When the Caller ID became a threat

Posted on: September 20th, 2017 by Art Barger

For decades, the Caller ID was a prime credential for authenticating customers over the telephone channel. The once trustworthy number displayed on the phone screen provided the confirmation that contact center agents needed to request the customer’s personal information on record and start the authentication process.

As the traditional authentication procedure, sensitive customer data allowed bank reps to cross check information they had on record against how callers responded to a bank’s security questions. While the Caller ID and challenge questions were once key factors for identifying process, over time the internet and the expansion of social media platforms have weakened the effectiveness of knowledge-based authentication (KBA) solutions as reliable credentials for customer identification.

The problem is too much personal information is now readily available online as people willingly share intimate details of themselves and their lives on Facebook and other social forums. With all this data now at a criminal’s disposal, fraud teams work day and night to create individual profiles that they could use to socially engineer KBA methods and other telephone interrogations.

With sensitive customer data in the wrong hands, the emergence of Caller ID spoofing technologies gave fraudsters the ability to fool telephone agents on two fronts — the Caller ID and bank security questions. This is how the Caller ID became a threat to bank contact centers.

It was at this authentication crossroads, if you will, that contact centers required much more than somebody’s personal information to identify callers. Fraud and risk managers, industry analysts and federal agencies all agreed that businesses needed multiple credentials to identify customers across the enterprise.

Today, when it comes to identifying customers over the telephone channel, the ownership authentication factor plays a critical role in verifying callers. Not driven by what the caller knows (password or PIN number) or what they are (fingerprint, DNA, retinal pattern), ownership focuses on something the caller has, such as the telephone. Because an item like a telephone is in possession by only one person at a time, ownership works on 100 percent of your inbound calls.

The TRUSTID® Physical Caller Authentication solution’s out-of-band authentication process leverages the “ownership factor” to automatically verify the physical location of a customer’s mobile or landline telephony device to proactively determine in the level of risk a call poses to a bank or business. TRUSTID’s caller authentication tool helps banks restore ownership-factor authentication while the phone is still ringing to validate good calls faster, flag suspicious ones, and block known spoofed calls from your phone system in real time.