Closing the Weakest Link: Call Centre Authentication

Agent using secure call center

The aim of a call centre is to deliver fast, direct, and effective customer service, but I’m willing to wager that most of us have never had this type of experience – most of our experiences have probably been of the frustrating, time-consuming kind.

This is a problem for banks because, according to Forrester, most adults feel that valuing their time is the most important thing a company can do to provide them with a good experience.

According to industry insights, it is the time taken for call centre agents to authenticate incoming calls, together with other legacy systems, that generally lead to a poor customer experience. However, authenticating callers has become a priority for banks, and other industries that rely on call centres.

The mammoth profitability of cybercrime is attracting a much more sophisticated breed of fraudster; one who can pragmatically assess an organisation’s weak point and exploit it. This weakest link is more often than not the phone channel – an organisation’s call centre.

By exploiting the phone channel, fraudsters are using an omnichannel strategy to commit data breaches. For example, a fraudster could use social engineering to reset a password on a victim’s account. Then, they can use that password to commit online fraud.

This example gives an insight into how difficult it can be to identify the transactions that lead to fraud. Many cross-channel steps can seem like a legitimate transaction and make fraud harder to spot.

Stuck between a rock and a hard place

So far, call centres have found it tricky to hit the right mix between security and customer service. Putting strong, traditional security measures in place generally impact customers’ experience – often to an organisation’s detriment – meaning that an organisation might be tempted to slack on data privacy and security. But, this then puts an organisation at risk of a more painfully expensive data breach.

So, what’s an organization to do? Consumers want a speedy, frictionless process, and competition can drive this as a priority over security. Consumers themselves often choose convenience over security – as evidenced by weaker and multiple-use passwords – which reduces the effect of an organisation’s security methods anyway.

Rescue attempts

Authentication measures at a call centre can help to keep fraudsters from resetting passwords, and then using these credentials on web and mobile apps. Currently, call centre identification still relies on those easily accessible knowledge-based authentication (KBA) questions such as your mother’s maiden name and your favourite food. However, any cybercriminal worth his weight in stolen data will be able to find this information more easily than you will probably remember it!

Some organisations have tried to move on from this comfortable habit of KBA, and have implemented some form of authentication using voice biometrics or one-time passwords (and you can read our views about those here).

However, as the technology to trap fraudsters evolves, so too do the fraudsters’ skills, and they always seem to be one step ahead. They can now beat single-factor authentication security methods, and fool traditional single-factor voice biometrics. It’s not a higher-grade achievement for a fraudster to find their victim’s voice on the internet or use voice modification synthesis software.

A way out?

The importance of call centres is not going to go away any time soon. There is a demographic –generally more tech averse – that prefer using call centres. And at the same time, the rise in omnichannel is making human interaction invaluable. This need forces organisations to staff call centres with people who provide a customized service. So how are organizations going to handle this dilemma of security?

What if you could, with a high degree of certainty, know who was on the other side of the line? What if you could reduce the average time of calls, and hence the cost of each call? Call centre authentication and fraud prevention can work hand-in-hand to achieve a positive customer experience without sacrificing identity assurance.

What if you could identify someone using something they have with them all the time – their mobile phone? Using an out-of-band, strong customer authentication solution, you can make the mobile phone a possession factor.

And if you combine that possession factor with a knowledge factor or an inherence factor, you ensure the legitimate owner of that phone, and can continue transacting with peace of mind.

In every industry, organisations will be aiming to improve operational efficiency. But any gains made will all be lost if security is not factored into the equation.

About the Author

Simon RodwaySimon Rodway is an experienced software solutions architect and software developer and has worked on a wide variety of technical and business driven projects. As pre-sales solution consultant at Entersekt, Simon is tasked with supporting their European team in business development across the region. His extensive work experience in the information technology and software development industries, at global companies such as IBM, ensures that he can leverage a refined industry perspective in growing Entersekt’s presence in the European market.

Leave a Comment