The Next Wave of Authentication: Screen Callers Before You Answer
Security vs. CX: Reconciling the two
The “innocent until proven guilty” trope doesn’t hold in the authentication-guarded contact center, where all callers are presumed identity thieves until proven otherwise. Ownership authentication is emerging as an antidote to what TRUSTID CEO Pat Cox refers to as “identity-interrogating” customers by demanding they recite their mother’s maiden name and date of birth as a condition for receiving service.
“We know asking questions is broken,” Cox said in a webinar with CCW Digital, ‘Using Authentication to Create a Killer Customer Experience.’ “Where we are today is looking at new technologies, processes and solutions.”
Aside from the encumbrance of asking customers security questions to authenticate them, the 2017 data breach of credit bureau Equifax exposing the personal information of 150 million people highlights a major weak point in knowledge-based authentication. It even eroded trust in out-of-wallet authentication, where companies bought private customer data so they could authenticate using more complex questions like, “What was the color of your first car?”
Authenticating calls pre-answer to provide a seamless CX
New authentication technology is often tied to a customer’s smartphone or other ownership token, such as the random number generators provided by banks, which can only be used by one customer at a time and therefore can’t be spoofed, duplicated or anonymized - unlike phone numbers. In the case of TRUSTID, the device the customer is calling from, rather than just the number itself, is used to authenticate the call.
As a phone company operating on a phone network, TRUSTID analyzes calls pre-answer to provide a risk rating of green or red. It tracks factors such as device type, location and frequency of inbound calls, and then checks to see whether the number has been duplicated, virtualized or spoofed.
Spoofing is when a caller manipulates the caller ID to disguise themselves as someone you know, a tactic often used to socially engineer sensitive information out of unsuspecting people. Meanwhile, virtualization means the caller is using Skype, a VoIP or burner app that isn’t unique and therefore can’t be traced, because hundreds of people can use the same log-in.
“Everybody has the caller ID on their cell phone that says mom’s calling.The beauty of this is it verifies that mom’s phone is actually calling you - it’s not just somebody spoofing it and making it look like mom’s calling,” says Jen Pacholski, senior vice president at Bank of America, which uses the technology at its contact center.
In a survey of 127 contact center professionals by TRUSTID, the #1 desired capability for new authentication technology was not accuracy but that it would be “easy and quick for customers to enroll.” The second factor was “Reduces agent time on authentication.” The statistics showed an overall commitment to CX but also the fact that the technology can’t deliver value without uptake. With voice biometrics technology, for example, many states have regulations around expressed consent, meaning that customers have to actively opt in to having their voice print stored by the company. As we all know, a lack of uptake reduces the potential RoI for any technology investment.
Fast-tracking low-risk customers
Like most financial institutions, the bank is working to introduce new, technology-supported authentication processes that are seamless for the customer and the contact center agent. ATMs have made strides in CX; most banks allow customers to print statements directly from the ATM and many machines are equipped with a video camera so customers can easily connect with an associate.
As more and more customers use mobile banking and self-service portals in general, it’s easier to ownership-authenticate customers using their smartphone or through an IVR during an inbound call.
Introducing faster authentication systems conserves costs for the call center, while relieving agents from the burden of identity-interrogating customers, which both parties find cumbersome.
“Having that authentication be frictionless in the IVR has been transformational in our ability to deliver a better experience to our associates,” said Pacholski, adding that agents used to complain about the authentication process. The benefits also cascade into the customer experience as well as security and fraud protection.
“We’re able to identify the good customers and give them that fast pass of simplified, frictionless authentication. It also helps our fraud department hone in and follow up on things that may not look or act like that normal customer does.”
Cox agreed, stating that pre-call authentication should result in greater trust of that customer, who can then be fast-tracked through a “trusted caller flow.” “Our argument is that these customers deserve a faster, better and more secure experience. For example, in the IVR, why wouldn’t you want to let them add additional card holders or do other things that aren’t normally permitted on the IVR [without secure authentication]?”
IVR containment and self-service helps to further reduce call volume and contact center costs, while catering to customers who prefer self-service over talking to a live agent.
The outlook on multi-factor authentication
In a report by TRUSTID, 2018 State of Call Center Authentication, 69 percent of respondents indicated they were using knowledge-based authentication by default, even though 40 percent of survey respondents said they doubt its accuracy.
“One thing that clearly comes through in the market is a desire to complete authentication before agents are involved,” said Lance Hood, CMO at TRUSTID. “That’s certainly less friction for callers and agents.”
The report concluded that most companies were looking at keeping KBA while adding a second factor of authentication.