Avoiding Fraud & Risk with Multifactor Customer Identity Authentication
Two distinct – and possibly conflicting – motivations overshadow the discussion on customer identification authentication (CIA). On the one hand, organizations want to improve customer service, which means dealing with contact center queries quickly and efficiently. On the other, organizations want to improve risk management. That means limiting to as small a percentage as possible fraudulent attempts at credit card purchases, identify theft, prescription drug misuse, or other crimes. These two motivations overlap sometimes as well: organizations strive to assure customers that their call-center processes keep personal information safe and secure.
Organizations increasingly face problems with the way they current conduct CIA, however. In today’s call center, CIA involves a variety of options.
One option is passwords, which can be hacked or forgotten. Another option is knowledge-based authentication (KBA), in which customers respond to questions that only they know the answer to. These can be static (i.e., pre-determined) or dynamic (i.e., generated at the time from background information).
Another option: ANI, or automatic number identification. If someone calls in on a number not already associated with the account, the call is flagged as a risk – even though it may be an actual customer calling in from a mobile phone, a hotel room, or an office.
These are all fairly established methods. Another option is out-of-band authentication (OOBA); for more on this option, see our business return on investment assessment “E-Commerce Vendor: The Value of Out-of-Band Authentication.”
Accuracy, Security, Cost & Customer Effort
The problem: all of these either take too long, or cost too much, and/or are intensely disliked by customers (for instance, the answer to the question “who’s your favorite author?” might not be the same in 2016 that it was in 2010). The authentication process can take from 30 to 120 seconds, while customers’ preferred waiting time is just 60 seconds. In addition, we estimate that it costs 50 cents to authenticate each customer in the contact-center environment. Furthermore, industry estimates peg the percentage of calls because of “account lockouts” – that is, failure of passwords or challenge questions – at anywhere from 15 to 20 percent of calls, averaging one per hour per customer service agent.
For many years, vendors have promoted biometrics as a way to ensure authentication of a customer. These methods – which include fingerprint scanners attached to USB ports; retina scans using cameras, again attached to USB ports – tend to be both expensive and or inconvenient. While they are occasionally used in high-end security facilities and law enforcement, they have failed to gain traction in the part of the marketplace where cost is crucial, such as office workers. However, they are still viable in high-cost transactions, such as corporate wire transfers, or in law enforcement identification scenarios.
Conclusions
Customer identity authentication in the age of digital interaction, customer engagement and commerce is a highly necessary component of protecting customers from fraud as well as for managing business risk. While many organizations often consider a certain percentage of fraudulent transactions as an acceptable (risk calculation) cost of doing business, the bigger issue is how to prevent fraud and identity-theft related losses while enhancing the trust, quality and security of the customer experience.
There are many types of identity authentication technologies available. Some focus on finding patterns of fraudulent interactions and increasing visibility into these pretenders in order to block them. Others leverage keywords and passwords (KBA), biometrics (fingerprint, voice, retina-scan), and/or multi-factor authentication to name a few. In addition, organizations may have also utilized the following techniques:
- ANI spoofing detection
- Audio Analysis
- Behavior Analytics
- Biometrics
- Context and/or Telephony Analytics
- Dynamic knowledge based authentication KBA (answering a security question)
- Out of Band Authentication (OOBA)
- Speech Analytics
- Static KBA
We recommend businesses deploy authentication methods that are consistent across channels and modes – customers don’t care that you’ve selected different tools for online e-commerce and contact center usage. They think of your brand as one entity, and that’s the face that should be presented. Companies should seriously evaluate investment in voice biometrics technologies for the following reasons:
- Companies may reduce authentication related calls due to customers forgetting passwords by up to $.50 per minute. (Average call time 2 minutes);
- Reduction in false positive fraud and risk alerts has the potential to save businesses significant time and resources spent researching issues; (Estimated 1 in 3,000 calls is fraudulent;
- Customers want secure, consistent and frictionless access to brands they do business with via all channels of interaction: ATM, Call Center, IVR, Mobile, and Online.
©2016-2017 Hypatia Research Group. All Rights Reserved. | “Avoiding Fraud & Risk with Multifactor Customer Identity Authentication” is an excerpt from“Customer Identity Authentication: Best Practices for Avoiding Contact Center Fraud and Risk.” No part of this research study may be repurposed, distributed, translated or published in any format without the express written consent of the Hypatia Research Group, LLC and its management.