KBA security questions pose a risk to call center operations

Posted on: March 05th, 2014 by Art Barger

When it comes to call center security questions, no matter how you slice or dice them, they can still be answered by anyone who has done their homework.

We know knowledge-based authentication (KBA) is a method that many financial institutions still use today to identify customers over the telephone channel. The problem with relying on this technique is it’s susceptible to fraud. Criminals can correctly answer challenge questions whether they’ve been changed, modified or expanded.

It’s typical that after a massive data breach much like the recent Target attack that call volumes can increase upwards of 40 percent the normal rate. This, in itself, can create significant strain on call center operations. If the contact center is not prepared for such a dramatic spike in calls, it can result in things like denial of service. This not only impacts the user experience, but angry customers can damage your brand and ultimately result in lost profits.

The key to handling higher call volume is how quickly and accurately your authentication process can determine the risk of each call. Changing your authentication policy or adding extra out-of-wallet questions to strengthen security often does little to deter fraudsters, and only adds to higher average call handling times.

Modifying security questions during normal operations or in times of crisis doesn’t mean your call center operations is safer. In fact, changing your processes, especially after your data has been compromised, can lead to confusion for both your call center agents and customers, alike. While good customers lose confidence with the process, criminals can take advantage of these vulnerable periods.

Taking proactive measures to make sure your authentication process can handle higher call volumes without falling victim to social engineering schemes requires the ability to identify callers pre-answer. By this I mean verifying the Caller ID and ANI before a call center agent picks up the phone. 

The TRUSTID® Physical Caller Authentication solution uses real-time telephone network forensics to enhance call center authentication so banks and other businesses don’t have to rely on KBA’s costly and damaging interrogation procedures. By automating customer identification, TRUSTID takes non-predictive security questions out of the mix. This enables contact centers to instantly validate the location of the actual calling device to determine the overall risk of the inbound call.