Posts Tagged ‘social engineering’

Courts ruling against banks not compliant with FFIEC regulations

Posted on: November 14th, 2012 by art

A number of recent court cases have ruled against banks for failing to prevent fraudulent bank transfers. While you would think this type of liability would help motivate financial institutions to implement a multi-layered security system that meets the Federal Financial Institutions Examination Council’s (FFIEC) regulations, banks still operate without complying with the new multi-factor authentication recommendations.

In the article, “Coping with the Threat of Fraudulent Funds Transfers,” three banks that have falling victim to fraud may have to pay upwards of $460,000 in damages. That’s a steep price for not implementing adequate security measures to stop the vast scope of criminal schemes like stolen credentials, account takeovers and social engineering that target the financial services industry.

If today’s dangerous cyber attacks or costly court rulings aren’t enough to get banking institutions to comply with the FFIEC guidelines, I don’t know what will.

From an authentication perspective, any financial institution operating today should either be in the process of either implementing or evaluating their current security strategy because that’s what it takes to protect their multiple banking channels against the growing list of fraud attacks. Making sure your bank has the strongest fraud detection solutions in place is essential to building a multi-layered defense that’s needed in today’s quickly changing banking environment.

This means employing at least two of the three types of authentication procedures recommended by the FFIEC for identifying banking customers across multiple banking channels, including online banking and the telephone channel. The three factors include: 1) something the user knows [e.g., password, PIN], 2) something the user has [e.g., ATM card, telephone], and 3) something the user is [e.g., biometric, fingerprint].

For financial institutions that perform high-risk transactions, this is a must. According to a legal memorandum recently published on the NC Bankers Association website, customer authentication that employs a single-factor authentication such as the widely used challenge questions (otherwise known as the knowledge-based authentication (KBA) method), or even two factors of authentication that fall under the same category as defined by the FFIEC, can be defeated by today’s advanced fraud tactics, leaving customer accounts and confidential banking information susceptible to fraud.

Challenge questions are not always effective. When frequently repeated, they are more likely to be exposed to fraudsters. FFIEC guidance notes that a search engine is all it takes to discover the answer to many challenge questions, such as mother’s maiden name or year of graduation. Due to the amount of information available on the Internet, the FFIEC no longer views these basic challenge questions to be an effective risk mitigation technique. 

The ability to prevent various types of fraud attacks across all banking channels requires financial institutions to deploy multiple fraud-fighting solutions that help achieve the FFIEC’s three critical authentication factors. The TRUSTID® Physical Caller Authentication tool is a complementary customer authentication solution that fulfills the important “something the user has” category. Using undetectable network-based caller authentication to validate the Caller ID and ANI, TRUSTID helps financial institutions secure the telephone channel from fraudulent bank transfers.

TRUSTID: A one-way mirror to identifying bank phone fraud

Posted on: November 7th, 2012 by art

Phony bank callbacks. Fake robocalls. Customer impersonators socially engineering call center agents. How does anyone really know who they are talking to over the telephone these days?

Trust over the telephone channel has clearly gotten out of control; so much so that financial institutions today cannot afford to operate without effective authentication tools that allow them to identify whether they are talking to a legitimate customer or an actor hiding behind a spoofed Caller ID or ANI. If not, banking institutions and their customers will continue to fall victim to criminals who successfully socially engineer bank representatives over the phone to obtain personal information and access legitimate bank accounts.

What if you could validate the legitimacy of every call coming into your contact center before your agents even picked up the phone? How valuable would that be to your security strategy, business operations, and your overall ability to provide a better customer experience, all at the same time?

For years, banks have relied on knowledge-based authentication (KBA) tools to identify customers over the telephone. As bank fraud has evolved, particularly over the telephone channel, criminals have found ways around traditional defenses that depend on personally identifiable information (PII) to trick unsuspecting bank reps into divulging private information or allow access to customer accounts.

Various spoofing technologies and the Internet have played roles in the evolution of bank phone fraud, but if we aren’t careful our own defenses can also be counter productive in our efforts to protect our customers and proprietary company information. Relying solely on KBA to identify banking customers over the telephone today is essentially operating under a false sense of security. And if we think we are authenticating customers, when in reality we’re are simply unknowingly letting more through, will only add to the problem and overall fraud loss.

Stopping bank fraud over the telephone channel requires the ability to instantly authenticate inbound phone calls before they are answered. It’s that simple. This doesn’t give criminals the chance to leverage their weapon of choice — the telephone — to perpetrate fraud. And unlike KBA solutions, it doesn’t test the goodwill of our customers through identity-interrogating, which is non-predictive in analyzing risk, anyway.

A security solution like the TRUSTID® Physical Caller Authentication tool works like a one-way mirror to telephone fraud. Using real-time telephone network forensics to invisibly determine the authenticity of the caller’s phone number before the call is answered, TRUSTID instantly validates the physical location of the landline or mobile phone making the call. Financial institutions can use this undetectable caller authentication to stop criminals in their tracks with zero impact to the call center agent’s work time or additional telecom costs.

On the flip side, this non-intrusive method allows banks to route good customer calls to the appropriate operator pool, where a bank representatives can immediately start serving their needs for a better overall customer experience.

Re-establishing Caller ID as a trusted source for customer authentication

Posted on: August 29th, 2012 by art

From a security standpoint, Caller ID, in recent years, has been dead in the water.

For decades, financial institutions relied on Caller ID and ANI to identify calling party numbers for things like new account applications, bank card activation, money transfers and servicing customers. But times have changed.

Today, criminals have access to too many tools, too many resources, and have gathered too much information they can use to socially engineer a bank’s contact center. The Caller ID just happens to be the telephonic “mask” that crooks hide behind to fool unsuspecting call center agents into thinking they are someone else.

Criminals are so good at spoofing Caller ID and using personal information to defeat knowledge-based authentication (KBA) solutions that the Caller ID and ANI have become unvalidated claims that are no longer effective in customer identification. Yet, many banks still rely heavily on personally identifiable information (PII), including the Caller ID, to identify their customers.

Placing a high amount of trust in “what you know” methods of authentication today can leave your customers and confidential data vulnerable to sophisticated telephone-based scams. In fact, relying solely on KBA may be more dangerous than not using it at all. In other words, if a bank rep is fooled into believing the lie cooked up through Caller ID spoofing and social engineering, crooks have set the stage to commit fraud right under their nose. This alone should be enough to put financial institutions on guard, particularly as more and more studies find that telephone-based fraud is on the rise.

According to the recent Dark Reading article, “Phone Fraud Up 30 Percent,” nine out of 10 U.S. banks have been targeted in one way or another by phone fraudsters. Apparently, it seems that criminals are using the telephone to defraud banks because it’s easier to trick someone over the phone into divulging private information than getting passed a firewall or breaking into a website.

For some time now, Caller ID has not been a trustworthy source that banks can count on to validate their customers. But the TRUSTID® Physical Caller Authentication solution is changing all of that.

By automatically validating the physical location of the telephone calling into a contact center pre-answered, bank agents are no longer fooled by Caller ID spoofing or social engineering schemes because calls are validated before the phone is picked up. This innovative, proactive approach to customer authentication is helping re-establish Caller ID and ANI as trusted sources for authenticating customers and, once again, making the telephone channel a secure, cost-effective channel to do business and service customers.

Proactive Caller ID validation can help banks determine level of risk

Posted on: June 27th, 2012 by art

When someone applies for a bank card, whether it’s a credit, debit or ATM card, they receive the physical card in the mail. At that point, according to a 2009 Portland State University survey, more than 80% of people activate their cards by calling a toll-free (800) number.

With a large percentage of people still relying on the telephone to activate bank cards, it’s not surprising that criminals, too, would use the telephone to perpetrate any number of fraud attacks against banks.

Today, social engineering scams conducted over the telephone such as “vishing” (voice phishing), pretexting and fraudulent card activation pose serious threats to financial institutions and banking customers. These highly sophisticated, yet rather low-tech fraud techniques, are primarily aimed at obtaining private information to fraudulently gain access to legitimate bank accounts with the end goal of wiping them out without the bank knowing it.

Unless financial institutions can validate the Caller ID or ANI, telephone-based schemes that combine Caller ID spoofing with clever social engineering will continue to bypass anti-fraud tools like knowledge-based authentication (KBA) that depend on personally identifiable information (PII) to detect and stop bank fraud.

A security tool that is re-establishing the Caller ID and ANI as trusted sources for identifying fraud is the TrustID® network-based Physical Caller Authentication solution. Using TrustID’s API to transmit the Caller ID credentials before the call is answered, real-time forensics determines within seconds if the call can be trusted without relying on any type of PII or having to put customers through a cumbersome phone-based interrogation process.

By instantly identifying the physical location of the landline or mobile phone before the call is picked up, TrustID allows financial institutions to determine the level of risk of incoming bank calls to proactively stop everything from tricky social engineering scams to fraudulent bank card activation.

“Pre-answered” caller validation reduces risk and cuts operating expenses

Posted on: June 13th, 2012 by art

According to a new KPMG survey, regulatory challenges and the sluggish economy have many bank executives reexamining their existing business models to see how they can increase operational efficiency and shave costs. Typically, what ends up happening is businesses evaluate several solutions for specific functions. For example, they’ll look at a number of security tools for fraud prevention, and different operating systems to improve business efficiency and productivity.

Based on the survey findings, when it comes to minimizing business risks, meeting new regulatory compliance and becoming more efficient, many of today’s financial institutions are focused on the online channel, said Judd Caplain, national account leader of KPMG LLP’s Banking and Capital Markets practice.

“Banks are interested in making investments in IT to further increase operational efficiency and regulatory reporting, better connect their various platforms and systems, and gain a more holistic view of their customers who may use several of the bank’s products and services. Projects that utilize data more effectively to inform risk management decisions, support strategic initiatives, and comply with regulations, as well as enhancing technology platforms that touch the customer, are also an area of focus.”

But investing in multiple solutions to handle different aspects of their operations can be an expensive undertaking for banks. To cut costs and minimize fraud risks, one area bank execs should consider — but often overlook — is their call center operations and security.

With the U.S. call center industry expected to receive over 50 billion inbound calls in 2012 (nine billion going into financial services companies alone), the telephone channel is one of the financial industry’s most frequently used customer service channels. Deploying solutions that make the call center more efficient and reduce the level of risk on each call is critical to any bank’s operations, customer service and bottom line.

One of the most expensive areas within any large operation is employee costs. As such, the labor dollars spent within bank call centers is a very large, yet very necessary and important expense. But unnecessarily putting customers through extensive and cumbersome interrogation processes to identify each caller can have a significant impact on operating budgets.

That said, in the call center industry every second validating and serving customers counts. Unfortunately, financial institutions continue to rely on traditional methods of knowledge-based authentication (KBA) that don’t decrease the time spent authenticatin and serving customers over the telephone, and quite frankly are no longer predictive of identifying customers in the age of social engineering. But a solution like the TrustID® network-based Physical Caller Authentication tool simultaneously performs a number of critical call center functions that minimize business risk, reduce customer authentication time, help meet authentication regulations like FFIEC, and create more efficient customer service.

By using Caller ID and ANI as a trusted source for automatically validating customers before the phone is picked up, TrustID shortens authentication procedures in such a cost-effective manner that it can reduce call center expenses by 20 percent. When you have trusted resources that don’t rely on the mishandling of personally identifiable information (PII) to identify customers, it doesn’t make sense to perform lengthy interrogations on each call when the customer authentication can all be done before the call is answered. That’s the type of security, efficiency and cost savings that TrustID provides for its banking customers.

Fighting phone fraud: Looking at the full spectrum of customer authentication

Posted on: June 6th, 2012 by art

The threat of social engineering is changing the face of customer authentication, particularly around the call center. This is nothing new, of course. I’ve often spoke about the rapid growth of inbound telephone fraud, and the need for banks to deploy an enterprise-wide approach to fighting fraud and the associated costs and risks of using knowledge-based authentication (KBA) questions or voice biometrics.

The primary problem of relying on KBA to catch fraud is it can be learned by criminals. Criminals can instantaneously share somebody’s personal information globally and use it repeatedly to their advantage. Because cell phones and landlines are readily available and are being used to place calls into a bank’s call center, static Tokens, PINS and KBA — which are not always readily available — have a difficult time stopping fraud.

The recent article, “Voice Biometrics as a Fraud Fighter,” captures many of the concerns I’ve written about. In it, Gartner fraud analyst, Avivah Litan, explains how KBA processes are becoming ineffective against today’s threats. While financial institutions and other industries are seeking solutions to aid them in combating call center fraud, I believe they need to take a broader look at the full spectrum of authentication, not just the fraud component. The real issue at hand is the ability to validate who you are doing business with over the telephone. Unfortunately, the fear of not knowing who is on the other line of the call (or IVR) is driving up operational expenses and damaging the important relationship between banks and their good customers.

Deploying KBA or voice biometrics without giving the complete call cycle a thorough, detailed review can be a recipe for disaster. The problem that arises when you don’t understand the various solutions or the best point in the call cycle to deploy security tools is it can increase operational costs and customer dissatisfaction. And through it all, it still doesn’t guarantee the deployed technology will stop the fraud it is intended to thwart.

We all know KBA methods have long relied on personally identifiable information (PII) to distinguish an individual’s identity over the telephone. A person’s phone number, address, billing zip code, date of birth, and the last four digits of their Social Security Number were ways banks and financial institutions could connect personal information with a specific customer. But in today’s digital age this information is shared over the Internet via public records and social networking sites like LinkedIn, Facebook and Plaxo. It’s also available on criminal data exchanges, which makes it easily accessible for criminals to steal and create new and innovative social engineering schemes. As a result, the use of PII as a sole factor for identity authentication has become risky, expensive, and is not predictive of identity banking customers. Here’s why:

 

  • Risky: Today, identity thieves can put together enough personal information to socially engineer a bank, and even secure credit in another person’s name. Financial institutions that rely on KBA are susceptible to the risky handling and use of PII by criminals out to defraud banks and their customers for monetary gain.
  • Expensive: The risks that degradation of PII-based authentication creates can result in heavy penalties and costs if the information is lost, given away or stolen. This increases the cost of training, systems security and other internal processes.
  • Not Predictive: Because PII is used to socially engineer a bank, it is not predictive for positively identifying customers calling into a bank’s call center. In other words, knowledge-based authentication that relies on PII cannot be used as a reliable source of information for identity authentication.

As I’ve said, the issue of using KBA (“Something You Know”) goes well beyond deployment costs. It’s also about determining when in the call flow process it is best utilized. Today, every call coming into a call center is essentially unvalidated. Because banks can no longer use Caller ID or ANI as trusted sources to identify customers over the telephone, they try to assess the risk of the call based on what the customer is asking for rather than the actual risk of the incoming call source. The end result is they don’t know which calls to trust or not trust.

The reality is most call centers still interrogate or punish good customers in order to stop a few bad ones. Since they don’t know which calls are riskiest, they put all customers through varying degrees of interrogation. But they don’t have to. There are alternative solutions available today that validate callers so far upstream that banks don’t have to put their customers through rigorous security questions using KBA or voice biometrics.

The TrustID® network-based Physical Caller Authentication tool is one solution that reduces the need for expensive and ineffective KBA by automatically verifying the physical location of the telephone before it is answered. Using Caller ID and ANI as validated sources to instantly authenticate legitimate customers and identify fraudulent ones before criminals can talk with bank representatives, addresses the ever-growing issues of call center authentication while simultaneously reducing telephone fraud triggered by advanced social engineering schemes.

Ignoring the telephone channel leaves bank reps susceptible to social engineering

Posted on: May 29th, 2012 by art

Ignoring emerging social engineering threats and hoping your bank is not targeted by criminals is an unrealistic and ineffective way to stop attacks in today’s threat landscape. That’s the consensus of Symantec’s new Internet Security Report.

In the BankInfoSecurity article, “Social Engineering: Mitigating Risks,” Liam O Murchu, the manager of operations at Symantec Security Response, said lax security procedures, failing to address known security gaps, and not keeping up with fraud trends can make organizations susceptible to the latest incarnation of attacks launched by today’s crafty social engineers.

O Murchu said in recent years it’s become more difficult for criminals to launch silent attacks that don’t tip off the infected user, so they’ve been changing their ways. Today, they are designing schemes to exploit the weaknesses of the user instead of the weakness of the system. Since there’s no product that controls human behavior, we’re starting to see more social engineering attacks that are effectively convincing users into fall into their trap.

“At the end of the day, the user is definitely a vulnerable point in the chain and we need to have the technology that can aid them in making better decisions and protect them.” 

O Murchu added that organizations that have lax security procedures in place or have either overlooked or ignored some aspect of security are the most likely to be hit by social engineering attacks.

One area that has been overlooked has been the telephone channel. Not for a lack of usage, but primarily because of the perceived notion that most of today’s criminals are focused on the Internet to carry out their dirty deeds. While more Internet savvy criminals, combined with the proliferation of easy-to-use malware toolkits, have put pressure on financial institutions’ IT security teams to deploy solutions to stop online attacks, ignoring the telephone channel can leave banks vulnerable to social engineering.

While education can certainly help bank call center agents become more aware of new and evolving criminal tactics, each time they pick up the phone they are still exposed to methods aimed at convincing them to divulge personal or account information.

The TrustID® network-based Physical Caller Authentication tool prevents bank representatives from finding themselves in this situation by automatically verifying the physical location of the telephone before it is answered. Using Caller ID and ANI as validated sources to instantly authenticate legitimate customers and identify fraudulent ones before criminals can talk with bank representatives, TrustID adds a critical layer of defense against Caller ID spoofing and social engineering schemes aimed at defraud today’s banking institutions.

Criminals Still Turning to the Telephone to Perpetrate Bank Fraud

Posted on: May 15th, 2012 by art

When it comes to bank fraud, criminals may be leveraging technology to outsmart the latest online security tools, but they haven’t forgotten about the telephone. In fact, some studies suggest that crooks are finding more ways to use the phone to commit bank fraud.

In the UK Cards Association report, the payment card information resource found that telephone banking fraud losses increased 32% in 2011, from £12.7 million in 2010 to £16.7 million last year. In my experiences, these numbers are particularly relevant because the UK fraud experience is similar to that in the US, outside of counterfeit fraud where the UK has chip and PIN built into the cards.

To defraud financial institutions and banking customers, criminals need to collect personal security details. This data is seen by thieves as the keys to the vault, and they will do anything they can to get their hands on the information they need to access bank accounts.

Aside from mining social media websites like Facebook to gather data and build personal profiles on unsuspecting victims, criminals are turning to the telephone to dupe customers into divulging their personal information. Spoofing their Caller ID, crooks socially engineer customers by pretending to be bank representatives asking them to provide their account details such as passwords. This is the identity theft portion of the crime. Once they’ve collected enough details on a person, the next step is identity fraud.

There are many ways criminals can perpetrate identity fraud, both online and over the telephone channel. With banks offering more ways than ever for customers to bank online, in recent years financial institutions have invested heavily in security tools to protect online channels. While this has helped reduce online banking fraud losses (which fell 24% in the UK from 2010 to 2011), banking institutions need to consider solutions that help banks identify and stop fraud over low-tech channels, as well.

The TrustID® network-based Physical Caller Authentication is one solution that stops criminals that are spoofing their Caller ID from social engineering call center agents. By automatically validating the physical location of the incoming call before the phone is answered, TrustID instantly lets bank representatives know when the Caller ID or ANI is spoofed. This level of real-time telephone forensics allows financial institutions to determine whether the call is from a legitimate customer or a criminal who has manipulated their Caller ID to commit fraud. Doing so helps banks on several levels — from reducing telephone fraud losses and call center operating costs by eliminating the time to handle bad calls to achieving regulatory compliance through multi-factor authentication required by the new FFIEC Authentication Guidance.

Consumers: How to avoid dangerous and costly telephone scams

Posted on: May 1st, 2012 by art

Criminals are after your personal information and money, and the telephone is one of the most popular ways to do it.

Merriam-Webster first included the new slang word “phish” into its dictionary in 2005. Phish (verb): to send an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

Well, now there is an even newer word for the fast-growing risk. Vishing, or “voice phishing” is a type of scam that criminals use over the telephone to obtain consumers’ personal information and money. The way it works is a fraudster calls someone on the phone, but makes the call appear to be coming from someone else by “spoofing” or altering the Caller ID that the consumer sees on the display.

This scam has gotten so common that if your caller ID display indicates the call is coming from your bank, there is a reasonable chance that it is not.

In this type of Vishing attack, you will receive a call to your home or wireless phone from a “live” person or recorded message that appears to be coming from a known reputable institution. The caller will ask for money or your personal information.

Fraudsters are also luring victims to seemingly credible toll-free phone numbers where an automated recording asks for account information. Those who call the fake customer service number are greeted with a pirated recording of an automated voice system, ostensibly for the reputable institution, and are requested to enter their card number to authenticate themselves. They are then led through a series of voice-prompted menus that ask for their PIN code, card expiration date, date of birth, and other critical pieces of information. Once the victim enters these details, the scammer has enough information to commit identity fraud.

What do Vishing scams look like?

  • Typically, an incoming recorded telephone message using a spoofed Caller ID that matches the identity of a misrepresented organization.
  • An urgent email or text message from a known institution that directs you to a bogus toll-free number.
  • An invitation to punch your personal information on your telephone keypad. From there, criminals capture the key tones and convert them back to a numerical format.

Characteristics of Vishing:

The content of the incoming message generally is not personalized, and is designed to trigger an impulsive reaction such as:

  • Upsetting or exciting information
  • Demanding an urgent response
  • Using a false pretense

What data is at risk?

Any numerical personal information, including:

  • Payment card information (numbers, expiration dates, and the last three digits printed on the signature panel)
  • Personal identification number (PIN)
  • Social security number
  • Date of birth
  • Bank account numbers
  • Passport number
  • Driver’s license number

How crooks use your information?

Once your personal details have been stolen, fraudsters can use them to perform any number of identity crimes, including:

  • Taking control of your financial accounts
  • Open new bank accounts
  • Transfer bank balances
  • Apply for loans
  • Credit cards and other goods/services
  • Luxury purchases
  • Hide criminal activities
  • Receive government benefits, or
  • Obtain a passport

What can you do reduce your risk?

  • As a general rule, be suspicious when receiving any unsolicited incoming texts or telephone communications.
  • If an email or caller does not use your full name, it may be suspicious.
  • DO NOT use the number provided to call back.
  • If you are asked for sensitive information, hang up.
  • Never provide personal information in these circumstances.
  • Never rely solely on your telephone Caller ID function.

What to do if you suspect fraud:

  • Consumers have a role to play in stopping Vishing scams. You are encouraged to recognize, report and stop it.
  • Do not react immediately without thinking.
  • If this concerns you, investigate by using telephone numbers known to be valid. In the case of credit cards, for example, use the telephone number printed on the back of the card.
  • Never provide personal or financial information to non-validated sources.

Vishing scams target all types of individuals. It doesn’t matter if you are an employee, consumer or student, continuing to educate yourself about the latest fraud tactics that criminals use to steal personal or financial information can play a critical role in protecting your identity, money and confidential information from getting into the wrong hands.

“Low-tech” phone fraud still poses big risk to banks

Posted on: November 29th, 2011 by art

Ever wonder how easy it is to socially engineer somebody over the telephone? At this year’s computer hacker conference, DefCon, attendees got a glimpse of the ease at which criminals are using the “low-tech” telephone channel to gain access to highly confidential company and customer data.

This past week a well-respected industry peer of mine sent me the link to a recording of a DefCon contest that illustrates just how easy it is for criminals to socially engineer their way into a major retailer and obtain highly sensitive company or customer information. The recording discusses nonchalantly about spoofing your identity and how doing so aids a criminal’s ability to socially engineer an unsuspecting phone representative.

One of the reasons telephone fraud and social engineering have picked up in recent years is the fact that criminals now have the ability to access or change an address or account data that is necessary to perpetrate larger and more profitable online crimes. Once a criminal controls a customer’s information – primarily through the telephone channel – criminals use the newly acquired personally identifiable information (PII) to commit crimes through the online channel.

Financial institutions that ignore the telephone channel as a primary source for fraud, and fail to address the same security and authentication requirements as the online channel, will remain vulnerable to such crimes. As a result, they will continue to put themselves at risk of damaging their brand reputation, losing customers’ confidence in protecting their personal information, and could even find themselves in the position for financial liability

The truth is, one way or another most financial fraud links back to identity theft. This is something every financial services provider needs to know. Until banks grasp the fact that the telephone channel is a weak link today, they will continue to fight an uphill battle to stop fraud over the phone.

Deploying a non-intrusive identity authentication solution like the TrustID® network-based Physical Caller Authentication tool enables banking institutions to convert ANI and Caller ID into a powerful physical security and authentication resource that can be used to close the security gap that too many bank call centers still operate with today. By validating the caller’s identity before the phone is answered, call center agents are no longer put in a situation that makes them vulnerable to Caller ID spoofing or social engineering.

I have written extensively about the risk of trusting ANI and Caller ID as a means of authenticating customers over the telephone. In the same vein, I’ve also cautioned those in call center or security positions to be cognizant that defaulting to the use of knowledge-based authentication (KBA) to identify customers is equally as risky and expensive because it drives up handle time on every call.

Ultimately, when it comes to building a safer, more effective banking environment across all customer channels, financial institutions need to eliminate risky situations and provide inexpensive ways to improve customer service. Fortunately, a solution like TrustID does both.

  • REQUEST INDUSTRY BRIEFING PAPERS
  • VIEW DEMO
  • USE CASE
  • ANI SPOOFING TOOL

  • CISO Text

             

    Authentication without caller involvement materially improves the customer experience, especially for ‘premier accounts.’ TrustID will greatly assist with not only customer service, but also with board level compliance issues.

    – CISO, top 10 global bank

  • CISO 2 Text

             

    As less customer PII is made available to our contact  center advocates for identity validation, our enterprise risk of a costly data  breach is dramatically decreased.

              – CSO, global financial company

    Offshore agents are highly vulnerable to fraud schemes  and social engineering. TrustID’s solution enables informed routing decisions,  optimizing agent cost reduction programs.

             - CISO, top 10 global bank           

  • VP Quote text

         

    Since  it is now commonly sold by criminals, personal information for identity  authentication is no longer the single solution to identity resolution. The  value of knowing reliably that a customer is calling from their phone is far better security than knowing the last four digits of someone’s SSN.

    - VP of Card Fraud, large international bank