Security in the contact centre

As you may have seen via the BBC recently, lax security within a contact centre environment can lead not only to customer accounts being compromised, but also to significant fines from regulatory organisations. The increasing sophistication of fraudsters means it’s no longer acceptable, or even feasible, to rely solely on knowledge-based authentication (KBA). When it comes to identity verification, answers to questions about your date of birth and your mother’s maiden name just don’t cut it anymore. Of course, the problem with using less common knowledge is that people often forget, leading to around three out of 10 manual (call-taker-led) identity checks being suspect. Answering so-called ‘secret questions’ once seemed almost inquisition-like, in the sense that you could only imagine giving up those details under torture. Torquemada’s ghost might give you nightmares, but far more frightening is the ease with which personal details can be quarried online, through the plethora of social media sites where your data is just there for the taking. Excuse me for extending the metaphor but fraudsters don’t need to find the mother lode as it’s easy enough for them to go panning for gold (i.e., your personal data). And if that isn’t bad enough, social engineering means what’s not available on Facebook can be gained easily through what might seem to be an innocent conversation with a stranger, on-line or in person. I’m not saying that PIN and passwords are the root of all evil, but they might be. Many of the security issues seen today originate with compromised passwords. There are countless statistics to back up that assertion, which should provide even more cause for concern in relation to KBA. If you don’t believe me, just look at the annual report on the most commonly used passwords. The top 5 include such classics as “123456”, “qwerty” and the ever-present “password”. I’m not sure what’s worse, that people use these passwords or that they happily share their passwords with a researcher. The problem with complex passwords is that they are easily forgotten. In fact, they are almost impossible to remember – unless you’re Solomon Shereshevsky. If you do have a memorable password, it’s more likely to be compromised, because you’re likely to be using it across multiple sites and services. The United States National Institute for Standards and Technology (NIST) has produced new guidelines for the use of passwords (you can find that here), but its advice goes beyond memorised secrets* to suggest that multi-factor authentication (MFA) becomes an integral part of service providers’ log-in policies.MFA requires users to present at least two credentials to authenticate: something they know (like a password), something they have (like a token) and something they are (like a fingerprint or voiceprint). Now, that’s all very well if you’re transacting on-line or in person at say, a credit union branch in the United States. However, tokens and fingerprints are of little use when communicating remotely over the phone. That’s where voice biometrics (voiceprints) comes into its own, because it can be used in two ways, which makes it extremely versatile – and multi-factor. Callers can authenticate themselves by, for example, speaking a passphrase over the phone and having their voice verified by comparison with a saved voiceprint. Users can also be asked to repeat a random digit sequence (effectively a token), which can be prompted on the phone or sent via SMS, thus creating an additional factor which can then be verified by a combination of voice biometrics and speech recognition. A voice biometrics approach not only removes the burden on customers to remember passwords, but also leads to reduced verification times and increased rates of successful verification. Three in 10 equates to an error rate of 30%. If a voice biometrics-based solution offers a mere 90% accuracy (state-of-the-art systems will offer in excess of 99%), the error rate is reduced to one in 10 and the business is three times more secure. If you are thinking of introducing voice biometrics for identity verification in your business, and would like to discuss your requirements, contact one of our consultants today. Notes: *[A Memorised Secret authenticator — commonly referred to as a password or, if numeric, a PIN — is a secret value intended to be chosen and memorised by the user. Memorised secrets need to be of sufficient complexity and secrecy so that it would be impractical for an attacker to guess or otherwise discover the correct secret value. A memorised secret is something you know.]

Useful links:


The Aculab blog

News, views and industry insights from Aculab

  • SMS Scams over the Holidays: Ready, Set, GO.

    In the last year, global e-commerce has jumped to over $26.7 trillion, accelerated by COVID-19 according to United Nations UN News. It all sounds like great news for the economy, however fraudsters are following this upward trend and adapting their scams.

    Continue reading

  • STIR/SHAKEN and Robocalls

    The STIR/SHAKEN framework has been the talk of the North American telecoms town over the past few years, but what is it, how does it impact your business, and how can you make sure your business’s communications conform to this framework?

    Continue reading

  • 7 Reasons to implement Cloud based Voice Biometric today

    What is Voice Biometric Authentication?

    From privacy and security, to ease of use and savings. Discover how your business can benefit from cloud based voice biometrics.

    Continue reading

  • STIR / SHAKEN in CPaaS

    Robocalls: Good guy vs Bad guy

    Tired of robocalls? Who isn't. I barely answer my cell phone unless it's from someone I know. With the usage of cell phones in the US rising substantially over the past decade, consumers have seen a sharp rise in the number of spoof and robocalls they receive.

    Continue reading

  • How To: Add voice and video calls to your webpage

    The advent of the internet fundamentally changed how people communicate. We are now able to connect with people across the globe almost instantaneously, not only through voice and text, but also through video communication.

    In this blog post we will be diving into WebRTC, showing how it can help you as a business, and explaining what you can achieve with Aculab Cloud WebRTC.

    Continue reading