What are some of the customer identity verification processes that contact centres are best advised to put in place for fraud reduction?

An increasing number of customer experience journeys in the 2020s begin with some form of identity verification process. Such customer security processes are about two factors: whether the person reaching out to the contact centre is who they say they are, and whether that person is allowed to do what they are trying to do. 

Until just a few years ago, many businesses relied on trusting that the customer was who they claimed to be – to this end, the contact centre might have only asked for a name and address. 

Since then, however, identity verification processes have come to be seen as critically important. As a consequence, for most calls that are not initial enquiries, the contact centre will now need to verify the caller’s claimed identity by requesting further information that only the real customer would normally know. This is known as knowledge-based authentication, or KBA. 

Amid heightened identity-theft risks, traditional challenge/response approaches may no longer be enough 

The above might have seemed a sturdy enough approach to identity verification by many call centres, at least until recently. But is it enough in an era in which we hear of more and more instances of fraudsters being able to access customers’ personal information, such as mother’s maiden name, date of birth and even payment card details, as can be stolen from websites? 

Indeed, research has found that fraudsters answer knowledge-based questions correctly a large majority of the time – a sure indication that many organisations need to further optimise their identity verification processes in ways that look beyond the traditional challenge/response method. 

What solutions are available to call centres looking to improve their identity verification? 

Identity verification processes used by today’s contact centres are typically based on one or more authentication factors that fall into the following generally accepted categories: 

  • Something the customer knows – e.g., their password, PIN, or other memorable information 

 

  • Something the customer is – a biometric such as a fingerprint, voiceprint or facial recognition

 

  • Something the customer has – a tangible object such as a PIN-generating key fob, the three-digit or four-digit code on payment cards, or a registered phone to which an SMS or another authentication code can be sent 

Combining these factors allows for the creation of a more complex, and potentially more secure two-factor or three-factor (2FA/3FA) authentication process. However, it can also often be quite inconvenient and time-consuming for customers. 

It might therefore be beneficial for the customer experience if there is an ability to rely on previously enrolled voice features, or to have the calling device, location, and other factors assessed pre-call. This would free up the customer from having to remember various pieces of information, or to carry around a code-generating device. 

The threat landscape is changing rapidly, and contact centres need to evolve their approaches just as quickly to keep pace with it. To this end, your organisation might look more seriously at such potential methods as voice verification systems and ‘phoneprinting’, the latter otherwise known as call signalling analysis. 

A voice verification system uses spoken words to generate a ‘voiceprint’, with each subsequent call able to be compared to a previously enrolled voiceprint to verify the customer’s identity. Call signalling analysis, meanwhile, is the process by which the metadata surrounding a call can be looked at. This enables the identification of potentially fraudulent and suspicious calls that the business can then choose to handle differently. 

Artificial intelligence (AI) and machine learning have also come into their own in recent years, being incorporated into the most sophisticated fraud detection solutions to identify fraudulent transactions and analyse cases where legitimate users fail the authentication attempt. This can feed into improvements of both security and the customer experience. 

Would you like to gain further insights into how your contact centre can optimise customer experience and security? 

Ultimately, a contact centre will be able to achieve the strongest security by putting in place multifactor authentication around voice biometrics, device authentication, shared information about fraudsters, and customer behaviour such as keypress analysis and call patterns. 

Our 2023 “Contact Centre Decision-Makers’ Guides” are now available to download for both UK and US-based organisations. The “Fraud Reduction and PCI Compliance” chapters within this could contain invaluable lessons for your business’s efforts to enhance security arrangements and the all-round customer experience.