When customers call contact centers, they just want to have their questions answered or their problems solved without needlessly being bogged down by cumbersome authentication, especially if they have to repeat the process more than once for the same issue during the same call. And functioning as an interrogator is also one of the worst parts of a contact center employee's job.
As chip credit cards make retail fraud more difficult, criminals are increasing their attacks on call centers. Meanwhile, contact centers employing knowledge-based authentication make it easier than ever for criminals to socially engineer call center agents and take over customer accounts.
In this webinar industry experts discuss:
- The latest methods fraudsters are using to attack contact centers
- Key findings from CCW's Elevating Call Center Performance report and the 2019 State of Call Center Authentication survey
- How ownership-factor authentication has proven to be a more secure and customer-centric model for call center fraud prevention
Ladies and gentlemen, it is time! Welcome to today's webinar, why fraudsters love your contact center and why your customers hate it. It's brought to you by Neustar TRUSTID and CCW Digital. What a title, right, ladies and gentlemen? Unfortunately it's not hyperbole, it's absolutely true. The contact center is not simply vulnerable to fraud, it's actually the target for fraud.
And what makes matters so much worse is that the conventional way we go about securing our contact centers may actually be exacerbating the problem. It's making it easier for fraudsters to prey on our contact center, easier for them to attack our customer data, easier for them to cause us to lose our customer trust.
Now I know that starting off in such a bleak picture is probably not the most exciting way to start a webinar, but the sad reality is it's about to get bleaker because while we focus on this question about security, we also have to think about the challenge of delivering a better customer experience, a better agent experience. We know that both sides are really demanding more from our brands, and so to put it simply, we have a lot of work to do on that front while also working to better secure our contact centers.
State of Authentication
But that's why you're on this webinar, because over the course of the next discussion, we're going to be helping you share-- we're helping you through this by sharing research, diving deep into the state of authentication, and then sharing real world examples of success. Now as a reminder, this session is being recorded and you can submit questions at any time using the console on your screen. Without further ado, let's dive in.
Now as I alluded to, what makes it particularly challenging here is that we're not in a position where we can have a trade-off between speed and security, where we can be customer-centric or more secure. You have to focus on both. Now to walk through what I mean by that, let's take, for example, the fact that customers are demanding fast and frictionless experiences. We all know that you read the articles, you read the books, you see the webinars, that's pretty undeniable.
Yet when you take into account all the hype over data breaches and data misuse, customers are also more concerned than ever about the safety and security of their data. And so while they're demanding more efficient experiences, they're also demanding more secure ones. We could say the same about our agents, right? They are looking for more meaningful engagements with customers. They want that complex work that we're always talking about.
And yet from a day-to-day perspective, they fear the possibility of fraudulent interactions coming on their doorstep, fraudsters getting through based on what they were doing. And so while they're thinking about how they can focus on the real conversation, they know they play a vital role in security.
And then finally, if you think about the contact center, we may have ditched the call center stigma, but we're still very much focused on becoming profitable and deriving value from our contact centers, so we want to be as efficient as possible. And yet because fraudsters are becoming so aggressive and so sophisticated and so clever with how they attempt to attack our contact centers, we obviously need to make sure that we're bolstering security at the same time.
And so to put it simply, we have to be efficient, we have to be customer and agent-centric, we have to think about the business, but we also have to make sure that we're elevating security.
Now over the course of this webinar, we have some great speakers who are going to walk you through the discussion. First, you recognize my voice, you heard my energy there, you're ready to go, you know CCW digital. I'm Brian Cantor, principal analyst, I'm very passionate about this topic, thrilled to be sharing our research.
But I'm also thrilled to welcome two of our other speakers here. We have Danny from Worldpay who's going to be walking through how his organization has actually approached this issue, as well as Pat from Neustar TRUSTID who's going to be talking about his perspective on the solution side, really evaluating what's going on in the authentication space, what's happening when it comes to contact center fraud, and how he's working with so many different organizations across so many different industries to really make a difference and make the customer experience process more secure. Now Danny, how's everything going?
Hi, Brian. Everything's going great.
And Pat, same to you, you know, excited for today's discussion?
Always. This is great, Brian, thanks.
Consequences of Knowledge-based Authentication
Great. Well I'm thrilled to have you, our audience is very lucky to have your insights here you're going to be sharing again from such a variety of different perspectives, can't wait to dive in. So to start things off, I want to go through some basic research that really set some context for why we're even having this discussion. Now if you read our recent CCW digital market study, you know that two of the biggest pain points that customers are facing are long wait times and needing to repeat information.
Now both are textbook consequences of knowledge-based authentication. When you think of those repeated questions-- oh, what's your mother's maiden name or what's your zip code or those kinds of questions when you're trying to get through to talk about a real issue, those are those questions that lead to more inefficient, slower experiences, and since you're doing it time and time again, it gets to the point of feeling repetitive. Why do I have to keep answering these same questions? Don't you know me better than this? That really sends the wrong message to your customers while directly tying into what's frustrating them throughout the experience.
Downsides of Interrogating your Best Customers
And here's really a great quote that really puts into perspective from a top 10 bank. You have a senior vice president mentioning how they spent a few minutes to interrogate their best customers, the ones with lifetime value, the ones they absolutely care about. And so that few-minute process, those are the longest few minutes in the world for them, because that means that's a few minutes where you're not showing appreciation for/love for/trust in your customers, and you're not creating a great experience for them in the process. That really hammers home, again, why KBA and these more conventional knowledge-based authentication practices are just not getting the job done for organizations.
Now another bleak reality here in the contact center is that agents are just not as productive as we need them to be. Only 32% of companies per hour CCW research say that their agents are spending most of their days meaningfully engaging with customers. And naturally that means that agent productivity rate is one of their big performance gaps in focus areas for-- in the status quo right now.
Now when you think about what agents are doing, when they're asking those repetitive KBA questions, when they're trying to perform a task that they're not good at, being some sort of fraud cop and really identifying whether these customers are valid or not, guess what they're not doing. They're not connecting with your customers, they're not engaging in meaningful conversation, they're not building relationships. They're coming across the wrong way, and not only are they therefore not productive, they're also getting frustrated, they're getting dissatisfied, disillusioned with their role in the context center space, and that's, of course, bad news.
And now let's face it, though. You may be saying, OK, Brian, yes, maybe the experience is a little bit slower than we would like, maybe agents have to ask a few more questions than they enjoy asking, but if it leads to better security, isn't it worth it? If it makes customers feel safe or if it makes the process feel tighter, then why would we be complaining? Why not take a little bit of a slowdown? Well here's where it gets tricky, because KBA is actually not offering better security, it's not making the process smoother, it's just a net weakness for your organization.
KBA is Not Enough Anymore
Now as I mentioned, we were thrilled to partner with TRUSTID on a variety of research throughout the year, and one of their recent reports, their State of Call Center Authentication for 2019 identifies that there's a good degree of dissatisfaction when it comes to existing authentication measures. And you see that it's rising currently in the status quo, really hammering home the idea that KBA is just not getting the job done, it's not what we're looking for, and organizations are not happy with its impact on either security or the experience.
And what makes it worse and why that is the case is there's a great stat in this report that highlights that 51% of financial companies say that the phone, the traditional call center is what they view as fraudsters' channel of choice, what they're experiencing. And the reason for that is pretty clear-- many of these contact centers are relying on this antiquated KBA, that's how they're approaching authentication.
And because fraudsters have ready access to stolen, personally-identifiable information, they're able to exploit this process. Fraudsters know that if they go in the KBA method, they have a far better way of breaking through the contact center's walls, far higher chance of committing the fraud that they're looking to, taking over the accounts, and essentially doing-- participating in their nefarious activity.
Fraudsters can Prey on Frontline Agents
Now on top of the stolen information they have, they also have the ability to socially engineer agents, because remember, when you're talking about KBA you're talking about human agents, frontline workers who are not necessarily trained in security, but are trained to be as friendly as possible to customers, try and make the experience as enjoyable as possible for them.
And so these people are very vulnerable to clever criminals who want to be able to get through the call, they can manipulate them. So even if they didn't have the data, that doesn't mean you're safe. Fraudsters can prey on the fact that frontline agents are right there, they can take advantage and ultimately they can exploit the contact center and weaken your relationship with your customers.
As you see here, again, just really hammering home more research here. 73% of fraud out there is actually involving personal-identifying information, and so the fact that fraudsters are able to get this information really speaks to the fact that it's not a secure method. If the information exists, if it's out there, if it's attainable for fraudsters, you can't rely on it to protect your customers because it's fundamentally insecure information, fundamentally not achieving what we want it to achieve.
And another slide here really just hammering home exactly how readily available this information is. I mean I'm sure many of you listening have gotten those emails where they try to phish you, they try to manipulate you into some sort of bitcoin scam or whatever, and they reference a password, they reference some identifiable information that you've shared at some point, they're trying to get you scared like, oh my god, maybe they hacked my account, but in reality, the fact is this data is just so readily available, that they have it at their disposal.
And so when an orchestrated fraudster wants to contact a contact center, try and take over your account, there's a very good chance that they're going to have the information they're looking for, and so it can be exceedingly difficult to use KBA to really vet them and keep them from achieving what they're trying to achieve.
Human Nature of the Call Center
And just really hammering home here, the idea is that the human nature of the call center is kind of going to fundamentally be vulnerable in these cases. Just the idea that we're relying on humans here means that there is going to be error associated with this, there is going to be frustration. It's very hard to have a human-based authentication process that doesn't have some of these vulnerabilities.
Now on top of that, you also want to consider the fact that per of the TRUSTID reports, 40% say that attacks are coming via virtual calls. And so that's a really important statistic because it means that when you're starting to consider other mechanisms for combating fraud, when you're starting to think about other authentication pathways, you need to be very careful about the technology you're choosing to use and the methodology you're choosing to use, because there are other ways for fraudsters to really exploit the contact center beyond just spoofing or guessing customer information. And so it's really important to know this, because it's going to dictate your ability to choose the right provider, your ability to prepare your agents and your teams correctly.
Essentially what this all means here is that it's pretty clear that KBA is ineffective, it's just not what we are looking for from contact center authentication or from a customer experience strategy standpoint. But again, you need more than just a platform that's just going to confirm records, because as I mentioned, when you have fraudsters able to sort of spoof devices or use virtual calls, just relying on that device alone will not really tell you everything you need to know.
You absolutely have to start looking at a process that's going to authenticate a match between both the device and the customer record, but also verify that it's actually the customer who is the one using the device, because if that's not going to happen, then you're really going to struggle to be able to properly know that you're talking to who you're talking to. And when you don't have that assurance, you're unable to secure your contact center, you're very vulnerable to fraud.
Companies Want a Frictionless Authentication
Now one final note here is that 75% of companies believe this needs to happen before the customer reaches the live agent. So again, thinking about the frictionless experience, thinking about what's best for the agent, you want to make sure that this is being done before they get there. And actually, 54% want it to happen even before the call is answered. So they don't even want it to go through the entire IVR process to fully authenticate the customer, they want it to essentially be instant. When that call is answered, when it's picked up, we know that we're talking to who the customer is, or if it's a fraudster, we can at least flag that and proceed however we want to proceed from a security standpoint.
So that walks through some of the key research, some the key talking points and trends, but again, that's research, that's kind of a high-level perspective. Why I'm so glad that Danny's here is he's going to walk through and really let us know is, does this resonate with you in real life, Danny, is this what you want Worldpay really encountered as you were thinking about ways to better secure your customers, better secure your data?
Thanks, Brian. Really appreciate the context here. So my name is Danny Rodocker and I work for Worldpay from FIS. And what we're all about is helping to advance the way the world pays, banks, and invests. And my role within our organization as a process optimization analyst is to support our US contacts in our operation with focusing on obviously improving the processes through technology, people, and the process changes surrounding the technology advancement. So improving our telephony technology stack, particularly our IVR systems.
How Can We Streamline the Authentication Process?
So today, mainly about our ID&V journey. So our authentication journey, so where we were and where we're at currently and where we hope to go. So what we found through our journey is that there's a real need to layer authentication factors. So whether it be technology improvements, people improvements-- so training, or process improvement-- so how can we streamline processes, how can we gather that information as Brian alluded to prior to the call even being answered. How do we mitigate the risk of self-services within the IVR, as well as streamline the processes by with our agents have to execute on.
So how we do that is essentially reducing the amount of knowledge base authentication questions due to the fact that they've been compromised over recent years with various data breaches as I'm sure everyone has heard about throughout the news cycle. We know a lot of our information today that we use to authenticate has been compromised, therefore making it useless for us to use for authentication purposes.
So how we have proceeded is moving from KBA and starting to layer in factors such as TRUSTID within our systems. So we're-- and then we're also layering in the components of TRUSTID in a very unique way. So we're taking data elements and then acting on those within the IVR, and then also making decisions off of what additional authentication factors the agents have to choose prior to proceeding with the call.
So we do a lot of this through computer telephony integrations, or a screen pop as a lot of people know that. So we internally do some account look-ups and then are pulling back associated account details on the account, but within that, we're taking into consideration the results of the trusted API. So we have that path of authentication layer in place to assist our advisors with that screen pop, and then they're interacting with that, and we're actually able to record all of that information for each and every call, therefore making it very effective to coach and teach on the people and process side of things.
So continuous evolution is a key component of our journey, right? If we were able to solve it and forget it, that would be great. Unfortunately the fraudsters continue to evolve their processes, therefore we have to stay on our toes and continually evolve our own processes to stay one step ahead. So iterating our technology improvements, but also keeping the training very in front of agent's face as to not to get socially engineered or what to look at or look for, and then looking for that next best thing to ask rather than knowledge-based authentication questions.
So it's all about reducing the customer and agent effort to authenticate, right? As Brian alluded to earlier, there's a lot of frustration around the time spent authenticating and repeating of information. So when we first started our journey about two-and-a-half years ago, folks were entering in associated account information, and then we're actually having to repeat all of that information to our advisors, and that was a very arduous task to ask each and every customer. So the ability to leverage that CTI screen pop has really been a great benefit to our organization.
So last step here is to keep the complexity behind the scenes. So that computer telephony integration has really assisted us in making the authentication process and adding all of those layers of authentication factors in there. It really helps us to layer in all of those factors and have a complex authentication process, but have the actual process advisors and customers go through very simple.
So what I mean by that is essentially there's a variety of factors that could be used in addition to, and through a series of dropdowns and selections and then data elements through TRUSTID and through our own internal database lookups, we're actually able to guide the agent through the authentication process in the most effective and quick way based off the information that was provided from the customer, the path of information that is collected about the phone number that's in session with us, as well as the associated account details on record.
As stated at the beginning, it really is a collaborative effort amongst your organization to drive this through various people activities. So training is a key component. Process improvements in order to support the technology that you're introducing.
Great. Well I want to thank you very much-- I want to thank you very much, Danny, for really walking us through some of the key highlights there, and it's great to see that the research does line up with what you were addressing from the perspective of a real-world financial organization. And we'll get back to you later when you come to some lessons you've learned throughout your journey to actually elevating your authentication process.
But I to quickly turn things over to Pat to really walk through, again, you studied this at the big-picture level, you look across industries, you're very well-versed in a variety of different authentication practices out there. So I want to get your industry expertise about what's going on with authentication and what needs to be top of mind for our listeners today.
Yeah. Sure, thanks, Brian. And Danny, that was great. That was some really good insight, thank you. OK, so how did we get here? That's the big question a lot of folks ask me. How did we get here? So if you think back in the early days of issuing of cards especially, you think about getting a card in the mail, a credit card, debit card, whatever it might have been, and on there was a sticker that said, to activate this card, call from your home phone.
Evolution of Phone Number Identity
And that was the entire process. And the reason is because back in the '50s, '60s, '70s, '80s, '90s, that phone number really was part of a closed and secure phone network. And using that ownership token, the approach of saying that call had to come from within the four walls of a customer's home or that call later, back as time progressed, it came from a cell phone, and it really, really did, because it was a closed and trusted network.
And so the fact that you had a card in your possession and you were calling from that ownership token device called a phone, it authenticated the caller. But about 2003 when the internet connected to the telecommunications network, now you had people who had complete access to look like, act like, and emulate carriers-- and when I say carriers, think of your phone company.
So now I could download some free software and falsify my information, hide who I-- hide my number, change my number make my number look like somebody else, and that gave criminals a really scary ability. It gave them the ability to break the telephone network's trust, it gave them the ability to break the closed nature of the phone network, and that was the start-- that really brought about how do we do this knowledge-based authentication-- we call it knowledge interrogation.
Because now you couldn't trust that number, that the stickers on that credit card/debit card no longer said, call from your home phone, it probably said, go to this URL or call from this number. Then you'd get a live agent, they would put you through questioning processes because that was the way we had to then authenticate it.
So if you think about from 2003 to present, we've only just layered in more knowledge-based authentication. And as we all know, with the data breaches that Brian talked about earlier, it's beatable, right? The bad guys, the bad actors have the answer. So what does all that cause? It really has caused an increase in costs for all of us here. We spend more time and agent and IVR energy. We're wasting our customer's time, and that wasted customer's time as a horrible customer experience. And at the end of the day, it doesn't stop the criminals. As you saw, over 70% of fraud involves PII, so we really have poor security.
Challenges of Virtual Calls and Spoofing
The next-- back over for another additional comment from you, Brian, today, the real threat vector is what's called virtual calls. And I think we all know it's spoofing is. In fact, in a survey we did back at the beginning of 2019, even our surveyed pool of 200-plus experts in the call center space, fraud, and operations, customer experience said, 32% of their risk vector was spoofing, but that same group said virtual calls were 40%.
So for those of you who don't know what virtual calls are, think about a call from Google Voice or from Skype. There's really no authentication of me when I register for that number. It even gets easier when I go to TextNow or Burner or many of these other kind of apps-based solutions where you can download an app, go to a website, and get a real phone number. That real phone number is not spoofed, it's not altered, it really is a real call coming into your contact center, but it's not tied to a real identity, it's not it's not traceable. A thousand people could be using that username and login to generate those virtual calls.
And that's really easy for criminals to do. It makes them anonymous, it makes them untraceable, which is exactly what they want, and it's also very, very low cost, very easy to do. And so frankly if you're enterprise today-- and this is really important-- if you're focusing on stopping spoofing, you're doing exactly what the criminals want. So I think it's important to understand, both of these things need to be addressed if you want to try to do that authentication early, if you want to be able to start using phone numbers as an authentication token.
Clearly from the stats we've shared, clearly from what Danny brought up, clearly what Pat walked through, we have some challenges. We have customer experience challenges, we have an agent experience challenges, and most importantly, we have security challenges. But we have spent about 25 minutes walking through those challenges and what's not going right and why this is such a pressing issue.
How to Improve Call Authentication
What we haven't done and what the next portion of our webinar is going to focus on is how to respond, how to overcome these challenges, what can we do to make our contact centers more secure, more customer-centric, and more agent-centric. And so for that, I'm going to pass it back to Pat to walk through his take on where authentication is going and where your organization's mindset needs to be as you invest in a more secure contact center.
Thanks, Brian. OK, let's talk about how we got here. There are only three ways to authenticate, there's not five or 10. So we've got three ways to do this. Knowledge is the first. We all know the drill, social security number, PINs, date of birth, mother's maiden name and so on. There's also inherent-- so something the user inherently is, something you are, a retinal print, a DNA, right? A fingerprint, a voice bio print. These are all inherent markers.
And then there's ownership. Ownership-- think of a key, a key to a safety deposit box or a phone. It's a physical device. A debit card, a security token, like a RSA key fob, for example. Those are the only ways we can really truly understand who were interacting with either on the phone or in an online session.
So let's just go a little bit deeper here. So knowledge, we know knowledge is problematic from the fact that the information is shared broadly. Inherence is a powerful tool once you get accounts and users registered together. And then there's ownership. If you think about ownership like a football that follows the president, right? That device that should never, ever be used that launches nuclear weapons, that's an ownership token. Ownership typically is the highest quality authentication token you can use, and that's why, for example, for high security access to systems, you'll need that RSA key fob or similar.
Phone, same thing. If you can prove the phone is engaged, or the debit card. Debit card with a chip, credit card with a chip, a very, very high power, high quality ownership physical authentication device.
So let's go a bit deeper into ownership authentication. This is where we think we can provide the biggest impact for our clients' operations. So if you think about a physical device-- and we deal with phones, right? We're talking about phone channel authentication here. There's a lot of things you have to do to make sure that that phone is actually engaged in the interaction, and that's what TRUSTID at Neustar does.
And so if you can turn that phone into a powerful, unique, non-duplicated, non-spoof, non-hack device, now you're doing ownership authentication, and what's great about that is it can happen very, very early into the call flow. And that's what we want to focus. We all know that knowledge is at the end of life-- in fact, the FFIEC would tell you in writing, hey, don't use knowledge-based authentication, it's really broken. And inherence is fantastic, it's the future, it's a great way to go for multi-factor.
So just thinking about ownership, that's the biggest change a person can probably make in their operation, is to move away more from knowledge and focus more on ownership and inherence because that's the multi-factor approach that's going to give you the biggest bang for the buck. It's going to solve security problems, and it's going to be a very, very positive customer and agent and member experience.
So let's go even deeper now into that ownership authentication approach. We provide that ownership certainty, the real proof. We want to know the answer, right? We do that through a process we call the network forensics approach. And the network forensics approach really is about looking at the call end to end from the calling device. So is the call coming from within the four walls of a client's home? Is the call coming from a SIM card registered to an account that's appropriate from the actual cell phone going through the global telephone network? And is it actually connecting to your contact center right now? In other words, is that phone call real?
Our product and our solution works for 100% of the carriers-- landline, voice over IP-- so your cable operators, all that covered. 100% of line type, so this is not just cell phones, right? It's everything. And we want to inspect that call end to end, we want to confirm the call end to end. When that happens now, you've got an authentication token.
And so that really requires that whole end-to-end inspection primarily and really fundamentally to confirm the call is unique. Unique is a really important word in our authentication world, because if I can produce 10,000 keys to my car and hand them out to people with my address on my car's license plate number on there, there's really nothing unique about that key and 10,000 people could walk over to my car and start it. It's even worse with knowledge, right? Well you've got millions of records shared broadly across the whole network of criminals, there's nothing unique about my birthday anymore, I've got it shared on social media.
So what's great about the forensics approach here is we can say, this is unique, it's authentic, it's physical. The calls aren't virtualized, right? We talked about virtualization earlier, which is the idea of real calls, right? They are a real number, they're not spoofed, but they're coming from uncredentialed sources, easy sources to emulate and duplicate. So virtualized calls, we want to make sure the call's not virtualized; of course, not spoofed. We want to make sure it's not shared inappropriately, it's not anonymously provisioned, these are lines that don't require any sort of authentication when the phone number itself is given out.
So you think about some forms of prepaid cell phones that are picked up at a department store, higher risk, right? Are the calls illegitimate or legitimate? In other words, have they been ported or SIM-swapped? There's so many tricks, so many tools, sadly, for the criminals to use to alter and hack these calls, we can say the call is good or the call is not. And that's powerful.
So let's go a little deeper now into pre-answer authentication. As a call comes into your contact center, we refer to it in the left-hand side of the slide as an invalid caller approaching your contact center. The trusted Neustar system will analyze the calls in the global phone network. At the same time, we can also look at that phone number, that ANI, that A-N-I, right? The calling party number and say, hey, in the OneID system, hey, is that linked to a name and address that we know? We understand it has a caller ID situation changed on it recently. Has the address been vetted? Is there fraud on this account-- there's a lot of good things that OneID data can bring into it as well.
So now we're making sure the call is legitimate, we're making sure that number is linked to an account appropriately, that information then is sent in an API response back to the contact center, and they can use the trusted Neustar token for validation. There's also the CRM-matching characteristics from the OneID data, and then there's also going to be a trust indicator saying, this is a very trustworthy number.
It's calling, there's no fraud on it and so on. Down to kind of middle of the road, well, it's a real call, but it's coming from a department store prepaid phone, you may want to be a little bit careful here, down to, hey, this really deserves more investigation, this is where your fraud's going to be. So that trust indicator's powerful.
And so that is going to allow you to have different treatments, right? Different handling processes in your contact center. So we're giving this as an example, and I think this is a pretty good representation of what most of our customers can see. 70% of the calls should get just great service. Start the call, how can I help you? Not, who are you? Powerful, powerful differentiator, right? The agents and associates don't have to invest the time and the money. Your members and customers get to enjoy a frictionless authentication experience.
20% of the call's moderately trusted. Maybe they're calling from a real device, but it's brand new, it's just been turned on, porting just happened. Whatever the rules are that we can agree to here, those can get a little bit more stepped-up authentication, maybe business as usual as you do today, but again, you're going to know probably not a criminal there. In fact, we just don't see fraud in that segment of the population.
What I can tell you, that last 10% there, that's where you're going to need to be able to do stepped-up authentication. All your criminals will be in there. Of course, a lot of good customers will still be in there, but let's say they're calling from a Private Branch Exchange, a PBX or an office that they shouldn't be calling from. So that call doesn't present an authentication token, but I gotta tell you right now, that last 10%, that's where the bad operators will be.
That green part of the call, that 70-plus to 20. So with that authentication token in place, a match to the account, now you get some real results out of that. So we're talking about a 20% reduction in what the contact center has to spend overall, right? You can get rid of the first third of the call, that whole identity interrogation piece goes away.
That obviously increases customer satisfaction. In fact in the post-call surveys, we find that the green trusted caller flow has on average 10 or better percentage points higher in customer sat just from them, because they said, how can I help you? And they get the problem resolved quicker. Also a higher IVR containment. This is huge. If you can keep those six-minute because of the floor, if you can keep them out of the hands of the agents and associates, that's powerful, because six minutes costs a lot of money with a live person.
Secure Caller Flow Empowers the IVR
And also, customers like to get faster resolution. So now in fact, you can also do trickier, more complex and higher-risk interactions in the IVR because that TRUSTID caller flow is so secure. So adding additional cardholders, change of addresses, balance line increases, address changes, these kinds of things that are very high risk can now be handled in the IVR and that's very powerful.
Overall you'll get a 70% reduction in the use of knowledge-based authentication, and security will be at least 25 times better. So we actually see more like 250 times better authentication security in that caller flow. That red flow down below there, that's where you're going to be able to invest a bit more in your fraud-fighting efforts, and you're going to get a much higher ROI because of that.
You don't have to spend your fraud, money, your fraud resources, your fraud agents on that TRUSTID caller flow. You process those calls, take care of the customer, make them happy, drive your revenue growth, and do all the wonderful things you're trying to do, and now use your fraud-fighting tool for this small population down below because that's where the bad guys will be.
Through legitimate solutions, that will, again, hit all the boxes, right? Now it'll force us to make sacrifices. We can increase efficiency, we can drive customer satisfaction, and most importantly, we can elevate our security and our ability to fight fraud. Now Danny, as you alluded to earlier, you have implemented the solution in parts of your organization. So I want to get you to walk through what you've learned from that, why you chose TRUSTID, and what really your perspective is right now on how you're able to improve the authentication experience and create a more secure experience for your customers.
How to Implement Neustar TRUSTID
Yeah, absolutely, Brian, I appreciate it. So I'm going to review a little bit about how we implemented the Neustar TRUSTID solution into our organization. So why passive authentication really made the most sense for us is our advisors are representing various financial institutions for various activities. So we have a wide range of customers, and we are representing various financial institutions which have varying methods of authentication.
So in order to essentially establish a base layer, we felt that it was necessary to invest in that sort of passive authentication solution. And rather than something that kind of holds on to the interaction and then perpetuates to the actual call, TRUSTID-- why we chose TRUSTID was really the ease of integration. So the ability for our security team to look at the API and say, yep, that makes sense, there's no API data being evaluated, it's really just these element of the phone call and the method in which this information is coming back to us. We are then taking things into consideration that TRUSTID is passing back, such as line type.
And then really, the plan is to create a unique experience within our IVRs, as Pat alluded to there, to really continue to drive that benefit through. So how and where we're leveraging that today is within our US fraud operations. So cardholders who are experiencing fraud, contacting our organization on behalf of their FIs-- so we were representing various FIs in this space. And then also within our merchant support operations team. So verifying that folks are calling from where they say they're calling.
And really just driving the additional authentication factors that must be passed or used, as well as the data elements that TRUSTID provides as a result of every call. So the information that's provided back on those API calls is being used to drive that personalized IVR experience as well as the unique and individual authentication protocol that followed for that interaction.
So if the advisor sees on their CPI screen that the inbound caller is trusted green and we're making all these decisions in the background-- so this complexity exists in the background, but they're getting a visual indicator on their screen that these data elements were passed or provided and they were trusted green, so they're really just able to start the call off, like Pat alluded to, with, how may I help you today, right? Rather than going through, asking them to repeat all of that information again.
Importance of cross-functional collaboration
So what we found that were critical to our success and kind of getting this through our organization was not-- with stakeholder buy-in, and it's not just within your operations team, right? It's the security team and walking them through exactly how you're modifying the authentication process. Our training organization, obviously the technology team that has to put the hands to the keyboard and make this integration happen.
So it's really a concerted effort across various teams and silos within your organization, but once they saw the light, it was a pretty straightforward you know sell, essentially, to them. Because-- you can really make this solution personal, because everyone's interacted with some sort of customer support organization, and they've had good experiences and they've had bad experiences. So kind of making it personalized, I found, was the best way to gain that stakeholder buy-in.
So flexibility, again, kind of alludes back to the fraudsters continually evolving. So don't get hung up on one set of authentication factors or one process. You're going to have to continually evaluate and evolve that with your organization's data, but it's all about layering and being flexible with your people, process, and technology. And again, the layering of factors. So finding that balance, really, between security and level of effort.
So callers want security just as much as organizations want security, at least the valid callers do. So really having that level of effort, people aren't-- valid folks are not frustrated by inputting or providing some level of effort, but what you'll find is they do get frustrated when they have to repeat or it takes a long time to do those sorts of things. So listening to your customers and advisors and then adapting quickly based off of that feedback I found was the best way to just layer those factors and then provide benefit back to the organization.
So that's how our organization went through the implementation process and some of the best practices that we found. So I'll hand it off to Pat to kind of talk through how he sees other organizations go through their process.
Push to authenticate customers before the call is answered
Thanks. So we found and we see repeatedly from surveys that the quick and easy authentication really is the way to go-- it rules the day as we say here. On the far left-hand side of the slide you'll see a couple of survey results, the orange being from 2018. And we saw 38% of respondents saying they wanted to authenticate their customers before the call was answered. As we move just a year later to our current year, 2019, that now is up to 54%, I expect that trend to continue.
So if there's one lesson that take away from this, and we see it time and time again, and everything that Danny's been talking about would confirm, that getting the authentication done early, trying to minimize the agent/end customer involvement in that does fantastic things for the organization.
So let's talk TRUSTID piece on the TRUSTID Neustar piece. The authenticated flow on the top, the green, what we call the TRUSTID authentication flow. It is the fastest and strongest way to authenticate. You've got all these calls that are coming in, you don't know who they are on the left-hand side, you put them through the authentication process that TRUSTID provides, and now you've got that strong, really instantaneous pre-answer authentication token.
If you want to layer on multi-factor authentication strategies, you can. And I think what Danny was talking about, layers are important, right? The way you build your systems and having different technologies and different solutions for doing that. Biometrics for knowledge are obviously the most commonly used because there are three factors of authentication.
In the bottom part of this flow here, we refer to it now as a less trusted flow, right? This is where A, the bad guys will be, right? This is where the criminals will be. But here, the what you do, the action steps you can take as to really deploy your next best authentication strategy. So put your resources here, put your fraud-fighting tool resources here, right? Monitoring interactions and transactions and all the tricks you have, that's where you want to deploy those. Don't spend the money, the effort, the time, and the friction on that top flow, spending down below.
Thank you very much, Pat, and of course, thank you very much, Danny, as well. Tremendous insights from start to finish, really letting us know that better security and a better customer experience is a reality. And so as we move past the 45-minute mark, actually, I just want to take a few moments for a brief summary, really recap what we've covered.
So first and foremost, do not approach speed and security as trade-offs. It's not one or the other, because the reality is, customers are not willing to accept the trade-off, businesses cannot accept the trade-off, agents can't accept the trade-off, and the good news is, you don't have to, because if you take a solution like TRUSTID, one that is very much designed with both security and the experience in mind, you're able to maximize both at the same time.
Now the key thing here is-- and I love that Pat just shared that slide breaking out the data, is the best platform is going to rigorously authenticate the customer before they reach the live agent. Remember, the goal here is not just to take authentication of the plate of your organization, it's to take it off the agent's plate, because they're not good at it, they're very vulnerable to fraudsters, and it leads them to be inefficient and frustrated. But you absolutely want to be authenticating heavily and seriously, and that's where great automation-driven solution is going to be very valuable for you.
Now when this happens, the good news is, you're able to really allow them to avoid the repetitive questions that have so long ruined interactions, that have led to creating the most notable, and most notorious pain points within organizations. Those long wait times, those questions that suggest you don't know your customers, those questions that make agents feel more like interrogators than support specialists. You'll be able to say goodbye to those and allow authenticated trusted customers just to move through the experience the way they should be moving through it.
Best of all, fraudsters will be more easily identified, flagged, and stopped. They will have less resources to attack your contact center, they'll have less way to engineer their way in, which means that they will not be targeting you, your contact center will be more secure, and you'll have done it while making your customers and agents happier. And so as you see right there, you're going to see more customer satisfaction, more agents satisfaction, a more efficient business, less fraud, and you put all that together, and you have more trust from everyone involved in your customer experience.
That does bring us a little bit past the 45-minute mark, but-- so we won't be able to get to any live questions right now, but I know Pat, I know Danny will be very thrilled to answer the many questions we've received. And if for whatever reason you do want to get in touch with Pat to learn more about Neustar TRUSTID, more about the state of authentication, his email address, his contact detail's on the screen right now. Make sure to reach out to Pat, the guy knows everything there is to know about this space, he'll be more than happy to assist.
Now again, as we say goodbye to this webinar, of course I want to thank everyone who attended, everyone who submitted questions. I also want to thank Danny and Pat as well as Worldpay and Neustar TRUSTID respectively for bringing these stats, bringing these concerns to life, and really not just saying, OK, here's everything that's wrong with authentication, here's why we're making our customers unhappy, but instead, here's what you can do to make your contact center more secure.
Here's what you can do to create more efficient and customer-centric experiences.
The solution is a reality, and it can be a reality in your organization. Through this webinar I'm so proud they provide a legitimate roadmap for a more secure, more customer-centric, more efficient contact center. And for CCW Digital this has been Brian Cantor, thanks so much for joining us.