandal, which has completely blown the lid off of how easy it is to spoof telephones. While this is something we’ve been educating our readers about for awhile now, oftentimes it takes a high-profiled event like this to enlighten the rest of the world about the dangers and impact phone spoofing can have on its victims. More so, AT&T must react in order to safeguard the integrity of its systems, and also safeguard customers’ personal data, which is core in developing the trust of its customers and to bottom line profitability.

Unfortunately, AT&T’s decision to require passwords won’t stop telephone voicemail spoofing. AT&T will be subject to social engineering and spoofing of its own call centers. They will need to become aware of evolving tactics that criminals use to trick call center agents into updating or generating new passwords. AT&T will deploy some form of knowledge-based questions (KBA), which will add significant expense, frustrate good customers, and can still be beat by crooks. In my previous post, The death of knowledge-based authentication, it’s a vicious cycle; one in which erodes the confidence of customers.

The News of the World phone hacking scandal and AT&T’s response is a prime example of a problem many businesses face today. Whether they know it or not, the truth is we’ve really only hit the tip of the iceberg. Criminals are using the telephone channel to commit different types of spoofing, pretexting and social engineering schemes to gain access to customer information and other confidential and proprietary business assets. In fact, this type of illicit behavior occurs tens of thousands of times each day against banks and financial institutions, and if they aren’t careful, they too could fall victim to similar security breaches.

Today, the TrustID® Telephone FirewallTM solution is the only solution available that instantly authenticates inbound phone calls before the call is answered. By validating ANI and Caller ID through non-intrusive, undetectable caller authentication, businesses can proactively identify and stop criminals before they attempt to perpetrate fraud over the telephone channel. In doing so, business institutions can ensure customers are who they say they are without damaging their trust and goodwill through time-consuming, unpleasant KBA and telephone identity interrogation

While they don’t specifically mention the NoTW debacle that brought telephone spoofing into focus, AT&T’s change in direction is being driven by the risk to its brand if they do nothing. Today, every financial institution is in jeopardy of losing customers who are generally dissatisfied with their customer service experience and distrustful of their bank’s ability to protect their money and personal information. Protecting customers’ money and data is core to developing trust. As IT departments try to pinpoint what areas to focus on to ensure their systems are protected, many are overlooking one of the primary vectors for identity theft — the call center.

The recent phone hacking event should put every organization on notice to question whether they have the right strategy around spoofing. I’m sure AT&T has known for years that voicemail spoofing over its network is occurring. It may just be prudent to get ahead of any potential backlash. But like financial institutions and other industries, they cannot quantify it and probably felt the customer convenience or the cost to deploy passwords far outweighed the risk. Like many other businesses, AT&T is reacting to the potential brand risks of doing nothing, and they also need to maintain both the integrity of its system and the trust of its customers.

Why trust and customer care is critical to every bank’s bottom line

Posted on: August 2nd, 2011 by art

Over the past few years, the business landscape for financial institutions has changed dramatically, making the road to profitability much more challenging. As a result, financial institutions are competing harder than ever for customers. They are working diligently to find the balance between managing costs while complying with a multitude of new regulations.

Perhaps the defining factor for acquiring new customers and retaining existing ones, and one that plays heavily in the road to profitability, is trust. In the simplest terms, trust is defined as the reliance on the integrity, strength, capability and surety of someone, or the confident expectation of something.

Today, every financial institution is in jeopardy of losing customers who are generally dissatisfied with their customer service experience and distrustful of their banker’s ability to protect their money and personal information. Protecting and safeguarding their customers’ money and data is core in developing trust. As IT departments try to pinpoint what areas to focus on to ensure their systems are protected, many are overlooking one of the primary vectors for identity theft — the call center.

The telephone remains the most intimate form of communication. No other industry knows this better than the financial services industry. In 2011 alone, banks will take over nine billion inbound phone calls from customers. Unfortunately, financial institutions continue to place the onerous task of authentication clearly on the shoulders of their customers. The knowledge-based security questions designed to validate the identity of the person calling a bank’s call center are doing great harm to the goodwill of their customers and the critical bank/customer relationship by making the telephone channel an unpleasant experience. Financial institutions that grill callers with personal questions at the onset of a call — before a customer can clarify their needs — are setting the wrong example with current customers and prospects.

The stark reality of customer care is financial institutions are wasting significant time and money, as well as losing their customers’ trust and goodwill.

By validating the Caller ID and ANI (and removing the customer from this arduous process) before the call is answered, the TrustID® Telephone FirewallTM solution eliminates the need to bombard customers with a bunch of questions at the start of each call. By addressing a customer’s needs right out of the gate, financial institutions can enhance the trust and the larger, more profitable bank/customer relationship. Banks and financial institutions that can simultaneously improve the overall customer experience and ensure the safety of their customers’ money and personal information will win the trust of the customers, and in doing so, earn the right to service them.

  • REQUEST INDUSTRY BRIEFING PAPERS
  • VIEW DEMO
  • USE CASE
  • ANI SPOOFING TOOL

  • CISO Text

             

    Authentication without caller involvement materially improves the customer experience, especially for ‘premier accounts.’ TrustID will greatly assist with not only customer service, but also with board level compliance issues.

    – CISO, top 10 global bank

  • CISO 2 Text

             

    As less customer PII is made available to our contact  center advocates for identity validation, our enterprise risk of a costly data  breach is dramatically decreased.

              – CSO, global financial company

    Offshore agents are highly vulnerable to fraud schemes  and social engineering. TrustID’s solution enables informed routing decisions,  optimizing agent cost reduction programs.

             - CISO, top 10 global bank           

  • VP Quote text

         

    Since  it is now commonly sold by criminals, personal information for identity  authentication is no longer the single solution to identity resolution. The  value of knowing reliably that a customer is calling from their phone is far better security than knowing the last four digits of someone’s SSN.

    - VP of Card Fraud, large international bank