Contact Center Customer Authentication: Streamline Without Sacrificing Security

                                                                                                                                                                                                                                                                  Contact centers typically have set processes for customer authentication. Knowledge-based authentication (KBA) is one of the most popular approaches, allowing customer service reps to confirm the identity of a caller by asking questions that only the account holder should be able to answer.   KBA is often effective, but it can also be a cumbersome, lengthy process. As a result, it can lead to customer frustration, particularly if the reason for their call is inherently low-risk.   While companies should remain security-focused, adapting their process to streamline customer interactions – particularly for low-risk activities – can be wise. If you’d like to explore options in this arena, here’s what you need to know about contact center customer authentication and how to update your approach without sacrificing security.  Contact centers typically have set processes for customer authentication. Knowledge-based authentication (KBA) is one of the most popular approaches, allowing customer service reps to confirm the identity of a caller by asking questions that only the account holder should be able to answer.   KBA is often effective, but it can also be a cumbersome, lengthy process. As a result, it can lead to customer frustration, particularly if the reason for their call is inherently low-risk.   While companies should remain security-focused, adapting their process to streamline customer interactions – particularly for low-risk activities – can be wise. If you’d like to explore options in this arena, here’s what you need to know about contact center customer authentication and how to update your approach without sacrificing security.  

KBA is often considered a secure option for authenticating accountholders. However, even legitimate account owners may struggle to answer the questions. They may not remember passphrases or PINs they set years prior, especially if they aren’t a frequent caller.   Additionally, answers to questions that are commonly used can change. For example, answers to questions like “What is your favorite food?” or “Where was your favorite vacation?” aren’t guaranteed to remain stagnant throughout a person’s life, potentially leading to confusion.   Since most companies use the same questions, there is also no guarantee that they’ll be effective from a security standpoint. If a customer’s information stored with another company was involved in a data breach, and that data included their answers to commonly asked questions, someone else may be able to pass the KBA check.   Finally, the process can be incredibly lengthy, particularly if several questions are asked. If the genuine accountholder struggles with what was asked, it negatively impacts their experience. If the call drops and the customer has to start the process over, the frustration they experience compounds. Plus, even if the original call goes forward as planned, this kind of customer authentication drives average handle times up, which isn’t ideal.  

While having a reliable customer authentication process is a must, companies shouldn’t pursue a one-size-fits-all approach. Not every contact represents the same level of risk, so requiring the same highly cumbersome steps for every call may not be ideal.   It’s wise to define various types of contact into risk categories. That way, actions or requests with a low risk of fraud can use some but not all of the potential customer authentication factors. As the risk level rises, more layers can be put in place, ensuring high-risk activities have the strongest possible protection.   Additionally, implementing passive customer authentication is wise. For example, automatic number identification (ANI) and phone number validation tools can make a significant difference. They can confirm the accuracy of an incoming call’s numbers and match phone numbers to customer data without any action on the customer’s part. It allows one point of authentication to occur without burdening the customer.   For low-risk transactions, ANI matching and validation may be sufficient, allowing the customer to confirm little more than information they know well, such as their name or full mailing address. For higher-risk transactions, it could reduce the number of KBAs necessary for full customer authentication, streamlining even the most cumbersome version of the process.   Ultimately, the tier-based approach can be incredibly effective at maintaining security. Plus, it can also create a better customer experience, effectively making it a win-win.