Security in the contact centre

As you may have seen via the BBC recently, lax security within a contact centre environment can lead not only to customer accounts being compromised, but also to significant fines from regulatory organisations. The increasing sophistication of fraudsters means it’s no longer acceptable, or even feasible, to rely solely on knowledge-based authentication (KBA). When it comes to identity verification, answers to questions about your date of birth and your mother’s maiden name just don’t cut it anymore. Of course, the problem with using less common knowledge is that people often forget, leading to around three out of 10 manual (call-taker-led) identity checks being suspect. Answering so-called ‘secret questions’ once seemed almost inquisition-like, in the sense that you could only imagine giving up those details under torture. Torquemada’s ghost might give you nightmares, but far more frightening is the ease with which personal details can be quarried online, through the plethora of social media sites where your data is just there for the taking. Excuse me for extending the metaphor but fraudsters don’t need to find the mother lode as it’s easy enough for them to go panning for gold (i.e., your personal data). And if that isn’t bad enough, social engineering means what’s not available on Facebook can be gained easily through what might seem to be an innocent conversation with a stranger, on-line or in person. I’m not saying that PIN and passwords are the root of all evil, but they might be. Many of the security issues seen today originate with compromised passwords. There are countless statistics to back up that assertion, which should provide even more cause for concern in relation to KBA. If you don’t believe me, just look at the annual report on the most commonly used passwords. The top 5 include such classics as “123456”, “qwerty” and the ever-present “password”. I’m not sure what’s worse, that people use these passwords or that they happily share their passwords with a researcher. The problem with complex passwords is that they are easily forgotten. In fact, they are almost impossible to remember – unless you’re Solomon Shereshevsky. If you do have a memorable password, it’s more likely to be compromised, because you’re likely to be using it across multiple sites and services. The United States National Institute for Standards and Technology (NIST) has produced new guidelines for the use of passwords (you can find that here), but its advice goes beyond memorised secrets* to suggest that multi-factor authentication (MFA) becomes an integral part of service providers’ log-in policies.MFA requires users to present at least two credentials to authenticate: something they know (like a password), something they have (like a token) and something they are (like a fingerprint or voiceprint). Now, that’s all very well if you’re transacting on-line or in person at say, a credit union branch in the United States. However, tokens and fingerprints are of little use when communicating remotely over the phone. That’s where voice biometrics (voiceprints) comes into its own, because it can be used in two ways, which makes it extremely versatile – and multi-factor. Callers can authenticate themselves by, for example, speaking a passphrase over the phone and having their voice verified by comparison with a saved voiceprint. Users can also be asked to repeat a random digit sequence (effectively a token), which can be prompted on the phone or sent via SMS, thus creating an additional factor which can then be verified by a combination of voice biometrics and speech recognition. A voice biometrics approach not only removes the burden on customers to remember passwords, but also leads to reduced verification times and increased rates of successful verification. Three in 10 equates to an error rate of 30%. If a voice biometrics-based solution offers a mere 90% accuracy (state-of-the-art systems will offer in excess of 99%), the error rate is reduced to one in 10 and the business is three times more secure. If you are thinking of introducing voice biometrics for identity verification in your business, and would like to discuss your requirements, contact one of our consultants today. Notes: *[A Memorised Secret authenticator — commonly referred to as a password or, if numeric, a PIN — is a secret value intended to be chosen and memorised by the user. Memorised secrets need to be of sufficient complexity and secrecy so that it would be impractical for an attacker to guess or otherwise discover the correct secret value. A memorised secret is something you know.]

Useful links:


The Aculab blog

News, views and industry insights from Aculab

  • The Future of Communications: React Native SDK from Aculab

    Having access to quality, and trust-worthy digital communication platforms is essential in the contemporary business world. That’s why here at Aculab, we have employed the use of React Native – integrated into the WebRTC browser interface, we provide bespoke, human-centered, voice and video communication options

    Continue reading

  • The Future of Finance: Unlocking the Power of Biometrics

    Biometric technology works by using unique biological characteristics to identify individuals. Through its use of sensors and algorithms, it can capture and analyse biometric data and compare it with stored data to confirm an individual’s identity.

    Continue reading

  • The Big Switch Off Is Happening. Are You Ready?

    What Exactly Is The Big Switch Off?

    The Big Switch Off refers to the growing phase-out of BT’s Public Switched Telephone Network (PSTN) and Integrated Services Digital Network (ISDN). Businesses and homeowners will no longer be able to acquire PSTN and ISDN connections after September 2023, followed by the old technology being completely phased out and switched off by December 2025.

    Continue reading

  • 3 Ways Cloud Voice & Messaging Save a Business Time

    When we think of business voice call technology, we often imagine traditional phone calls, placed by a person with hundreds of calls on their list. Advancements in voice technology, particularly driven by the cloud, have changed the way we approach such situations.

    Continue reading

  • 5 Reasons to Use ApplianX in Your Migration Strategy

    Gateways have an important role to play in assisting in the migration from TDM solutions to IP based networks, by connecting them together with ease. Here are five reasons why you should consider using gateways as part of your migration plan.

    Continue reading