30th July 2021
Smart Conversations

Using telephony data to authenticate callers

with Abhinav Anand, Chief Product Officer, Smartnumbers
with Abhinav Anand, Chief Product Officer, Smartnumbers

By Grant White

One of the most common challenges in the contact centre environment is getting access to real-time validation of the caller’s true identity. 

With number spoofing and withheld numbers being more frequent, it’s impossible for most contact centres to reliably say a customer is who they claim to be. This has made it difficult to build effective controls to authenticate callers. At the same time, it’s made life more difficult for customers, who now have to jump through cumbersome customer authentication processes before their query can begin.

We spoke with Abhinav Anand, our Chief Product Officer, to find out how real-time access to telephony data-based risk assessment closes the gap between customer authentication and fraud prevention in the contact centre.

Grant White, Smartnumbers: Hi Abhinav thanks for taking the time to talk to us today. In your experience, what would you say are the main fraud trends that contact centres should be most aware of today? 

Abhinav Anand, Smartnumbers: In the last few years, the situation has really evolved as fraud becomes more of a priority. Up until a few years ago, many contact centres were relying on a few basic security questions to validate customer identity, like names and addresses. This information is very easy for fraudsters to get hold of, particularly with the amount of data breaches and identity threats going on at the moment. Fraudsters are now armed with more information than ever to bypass these simple security checks.

For example, a fraudster could obtain data about a target from publicly available information such as their social media account or from an online data breach. This information would allow them to pass basic security checks in the IVR and perform reconnaissance to gather more information about the victim. Either to plan an attack in the contact centre or through another channel such as online. As a result, more than 60% of fraud attacks pass through the contact centre at some stage.

To navigate the IVR, fraudsters often use voice over IP (VoIP) systems to automatically gather sensitive data from the IVR about accounts. Another tactic they use is to ‘zero out’, so staying silent during IVR authentication so they can be diverted to a human agent, who might resort to weaker knowledge-based authentication (KBA) to authenticate them. 

GW: It seems that fraudsters have a lot of tools in their arsenal. So, what can organisations with contact centres do to tackle fraud against this backdrop? 

AA: Fraud must be detected as early as possible to minimise the impact. The challenge is that organisations have many customer interaction points with a lot of entrances that need to be monitored and secured. An effective defence requires viewing all these as equal parts of the same holistic cross-channel fraud detection strategy. Treating either telephony or digital in isolation plays right into the fraudster’s hands.

This approach requires connecting fraud prevention, customer authentication and customer satisfaction teams. Traditionally, each section of the business experiences a different part of the customer journey, gathering insight siloed into different systems. What may look acceptable in isolation can, in reality, look suspicious when put in the wider context.

For example, someone calling into a bank’s contact centre to reset login credentials and then registering for mobile banking before transferring money in quick succession, looks suspicious. However, looking at each interaction individually, it might look fine.

To do that, you need visibility over the caller’s identity and behaviour, so you can analyse and determine their risk profile. The most effective fraud detection strategies are aligned around knowing your customers and detecting suspicious activity, while having half an eye on the customer experience. 

GW: And if organisations adopt this approach, what do you think will be the impact on customer engagement? 

AA: Fraud, authentication and customer success have historically been managed separately, with independent teams designing policies, controls and systems to implement these policies. This approach has made it difficult to analyse the data effectively and build comprehensive customer profiles to protect the organisation from fraud while delivering exceptional experiences for customers. 

Increasingly, organisations are thinking of fraud and authentication as two sides of the same coin. That means the teams, systems and strategies in use are converging. Done carefully, this will have a positive impact on customer engagement as the strategy increasingly has a holistic view of impact for both the customer and the business.

GW: What advice would you give to leaders right now to help them take the right steps to protect customers?

AA: My key advice would be to bring fraud, authentication and customer success teams together and establish an ecosystem of tools that can provide the real-time, holistic insight you need about your customers. Adopting this approach and taking advantage of real-time telephony data at your disposal can make authentication challenges a thing of the past and enhance your fraud detection efforts.

At Smartnumbers, we verify the caller’s authenticity using patented Smartnumbers Call DNA technology. This involves examining more than 200 features of the call signalling to determine the trust level of each call before they’ve even connected to the IVR or an agent. Through this, we can confirm if a customer is calling from the number they claim to be using and not spoofing the call. We also analyse suspicious behaviour such as repeat calls, especially from withheld numbers. 

All these risk factors come together to instantly give you a rich and detailed understanding of a caller’s risk profile. Organisations can then divert high risk calls to a specialist team or prompt the agent to ask an additional set of security questions. That means genuine customers can be authenticated much quicker and agents can spend more time helping them with their query. Crucially, it also means you can create a seamless customer experience for genuine customers. Low-risk callers can enjoy a smoother journey, answering fewer cumbersome KBA questions.

But to create a truly effective fraud defence, organisations need to have a holistic cross-channel fraud detection strategy in place. We help build that ecosystem and cross-channel view by feeding the contact centre insight into existing fraud and authentication systems through APIs. 

If you want to learn more about protecting your contact centre from fraud, download our new eBook.