Skip to main content
Promotion: Promotional Banner Image

CUNA is now America’s Credit Unions.
A stronger voice to advance the credit union industry.

Learn More

Can You Use Passive Voice Authentication for More Secure Helpdesk Calls?

By Milind Borkar, Illuma
May 13, 2024

At Illuma, we help community financial institutions secure banking transactions in the contact center by verifying caller identity. Keeping identity thieves out of member and customer accounts is critical. But what about keeping fraudsters out of the rest of your technology infrastructure? Is the rise in cyber threats a strong reason to add this layer of security to safeguard the enterprise?

Voice Fraud Can Open the Door for Ransomware and More

The news is filled with stories of cybersecurity breaches. Most people know to be suspicious of emails that seem “not quite right.” However, even an experienced IT helpdesk employee may not question a phone call from someone who seems to have all the right information to request a password reset.

The recent 2023 data breach at MGM Resorts International is an example of what can happen with voice fraud. A ransomware gang called Scattered Spider used voice phishing (vishing) to trick employees into providing access to login credentials. With these keys in hand, they were able to access the network and deploy their ransomware. The fraudsters gained access to the records of countless guests and disrupted the resort’s operations for days. The price tag for this breach is expected to top $100 million.

Banking Institutions Can’t Afford a Similar Attack

The contact center is already a top target for voice fraud, but those attacks only target one account at a time. An ID thief impersonating an employee and gaining access to login information through spoofing, social engineering, and vishing could do untold damage.

  • Exposing private customer or member data (including PII)
  • Stealing and reselling account information on the dark web
  • Shutting down operations entirely with ransomware

Could Passive Voice Authentication Address This Threat?

At Illuma, we are having some interesting conversations around using voice verification for internal employee authentication. When an employee calls their organization’s helpdesk to request a password reset, they could be authenticated in the background of the call just as members and customers are verified when calling the banking call center.

Because voice biometrics is a strong authentication method that isn’t vulnerable to phishing, device spoofing, and social engineering techniques, it can provide a high level of certainty that employees are who they claim to be. IT helpdesk staff would be able to focus on resolving employee issues rather than trying to figure out if they are being fooled by a well-prepared and tech-savvy ID thief. For organizations already using one-time passwords (OTP) methods, it provides an additional layer of security in alignment with best practices for multi-factor authentication.

Two Paths to Implementation for Helpdesk Use Cases

With Illuma Shield™, deployment happens over a short timeframe (a recent client implemented the solution in an afternoon). Integration with popular telephony platforms makes it simple to plug and play within an already familiar interface. The question is where to start within the various areas of the contact center.

For financial institutions, the helpdesk represents only a small percentage of total call volume. Of course, that doesn’t mean it should be less secure than the main contact center handling inbound member or customer calls. It does mean that there are two ways of seeing deployment in the helpdesk environment:

  • An excellent opportunity for CIOs and technology decision makers to pilot and test new voice authentication software in an internal environment before rolling it out to external members/customers
  • An inexpensive add-on to an existing successful deployment of voice authentication in the banking contact center that is already proven to create a highly secure and streamlined verification process

Why Start Considering Internal Employee Authentication Now?

Vishing attacks are becoming more common. According to KeepNet, the incidence has doubled from 2021-2023 and the cost of these attacks is in the tens of billions annually. Even more troubling, 77% of vishing attacks are successful, leading to a loss of data, stolen credentials, and more. For financial institutions, safeguarding their networks from this cyberthreat using voice biometrics is a strong next step in keeping fraud out of ALL areas of the enterprise.

Connect with Illuma to learn more.

About Illuma

Illuma, a Credit Union Service Organization (CUSO), specializes in voice authentication software that replaces traditional knowledge-based authentication practices in call centers. Illuma provides frictionless voice authentication and fraud prevention for credit union contact centers to substantially reduce call handle times, improve member experience, and increase account security. 

The company’s platform, Illuma Shield™, continuously analyzes the unique characteristics of the speaker’s voice and calling device using state-of-the-art Signal Processing, Machine Learning, and Artificial Intelligence. This proprietary voice authentication system rapidly and seamlessly validates the identity of callers during natural conversation without requiring security Q&A or spoken password phrases.