How secure are your verification checkpoints?

Posted on: April 27th, 2017 by Art Barger

Validating callers is critical to protecting your customer data. But how secure are your verification checkpoints? If trusting your Caller ID and ANI is how you authenticate callers, you may be undermining the security process that defends your entire enterprise. 

One of the leading threats to call centers today is trusting the information on the telephone display. Once a reliable indicator for screening calls, the number listed on the display screen should no longer be a trusted credential  for verifying calls. Using any number of spoofing tools available on the Internet, crooks can easily manipulate the actual phone number of the device making the call. Disguising the Caller ID or ANI has become the minimum ante for phone fraud.

Along with the deteriorating validity of Caller ID and ANI is the use of personal information to identify customers over the telephone channel. Susceptible to mishandling or being stolen over the Internet, personal and financial details are used by criminals to build profiles to socially engineer bank telephone agents. Using knowledge-based authentication (KBA) tools to validate customers by their date of birth, Social Security number or mother’s maiden name are rendered useless today.

Fraud costs U.S. banks and businesses billions in losses each year. Many social engineering schemes involve the combination of spoofed phone numbers and stolen personal information to fool telephone agents into believing they are someone else. The problem is impostors can pass verification checkpoints that rely on conventional KBA methods. Whether customers are online or over the telephone, using knowledge-based solutions puts customer accounts and private data at risk.

Moving forward, it’s becoming mission critical that contact centers are not relying on the Caller ID and/or personal information to validate inbound calls. There’s simply too much at stake — including a bank’s brand reputation, revenues and confidential information — to employ risk mitigation strategies that can be defeated by dedicated criminals doing their homework. 

Trusting personal details in the hands of crooks is as risky as trusting unvalidated calls with private customer information. Today, banks and businesses need customer checkpoints that go beyond KBA tools.

A solution like the TRUSTID® Physical Caller Authentication uses out-of-band credentials to identify the physical location of the calling device to verify valid customers and provide the risk of a call before an agent picks up the phone. Implementing a telephone authentication tool that verifies the whereabouts of the caller as the phone is still ringing allows banks to make instant, real-time security decisions that protect private accounts and create a more secure banking channel for their customers.