Are you relying on outdated authentication tools?

Posted on: April 03rd, 2013 by Art Barger

Those of us in the telephone authentication industry can see the shortcomings of the different types of customer identification methods. While this has been evident for some time now, what continues to be an uphill battle is educating financial institutions about the risks of using outdated and ineffective authentication tools to identify customers over the telephone channel.

At last month’s BAI Payments Connect Conference, business leaders from around the globe met to discuss how various forms of fraud impact banks – from account-opening fraud to social engineering and call center fraud. No matter what channel criminals choose, the conclusion among fraud experts is bank fraud is on the rise.

Ori Bach, a call center monitoring expert with NICE Systems, echoed what we’ve been saying all along — knowledge-based authentication (KBA) and Caller ID are broken, call center fraud is up, and untrained personnel are falling for preventable tricks. Collectively, all of these pieces are contributing to increasing fraud losses.

I don’t mean to beat a dead horse, but I can’t stressed enough how important it is to continue informing financial institutions about the risks they face using beatable authentication methods, particularly those that depend on personally identifiable information (PII).

At TRUSTID, we agree with all of Bach’s conclusions, including:

  • KBA is not predictive: With personal information available via social websites such as Facebook, PII-based methods for authentication is diminishing. As a result, KBA can no longer be the single solution for identifying customers over the phone.
  • Caller ID is broken: With a wide availability of spoofing tools, calling party number spoofing has become a low cost and power penetration tool used to impersonate identity and actual location over the telephone channel.
  • Untrained call center agents are easily fooled: If bank representatives aren’t up to speed with the latest fraud techniques, they will continue to fall for Caller ID spoofing and social engineering scams.

As stewards of customer authentication for the banking industry, part of our job is to continue educating financial institutions about the many risks of fraud, and the real dangers if using outdated authentication tools. Each week, I have eye-opening conversations with fraud managers that still rely on old-school methods to identify customers. Over time, this essentially puts both their bank and customers at greater and greater risk.

The unfortunate part is many of these fraud risks are preventable. By implementing a multi-factor authentication strategy that doesn’t rely on PII to identify customers, banks can reduce their risk against many of today’s fraud techniques that result in millions of dollars in fraud losses each year.