Caller authentication and identification for contact centres

Contact centres have never been busier, nor more crucial to the success of the organisations they serve. That is the good news. The bad news is they have also never been more popular as targets for identity fraud.

“The confluence of shorter job tenure and reduced training periods has combined to make call and contact centres more vulnerable to fraudsters,” according to PYMNTS, a global leader for data, news and insights on innovation in the connected economy¹.

That is supported by a study that showed contact centre fraud soared by 350% between 2013 and 2019², while Yahoo! Finance recently reported that fraudsters targeting agent-led authentication over the phone had contributed to a $5.8 billion increase in consumer fraud losses in 2021, a 70% increase on the previous year³.

Given such losses, it is no surprise a growing number of contact centres are investing in technologies that allow customers to verify their identity without needing to interact with human agents or present any physical material. Known as caller authentication and identification, the solution is saving businesses time and money, increasing customer satisfaction and reducing the risk of fraud.

What is caller authentication?

Caller authentication is the process of verifying the identity of a caller before granting them access to sensitive information or services. This crucial step in customer service and contact centre operations ensures that only authorised individuals can interact with your systems, thereby protecting both the customer's personal data and the organisation's confidential information.

In practice, caller authentication can involve various methods, such as:

• Knowledge-based authentication (KBA): asking the caller to provide personal information or answer security questions.
• One-time passwords (OTPs): sending a unique code to the caller’s registered device that they must provide during the call. 
• Biometric verification: using voice recognition technology to match the caller's voice with a stored voiceprint. 
• Multi-factor authentication (MFA): combining two or more verification methods, such as KBA and OTPs, for enhanced security.

Effective caller authentication helps prevent fraud, enhances customer trust and ensures compliance with data protection regulations. By implementing robust authentication processes, organisations can safeguard their operations and maintain the integrity of customer interactions.

How caller authentication works in contact centres

Caller authentication in contact centres involves a series of steps designed to verify the identity of the caller before providing access to sensitive information or services. Here’s how it typically works:

• Initial contact

When a caller contacts the centre, they are greeted by an automated system or a customer service representative. The system or representative initiates the authentication process to verify the caller’s identity.

• Verification methods

Several methods can be used to authenticate callers, often combining multiple techniques for enhanced security. These methods include asking the caller to provide personal information, sending a one-time password (OTP) to their registered device or using biometric verification like voice recognition.

• Authentication confirmation

Once the caller provides the necessary information or verification codes, the system cross-references these details with the records on file. If the information matches, the caller’s identity is confirmed.

• Access granted

After successful authentication, the caller is granted access to their account information or the services they requested. The customer service representative can then assist the caller with their request, ensuring that sensitive data remains secure.

• Continuous monitoring

Throughout the interaction, advanced systems continuously monitor for any signs of suspicious activity or fraud. If any anomalies are detected, additional verification steps may be triggered to ensure security.

Effective caller authentication in contact centres not only protects sensitive information but also builds customer trust by ensuring that personal data is handled securely. By implementing robust authentication processes, contact centres can enhance security, prevent fraud and deliver a seamless customer experience.

What is the difference between identification and authentication?

In the context of security and access control, identification and authentication are two distinct but closely related processes. Understanding the difference between the two is essential for ensuring the security of sensitive information and systems.

• Identification

Identification is the process of claiming an identity. It involves the user or caller providing information that identifies them, such as a username, account number or email address. This step is essentially about stating who you are. Identification does not prove the person is who they claim to be; it simply associates the user with a unique identifier.

• Authentication

Authentication is the process of verifying the claimed identity. It involves validating the user's identity by checking credentials or using verification methods such as passwords, security questions, one-time passwords (OTPs) or biometric data like fingerprints or voice recognition. Authentication confirms that the user is indeed the person they claim to be, based on the information provided during identification.

Key differences between identification and authentication

• Purpose: identification is about stating an identity, while authentication is about proving that identity.
• Process: identification involves providing an identifier (e.g., username), whereas authentication requires validating that identifier with additional credentials (e.g., password, OTP).
• Security level: identification alone does not provide security. It is the authentication process that ensures the security by confirming the identity.

In summary, identification asks, "Who are you?" and authentication asks, "Can you prove it?". Both steps are crucial for maintaining security in systems and processes that handle sensitive information.

Caller identification and authentication for contact centres’ best practices

Implementing robust caller identification and authentication processes helps protect sensitive information and maintain customer trust. Here are some best practices for effective caller identification and authentication in contact centres:

• Use multi-factor authentication (MFA)

Combining multiple verification methods, such as knowledge-based questions, one-time passwords (OTPs) and biometric verification, significantly enhances security. MFA makes it harder for unauthorised individuals to gain access.

• Implement knowledge-based authentication (KBA)

Ask callers to answer security questions based on information only they should know. Ensure these questions are challenging enough to deter potential fraudsters but not too difficult for legitimate customers.

• Utilise biometric verification

Incorporate biometric technologies like voice recognition to add an extra layer of security. Biometric data is unique to each individual and can be a reliable method for verifying identity.

• Regularly update security protocols

Continuously review and update your authentication and identification protocols to address emerging threats. Implementing the latest security technologies and practices helps stay ahead of potential vulnerabilities.

• Educate and train staff

Ensure that customer service representatives are well-trained in authentication and identification procedures. They should be able to recognise red flags and handle verification processes efficiently.

• Monitor and analyse call patterns

Use advanced analytics to monitor call patterns and detect any unusual activity. This proactive approach helps identify potential security breaches early and take appropriate action.

• Ensure compliance with regulations

Stay informed about data protection regulations and ensure your identification and authentication processes comply with these standards. This not only protects customer data but also avoids legal repercussions.

• Maintain a secure customer database

Keep customer information secure with encryption and other protective measures. Ensure that only authorised personnel have access to sensitive data and regularly audit access controls.

• Provide clear communication

Inform customers about the identification and authentication processes. Clear communication helps them understand the importance of these steps and reduces frustration during interactions.

• Test and improve continuously

Regularly test your authentication systems and procedures to identify weaknesses. Gather feedback from both customers and staff to continuously improve the process.

Differences between normal caller identification and Oration’s Identify feature

In the realm of contact centre operations, caller identification and authentication are critical for ensuring security and efficiency. While traditional caller identification methods focus on basic verification steps, Oration's Identify feature elevates the process with advanced capabilities. Here's how they differ:

Normal caller identification

Normal caller identification typically involves basic steps to verify a caller's identity. These might include:

• Asking standard questions: callers are asked to provide personal information such as their name, account number or date of birth.
• Manual verification: customer service representatives manually verify the provided information against the records.
• Multiple questions: often, several questions are required to confirm identity, which can increase handling time and customer frustration.

Identify feature for call routing

The Identify feature, part of the cloud-based call routing plug-in Oration, offers an efficient approach to caller identification and authentication:

• Streamlined verification: callers can confirm their identity by speaking their account or phone number, potentially reducing handling time.
• Voice biometrics option: for additional security, voice pattern authentication is available.
• Data security: identity data is encrypted and not stored at rest, helping to protect private information.
• Enrolment process: new users can enrol in biometrics by speaking their mobile number three times when prompted.
• Flexible verification: for non-enrolled callers, the system can request various identification details (e.g., name, date of birth, address) with adjustable matching criteria.
• Agent tools: agents can initiate biometric enrollment for callers with a single action.

This feature aims to improve the verification process and enhance security while providing a straightforward experience for callers.

Summary

In a world where fraudsters are becoming more savvy, it is reassuring to know the likes of Convai are raising the bar for contact centre security. Caller authentication and identification are allowing companies to minimise risks without sacrificing the quality and range of services they offer their customers. If anything, implementing call centre authentication best practices is boosting customer satisfaction by saving time, increasing security and improving CX.

The past couple of years have been a time of unprecedented change for contact centres. Discover the challenges being faced, the wins being enjoyed and how leaders and their teams can use innovation to stay ahead of their competitors.

References:
[1] Call Centers Become Target for Identity Fraud | PYMNTS.com
[2] 25 Indicators of Fraud on Inbound Calls | CallMiner
[3] Survey Finds Call Center Threat Activity Rising (yahoo.com)