The three most dangerous words in telephone authentication

Posted on: March 12th, 2015 by Art Barger

Believe it or not, criminals make investments, too. Like any other sound business practice, they invest their time and money in information that will get them the biggest bang for their buck. That’s because the underground economy is by and large about making money. Their methods, however, are illegal in every way.

So, you may be wondering what’s important to thieves trying to defraud banks. You may think they’re throwing their money into new innovative gadgets that are designed to defeat customer authentication solutions. But what may surprise you is that they’re more interested in information gathering than technology.

When it comes to call center fraud, many criminals’ biggest asset comes down to three little words — sensitive customer data. Knowing answers to knowledge-based questions such as a person’s name, address and Social Security number can be a thief’s ticket to slipping past many contact center authentication systems. The travesty, of course, is that using private information is no longer necessary for identifying customers over the telephone channel.

Everyone knows that knowledge-based authentication (KBA) solutions have long been used to verify customers over the phone. Unfortunately, ever-changing fraud tactics have made these defenses vulnerable to things like social engineering. Banks that have yet to make the transition from KBA to more proactive tools that don’t rely on somebody’s personal information to verify inbound calls are now putting their customers and call center operations at risk.

Why? Because trusting anyone on the other end of the line can give your call center agents a false sense of security. Trusting an unauthenticated call can lead to the disclosure of confidential information, which is exactly what criminals need to access or take over real banking accounts.

Financial institutions need to understand the immediate dangers and financial impact of relying on sensitive customer data to identify customers over the phone. In addition to putting your trust in a potential crook who may be impersonating a legitimate customer, taking the time to interrogate callers using outdated KBA methods is both costly to your operations and damage your customer relationship.

Removing your dependencies on sensitive customer data for customer identification is easily accomplished today with the right authentication tools. Take, for example, the TRUSTID® Physical Caller Authentication. Without relying on telephone interrogations to verify the risk of the call, TRUSTID identifies the physical location of the device making the call while the phone is still ringing. This information allows banks to make real-time decisions on all inbound calls.

When TRUSTID verifies that a call is spoofed, that call can be automatically denied from getting into the telephone system. This removes bad calls from ever reaching an agent. High-risk calls can be routed to the proper operator or IVR option for further investigation, and when good calls are validated, those customers get routed straight to a telephone representative. Because the call has been proactively authenticated, security questions are no longer necessary. Bank agents can start serving the customer’s needs right away, saving your customers valuable time and your operations up to 20 percent in costs on each call.

So, by eliminating these three little words from the telephone authentication process, contact centers can remove known fraudulent calls from their system, save time and money on each call, and start to build more trusted relationships with their customers.