Why customer sensitive data is no longer needed for authentication

Posted on: January 02nd, 2014 by Art Barger

To authenticate every customer who calls your contact center, you need something from them. Whether it’s a password or last four digits of their Social Security number, this information helps financial institutions determine the identity of the caller. While this has long been a common practice with banks, using personally identifiable information (PII) to authenticate customers over the telephone is no longer necessary. And here’s why.

Relying on PII in 2014 is not as reliable, or predictive, as it used to be. Crooks already have the information in hand before they place the call. At the point a bank representative picks up the phone, challenge questions are a mere formality to gaining access to somebody’s personal account. In some cases, the bad guys can answer security questions as swiftly, and more accurately than the actual person.

Today, depending on knowledge-based authentication (KBA) to identify customers over the telephone channel is like handing over your house keys to a stranger wearing a mask of your most trusted friend. The criminal may look and act the part, but they’re anything but the real thing. Operating with a false sense of security can actually put your customer and private banking data at a greater risk for longer periods of time.

The problem with PII-based authentication solutions is they allow crooks to make their way onto a phone system, whether it’s the IVR or talking to an actual agent. Criminals can always claim that they’ve lost their key or forgot their password and call center agents are trained to still help them along. As soon as they start talking to a bank rep, the crook already has the upper hand on the predictable challenge questions they’ve prepared for. As for legitimate customers, when an bank agent picks up the phone they must first endure a lengthy interrogation before getting to the business at hand, even if they’ve been a longtime loyal customer of the bank.

But what if you could skip the interrogation process altogether? Would if you could authenticate customers without needing any sensitive customer data at all? While it moves away from traditional KBA methods of telephone authentication, many financial institutions are starting to see the security and operational benefits of identifying customers without relying on PII.

Because it doesn’t rely on PII and authenticates the calling party number pre-answer, the TRUSTID® Physical Caller Authentication tool delivers perhaps the fastest, most powerful identification credential in the industry. With TRUSTID, banks no longer have to increase their security risk by sending sensitive customer data to a third-party vendor.

TRUSTID’s real-time telephone network forensics automatically validates the authenticity of the actual calling device (whether it’s a landline or mobile phone) before the inbound call is picked up to instantly identify and stop spoofed calls from being routed to an IVR system or to a bank agent. As a result of invisibly preventing bad calls from making their way into the phone system, TRUSTID saves bank contact centers valuable time and resources by removing the need to conduct costing PII telephone interrogations on known high-risk calls.