Optimizing authentication and preventing fraud are hot topics in the industry. I had the pleasure of facilitating a panel on the topic at the ICMI CC Demo in September. Here are key learnings from that session as well as project work we have been doing to tackle this ubiquitous challenge.
I’m going to start with the key message that anyone exploring the topic should know. You must use a layered approach. There is no silver bullet to improve authentication and prevent fraud. Moreover, the layers cut across people, process, and technology. They may leverage any of the following types of authentication: Knowledge (what you know), Possession (what you have), and Inherence (who you are).
Knowledge Based Authentication (KBA) has been the approach for most centers until now; however, it is terribly flawed and vulnerable. Much of that information has been compromised and can be obtained through the dark web and social engineering. And there are wicked people who specialize in extracting information and are increasingly calling your very helpful customer service representatives (and perhaps your customers) because the other channels (including web, mobile, and face-to-face) have become more difficult to penetrate.
Even if the dark web and social engineering weren’t threats, we should not bolster knowledge-based authentication by asking our customers bunch of questions. That approach results in long handle times and frustration for all concerned. Moreover, it’s not a sure-fire way to authenticate, much less prevent fraud.
So with all these problems with knowledge, Multi-factor Authentication (MFA) is the better approach, and the push is on for possession (e.g., ANI/caller ID, phone device) and inherence (e.g., biometrics). TRUSTID calls the phone an “ownership identity token” as the characteristics of the number (ANI) and carrier information provide possession-based authentication. Going further into fraud detection, Pindrop can look at the characteristics of the sound, which they label “phoneprintingÔ.” While it takes a little time to evaluate, this approach can offer insights even when ANI doesn’t. A further step evaluates the voice print, matching it to your very own “blacklist” database of recognized fraudsters. Pindrop also has a “consortium of bad guys” and can enable assessments of the phone print against a shared database, offering a broader view in the fight against evil!
These front-end tools enable a center to then perform a risk-based level of authentication with the representatives. Using the indicators from the network services, the reps can make informed decisions and proceed based on transaction type, account type, amounts involved, or other factors.
So if this all sounds intriguing, the question remains of whether it is a fit for your center. TRUSTID and Pindrop target financial services as early adopters, with a high percentage of the big banks, insurers, and credit card companies on board. But authentication and fraud prevention applies to all vertical markets, and the vendors have delivered solutions in healthcare, retail, travel, telecom, government, and more. Both vendors see greater value in these solutions when an IVR front-ends the calls and plays a role in authentication and self-service, increasing success rates.
The next question is size, and up until now these solutions have been the realm of big centers with hundreds of agents and millions of calls annually. But again, the problem is not exclusive to these demographics. So the vendors are moving downstream by partnering with Value Added Resellers (VARs) that can deliver the capabilities as part of a broader solution.
The bottom line is these tools can have a strong, tangible business case because of the cost of authentication and fraud. If you need data to make the case in your company, check out the resources the two vendors offer on their websites.
To learn more about authentication and fraud prevention, read the full article »