Security Challenge Questions
Helping Fraudsters, Frustrating CustomersFor the third year in a row, respondents to the Neustar 2020 State of Call Center Authentication Survey recognized the call center as a primary source for account takeover (ATO) attacks, second only to web-based attacks. This is consistent with the broad increase in identity-based fraud that began accelerating after the introduction of EMV chips in credit cards.
Do Challenge Questions Work?It is easier to take over an account than commit credit card fraud, especially over the phone, where knowledge-based authentication (KBA) reins. A majority of Neustar's survey respondents still trust KBA to accurately authenticate inbound callers.
Likewise, a commissioned study conducted by Forrester Consulting on behalf of Neustar (Mitigate Fraud and Consumer Friction with Integrated Identity Verification, February 2019) found that "92% of the fraud management decision makers we surveyed said that [KBA] is somewhat or very effective at reducing ID theft and fraud." If you are among the 92%, I've got bad news for you.
Related: Watch on-demand: Why Fraudsters Love Your Contact Center's Authentication, and Customers Hate It
What's at Stake with Inbound Caller Authentication?
- More fraud
- More frustration for customers
A Fraudster's Playground
Fraudsters can buy or find answers to most KBA questions. Consumers' personally identifying information (PII) has either been breached or shared on social media. When the criminal calls in, they will apply PII with social engineering tactics to convince the agent to grant him access to the customer's account.
The fraudster may go to the effort of spoofing a customer's phone number or simply use a virtualized call service to bypass legacy defenses. 70% of respondents to Neustar's survey saw "somewhat" or "much more" threat activity coming from virtualized call services. These services makes it easy to perpetrate ATO. Fraudsters create a free email account and then register it with a virtualized calling service that requires only an email account to activate. No other steps are needed; criminals can now make legitimate calls that will slip by spoof-detection technologies.
Virtualization frees criminals from the need to imitate specific callers' numbers. Rather, they only need to reach an agent from a legitimate number that is unrelated to a customer's record. When they connect they have an excellent chance of socially engineering the agent into granting control over a customer's account.
The threat of virtualized call fraud is pervasive. Fraud feedback data from Neustar's customers show as many as 80% of ATO attempts between September 2019 and February 2020 were made with virtual calling services.
KBA isn't just ineffective in preventing ATO attacks, it also actively degrades the customer experience.A Customer's Headache
Instead of taking an opportunity to build loyalty, greeting callers with KBA sends the message "We don't know you and we don't trust you." That is not how to address customers calling for help.
And yet, because potential fraudsters cannot be isolated, all callers must be subjected to more invasive authentication. It is jarring for customers expecting a smooth, easy experience similar to what they get online. The dissonance puts organizations reliant on KBA at a disadvantage with more innovative competitors.
Consumers want to resolve their issues quickly, but KBA extends average handle time by 30-90 seconds. Longer wait times extend the period during which callers can ponder, "Would I get faster service from this organization's competitors?" KBA frustrates customers and empowers criminals because it distracts from quickly resolving the original purpose of the call.
The solution? Authenticate callers without agent intervention. Not only has this been proven, but it also equates to less fraud, less friction, and more functionality.
The faster the person on the other end of the line can be authenticated, the better call centers can deliver safe, speedy experiences without compromising security.
Ownership-based authentication is a proven method of delivering on the promise of authentication without agent intervention. The process completes authentication before the caller hears "hello" making it faster and more secure than KBA.
With ownership-based authentication, average handle times go down while containment in the Interactive Voice Response system goes up. Trusted callers can be offered self-serve options that are too risky with KBA: contact information updates, loyalty program redemptions, and even shipping address changes for orders en route. Only the smaller remaining pool of unauthenticated callers get the full focus of the fraud department. This shrinks the proverbial "haystack" as well as reduces friction and optimizes expensive fraud personnel and resources.
In a time when many contact centers now view growth in terms of improving service rather than expanding size, contact centers need a cost-effective path toward offering greater functionality without jeopardizing the customer experience or risking more fraud loss. That is what ownership-based authentication provides.
How Neustar Can HelpNeustar Inbound Authentication improves call centers' ability to efficiently manage high volumes of consumer interactions by identifying callers -- even those calling from a number different than the one on file -- using the Neustar OneID® identity platform. In tandem, the solution authenticates callers by determining that each calling device is unique, authentic, physical, and presents little-to-no risk of fraud.
Before hearing "hello" approximately 90% of callers are identified and authenticated by Neustar Inbound Authentication. They can be routed into a Trusted Caller Flow for faster service and are offered higher-value self-serve options in an IVR. Call center agents can be shielded from social engineering attacks so they can focus on problem-solving. Only unauthenticated callers will be candidates for the fraud department.
Fraudsters hate it. Customers love it.
Watch on-demand: Why Fraudsters Love Your Contact Center's Authentication, and Customers Hate It
There are no related Events
To effectively fight fraud, it’s critical to understand the economic and geographical factors that drive attacks. These include financial factors like currency exchange rates, wages, cost of labor, and more.
This informative MRC Virtual session explores the idea of an Attack Incentive Index, an industry-wide index that effectively combines relevant economic data with known attack patterns to provide a holistic insight into attacker motivation.
When it comes to 3DS implementation, it’s not just Abandonment you need to worry about. Errors in the set-up at the Issuer or ACS side stop the challenge flow, and the options available to how people authenticate is also not always straightforward on a country-by-country basis.
This presentation provides merchant strategies to mitigate these concerns.
The value of IoT developments rests in allowing customers to disengage from tasks they would otherwise perform. This poses interesting challenges for merchants in connection with fraud and risk.
This presentation from a team of experts with a rich background in merchant fraud covers important considerations, such as:
- What will happen with traditional means of authentication that rely on actions from users?
- What changes will have to be made to payment systems?
- What new fraud patterns will attackers develop?
Collaboration is an important part of modern eCommerce, but it’s not always prioritized across industries and verticals the way it should be.
This presentation explores the results of a positive collaboration between a card network, issuer, and merchant, and details how it impacted approval rates by more than 10 p.p. This, in turn, directly reflected in sales and better Customer Experience, aligning with all stakeholder’s goals.
There are no related Surveys
This webinar examines four key SCA principles for the sector as well as payment flows where SCA applies, then discusses options for indirect bookings/indirect sales. After sharing a brief overview of the Secure Corporate Payment exemption, tips and resources are provided to help merchants, travel agents, acquirers, and issuers. A brief Q&A period concludes the broadcast.
In this webinar, Identiq explores what has changed from a risk perspective and what it means for fraud prevention. Three approaches companies can take to combat today's threats are also considered. An extensive Q&A period closes out the broadcast.
Better fraud prevention, all around.
Many organizations rely on two-factor authentication (2FA) using one‑time passcodes (OTPs) sent by Short Message Service (SMS) to authenticate banking and ecommerce transactions. 2FA performed this way can be fast and easy, but SMS wasn’t designed to be a security tool.
Learn how your organization can leverage voice biometrics to protect customers and your brand by building the highest levels of protection, trust and loyalty.
In Nethone's Frictionless white paper, you will learn:
- How to reduce checkout friction to maximise your revenue?
- How to manage UX friction associated with PSD2/SCA?
- How to prepare for Transaction Risk Analysis (TRA)
- How to keep your customers happy
- How to achieve all this while effectively combating payment fraud
At SEON Technologies we have released new information on the collection countries that are most and least at risk of cyberattacks. We have also taken a close look at the most common types of cybercrime occurring in the US.
Dubbed the Global Cybercrime Report, the report explains how several countries are the safest in the world from fraud and other cybercrime. and why others are not. Our methodology for this research was based on how companies and public infrastructure are all being fairly well protected through both legislation and technology at their disposal.