Customers may interact with contact centres in order to purchase items offered for sale by a particular merchant. In order to process customer orders, the contact centre is required to authenticate the customer. The customer is usually required to provide digits of a specific passcode, or other memorable information, which can be difficult for the customer to remember. In addition, it can be inconvenient for a customer to enter a code using the keypad of their device during the call with the contact centre.
Advances in payment technology have led to attempts to provide ‘frictionless’ payments, which are simple for the customer and have substantially reduced the need for customers to enter card details and additional security information. However, customers can still be expected to provide card details to contact centres. This may result in a negative experience for the customer, owing to a perceived security risk. In addition, a customer may be overheard providing card details or authentication information to the contact centre, increasing the potential for fraud.
A number of ‘alternative’ payment methods are currently available to customers, and are gaining increasing popularity. However, contact centres do not currently support payment using these alternative payment methods.
Some merchants use 3-D Secure® for authenticating customers. If a merchant is using 3-D Secure, a third party (such as a card issuer) authenticates the user. Thus, the authentication liability is accepted by the third party. The third party challenges the customer on the basis of information concerning the transaction. The customer may be required to enter a separate password or memorable information upon receiving a challenge from the third party. 3-D Secure authentication can present challenges to customers. For example, if the frequency of challenges by the third party is low, the customer may forget a unique password for the 3-D Secure authentication process.
A new version of the 3-D Secure specification has recently been issued, which aims to make the challenge and response easier for customers. The 3-D Secure specification provides for out-of-band (OOB) authentication with customers making payments through apps or websites. There exists a need to enable customers to interact with third parties in accordance with the revised 3-D Secure specification, for telephone-based transactions.
One aim of contact centres is to reduce the average time taken to deal with a customer's call, known as Average Handling Time (AHT). In addition, there is a desire to easily prove the authenticity of callers and the data being sent between callers and contact centres. Fraudulent usage of sensitive customer information is also a major concern within the industry. Contact centres must also be compliant with the Payment Card Industry Data Security Standard (PCI DSS), a framework for the secure handling of cardholder data.
The exchange of sensitive information between a caller and a remote entity (such as a contact centre agent) is not limited to payment transactions. The desire to authenticate users prior to the exchange of sensitive information extends across many industries. For example, a remote entity may be required to share sensitive or confidential information (such as medical information) with a caller. As another example, a remote entity may be required to deploy a resource to a caller's location, thus requiring a user to provide location information, which may result in the customer being rendered vulnerable in the event of misuse of this information.
Therefore, there exists a need for a simple user authentication method for communications with a remote entity so that data can be exchanged securely between the user and the remote entity.