Along with providing faster and more convenient ways to bank, financial institutions are constantly challenged with making sure all of their customer channels are protected. The problem with offering customers more tools for customers to bank remotely is the ability to successfully secure the growing number of sales channels without impacting the user experience.
While the recent Computerworld article, “How Emerging Technology Fights Fraud in the Call Center,” highlights the progress that banks have made detecting and preventing online fraud, there’s more to be done on other channels that criminals are turning to because of their lack of success over the Internet. Ori Bach, director of solution management for call center provider NICE Systems, said the potential for human error makes contact centers the weakest link in today’s enterprises.
“It’s a remote channel with a large human factor. As fraudster’s have gotten less successful online, they’ve either moved solely to contact center attacks or to cross-channel attacks–starting in the call center and migrating to another channel using a credential they’ve attained.”
One of the points called out in the story is the fact that call center agents are not security experts. Their job is, first and foremost, to make the customer happy. The challenge with this is telephone representatives not privy to the latest scams can be susceptible to fraud attempts. And it doesn’t stop there. The entire phone system can be at risk, too.
Today, it’s too easy for criminals to steal anyone’s personally identifiable information (PII) from social media websites. Someone with the right data and the capability to spoof Caller ID or ANI can, as the article suggests, “whiz passed the typical call center authentication process.” That’s a frightening thought for any financial institution that doesn’t have proactive security measures in place to identify spoofed calls before they are answered.
That said, financial institutions should not rely on non-predictive PII to determine whether a caller is a real customer or a fraud. Too many security methods like knowledge-based authentication (KBA) are vulnerable to social engineering schemes because they depend too much on PII to catch crooks posing as customers on the telephone. And this says nothing about the damage that security questions can have on the goodwill of banking customers.
By automatically validating the location of the landline or mobile phone “pre-answered”, the TRUSTID® Physical Caller Authentication tool enables banks to invisibly identify crooks before they can attempt to a fool bank agent. Proactively identifying criminals in real time not only eliminates the need for unpleasant telephone interrogations that impact customer trust, it allows bank representatives to immediately begin servicing customers at the onset of the call, which improves the overall banking experience and plays a critical role in strengthening the profitable bank-customer relationship.