Is this the end of the line for password authentication?

Posted on: February 23rd, 2017 by Art Barger

It’s been a long time coming, but the end may be in sight for financial institutions relying on sensitive customer information to authenticate callers over the telephone channel.    

In the recent article, “Will 2017 be the Final Year of the Password?” this year’s RSA Conference explored the need to replace maligned passwords with more secure technology. This is a change that many industry experts have supported for years as personal information has not only become nonpredictive for identifying customers, it’s costly, too.

As banks continue to rely on password security and management, the Gartner Group has reported that between 20 percent to 50 percent of all contact center calls are for password resets alone. That’s up to half of all inbound calls. Furthermore, Forrester Research says the average cost for a password reset over the telephone is roughly $70. The math may vary based on the number of calls a bank receives each year, but either way you look at it financial institutions are spending lots of money on credentials that are no longer effective for customer identification. 

Not only are passwords expensive to manage, they are oftentimes frustrating for customers to remember and can put your good customers’ accounts at risk of social engineering and other fraud scams. So, it’s no surprise that the idea of phasing out passwords for customer identification was a central topic at this year’s security conference.

But if passwords go away, what type of credentials will banking institutions turn to to quickly and accurately authenticate customers? This is a question banks that still rely on knowledge-based authentication (KBA) methods will need to ask themselves. 

While banks will continue to do what they can to protect their customers and provide a better overall customer experience, we can be sure of two things. First, the contact center will continue to be one of the top channels for customer service. Picking up the phone and talking to someone in the digital age may seem outdated, but the contact center remains one of the most used customer channels. Consumers simply prefer to talk to a live agent to resolve a problem or help them make a transaction. It reassures them that the issue has been taken care of. 

Second, fraudsters aren’t going anywhere. With annual fraud attempts continually on the rise, call centers need to authenticate all inbound calls if they expect to defend their customer environments from more sophisticated attacks. 

This is why it’s more important than ever that banks are looking into more advanced security technology to authenticate customers and spot fraud. And with more attacks comes a push for financial organizations to comply with new security requirements.

Automated telephone identification tools like the TRUSTID® Physical Caller Authentication solution doesn’t used sensitive customer information such as passwords, Social Security numbers, or challenge questions to authenticate customers. Instead, we use advanced telephone network forensics to instantly validate the calling device’s physical location while the phone is still ringing. Within seconds, we provide banks with the level of risk the call presents to the bank. Based on their fraud threshold, banks use our device intelligence to drop a high-risk call or route verified callers to an operator in real time. 

For banks looking for a customer identification solution that doesn’t use personal information and helps them meet federal multi-factor authentication mandates, TRUSTID validates calls upstream and without rely on potentially mishandled customer data for a better, overall banking experience.