Alternative authentication methods needed in today’s call center environment

Posted on: April 17th, 2013 by Art Barger

The need for alternative methods to identify customers over the telephone has been a long time coming. In my opinion, every day that a bank waits to add new authentication solutions into the mix is another day criminals can take advantage of defeatable security tools.

You see, crooks want financial institutions to continue to use things like security questions to identify customers. That’s because they’ve pretty much mastered the art of beating knowledge-based authentication solutions. When banks rely on personal information that, ideally, only the customer should know, they put themselves at a disadvantage because today’s digital world exposes more personal identifiable information (PII) than every before.

Combing the Internet, today’s thieves are able to collect enough information on an individual to correctly answer challenge questions and socially engineer bank call center agents into divulging sensitive financial data; enough data, in fact, to access other people’s bank accounts.

Even the FFIEC (Federal Financial Institutions Examination Council) recognizes that more information is needed to identify bank customers today. While the FFIEC authentication standards include “something you know” (password, PII) methods, they strongly recommend combining that with at least a second layer of authentication to improve the level of verification for identifying customers over the phone. That would come in the form of either “something you have” (telephone, ID card, security token) or “something you are” (fingerprint, DNA, retinal pattern) that takes separate approach to verify customers.

What differentiates the TRUSTID® Physical Caller Authentication tool from other solutions is it goes straight to the heart of the crime — the telephone — to proactively validate the Caller ID and ANI as the phone rings. By identifying the physical location of the phone making the call, TRUSTID gives banks real-time intelligence on inbound calls before they are answered. This works as the first layer for authenticating customers.

If TRUSTID’s real-time telephone network forensics authenticates the call as genuine, it routes the call to a call center agent without interrupting the customer experience. If it determines the call is spoofed, the bank can route the call based on the risk it poses to the system. By better understanding the risk of each call, TRUSTID provides a critical extra layer of authentication that’s sorely needed in today’s call center environment, as well as to help fulfill the latest federal security requirements.