4th February 2022

Can you use phone numbers to authenticate customers in the contact centre?

By Grant White

Whether you’re a bank, a phone provider or a customer service team — every contact centre grapples with the same fundamental problem. How do you ensure the customer you’re talking to is who they say they are? And how do you do that without driving well-meaning, genuine customers mad with endless knowledge-based authentication questions?

This conundrum has plagued the contact centre sector as long as anybody can remember. But with the increasing ubiquity of technology, new solutions are appearing that can finally put a stop to the endless trade off between customer experience and fraud prevention. One of those solutions is to use customers’ mobile phone numbers to authenticate them. But can this solution actually prevent fraud? And how easy is it to fake a phone number? Read on to find out more.

The opportunity: Mobile phone authentication

Mobile phone numbers were never designed as a form of identification. But increasingly, they’re becoming some of the most sustainable and effective forms of ID available. According to our research there are currently 7.1 billion mobile phone users  in the world, almost 90% of the global population. And the vast majority of those users will keep the same mobile phone over many years, even while they change houses, jobs, addresses and marital status. As a means of identifying users, therefore, mobile phones are invaluable. So why isn’t mobile phone authentication widely used as standard?

That’s where the snag comes in: spoofing. The problem is fraudsters have ways of manipulating their true number. It’s impossible for most businesses and contact centres in the UK to distinguish between a genuine number and a spoofed number. As well as this, fraudsters have developed techniques called ‘sim swapping’ that let them gain access to genuine customers’ phone numbers.

So, what’s the solution? How can contact centres take advantage of mobile phone authentication without letting spoofed callers fall through the net?

Making mobile authentication effective

Spoofing certainly makes mobile phone authentication a challenge — but not an insurmountable one. So how do you assess whether or not a customer is using the number they say they are? The answer of course lies in technology. Recent advances in the field of artificial intelligence and machine learning mean it’s now possible to quickly and efficiently identify spoofed calls with minimal false alarms. Here’s how it works:

  • Identification
    When it comes to identifying a user’s identification, it’s important to remember that the majority of customers will call from the same mobile device every time they ring the contact centre. As long as you have an accurate and accessible record of your customers’ phone numbers, this basic fact can form the first line of defence for your customer authentication. 
  • Authentication
    But of course, identification alone can’t tell for certain if a customer is genuine. To do that, it’s important to have technology that accounts for a range of other behavioural signals. Many fraudsters can be easily detected through a few clear signals, such as caller location, whether the number is genuine and how many calls they’ve recently dialled. From there, callers can be given risk scores based on their behaviour, with particularly suspicious calls being flagged before the call even begins.
  • Fraud detection
    As well as behavioural analysis, the right technology can also help to detect fraudsters by analysing the network they’re using to enable the call. Fraudsters often call from the same device, even when spoofing or withholding their number. At the same time, they typically hide their identity by using less reputable networks and techniques. An effective fraud prevention solution should identify when these techniques are being used so that potential fraudsters are appropriately flagged.

An effective line of defence

Mobile phone numbers can be used to effectively authenticate customers — but it has to be done in the right way for it to be effective. By combining phone number analysis with behavioural and network signals, you can gain a detailed picture of each individual callers’ risk profile, before the call has even connected.In our recent eBook, we discuss this situation in detail, considering the challenge around modern authentication and fraud prevention and how technology can provide the solution. If you want to find out more about how to build an effective modern fraud prevention strategy, check out the eBook.