When it comes to identifying and verifying customers, contact centers have a real dilemma. On one hand, they have to minimize any chance of a data breach or fraud. Yet, asking customers to jump through hoops with multiple PINs, security questions, and account numbers can be a tremendous source of irritation. With today’s heightened awareness of security and increasing customer expectations, balancing customer authentication and fraud detection with maintaining service levels is no easy task.
Realizing the Risk
More than ever, contact centers are being targeted by fraudsters who are becoming highly sophisticated in their attempts to obtain access to valuable data. There are many points of potential failure from hardware and data to agents who can unintentionally release information into the wrong hands. When it comes to preventing potential customer authentication issues, the first step is to evaluate where they could potentially occur.
Many IVR systems and other self-help channels ask customers for PINs for identification purposes. Unfortunately, scammers have a variety of ways to get past this step in the authentication process. One solution is using a telephone network forensics solution that validates the physical location of the phone being used before the call is picked up. Because this is done in real-time, customers are unaware of the process, and it can stop some risky callers before they take the next step in their efforts of breaching an account.
While telephone network forensics can add a layer of security, it is often not enough – particularly when you consider customers are more likely than ever to dial into a contact center via a smartphone. Voice biometric technology can help further identify a caller through the use of prerecorded voice prints. This technology is still in its infancy and is only being used by companies that can invest in extensive planning and implementation. The technology is based on the science of mining and analyzing patterns in historical transactional and real-time streaming data, which can help identify potential security breaches. As the technology becomes more widely available, it’s likely to increase in popularity because of is high level of effectiveness.
There are plenty of stories out there of con artists who fooled contact center agents into releasing personal information or funds. It only requires one scammer who has access to a victim’s name, mother’s maiden name, and social security number to quickly access accounts and make fraudulent transactions. For companies that have offshore contact centers, the risks are even greater.
While security questions can serve as a way to stop some fraudsters from proceeding in their unlawful efforts, they have to balance both security and convenience. For example, a good security question would be “What is the name of your first pet?” However, a question that may have multiple answers depending on the day like “What is your favorite flavor of ice cream?” can cause verification failures and customer frustrations. When it comes to security questions, they should be simple, memorable, and stable while being extremely difficult for others to guess the answer.
In some situations, high value transactions should be limited until there is an authorized callback for confirmation. Out-of-band verification offers a two-factor authentication process to minimize fraud. For example, a customer can submit account information and a password on an IVR system. Then, they will be sent a code on a separate device to receive out-of-band information, usually via SMS text message. This code can then be entered to gain access to account information. The benefit of this approach is to add another layer of security to make hacking an account twice as difficult.
Fraudsters gain an advantage when digital and voice channels are siloed and not integrated. They can attempt multi-pronged attacks on multiple fronts to infiltrate the system and gain access to valuable customer information. By integrating channels and capturing data from all interactions, it becomes much easier to see suspicious patterns and be alerted before fraudulent activity begins.
While technology is absolutely necessary for stopping suspicious interactions, contact center agents must also be trained to identify and report suspicious activity and fraud. This can include everything from alerting the fraud prevention team when someone tries to access an account without the necessary information to being on the watch for internal breaches perpetuated by less-than scrupulous agents who attempt to steal customer information.
Taking a Holistic Approach to Security
The companies that are least vulnerable to security breaches are those that use a variety of security efforts. In many cases, it requires a combination of knowledge-based authentication, data analytics, voice biometrics, and ongoing employee training to prevent attacks and to enable agents to identify suspicious activity. The most sophisticated fraudsters are now targeting accounts via multiple channels, thus further demonstrating that a holistic 360-degree approach is necessary. While technology is continuing to improve to serve as a deterrent, it’s important to remember that criminals are actively trying to find new ways to access accounts. Because just one attack can pull in thousands and sometimes millions of dollars, it’s a given that these attacks will always be an ongoing challenge for all contact centers to face. And the solution will always be to understand the threats and determine the right defensive strategies for keeping customer accounts safe.