Voice biometrics has proved an effective security measure, but early, robust training is crucial
Virtually any entity that has a database—companies, government facilities, colleges—is subject to computer hacking. This hacking provides fraudsters access to personal information that can later be used for identity theft. Anywhere that personally identifiable information—defined as any information that can be used to trace an individual’s identity, such as name, Social Security number (SSN), date and place of birth, or biometric records, and any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information—is kept must be both secure and private. It’s a challenge that becomes greater every year. So where do we start with fraud prevention?
Contact centers are particularly vulnerable due to the number of channels into them, and detection of fraud is difficult without an omnichannel security strategy in place. Caller ID can be easily manipulated. Avivah Litan of Gartner has reported that the knowledge-based authentication (KBA) failure rate is an average of 10 to 15 percent, and at times as high as 30 percent, due to the large amount of public information available on the web and black markets. Even more troubling, Aite Group research estimates that 61 percent of fraud activity can be traced back to the contact center; some financial institutions contend that the figure is as high as 90 percent.
There is quite a lot of technology available to assist fraudsters. Burner mobile phones, anonymous Voice over Internet Protocol connections, breached information available online for a minimal fee, social media, online public records, and numerous customer channels all do their part to make it too easy to rip off companies and their customers. New security measures aren’t a failsafe; criminals simply adjust their strategies. Illustrating this point is a recent study by Financial Fraud Action UK, which found that even while chip cards reduced the fraud rate on “white plastic,” fraud from online charges (“card not present”) has more than doubled.
The root cause of these security failings is the inability to accurately authenticate real customers and reliably identify fraudsters. As technology solution specialists, we are caught between providing superior, personalized customer service and preventing fraud. The reluctance of agents to challenge and possibly offend customers causes them to become unwitting accomplices to fraudsters.
When implemented correctly, voice biometrics (VB) has proved an effective, if expensive, security measure, with only a minimal error rate. The technology extracts personal voice patterns to verify identity, and because of the uniqueness of these patterns, the technology can even distinguish between identical twins. Voice biometrics can be used on calls into a contact center or a speech-driven IVR. The technology does a many-to-one comparison against a known fraud database and either alerts the agent to ask more difficult questions or, if an IVR system is in use, transfers the caller to an agent. This comparison technology is one of the few proactive mechanisms to catch fraudsters.
As good as VB technology is, if the upfront ID process poses only basic questions (e.g., SSN, date of birth, and address), then a fraudster with access to that data could answer the questions and train the system to his voice, giving him free rein to the account. Therefore, the ID process used at the outset of VB training must consist of questions that only the account holder/customer knows, and should not be the same question each time. We recommend that the ID process be difficult enough to deny potential fraudsters access yet easy enough to allow users to train the system sufficiently.
Using a PIN is a lower-cost technology that requires a database and the ability to allow customers to change the PIN on demand. There must also be rules for PINs so that they’re not too easy to decipher, such as no consecutive numbers or duplicate numbers allowed, periodic mandatory PIN updates, etc. The Automatic Number Identifier (ANI) can also be used along with a security question to complete the validation, but again, an accurate database is required.
The stakes are high, as it appears that fraud within the United States is a particularly pressing problem: A British study researching the origin of fraud on UK-issued credit cards revealed that US-based fraud is more than double that of the EU countries.
Fraud and fraud prevention is ever-evolving, with each side engaged in a never-ending arms race. But by researching what other companies and countries are doing to prevent fraud, sharing information, defining fraud patterns, and training contact center agents to a higher standard, fraud can be prevented.
Vicki Broman is the manager of the voice user interface (VUI) design team at eLoyalty, part of the Customer Technology Services division at Teletech.