Why personal information is a threat to caller authentication

Posted on: October 16th, 2013 by Art Barger

We’ve known for some time now how unpredictable knowledge-based authentication (KBA) is for customer identification. The recent data breach of business data aggregators LexisNexis, Dun & Bradstreet and Kroll Background America is another example of just how risky relying on personally identifiable information (PII) to identify customers can be to financial institutions and their customers.

According to the article, “Hacker of major brokers weakens bank authentication,” these breaches are much more significant than other mass credit breaches because of the large amounts of electronic data they stored, which is used by companies to make credit decisions and includes personal employment information.

Today, no matter what sales channel you’re using to interact with your customers, organizations can no longer afford to rely on PII to validate customers. Andras Cser, an analyst with Forrester Research, said we’ve entered a new era where companies now need several ways to quickly and effectively verify customers without impacting the customer experience.

“This marks the beginning of an era in which identity proofing, verification and vetting information will have to be sourced from multiple sources and providers.”

Employing a layered approach to identifying customers online or over the telephone channel is essential for today’s authentication processes. Not only does it meet the FFIEC’s two-factor authentication criteria, it increases a business’s ability to positively validate customers faster while mitigating risks created by criminals and social engineers targeting personal and financial details as a way to access bank accounts.

As an authentication method to proactively validate the Caller ID and ANI pre-answer, the TRUSTID® Physical Caller Authentication solution gives financial institutions and other companies real-time device information about their location of their phone to instantly determine the risk of an inbound call to a contact center without relying on PII. Including the “something you have” component in the authentication process can give banks a much-needed extra layer of protection that is critical for identifying customers over the telephone.

With contact centers struggling to handle higher call volumes every day, banks need an authentication solution that’s reliable, efficient, and doesn’t delay the authentication process with a bunch of security questions. The fact is, personal information has become a weapon widely used by criminals to defraud businesses. TRUSTID removes PII from the identification process altogether by verifying the physical location of the caller before it is answered.