Many service providers establish call centers as a central point of customer contact and interaction. Typically, call centers have live operators to answer calls for customer support, product support, information inquiries, and the like. Also, service providers often need to contact service users for a variety of reasons including transaction verification, marketing, billing issues, and the like. Due to the risk of client loss when service users become frustrated with a service provider's call center management, most call centers tend to focus on having high levels of agent productivity and customer experience rather than fraud prevention.
Call centers often rely on knowledge-based authentication (KBA) to authenticate users before allowing callers to discuss their sensitive account details and execute transactions. KBA is a method of authentication based on the nonpublic knowledge of the service user, usually though security or life history questions. Unfortunately, KBA is problematic due to the lack of standards for which information may be kept confidential among different service providers, as well as the ability of fraudulent users to obtain information that may be publicly accessible despite a service provider using it as a knowledge-based authenticator. In addition, KBA is prone to circumvention because fraudulent users can use both publicly accessible and/or stolen information to correctly respond to questions. Furthermore, legitimate users sometimes fail to answer the questions correctly, often leading to customer frustration and inconvenience.
Moreover, KBA largely depend on call center agents and other service representatives to screen out fraudulent users among numerous callers. However, service agents and representatives are generally not focused on fraud, but rather on providing efficient customer service as quickly as possible. Service agents and representatives can be socially engineered (i.e., manipulated into performing actions or divulging confidential information), and often represent the weakest link in security. For example, fraudsters often pose as people who need to access the account of a spouse or partner due to exigent circumstances. By using social engineering tricks and insisting on the gravity of their supposed situation, fraudster have been known to persuade service representatives to access customer accounts and reveal nonpublic personal information.
Call centers also rely on automatic number identification (ANI) as an alternative to KBA. Similar to caller identification (caller ID), ANI allows service providers to see the number of the calling party, but has the additional benefit of being resistant to caller ID blocking. Also, ANI can display the number of the calling party in real time. However, ANI is becoming increasingly unreliable because true caller IDs are easily disguised by fraudulent users who use an anonymizer or spoofing technology to hide their true originating point and phone numbers.
Some service providers have turned to alternative commercial products and solutions that rely on real-time telephone network forensics, telephony reference carrier call-routing databases, and proprietary analytics to confirm that the identity of the caller matches the actual phone number being used. However, a major limitation of these products and solutions is that it relies on customers calling in to a service provider, and does nothing to address situations where a service provider may need to quickly contact the user and confirm the legitimacy of a transaction or activity in progress.
Other solutions implement a myriad of voice biometrics for user authentication. Although it appears to be promising, there is a significant amount of “friction” that is added to the user experience in the form of initially training the solution to recognize a legitimate user's voice. Friction is commonly referred to the burden and inconvenience experienced by the user who is expected to go through an authentication process. Voice biometrics add a significant amount of friction because it requires active or passive enrollment from the user before it can reaches success rates that make it feasible for real-world use. In addition, since speech patterns vary worldwide, voice biometrics may not be practical option for service providers who conduct business internationally. Moreover, there are concerns about false positives and difficulties with voice detection that can increase costs and additional friction for the user.
It should be appreciated that there remains a need for a call center verification process that avoids the failures of current knowledge based authentication methods, eliminate the opportunity of social engineering, and reduce the failure rates of KBA methods which frustrate legitimate customers. The present invention addresses these need and others.