Amid a seemingly unending succession of reports of data breaches, hacks, and scams, consumers understandably wonder whether they can trust any company to keep their information and assets safe. Consumers are also worried that access to their accounts is now open to the people who hacked their data or bought it on the black market. This especially impacts call centers, where account information is routinely exchanged as part of an antiquated caller authentication process.
Since sensitive information, like healthcare and financial records, can be accessed through call centers, customers must endure an authentication process to prove that they are who they say they are. Most contact centers rely on knowledge-based authentication (KBA), where callers prove their identities by demonstrating knowledge of information that, in theory, only they should have access to. In reality, however, it's not that difficult for skilled and patient fraudsters to gain access to this information and use it to access customer accounts.
Unfortunately, one type of fraud tends to lead to another. Using stolen data from corporate data breaches and augmenting it with additional online and social media research about their targets, criminals call customer contact centers, attempting to impersonate legitimate customers to reset passwords, obtain additional personal information, or authorize financial transactions. What's more, spoofing the caller's phone number makes it appear that the source is authentic, making it even more difficult to detect these fraudsters.
Businesses of all kinds, especially in health care, retail, and financial services, have suffered a loss of consumer trust in recent years; a recent survey by Pew showed that many Americans (between 26 percent and 51 percent) had little confidence in modern institutions' ability to safeguard their personal information.
While customers expect that companies will keep their accounts secure, they also dislike submitting to lengthy interrogations by call center staff every time they pick up the phone. When they call contact centers, they just want to have their questions answered or their problems solved without wasting time jumping through hoops, especially if they have to repeat the process more than once for the same issue during the same call. And functioning as an interrogator is also one of the worst parts of a contact center employee's job; her goal should be to provide exceptional customer service and to develop a positive relationship that the customer can trust.
For public and private institutions alike, the question then becomes how to rebuild this trust when engaging with customers.
First and foremost, better types of authentication are needed—ones that are more effective at identifying trusted callers and making the entire process more pleasant for customers and call center agents. Let's take a look at the two ways besides KBA that contact centers can authenticate customers: inherence and ownership.
An inherence-based approach authenticates customers through a biological measurement of unique traits, such as facial recognition, fingerprint or, voice. Voice-biometric authentication compares callers' voices to previous recordings of their voices to make authentication decisions.
Voice-based authentication processes are promising and will be one of the ways callers are authenticated in the future. But today, there remain several sizable roadblocks to widespread adoption. It is a lengthy process for contact centers to enroll their entire customer bases. Many companies and state laws require customers to opt-in before voiceprints can be used for authentication. It can take a long time to acquire that consent and trust from customers, which can mean years of investment from companies and call centers. Such systems are also cumbersome to use in self-service interactive voice response systems.
Another method of authentication is through ownership. Here, customers can be authenticated through physical objects that they exclusively own, such as their debit cards, computers, or telephones. With telephones, legitimate calls can be separated from suspicious calls by examining the connection within the global phone networks between the caller and contact center.
One benefit with this approach is that callers are automatically authenticated before their calls are answered; the process requires no action from the customer and is virtually invisible to the caller. This results in an immediate 100 percent participation rate without negatively impacting the customer experience. It encourages callers to self-service and also guarantees protection against spoofing by verifying the integrity of the call being made.
Authentication through ownership is proving to be an effective system of verification that provides a high level of security without subjecting customers to lengthy interrogations. It can reduce dependence on KBA and provide an easy first step toward multifactor authentication.
Trust But Verify
The bottom line: customers should not—and need not—be required to hand over personal information before initiating phone calls for customer service. Contact centers need to consider implementing better authentication procedures that do not rely on ineffective and inefficient interrogations of their customers.
2017 was a tumultuous year for consumers and their data. It's time to work together toward rebuilding that trust in 2018.
Patrick Cox is chairman and CEO of TRUSTID, a company he founded in 2007 to help financial institutions and other enterprises conducting telephone-based commerce automatically authenticate their customers' identities. Before establishing TRUSTID, Cox launched two other companies in the authentication and telecommunications industries. They were Metro One Telecommunications, a provider of voice-based directory assistance services for the U.S. wireless market, and Qsent, a provider of contact identity services for the financial services industry. When Qsent was sold to TransUnion in 2006, Cox joined TransUnion as an executive vice president. He holds 27 patents in telecommunication and authentication technology and is a certified Class 1 NARTE (National Association of Radio and Television Engineers) engineer.