Posts Tagged ‘telephone firewall validation’

A new approach to customer care

Posted on: August 18th, 2011 by art

In a previous post, I concluded that financial institutions who can significantly improve the consumer experience while simultaneously ensuring the safety of their customers’ money and personal information will win the hearts, minds, trust and, ultimately, business of their competitors’ customers.

While I believe this to be true, still, financial institutions are no longer the sole determinant of their brand. Today, customers are a prime driver of brand. If they are dissatisfied, they will walk, and follow up by posting their opinions on Google, Facebook, and everywhere else your prospective customers will see it. Because of social media, the consumer’s voice is louder than ever… and it’s about to get louder.

We are on the cusp of a major transformation in the financial services industry, where the success of the entire enterprise is dependent on the customer experience and its ability to service its customers’ needs. Over the next several years, we will see a market shift where financial institutions are no longer able to define their own brands. Instead, the consumer will define them. Banks that understand this shift, and alter their business processes to invisibly and non-intrusively improve the customer experience and ensure consumer safety, will gain a competitive advantage that will significantly improve top and bottom-line performance for their shareholders.

For example, take a look at some of the top reasons for customer dissatisfaction. If you eliminate product factors such as line assignment, fees or interest rates, one of the main reasons for customer dissatisfaction is poor customer service due to a lack of trust and respect for the customer’s time. This is often caused by highly disruptive “customer interrogation,” or knowledge-based authentication (KBA). Yet, banks and financial institutions continue to rely on this outdated, costly and time-consuming method to identify customers over the telephone. In an industry where seconds count for average handle time (AHT), it is a huge frustration for the customer. This is why it’s no surprise that KBA is having a negative impact on financial institutions and their brands.

How a customer feels during and after phone interactions is a significant differentiator, yet too many banks have lost sight of what consumers really want. Current fraud prevention strategies – many of which are still focused on KBA – are at odds with both customer care and the bottom line. KBA is no longer a viable and sustainable method for validating caller identity and is creating an even bigger disconnect between fraud prevention strategies and customer care goals. Instead of endless customer questioning, imagine your IVR picking up every call by saying:

“Thank you for calling (Company Name). For your security, we have validated your phone number. How may we assist you today?”

This streamlined telephone interaction can be a reality with the telephone firewall. The TrustID® Telephone FirewallTM solution provides financial institutions with a competitive differentiator that enhances the customer relationship while simultaneously improving fraud prevention.

By eliminating interrogation at the start of each inbound call and giving the customer more perceived control over the bank/customer relationship, TrustID is paving the way for financial institutions to transform the customer experience. Customers want to be trusted and respected, and demand both safety and convenience. The TrustID telephone firewall is paramount to a mutually trusting relationship between customers and their banks, and proves that the bottom line and customer service do not have to be at odds with each other.

Telephone Spoofing: Have we only hit the tip of the iceberg?

Posted on: August 10th, 2011 by art

Last week, AT&T announced plans to make voicemail passwords opt-out in order to guard against telephone spoofing. In a recent blog, Bob Quinn, AT&T’s chief privacy officer, wrote:

“However, given the advent and, unfortunately, the wide availability of sophisticated telephone number spoofing technology that allows people to “fake” the telephone number they are calling from, we are moving in a new direction.”

My strong suspicion is AT&T is reacting to the recent, UK phone hacking scandal, which has completely blown the lid off of how easy it is to spoof telephones. While this is something we’ve been educating our readers about for awhile now, oftentimes it takes a high-profiled event like this to enlighten the rest of the world about the dangers and impact phone spoofing can have on its victims. More so, AT&T must react in order to safeguard the integrity of its systems, and also safeguard customers’ personal data, which is core in developing the trust of its customers and to bottom line profitability.

Unfortunately, AT&T’s decision to require passwords won’t stop telephone voicemail spoofing. AT&T will be subject to social engineering and spoofing of its own call centers. They will need to become aware of evolving tactics that criminals use to trick call center agents into updating or generating new passwords. AT&T will deploy some form of knowledge-based questions (KBA), which will add significant expense, frustrate good customers, and can still be beat by crooks. In my previous post, The death of knowledge-based authentication, it’s a vicious cycle; one in which erodes the confidence of customers.

The News of the World phone hacking scandal and AT&T’s response is a prime example of a problem many businesses face today. Whether they know it or not, the truth is we’ve really only hit the tip of the iceberg. Criminals are using the telephone channel to commit different types of spoofing, pretexting and social engineering schemes to gain access to customer information and other confidential and proprietary business assets. In fact, this type of illicit behavior occurs tens of thousands of times each day against banks and financial institutions, and if they aren’t careful, they too could fall victim to similar security breaches.

Today, the TrustID® Telephone FirewallTM solution is the only solution available that instantly authenticates inbound phone calls before the call is answered. By validating ANI and Caller ID through non-intrusive, undetectable caller authentication, businesses can proactively identify and stop criminals before they attempt to perpetrate fraud over the telephone channel. In doing so, business institutions can ensure customers are who they say they are without damaging their trust and goodwill through time-consuming, unpleasant KBA and telephone identity interrogation

While they don’t specifically mention the NoTW debacle that brought telephone spoofing into focus, AT&T’s change in direction is being driven by the risk to its brand if they do nothing. Today, every financial institution is in jeopardy of losing customers who are generally dissatisfied with their customer service experience and distrustful of their bank’s ability to protect their money and personal information. Protecting customers’ money and data is core to developing trust. As IT departments try to pinpoint what areas to focus on to ensure their systems are protected, many are overlooking one of the primary vectors for identity theft — the call center.

The recent phone hacking event should put every organization on notice to question whether they have the right strategy around spoofing. I’m sure AT&T has known for years that voicemail spoofing over its network is occurring. It may just be prudent to get ahead of any potential backlash. But like financial institutions and other industries, they cannot quantify it and probably felt the customer convenience or the cost to deploy passwords far outweighed the risk. Like many other businesses, AT&T is reacting to the potential brand risks of doing nothing, and they also need to maintain both the integrity of its system and the trust of its customers.

Why trust and customer care is critical to every bank’s bottom line

Posted on: August 2nd, 2011 by art

Over the past few years, the business landscape for financial institutions has changed dramatically, making the road to profitability much more challenging. As a result, financial institutions are competing harder than ever for customers. They are working diligently to find the balance between managing costs while complying with a multitude of new regulations.

Perhaps the defining factor for acquiring new customers and retaining existing ones, and one that plays heavily in the road to profitability, is trust. In the simplest terms, trust is defined as the reliance on the integrity, strength, capability and surety of someone, or the confident expectation of something.

Today, every financial institution is in jeopardy of losing customers who are generally dissatisfied with their customer service experience and distrustful of their banker’s ability to protect their money and personal information. Protecting and safeguarding their customers’ money and data is core in developing trust. As IT departments try to pinpoint what areas to focus on to ensure their systems are protected, many are overlooking one of the primary vectors for identity theft — the call center.

The telephone remains the most intimate form of communication. No other industry knows this better than the financial services industry. In 2011 alone, banks will take over nine billion inbound phone calls from customers. Unfortunately, financial institutions continue to place the onerous task of authentication clearly on the shoulders of their customers. The knowledge-based security questions designed to validate the identity of the person calling a bank’s call center are doing great harm to the goodwill of their customers and the critical bank/customer relationship by making the telephone channel an unpleasant experience. Financial institutions that grill callers with personal questions at the onset of a call — before a customer can clarify their needs — are setting the wrong example with current customers and prospects.

The stark reality of customer care is financial institutions are wasting significant time and money, as well as losing their customers’ trust and goodwill.

By validating the Caller ID and ANI (and removing the customer from this arduous process) before the call is answered, the TrustID® Telephone FirewallTM solution eliminates the need to bombard customers with a bunch of questions at the start of each call. By addressing a customer’s needs right out of the gate, financial institutions can enhance the trust and the larger, more profitable bank/customer relationship. Banks and financial institutions that can simultaneously improve the overall customer experience and ensure the safety of their customers’ money and personal information will win the trust of the customers, and in doing so, earn the right to service them.

Phone hacking scandal exemplifies stark reality of Caller ID spoofing

Posted on: July 26th, 2011 by Pat

The recent UK phone hacking scandal has completely blown the lid off of how easy it is to spoof telephones. While this is something we’ve been educating our readers about for awhile now, oftentimes it takes a single, high-profiled event like this to enlighten the rest of the world about the true dangers and significant impact phone spoofing can have on its intended Phone Hackervictims.

While the loss of privacy has been one of the biggest prices paid by the individual victims in the Murdoch case, businesses that leave their telecommunications networks open to hackers can feel the impact in other ways. With today’s more sophisticated criminals targeting customers’ personal information and company secrets, business losses can range anywhere from financial to brand integrity, which can lead to a whole subset of intangible costs.

What’s unfortunate about incidents like the News Corp./News of the World scandal is they could have been averted had the phone carriers been using the TrustID® Telephone FirewallTM solution. That’s right. By validating the physical location of a caller whether they are using the phone or a cellular device, the TrustID solution secures telephone systems against the threat of the Caller ID spoofing that led to the hacking of more than 4,000 phone numbers.

The NoTW phone hacking scandal is a prime example of a problem many businesses face today. Whether they know it or not, the truth is we’ve really only hit the tip of the iceberg. Criminals are using the telephone channel to commit different types of spoofing, pretexting and social engineering schemes to gain access to customer information and other confidential and proprietary business assets. In fact, this type of illicit behavior occurs tens of thousands of times each day against banks and financial institutions, and if they aren’t careful, they too could fall victim to similar security breaches.

Today, the TrustID Telephone Firewall is the only solution available that instantly authenticates inbound phone calls before the call is answered. By validating ANI and Caller ID through non-intrusive, undetectable caller authentication, businesses can proactively identify and stop criminals before they attempt to perpetrate fraud over the telephone channel. In doing so, business institutions can ensure customers are who they say they are without damaging their trust and goodwill through time-consuming, unpleasant knowledge-based authentication (KBA) and telephone identity interrogation.

The death of knowledge-based authentication

Posted on: July 22nd, 2011 by art

Financial institutions are losing money and customers due to the practice of knowledge-based authentication (KBA). Customers do not like to be interrogated, and interrogation is not in line with your bank’s mission and values statement (go ahead – re-read it). Regulatory bodies are calling for more advanced authentication to prevent fraud.  Governmental agencies are now calling for the death of KBA.

In last month’s regulatory developments, the National Institute of Standards and Technology (NIST) and the Federal Financial Institutions Examination Council (FFIEC) have started to crack down:

In view of the amount of information about people that is readily available on the internet and the information that individuals themselves make available on social networking websites, institutions should no longer consider such basic challenge questions (like mother’s maiden name) as a primary control, to be an effective risk mitigation technique.” [Source: Federal Financial Institutions Examination Council, June 22, 2011]

From NIST – SP800-63 Revision 3, June, 2011:

Instant KBA seems particularly problematic, because the combination of the establishment of identity and consummation of a transaction are compressed into a single session, because of the vulnerability of such systems to off-line research and because users get no chance to opt out of these risks…..Instant KBA is not acceptable when transactions result in the release of sensitive or private information related to an individual. Many remote Internet transactions the government provides or would like to provide to its citizens fall into the latter category of transactions.”

With customer satisfaction, profitability and brand at risk, the industry needs to move in a new direction. This major shift in thinking and practice can, however, be turned into competitive differentiator and profit driver.

In the past, KBA interrogation has caused a wide disconnect between fraud prevention strategies and customer care goals. Today’s financial institutions mostly fall into two categories. One, they’re doing too little authentication – e.g. asking only for the last four digits of the credit card and zip code, both of which can easily be found on a discarded credit card statement – and therefore exposing themselves to fraud loss and compliance issues.  Alternatively, they are over-interrogating, which frustrates customers and ticks away precious seconds of potential relationship building, selling and servicing time.

Since KBA is no longer a viable method for validating caller identity, and customers do not like to be interrogated, the ability to undetectably validate customers is a powerful new way to better service customers, minimize the risky handling of PII, and keep fraudsters in check. By non-intrusively identifying customers before a call is answered, the TrustID® Telephone FirewallTM solution simplifies the authentication process without relying on KBA and is paving the way for banks to transform the customer experience while meeting new regulatory scrutiny.

Oh, and by the way, please don’t shoot the messenger, we didn’t kill KBA. If you want to find the real culprits, try social networking, data breaches, contact data sharing, voicemail hacking, geo-tagged photos, internet search engines, smart phones, criminal data exchanges, public records, hackers, university research papers, social engineering, and criminals. They are the ones who killed KBA.

How reducing average call times can make banks millions

Posted on: July 13th, 2011 by art

This week’s blog helps put some numbers behind this fact.

One of the most expensive areas within any large operation is employee costs. As such, the labor dollars spent within customer care centers is a very large, yet very necessary and important expense. With that backdrop, let me ask the question: “What does a 20- or 30-second reduction in agent handling time mean to your bottom line?”

    “Of the 43 billion calls that U.S. contact centers will receive in 2007, 41 percent will involve a contact agent asking identity verification questions. Although this process takes only 20 to 30 seconds, the industry will spend $11.7 billion, and more than 11,000 years of contact center agent time this year, just checking caller identities.”

    - U.S. Contact Center Operational Review 2007, Contact Babel

Because of agent efficiency killing factors such as training, after call wrap-up, hold time, vacation, sick leave, idle time between calls, supervisory costs, recruitment, and lost revenues from inexperience due to staff turnover — every second saved in actual work time is worth 2.5 cents in savings — according to the same Contact Babel report. Simply put, Contact Babel says not spending time using knowledge-based authentication (KBA) to identify customers saves $0.60 on each of these calls.

But I think it gets better than that. By relying on “TrustID ANI” for authentication and not using up a caller’s patience with KBA interrogation, your bank can materially reduce IVR to agent transfers, thereby saving $3.50 on these calls using Contact Babel’s math.

So what is removing KBA interrogation and using TrustID ANI for caller authentication worth to your bank in just savings? My assumption:

Calls per year                Annual savings

10 million                        $2.8 million

25 million                           $7 million

50 million                          $14 million

100 million                        $28 million

500 million                      $141 million

But, even more importantly, in our highly competitive environment, what is it worth to your bank’s shareholders to make your customers happy?

Deploying the TrustID® Telephone FirewallTM solution does the lion’s share of inbound caller authentication by verifying the physical location of the ANI and Caller ID before the call is answered. This is done completely transparent to your customers and undetectable to criminals. By identifying the risk of the call prior to your IVR or agents having to speak with your customers, you can take seconds out of a large percentage of calls that significantly reduces operational expenses and allows your representatives to spend their valuable time servicing and selling, not interrogating your valued customers.

If you’d like to learn more about how our innovative tool can help your call center significantly reduce the time you spend authenticating inbound calls, or would like to see a demo, feel free to contact us today.

Still think ANI cannot be spoofed? Use our ANI spoofing tool yourself…

Posted on: July 5th, 2011 by art

Recently, I’ve talked the talk about how easy it is to spoof ANI. Now, it’s time to walk the walk.

TrustID is now giving you the chance to put these words to the test. To help educate people in our industry about how easy it is, we are making available to our clients, and prospective clients our in-house developed ANI spoofing and penetration testing tool to dispel the myth that ANI cannot be spoofed. Any bank can now see how easy it is by accessing the free spoofing and bank penetration testing tool today.

In our continued discussions with industry experts and leading financial institutions, I’ll admit that many do not fully grasp the gravity of the ease and damage spoofing is causing until we demonstrate (via a WebEx) how we can spoof their organizations. That’s when the light bulb goes off (and a little fear sets in), particularly for organizations whose existing authentication policies rely heavily on ANI, or are utilizing the easily compromised KBA questions for customer authentication.

Even more alarming is the fact that our new spoofing tool was built in less than an hour by one of our “non-telecommunication” experienced employees using information and software downloaded for free from the Internet. It was really that quick and easy.

With access to the very spoofing penetration tool we use in our demonstrations, you can spoof away (within reason) your own call centers, card activation lines or an inbound wire transfer line. If you are really feeling bold, spoof your boss or head of call center technology (at your own risk, of course). Or, conduct your own internal WebEx, and invite all internal interested departments to watch it on the big screen.

While this exercise can be fun and educational, it’s nothing to take lightly. Stopping ANI spoofing and restoring customer confidence is what we do, and we take it extremely seriously. This tool is meant to be used appropriately to show how easy it is to spoof ANI, penetration test your telecommunications services to help better understand the impact it’s causing in fraud losses, increasing operational expenses, and creating irreparable damage to brands across the banking and financial services industry.

How TrustID helps banks turn the tables on telephone fraud

Posted on: June 29th, 2011 by Pat

Scam artists are always trying to pull a fast one on us. Whether it’s through some clever social engineering scheme or, closer to home, spoofing their calling party number to trick call center agents into believing they are a legitimate customer trying to make a business transaction over the telephone while evading any type of detection.

Chess Pieces

These criminals are good at what they do because they have access to two important components: 1) their prospective victim’s personal and financial information, which is widely shared over the Internet through social networking sites, criminal exchanges and public records, and 2) they have powerful and cheap ANI spoofing mechanisms at their disposal. That’s pretty much all they need to get to work.

The trick to winning any cat-and-mouse game is to gain a strategic advantage over an adversary who previously has an advantage over you. For years now, banks and financial institutions have relied on knowledge-based authentication (KBA) to identify customers calling into their call centers. This, of course, falls right into the hands of con artists, who have the proper disguise (spoofed Caller ID and ANI) and correct information to pass any Q&A to carry out their diabolical plans.

To stop scams perpetrated over the telephone channel, banks first need to stop playing to the strengths of the criminals’ top weapon for defrauding them in the first place — customer information. Relying on KBA solutions to catch criminals only gives them the upper hand. Banks and financial institutions need to deploy identity authentication techniques that can catch criminals before they have the chance to socially engineer their call center.

The TrustID® Telephone FirewallTM solution turns the tables on scam artists by invisibly validating the Caller ID and ANI with the physical location of the caller before the call is answered. Without even knowing they’ve been identified, criminals are stopped in their tracks before they can start to carry out their scam. Furthermore, TrustID allows banks do this without relying solely on KBA and the risky handling of personally identifiable information (PII).

 

Banks must stop relying on the false trust created by criminals

Posted on: June 21st, 2011 by art

The “false trust” created by criminals to socially engineer banks has turned Caller ID and ANI into unvalidated claims that are no longer trustworthy for identity authentication. This is the simple, straightforward message that TrustID has been delivering for some time, despite industry naysayers who incorrectly claim ANI cannot be spoofed.

The reason why we’ve been so persistent in getting the word out is because far too many banks we talk to continue to use these unvalidated claims as trusted sources for identifying customers in the telephone channel. Trusting Caller ID and ANI without properly validating the authenticity of the calls gives criminals a leg-up on defeating existing telephone authentication processes, significantly increasing the security risks of banks’ proprietary data and customer accounts.

As long as fraud teams continue believing the “lies” that criminals depend on to defraud banks and their customers, they will remain vulnerable to illegally spoofed calls. This is why financial institutions need to make it a priority to implement new identity authentication tools like the TrustID® Telephone FirewallTM solution, which validates the Caller ID and ANI with the physical location of the caller before the actual call is answered, without impacting the customer experience or tipping off criminals that an authentication check has been performed.

The fact that Caller ID and ANI can quickly and easily be spoofed by anyone using readily available free technology, banks and financial institutions need to take steps to restore Caller ID and ANI as validated credentials for identifying customers. The answer to stopping the growing number of social engineering and telephone fraud schemes against banks is as simple as the message we’ve been conveying all along: If banks don’t take the necessary steps to restore trust in the phone channel, the security and integrity of their critical business data is only as good as the lies they believe.

 

Why banks need to get the customer experience right

Posted on: June 15th, 2011 by art

Today, financial institutions are competing heavily for customers. In addition, there’s a scramble towards the premier, high net worth customer, and an even stronger push for the “total relationship” (i.e… banking, credit card, insurance, commercial, retirement planning, etc.).

Five years ago, customers would give high marks to banks that were monitoring their daily credit card activity, often rating calls out to them to verify transactions as a good customer experience. Today, that’s not the case. Many heads of fraud operations, strategy or policy are much more scrutinized. It’s no longer good enough to just keep fraud losses in check, particularly if it may damage the larger, broader relationship between the bank and customer.

The new customer mantra is: “Just make my card work.” There’s nothing more intrusive or upsetting to a premier cardholder than to have their card rejected at the point-of-sale, especially if they’ve traveled halfway around the world and need it to check into a hotel, get cash from an ATM, or grab the dinner tab for a client.

Today, innovative banks are working diligently to pull disparate systems together because they recognize having a 360-view into a customer’s interactions is key to the relationship. The customer experience is a differentiator, and the credit/debit card is typically the vehicle that has the highest customer touch points. If you don’t get the customer experience right, you may very well be losing your best customers and not even know it.

Take a close look at the top reasons for customer dissatisfaction. If you eliminate the product factors such as line assignment, fees or interest rate, one of the top reasons for customer dissatisfaction is the ongoing KBA (knowledge-based authentication), or what I prefer to call “customer interrogation”.

Customers are rapidly growing tired of having to answer these personal questions. Unfortunately, banks that hit callers up with a bunch of personal questions at the onset of a call — before a customer can even clarify their needs — are setting the wrong tone with their customers and prospects. In fact, today’s telephone banking security questions, which are designed to validate the identity of the person calling a bank’s call center, are doing more harm to the goodwill of their customers and the important bank/customer relationship by making the telephone channel an unpleasant experience.

Instead, what banks should be doing at the onset of each call is serving their customers, not interrogating them. These questions break the mood of the customer and cost banks both time and money. For all the good work fraud teams are doing to create a good customer experience at the point-of-sale, all is being forgone when they reach out in the most personal channel, the telephone, and start interrogating them.

By validating the Caller ID and ANI before the call is answered, the TrustID® Telephone FirewallTM solution eliminates the need to bombard customers with a bunch of questions at the beginning of a call. By addressing a customer’s needs right out of the gate, financial institutions can enhance the customer experience and improve overall customer satisfaction and the larger, more profitable bank/customer relationship.

  • REQUEST INDUSTRY BRIEFING PAPERS
  • VIEW DEMO
  • USE CASE
  • ANI SPOOFING TOOL

  • CISO Text

             

    Authentication without caller involvement materially improves the customer experience, especially for ‘premier accounts.’ TRUSTID will greatly assist with not only customer service, but also with board level compliance issues.

    – CISO, top 10 global bank

  • CISO 2 Text

             

    As less customer PII is made available to our contact  center advocates for identity validation, our enterprise risk of a costly data  breach is dramatically decreased.

              – CSO, global financial company

    Offshore agents are highly vulnerable to fraud schemes  and social engineering. TRUSTID’s solution enables informed routing decisions,  optimizing agent cost reduction programs.

             - CISO, top 10 global bank           

  • VP Quote text

         

    Since  it is now commonly sold by criminals, personal information for identity authentication is no longer the single solution to identity resolution. The  value of knowing reliably that a customer is calling from their phone is far better security than knowing the last four digits of someone’s SSN.

    - VP of Card Fraud, large international bank