Alternatives to knowledge-based authentication in the contact center –
It is difficult for your customers to remember their PIN, password, or the measurements on the inside of their dog’s paws. Your agents are spending too much time asking these questions and waiting for customers to find slips of paper. The whole process is just a theater of security, offering very little meaningful, yet expected security.
Ten years ago, Opus Research coined the term “smart authentication” to encompass an approach, technologies, and techniques that businesses could use to create better customer and agent experiences that effectively deliver real security. While some companies have had great success taking this approach, it is not without challenges. The most feasible authentication technology at the time was voice biometrics, which proved to be technically complex to integrate while being very secure and efficient in the right use cases. Also, it depended (and remains) on customer enrollment, with the associated privacy implications, and then on frequent enough reminders to justify the investment. In short, authentication based on voice biometrics is not the right answer for everyone.
Phone numbers in the foreground
In search of practical and affordable alternatives, organizations have often turned to Automatic Number Identification (ANI) or Caller Line Identifier (CLI) as a source of authentication. Like the caller’s voice, their phone number is inherent in their way of reaching the call center. Still, there was a major problem. Before mobile phones and number portability were commonplace, however, the challenge was that less than half of all calls to a contact center had a valid ANI and less than half of those matched a known customer record.
Most customers now contact businesses from their mobile, often keeping the same number for decades or even life. Many organizations now use ANI or CLI to identify their customers, either openly or in the background. As a result, it is not uncommon to see over 75% of calls recognized as customers, more than 3 times the rate of 10 years ago, and we expect this will only increase in the future. . Opus Research strongly recommends using ANI as an identifier, especially when paired with strong authentication such as voice biometrics.
ANI for authentication
As an authenticator, you can argue that ANI / CLI represents a factor of ownership because its use signals ownership by the known customer. In most cases, this is complicated because the customer does not own the number itself as it is assigned to the phone users by their telecom operator, who may as well assign it to another handset. With readily available Caller ID spoofing services, a business cannot be sure that the number it receives represents the originating device of the call. There are benign uses of caller ID spoofing, such as providing the appropriate callback number while working remotely. Yet it has become common for fraudsters to exploit weaknesses in a company’s security processes.
To further complicate authentication processes, the world of communications is divided into fixed, mobile, international and toll-free networks, among others. Calls often have to go between many providers, and in many cases businesses are not on the same telecommunications network as their customers. Unfortunately, the standards used by telecommunications service providers date back decades and are not designed with security in mind. Every carrier relies on the implicit trust that their peers are telling the truth. People working with less scrupulous vendors can exploit this weakness so that you really shouldn’t trust the ANI presented to you. This is why we say, “Don’t trust just any ANI”.
Adding AI to ANI is the solution
Fortunately, thanks to partnerships with telecommunications providers and the judicious application of artificial intelligence (in particular, machine learning), the technology now exists that can help you trust ANI.
Opus Research will feature this new category of network authentication and fraud detection in our upcoming Intelliview and Smart Authentication eBook.
Categories: Smart authentication, Articles