Customer Identity Authentication: Best Practices in Reducing Identity Theft, Fraud & Risk
A Practitioner’s Guide & Software Selection Criteria
Customer Identity Authentication in the age of digital interaction, customer engagement and commerce is a highly necessary component in protecting customers from fraud as well as for managing business risk. While many organizations often consider a certain percentage of fraudulent transactions as an acceptable (risk calculation) cost of doing business, the bigger issue is how to prevent fraud and identity-theft related losses while enhancing the trust, quality and security of the customer experience.
Two distinct – and possibly conflicting – motivations overshadow the discussion on customer identification authentication (CIA). On the one hand, organizations want to improve customer service, which means dealing with contact center queries quickly and efficiently. On the other, organizations want to improve risk management. That means limiting to as small a percentage as possible fraudulent attempts at credit card purchases, identify theft, prescription drug misuse, or other crimes. These two motivations overlap sometimes as well: organizations strive to assure customers that their call-center processes keep personal information safe and secure.
Organizations increasingly face problems with the way they current conduct CIA, however. In today’s call center, CIA involves a variety of options. One option is passwords, which can be hacked or forgotten. Another option is knowledge-based authentication (KBA), in which customers respond to questions that only they know the answer to. These can be static (i.e., pre-determined) or dynamic (i.e., generated at the time from background information).
Another option: ANI, or automatic number identification. If someone calls in on a number not already associated with the account, the call is flagged as a risk – even though it may be an actual customer calling in from a mobile phone, a hotel room, or an office. These are all fairly established methods. Another option is out-of-band authentication (OOBA); for more on this option, see case study two, “E-Commerce Vendor: The Value of Out-of-Band Authentication.”
Accuracy, Security, Cost & Customer Effort
The problem: all of these either take too long, or cost too much, and or are intensely disliked by customers (for instance, the answer to the question “who’s your favorite author?” might not be the same in 2015 that it was in 2010). The authentication process can take from 30 to 120 seconds, while customers’ preferred waiting time is just 60 seconds. In addition, we estimate that it costs 50 cents to authenticate each customer in the contact-center environment. Furthermore, industry estimates peg the percentage of calls because of “account lockouts” – that is, failure of passwords or challenge questions – at anywhere from 15 to 20 percent of calls, averaging one per hour per customer service agent.
Figure 1: Percentage (%) of Contact Center Fraud Detected in Near Real Time
©2015 Hypatia Research Group, LLC. All Rights Reserved.
For many years, vendors have promoted biometrics as a way to ensure authentication of a customer. These methods – which include fingerprint scanners attached to USB ports; retina scans using cameras, again attached to USB ports – tend to be both expensive and or inconvenient. While they are occasionally used in high-end security facilities and law enforcement, they have failed to gain traction in the part of the marketplace where cost is crucial, such as office workers. However, they are still viable in high-cost transactions, such as corporate wire transfers, or in law enforcement identification scenarios.
There’s one more option, which we’ve chosen to focus on in this report: voice. Voice-based customer identification authentication is becoming not only more popular with customers for its ease of use, but also more cost-effective for brands to utilize, thanks to several technological trends:
Advanced Analytics & Algorithms. A few years ago, algorithms required anywhere between 100 and 200 kilobytes of data to create a viable voiceprint. Now that amount is down to 5 kilobytes.
Processors. Systems use algorithms to match the speaker’s voice to voiceprints on file. Today’s faster processors make the analysis to confirm various aspects of the voice faster than ever before.
Storage: Cloud & On Premise. While organizations store voiceprints in databases that also have improved performance, what’s more important is that, with the cost of cloud and hard disks going down, the cost of storing an expanding library of voiceprints is less than ever before.
Smartphones. This is the big change. In addition to the voice quality on most wireless networks improving, smartphones are now ubiquitous. That means that whenever customers (or employees) want to access personal information, they carry with them a device that can transmit their voice clearly and effectively.
That’s why voice-based customer identification authentication is increasingly becoming the method of choice for a variety of industries. A voice print maps both physical and behavioral characteristics. Physical characteristics contribute to a print based on the shape of the vocal tract, the mouth, and the nasal passages. Behavioral characteristics include pronunciation accents, emphasis, speed, and gender.
Vendors evaluated in this study include:
- Voice Biometrics Group
It’s simpler than other authentication methods, such as passwords and PINs. It’s also faster and less intrusive. It can have a strong impact on operational efficiency, by reducing the time and cost of authentication, as well as the time and cost of fraud investigation.
The results from organizations that have already adopted it are encouraging; one telecommunications company [Vodafone] calculated that it has reduced its average hold time by 24 seconds; another [T-Mobile] has said it has increased customer satisfaction by 20 percent.
In this report, we’ll look at the various aspects of voice-based CIA, including:
• The state of the market, including industries committed to it;
• Major software vendors providing CIA solutions & technology;
• Results of Hypatia Research Group’s global survey focused on customer identity authentication;
• What to consider in the purchase and deployment of CIA technology;
• Other deployment issues to consider;
• Customer usage and return on investment assessments.
©2015 Hypatia Research Group, LLC. All Rights Reserved. “Customer Identity Authentication: Best Practices in Avoiding Identity Theft, Fraud & Risk“–A Practitioner’s Guide & Vendor Selection Criteria to Reducing Identity Theft, Fraud & Risk