We are all conscious of the damage that fraud can cause. Yet, most of us fail to apply techniques that could reduce our exposure.
That’s a problem, as organizations look to shift security burdens—including potential liabilities for noncompliance—toward customers. Within the contact center industry, 2013 research conducted by Davies Hickman Partners on behalf of Sabio and Avaya shows that the public is becoming increasingly security aware, yet does not trust the fraud-avoidance techniques being applied by organizations today.
Thousands of U.K. residents were polled. Some of the core findings included:
Thirty-eight percent are so concerned about fraud in the contact center that it halts their purchases.
Only 5 percent actually consider the contact center a safe place to make credit card payments.
Twelve percent do not register to vote because they don’t wish to disclose potentially sensitive information.
Customers also say that remembering passwords and conforming to the security standards that service providers require is just too difficult. Unsurprisingly, this leads to a number of consequences:
Respondents feel security is applied needlessly. Sixty percent said that organizations ask for security information when there really is no need.
Many people revert to techniques to manage their passwords that compromise the security they are supposed to benefit from (e.g., writing down passwords in a common place or using the same password multiple times).
Despite recognizing the need for security, consumers regard these checks as cumbersome and outdated. Fifty-five percent are irritated by organizations that don’t have a fully integrated contact center, forcing them to repeat security information on a call. While fear of call center fraud has stopped 18 million U.K. consumers from making purchases over the phone with a call center, more than half also say they are put off using a provider if too many passwords and security details are needed.
This problem isn’t going away. Unless organizations—particularly financial institutions, mobile phone companies, and retailers—come up with a more integrated and accessible approach to contact center security, their customers will start switching to different service channels or even alternative providers. Yet, many firms, particularly financial service organizations, are reacting by updating their terms and conditions to put the burden of fraud protection more strongly back on the consumer.
Addressing Security Through Technology
While consumers place the blame squarely at the door of U.K. businesses—and contact centers in particular—they also seem very willing to embrace new technology to help tackle the problem. For instance, while only 5 percent of respondents to the Avaya and Sabio survey think that sharing card details with a human agent is secure, more than four out of five would feel more comfortable entering a password on a keypad to confirm their identity to a contact center agent. Over half (51 percent) would also be happy to use the fast-emerging technology of voice biometrics to authenticate themselves to their bank.
How Self-Service Can Help
Our research shows that the core problem that organizations wrestle with is: how to boost security and compliance without erecting barriers for customers. After all, we can’t overlook the fact that contact centers actually exist to deliver service to customers. Fortunately, self-service can accomplish both goals, using these three tactics:
1. Gather caller intent in order to apply the appropriate security. The use of natural-language call steering at the start of a call allows security to be applied consistently. This enables a more natural dialogue with customers without compromising the protection of data. For example, a self-service dialogue could say:
Self-service: “Thank you for calling the phone company. In a few words, what is the reason for your call today?”
Caller: “I want to talk to someone about my bill.”
The self-service could then collect the appropriate security information. If the caller had said “I want to check roaming charges,” such measures could be skipped.
The core characteristic of this approach is consistency: ensuring that data is collected only when required and that verification status is retained throughout the call. So had the customer been provided with roaming information and then asked for something that required greater security, verification could then be applied. The level of verification can be tuned to the sensitivity of the inquiry. For example, account payments may only require the customer’s date of birth, while carrying out a change to the account may require more detailed verification.
2. Using biometrics to lower the caller load. Voice biometrics is now a mature technology that can validate a person’s identity based upon their voice characteristics rather than the content of their answers. When combined with standard information, this can provide a secure but easy-to-use way to decrease fraud.
Self-service can use voice biometrics in a number of ways, including active verification at the beginning of a call and passive verification during a conversation with an agent. With active verification, the customer is asked to speak a passphrase or other secret information. The verification engine then compares voice characteristics with stored data and will either accept or decline the identity of the caller. With passive verification, audio from the caller is passed to the self-service while the caller is talking to an agent. The agent is then sent a message via his or her computer indicating whether the system authenticates the caller’s identity.
This technology can be very accurate. It is often combined with speech recognition technology to ensure that live user responses are correctly aligned with biometric information. For example:
Self-service: “For security purposes, please say your date of birth.”
Caller: “Twenty-fourth of March, 1975.”
The application would simultaneously check the date of birth as well as the biometric identity. For “liveness testing”—ensuring that fraudsters aren’t using a voice recording of a legitimate speaker—the question can be varied depending on what data the system has stored.
This provides access to contact center services in a secure way. In this example, the customer only needs to speak information that he or she already knows. It is the biometric system that actually ensures organizational security and fraud prevention. Biometrics have been deployed successfully across a number of sectors, including telecoms, wealth management, and financial services. The same technology can also provide security to smartphone and Web transactions.
3. Securing credit card payments. Using consistent and auditable methods, self-service systems can also collect electronic card payments in a user-friendly manner without hurting security. Such systems can be used to take payments in the middle or at the end of a call, where the self-service is used as a secure tool to support the agent interaction.
Self-service payments are the cornerstone of how many organizations comply with Payment Card Industry Data Security Standard (PCI DSS) requirements. In addition, self-service solutions provide security and confidence to callers: 81 percent of respondents to our survey said that they would feel comfortable using midcall self-service for payments and card transactions.
In summary, well-designed self-service solutions can handle payments and other secure transactions in a way that is already used successfully by customers. They top current approaches to contact center security that actually get in the way of doing business. The intelligent application of self-service techniques such as biometrics can be a cornerstone of an effective security strategy.