According to initial reports, the massive Equifax data breach has compromised the personal information of 143 million customer accounts. These private details include Social Security numbers and dates of birth, which remain important credentials for many banking authentication systems.
Among the exploited information are driver licenses, which include a person’s name, date of birth, street address, eye and hair color, and signatures. In the wrong hands, these personal details can be use for all types of fraud scams such as creating fraudulent accounts in other people’s names and account takeovers, to name a few.
These personal credentials are commonly used by financial institutions for identifying customers over several banking platforms. Banks and businesses that don’t required personal data to authenticate customers don’t have the same concerns following a large data breach than banks that still rely on knowledge-based authentication (KBA) solutions.
The article, “Equifax breach threatens bank reputations, too,” questions how banks should respond to this latest breach. Blaming the consumer credit reporting giant could damage customer trust and confidence considering the bank entrusted Equifax with their customers’ personal information in the first place.
Rather than pointing fingers and shifting blame, banks should focus on how to protect customers who may have been affected by this breach. With so much personal data potentially in the wrong hands, issuing new credit and debit cards would be a good start.
As far as protecting customer accounts and remote banking environments that might become targets of new social engineering scams, financial institutions need to deploy authentication methods that don’t rely on sensitive customer data to verify customers online or over the phone. Using automated authentication solutions that go beyond costly and nonpredictive KBA security questions is critical to spotting bad actors trying to impersonate legitimate customers.
Security tools such as the TRUSTID® Physical Caller Authentication solution don’t leverage personal information to verify customers over the telephone channel. Instead, it uses advanced telephone network forensics to proactively locate the exact physical location of the landline or mobile device that placed the call while the phone is still ringing. Knowing the location of the telephonic device creates a risk level that banks can use to make real-time decisions on all inbound calls.
These credentials allow banking institutions to take immediate action on both good calls and high-risk calls to protect their customer environments and private customer accounts. When a Caller ID is identified as spoofed, contact centers can instantly remove the call from the telephone system without wasting precious time and valuable resources talking to known impostors. When the customer is verified, the call is instantly routed to the appropriate operator, resulting in a faster and more satisfying banking experience.
In the aftermath of a large data breach, automated authentication helps banks protect customer channels against social engineering scams that leverage compromised sensitive customer information.