Security in the contact centre

As you may have seen via the BBC recently, lax security within a contact centre environment can lead not only to customer accounts being compromised, but also to significant fines from regulatory organisations. The increasing sophistication of fraudsters means it’s no longer acceptable, or even feasible, to rely solely on knowledge-based authentication (KBA). When it comes to identity verification, answers to questions about your date of birth and your mother’s maiden name just don’t cut it anymore. Of course, the problem with using less common knowledge is that people often forget, leading to around three out of 10 manual (call-taker-led) identity checks being suspect. Answering so-called ‘secret questions’ once seemed almost inquisition-like, in the sense that you could only imagine giving up those details under torture. Torquemada’s ghost might give you nightmares, but far more frightening is the ease with which personal details can be quarried online, through the plethora of social media sites where your data is just there for the taking. Excuse me for extending the metaphor but fraudsters don’t need to find the mother lode as it’s easy enough for them to go panning for gold (i.e., your personal data). And if that isn’t bad enough, social engineering means what’s not available on Facebook can be gained easily through what might seem to be an innocent conversation with a stranger, on-line or in person. I’m not saying that PIN and passwords are the root of all evil, but they might be. Many of the security issues seen today originate with compromised passwords. There are countless statistics to back up that assertion, which should provide even more cause for concern in relation to KBA. If you don’t believe me, just look at the annual report on the most commonly used passwords. The top 5 include such classics as “123456”, “qwerty” and the ever-present “password”. I’m not sure what’s worse, that people use these passwords or that they happily share their passwords with a researcher. The problem with complex passwords is that they are easily forgotten. In fact, they are almost impossible to remember – unless you’re Solomon Shereshevsky. If you do have a memorable password, it’s more likely to be compromised, because you’re likely to be using it across multiple sites and services. The United States National Institute for Standards and Technology (NIST) has produced new guidelines for the use of passwords (you can find that here), but its advice goes beyond memorised secrets* to suggest that multi-factor authentication (MFA) becomes an integral part of service providers’ log-in policies.MFA requires users to present at least two credentials to authenticate: something they know (like a password), something they have (like a token) and something they are (like a fingerprint or voiceprint). Now, that’s all very well if you’re transacting on-line or in person at say, a credit union branch in the United States. However, tokens and fingerprints are of little use when communicating remotely over the phone. That’s where voice biometrics (voiceprints) comes into its own, because it can be used in two ways, which makes it extremely versatile – and multi-factor. Callers can authenticate themselves by, for example, speaking a passphrase over the phone and having their voice verified by comparison with a saved voiceprint. Users can also be asked to repeat a random digit sequence (effectively a token), which can be prompted on the phone or sent via SMS, thus creating an additional factor which can then be verified by a combination of voice biometrics and speech recognition. A voice biometrics approach not only removes the burden on customers to remember passwords, but also leads to reduced verification times and increased rates of successful verification. Three in 10 equates to an error rate of 30%. If a voice biometrics-based solution offers a mere 90% accuracy (state-of-the-art systems will offer in excess of 99%), the error rate is reduced to one in 10 and the business is three times more secure. If you are thinking of introducing voice biometrics for identity verification in your business, and would like to discuss your requirements, contact one of our consultants today. Notes: *[A Memorised Secret authenticator — commonly referred to as a password or, if numeric, a PIN — is a secret value intended to be chosen and memorised by the user. Memorised secrets need to be of sufficient complexity and secrecy so that it would be impractical for an attacker to guess or otherwise discover the correct secret value. A memorised secret is something you know.]

Useful links:

Archive

The Aculab blog

News, views and industry insights from Aculab

  • 3 Ways Cloud Voice & Messaging Save a Business Time

    When we think of business voice call technology, we often imagine traditional phone calls, placed by a person with hundreds of calls on their list. Advancements in voice technology, particularly driven by the cloud, have changed the way we approach such situations.

    Continue reading

  • 5 Reasons to Use ApplianX in Your Migration Strategy

    Gateways have an important role to play in assisting in the migration from TDM solutions to IP based networks, by connecting them together with ease. Here are five reasons why you should consider using gateways as part of your migration plan.

    Continue reading

  • 4 Uses of CPaaS to improve Healthcare services

    The healthcare industry is a constantly shifting marketplace, with new technologies evolving on a regular basis. However these changes tend to be behind the scenes; until the COVID-19 pandemic very little had changed in terms of how doctors and medical staff interact with patients. Now healthcare providers are playing catch up to create pandemic and futureproof communication models. For many, a CPaaS solution is their salvation.

    Continue reading

  • 3 Ways to Reduce Carbon Emissions with Cloud Communications

    As traditional communication solutions, which have a large energy footprint, fall short with sustainability, could cloud-based communications be the answer?

    Continue reading

  • The Battle Against Wildfires

    Wildfires (or forest fires) are happening more and often every year. While it is true that wildfires are a natural process, the frequency and intensity that we are starting to see year-on-year across the globe is concerning. Continue reading to find out how Aculab provides mission-critical infrastructure for emergency networks, to tackle high-risk situations such as wildfires.

    Continue reading