“Bad guys” seem to be lurking around every corner these days. Whether you are a financial institution protecting people’s money and identities or are defending against fraudulent parties trying to pretend they are your customers, you have to take authentication seriously. And yet you don’t want the identification and verification process to be a burden on your customers or your staff.
The first goal is to keep low risk scenarios simple, quick, and easy so you can spend time on the potentially problematic contacts. Good old CTI can pop screens with flags or codes about authentication success or warnings, and CRM scripts can guide an agent through the right steps. The following technologies can play a role in helping to reduce your risks and smooth the process for all involved.
The common themes of data, intelligence, and rules stand out. Network tools or services work on the front end to evaluate characteristics of contacts and their origin, leveraging databases with defined business rules or even artificial intelligence. Predictive analytics define the probability of fraud which can then be used in smart routing and agent guidance. Self-service tools can have rules on account access, based on changes, number of failed attempts, and multi-factor authentication that is not just about what you know (logins, passwords) but what you have (e.g., mobile phone to receive a code via text) or who you are through biometrics.
For higher risk transactions, best-in-class companies are moving away from the traditional method of knowledge based authentication loaded with time-consuming and potentially irritating—and not necessarily infallible—questions. They use multi-factor authentication, applied intelligently using (lots of) data—both internal and external. They may also use possession (e.g., mobile device) and inherence through things like biometrics (e.g., thumbprint, voiceprint, facial recognition, retina scans). Additional layers for self-service protect access to information while also avoiding unnecessary diversions that compromise self-service success rates and associated costs and the customer experience.
Cross-channel fraud prevention ties in initial activity for someone logged into the web, mobile app, or IVR. An already authenticated customer moves seamlessly and both the customer and the agent know everything is A-OK. A suspect customer from failed logins, flags on the source of the call (e.g., spoofed number), or evidence of repeated attempts to access the IVR can trigger workflows customized to the risk level. Intelligent routing sends the tricky ones to specially trained agents who then rely on technology to guide them through the proper steps. These scenarios use network information, account access history, length of IVR sessions, and more to build smarts into the process.
Analytics after the fact can help to bolster databases of risk factors, and biometrics success can be further boosted by passive enrollment from customer conversations. Alerting and notification tied to analysis of activity can inform customers or risk teams.
As you sidle up to the planning table to design your fraud prevention strategy, you may face a host of unfamiliar terms, technologies, and operational protocols. It can feel like gibberish only experts can understand. You won’t need to speak the language, but you’ll need to be sufficiently versed in it to work with your vendors and IT partners.
In this era when everyone wants to move fast (think cloud solutions!), you need to take your time and involve the right players in deep discussions. Internal and external subject matter experts should get a seat at the planning table to help you assess your risk and define the right approach to deal with it. Work closely with vendors to implement your plan and verify that the tools and processes do the job that you expect of them. Testing may include a variety of elements, such as vulnerability assessment, penetration testing, risk assessment and recovery.