Why Fraudsters Love Your Contact Center's Authentication, and Customers Hate It
Reduce the number of challenge questions you ask inbound callers, and you risk more fraud. Ask more questions, and you jeopardize the customer experience. If this zero-sum framework bedevils your organization, you aren’t alone.
A commissioned study conducted by Forrester Consulting on behalf of Neustar (Mitigate Fraud And Consumer Friction With Integrated IDV, February 2019) found that “Many firms struggle to maintain high quality customer experience throughout authentication: 62% of firms have low customer satisfaction and/or an end-user process that is too complicated.”
Think of inbound caller authentication as a multiplier. Done well, it unlocks a cascade of business benefits. If done poorly, it increases your organization’s risk of fraud and degrades your customer experience.
Blame digital properties such as websites and apps
Investments in those channels affect the phone channel. Advances in online fraud prevention technologies goad criminals to experiment and evolve. The crusade against friction in online customer experiences has caused consumers’ expectations to skyrocket. These two trends continue to spur new innovations which drive the cycle on and on.
And inbound caller authentication? It still revolves around the challenge question. The same Forrester study found that 92% of the fraud management decision makers surveyed believe that knowledge-based authentication (KBA) is somewhat or very effective at reducing ID theft and fraud.
If you’re among the 92%, I’ve got bad news for you.
Read: 10 Reasons Why KBA Threatens the Modern Contact Center
What’s at stake with your caller authentication
Fraudsters can buy or find answers to the vast majority of KBA questions. Consumers’ personally identifying information (PII) has either been breached or shared on social media. When the criminal calls in, he will combine PII with social engineering tactics to convince the agent to grant him access to the customer’s account. The fraudster may spoof a customer’s phone number to avoid suspicion, or simply use a virtualized call service (e.g. Skype, Vonage or Google Project Fi) to call from an untraceable phone number.
The TRUSTID 2019 State of Call Center Authentication survey found that virtual call use as a criminal tactic was increasing much faster than call spoofing in the past year. Virtualized calls favor criminals. They’re legitimate, anonymous calls that are inherently invisible to spoof-detection technology. Billions of devices can make these calls from anywhere in the world.
It gets worse. After beating KBA, the fraudster will add his phone number to your customer’s account and then route SMS-based one-time passwords to his device. He’ll take over the account with that password, take advantage of everything in reach, and leave you to clean up the mess.
Unfortunately, you can’t ask inbound callers more challenge questions. Not just because they’re ineffective, but because they jeopardize the customer experience.
More friction for customers
Greeting callers with KBA frustrates them in the moment that they're calling for help. Instead of taking an opportunity to build loyalty, KBA sends the message "We don't know you and we don't trust you." That’s not how you want to greet any customer, let alone higher-value customers who call in frequently.
And yet, when you can’t isolate potential fraudsters from the larger volume of legitimate callers, you have to curtail all callers’ self-service capabilities and subject them to KBA. That’s jarring for customers expecting a smooth, easy experience similar to what they get online. The dissonance puts your organization at a disadvantage with more innovative competitors.
Not only does KBA insult customers, it also injures your income statements. Squandering the first 30-90 seconds of the call on KBA increases average handle time and balloons costs per agent call.
The solution is a change in business process.
Less fraud. Less friction. More functionality.
Authenticate trusted callers before they hear “Hello,” and you can start solving their problems faster. With this approach, the Trusted Caller Flow™, average handle times go down while IVR containment goes up. Trusted callers can be offered self-serve options that are too risky with KBA: money transfers, contact information updates, and even international travel advisories.
And the smaller remaining pool of unauthenticated callers? They get the full focus of your fraud department. Shrinking the proverbial ‘haystack’ reduces friction and optimizes expensive personnel and resources.
This approach complements one of Forrester’s key findings from its study: “Firms expanding integrated identity verification (IDV) are more customer-centric and have more effective IDV overall. While 91% of firms have implemented a combination of offline, online, and device-based [IDV] capabilities, only 49% of firms are actively expanding current capabilities in all three categories. We found this group shows significant maturity in both customer-centricity of fraud strategy and the overall effectiveness of their strategy to reduce fraud.”
In a time when “many contact centers now view growth in terms of improving service rather than expanding size,” contact centers need a cost-effective path toward offering greater functionality without jeopardizing the customer experience or risking more fraud loss. That’s what the Trusted Caller Flow approach provides.
How Neustar can help
Neustar Inbound Authentication improves your organization’s ability to efficiently manage high volumes of consumer interactions by identifying callers—even those calling from a number different than the one in your CRM—using the Neustar OneID® identity platform. In tandem, the solution authenticates callers using industry-leading TRUSTID® technology by determining that each calling device is unique, authentic, physical, and presents little-to-no risk of fraud.
Approximately 90% of your callers are identified and authenticated before they hear “Hello.” You can route them into a Trusted Caller Flow for faster service and higher value self-serve options in your IVR. Only unauthenticated callers will be candidates for your fraud department.
One of the earliest adopters of this process—a large financial institution in the U.S.—cut KBA for those in the Trusted Caller Flow from five questions to one. The 80% reduction in friction and average handle times directly benefits customer experience and operational efficiency.
Fraudsters hate it. Your customers will love it.