How do you protect sensitive customer data?

Posted on: January 19th, 2017 by Art Barger

In business, we can now automate just about everything. From selling goods and services to assisting our customers 24 hours a day. Automating most of today’s business functions makes for a faster, more accurate and cost-efficient environment than having humans do the same work.

So, when it comes to customer authentication and protecting sensitive information, why would we leave it up to humans to make those all-important security decisions?

Having live people interact with your customers may still be the best way to connect and build the trust you want with them. However, your security should no longer rely on your contact center agents asking callers knowledge-based questions before determining whether or not they pose a risk to your system. Not only are people still susceptible to social engineering scams, but using personal information to defend your enterprise against social engineering attacks is no longer efficient, predictive, or cost-effective in today’s business environment.

I would argue that conventional customer identification practices like knowledge-based authentication (KBA) can actually put your bank or business at greater risk because it’s vulnerable to social engineering schemes that can lead to identity fraud and other crimes.

Here’s what we know about social engineers. They are at their best when impersonating others and answering personal questions. The ideal target for an impostor attempting phone fraud is to talk to a live agent using KBA to identify customers. Armed with a spoofed Caller ID, a charming personality, and personal details to answer any question asked of them, social engineers can beat most telephone interrogations they face. That’s because they’re going up against the weakest link in customer authentication — the human element — to gain access to good customer accounts, and the ultimate prize, their funds.

Once a fraudsters defeats the knowledge-based defense, they’re authorized to access the account and conduct whatever transaction they want, whether it’s changing their password or illegally transferring funds to another account. This is where automating the authentication process makes the most sense.

Today’s contact centers need identification tools that go beyond the telephone interaction. They need a way to identify the risk of the call upstream, before it ever reaches a telephone operator. The TRUSTID® Physical Caller Authentication solution doesn’t let fraudsters get that far because it automatically identifies the risk of the call in real time and let’s businesses take action on every call while the phone is still ringing.

By locating the physical location of the calling device before it is routed to a live phone rep, TRUSTID provides a credential to let the call center know the level of risk the call poses to their operations.

For example, if the Caller ID says the call is coming from Minnesota but the physical location of the device is somewhere overseas, then the business can instantly remove the call from the system before the caller knows what happened. Plus, there’s no need for a costly and disruptive interrogation that can eat up a minute or more at the start of the call.

If the location checks out, then TRUSTID gives the call a green light. From there, banks can automatically route good callers to operators that are waiting to serve them right away.

This not only removes the highly frustrating telephone interrogation, but it creates a better overall customer experience. In other words, automating the authentication process and verifying customers upstream gives banks and businesses a faster, more accurate and cost-effective solution for identifying customers over the telephone channel.