right  Talk To Us!

Security in the contact centre

As you may have seen via the BBC recently, lax security within a contact centre environment can lead not only to customer accounts being compromised, but also to significant fines from regulatory organisations. The increasing sophistication of fraudsters means it’s no longer acceptable, or even feasible, to rely solely on knowledge-based authentication (KBA). When it comes to identity verification, answers to questions about your date of birth and your mother’s maiden name just don’t cut it anymore. Of course, the problem with using less common knowledge is that people often forget, leading to around three out of 10 manual (call-taker-led) identity checks being suspect. Answering so-called ‘secret questions’ once seemed almost inquisition-like, in the sense that you could only imagine giving up those details under torture. Torquemada’s ghost might give you nightmares, but far more frightening is the ease with which personal details can be quarried online, through the plethora of social media sites where your data is just there for the taking. Excuse me for extending the metaphor but fraudsters don’t need to find the mother lode as it’s easy enough for them to go panning for gold (i.e., your personal data). And if that isn’t bad enough, social engineering means what’s not available on Facebook can be gained easily through what might seem to be an innocent conversation with a stranger, on-line or in person. I’m not saying that PIN and passwords are the root of all evil, but they might be. Many of the security issues seen today originate with compromised passwords. There are countless statistics to back up that assertion, which should provide even more cause for concern in relation to KBA. If you don’t believe me, just look at the annual report on the most commonly used passwords. The top 5 include such classics as “123456”, “qwerty” and the ever-present “password”. I’m not sure what’s worse, that people use these passwords or that they happily share their passwords with a researcher. The problem with complex passwords is that they are easily forgotten. In fact, they are almost impossible to remember – unless you’re Solomon Shereshevsky. If you do have a memorable password, it’s more likely to be compromised, because you’re likely to be using it across multiple sites and services. The United States National Institute for Standards and Technology (NIST) has produced new guidelines for the use of passwords (you can find that here), but its advice goes beyond memorised secrets* to suggest that multi-factor authentication (MFA) becomes an integral part of service providers’ log-in policies.MFA requires users to present at least two credentials to authenticate: something they know (like a password), something they have (like a token) and something they are (like a fingerprint or voiceprint). Now, that’s all very well if you’re transacting on-line or in person at say, a credit union branch in the United States. However, tokens and fingerprints are of little use when communicating remotely over the phone. That’s where voice biometrics (voiceprints) comes into its own, because it can be used in two ways, which makes it extremely versatile – and multi-factor. Callers can authenticate themselves by, for example, speaking a passphrase over the phone and having their voice verified by comparison with a saved voiceprint. Users can also be asked to repeat a random digit sequence (effectively a token), which can be prompted on the phone or sent via SMS, thus creating an additional factor which can then be verified by a combination of voice biometrics and speech recognition. A voice biometrics approach not only removes the burden on customers to remember passwords, but also leads to reduced verification times and increased rates of successful verification. Three in 10 equates to an error rate of 30%. If a voice biometrics-based solution offers a mere 90% accuracy (state-of-the-art systems will offer in excess of 99%), the error rate is reduced to one in 10 and the business is three times more secure. If you are thinking of introducing voice biometrics for identity verification in your business, and would like to discuss your requirements, contact one of our consultants today. Notes: *[A Memorised Secret authenticator — commonly referred to as a password or, if numeric, a PIN — is a secret value intended to be chosen and memorised by the user. Memorised secrets need to be of sufficient complexity and secrecy so that it would be impractical for an attacker to guess or otherwise discover the correct secret value. A memorised secret is something you know.]

Useful links:

Archive

The Aculab blog

News, views and industry insights from Aculab

  • The End of the PSTN in the US

    As the technical world has evolved, so has the way we communicate. The gradual, global transition away from the Public Switched Telephone Network (PSTN) is the most noticeable change in recent years. This begs the question, is the PSTN in the US headed towards a slow end as we transition into the digital era?

    Continue reading

  • Revolutionising the Landscape of Remote Authentication

    In a time where borders blur and workplaces extend beyond the confines of traditional offices, the significance of remote authentication has taken centre stage. As we advance, so does the need for secure and efficient ways to verify and authenticate our identity remotely. Finding the balance between security and user convenience is key when seeking to implement successful remote authentication.

     

    Continue reading

  • Choosing The Ideal Communication Platform: Key Considerations to Optimise Your Business

    Communication Platforms as a Service have become a necessity in the current digital age; allowing businesses to obtain frictionless means of communicating effectively. However, as technology rapidly evolves, so must communications. Much of the platforms on offer today are homogenous, so choosing the best fit for your business can be difficult. In this blog, we have shared some key points and trends for to consider, so your business can amplify communications and increase operational efficiency!

     

    Continue reading

  • 10 questions people are asking about The Big Switch Off

    With The Big Switch Off fast approaching, people naturally have questions and concerns ahead of the shutdown. The transition from conventional networks to digital technology is unavoidable in the fast-evolving world of telecommunications. In this blog, we address ten common questions people have about the Big PSTN Switch Off, shedding light on the topic and providing clarity.

     

    Continue reading

  • 3 Ways Your Business Can Benefit From a Communications Platform as a Service

    Acquiring a Communications Platform as a Service has become a very common trend for a variety of businesses in recent years. Even with AI and all the technological advancements that have been achieved, the world has come to realise that exceptional customer service is at the core of running and maintaining a successful business. So, we have identified a few ways in which a CPaaS could benefit your business!

    Continue reading