Voice authentication for fraud prevention in contact center environments
By Illuma
Voice authentication is rapidly becoming the preferred method of verification in contact centers to balance member experience and fraud prevention. According to research from Aite Novarica, over 60% of fraud losses from account takeovers involve the call center (as fraudsters often talk to an agent when attempting to change passwords or contact information). It’s not surprising that banks and credit unions are turning to more advanced authentication methods to help secure accounts. In fact, financial institutions are at the forefront of adoption for voice biometrics as they seek stronger protection methods.
Voice authentication is replacing knowledge based authentication (KBA)
Identity verification methods fall into one of three categories:
What You Know
(Things others shouldn’t know or be able to guess)
- Out of wallet questions
- Recent transactions
- Personal pins
What You Have
(Something that should only be in your possession)
- One-time passcodes
- Mobile apps
Who You Are
(Your unchangeable attributes/unique characteristics)
- Voice biometrics
- Face biometrics
- Fingerprint biometrics
Some caller authentication method are highly vulnerable
KBA falls into the “What You Know” category. Unfortunately, this is the type of identity authentication that is easiest to defeat. Data breaches have become so common that virtually no one is immune from having their personal information bought and sold on the dark web. According to Security Magazine, in 2021 alone there were 4,145 publicly disclosed breaches that exposed over 22 billion records. And 2020 set an all-time high of 37.2 billion records exposed.
Stolen information is readily acquired by fraudsters. According to Flashpoint, individual digital profile and financial info can be purchased for as little as $4 each. What can’t be bought is just as likely to be available for free by consumers revealing far too much personal information on their social media accounts. Gartner analysts have found that a well-prepared fraudster has about a 60% chance of getting all the answers right when challenged with knowledge based authentication. Identity thieves can also spoof caller IDs or even intercept a one-time passcode even without a caller’s physical device in hand. This makes it frighteningly easy to make it past common layers of technological authentication in the contact center.
Older caller authentication method create unwanted friction and expense
According to Gartner research, for customers or members calling their financial institution, about 25% of every interaction with a live agent is spent on authentication. It’s not surprising that callers are dissatisfied with time consuming Q&A style “out of wallet” authentication. If they forget an answer to a security question that requires them to remember a detail (such as the model of car they bought 20 years ago), legitimate callers may not even be able to access their own account. Being grilled with personal questions is an experience that can feel both frustrating and disconcerting.
A bad experience for a bank customer or credit union member has an impact that may not be easy to define in dollars and cents. However, the time agents across the U.S. spend annually on KBA can be calculated. On average, it takes about 90 seconds to verify a caller using security questions. But it can take several minutes for sensitive transactions. Time is money on every call, and the annual operating expense of $12 billion a year across the U.S. alone is a steep price to pay for a security process that frustrates consumers while still leaving their accounts vulnerable to fraud.
Active vs. passive authentication for financial institution call centers
Active authentication includes any method that prompts customers and members to take specific actions to verify themselves. This could include answering personal questions or interacting with a mobile app or device. Even voice recognition technology can be deployed in an active manner by requiring a member or customer to speak a specific password or passphrase to set up their initial voiceprint and subsequently verify their identity on each call. Unfortunately, any form of active authentication tends to add friction to the process and reduce adoption.
In contrast, passive voice biometrics allows authentication to happen in the background without disrupting or delaying the agent’s ability to address the caller’s service request. Caller ID is one example. Passive voice verification that occurs during natural speech in the course of conversation is another. Identity verification can happen in the background while the agent and caller are exchanging greetings or when the caller speaks their ID or account number. Passive authentication occurs in real time, eliminates friction in contact center interactions, and has very high adoption rates. Illuma’s credit union clients are reporting over 95% adoption rates for our voice authentication solution.
Voice verification is the strongest form of authentication for call center interactions
Because an individual’s unique vocal patterns can’t be faked or stolen, voice recognition is a powerful call center fraud prevention technology. By using voice biometrics software to create a unique voiceprint, modern platforms have the ability to match callers with their stored identity with a very high degree of certainty.
Adding in the unique characteristics of the caller’s device to create a unique AudioPrint™ further increases security through multi-factor authentication. Artificial Intelligence and Machine Learning come into play in creating these unique biometric prints and refining the accuracy of matches even more over time.
Why voice biometrics instead of fingerprints or facial recognition?
As a method that can be deployed via traditional call center telephony systems and online, voice makes more sense than other popular biometric authentication methods.
“While many other biometric technologies like fingerprint and retina scanning are relatively popular and equally secure, Voice Biometrics remains the only practical means of authenticating any user over a remote channel e.g. a phone or PC. This factor has led to the rapid growth of real-time voice recognition-based biometric solutions.” – Mordor Intelligence
Deeper Dive: See answers to FAQs about Voice Biometrics.
Passive voice authentication improves operational efficiency and customer experience
The average hold time to talk to an agent in a call center is 17 minutes. However, the average amount of time consumers are willing to wait on hold is 6 minutes. By eliminating active authentication such as security Q&A, the verification process with Illuma Shield™ can be cut from 90+ seconds down to less than 15 seconds. Freeing agents to serve members or customers more efficiently helps improve satisfaction for the current caller, and for those waiting in line.
If they have to call repeatedly to speak to a live agent and face the frustration of long hold times, it’s no wonder they complain. Unfortunately, only 33% of consumers post a nice review after a positive interaction, whereas 42% post a poor review after a dissatisfactory interaction. Passive voice authentication helps improve average handle and hold times, reduce abandon rates, and improve the quality of interactions on every call. Customer or member experience gets a boost as a result. Voice authentication can even be used in the IVR to create a more seamless experience while serving callers that would otherwise have to wait on hold for a live agent.
“By skipping the gauntlet of security questions, callers also feel that they are being recognized just as they might be in their local branch. For credit unions and community banks that pride themselves on the personal touch, this is a way to replicate a warm experience in the contact center.” – Milind Borkar, Founder & CEO of Illuma Labs
Questions to ask when selecting a passive voice authentication solution
Voice biometrics solutions targeting large banks can cost over a million dollars and take months to deploy. These platforms are out of reach for most credit unions and community banks. Fortunately, voice authentication software is available that is specifically designed to deliver value to smaller financial institutions with no tradeoff between quality and price. When considering the options that are within budget, here are some key selection criteria to review.
- Is it easy to enroll in the system and do consumers feel good about it?
If members or customers must dial a specific number, go through a particular IVR, or repeat a preselected phrase several times, this adds to the friction of enrollment. Low enrollment reduces ROI on the system and tarnishes the overall caller experience. Consumers who are participating in voice authentication must feel good about the solution. This means it needs to be easy for call center agents to explain, easy for callers to enroll in, and seamless to use on subsequent calls. Naturally, the system must work in real time to make sense in a dynamic contact center environment.
- How easy is it for contact center agents to use during every call?
Agents are typically dealing with complicated telephone and software systems. Having to switch between screens or take multiple steps to verify a caller’s identity adds unnecessary complexity to the workflow. A system that generates value for contact center agents is one that reduces steps, saves time, and allows them to resolve customer service requests faster with less frustration.
- Can the system be fine tuned for accuracy?
There are two kinds of false results that can occur with even the most sophisticated biometric verification system. With false negatives, legitimate callers can’t be matched to their voiceprint and have to be taken through other authentication processes (such as the old-fashioned security Q&A) in an attempt to verify their identity. These may occur when the threshold for a match is set too high. False positives (that could allow fraudsters through) are caused by setting the threshold too low. The solution you select should be tunable for the ideal balance between convenience and security, keeping both false positives and false negatives very low.
- Is consumer information kept truly secure?
Voice verification systems that reside on-premise are highly secure but very costly in terms of up front investment and ongoing management. Cloud is convenient, more affordable, and easier to deploy and maintain. However, it can be less secure IF the phone call and the voice of the member leave the network to go to the cloud.
For credit unions and community banks that have maintained on-premise telephony systems to safeguard customer and member data, capturing a callers’ voiceprint and verifying it should never involve the call itself leaving the contact center. Only the voiceprint itself should go to the cloud to be matched to the previously enrolled sample. The sample should be encrypted and converted into a proprietary irreversible format that makes it useless in the hands of a fraudster. A customer’s voiceprint should never be stored in pure audio format since a data breach could result in this unique biometric signature being stolen and used for nefarious purposes.
- What is the effort for integration?
This includes people, time, and money that must be dedicated to a successful launch. Voice authentication solutions used by mega telcos or big banks may require a sizable team of system engineers and other experts to integrate, configure, and troubleshoot the deployment. Right-sized solutions for smaller financial institutions should take into account that these resources are scarce. Deployment should take weeks, not months, and be fully supported by the software vendor without placing excessive burden on internal IT resources.
- Does it conform to regulatory requirements in the state or states in which your organization operates?
Privacy laws and regulations vary widely from one state to the next. This includes how personal information such as voice biometrics is gathered, stored, and managed. These rules may govern notices and disclosure, retention limits for voiceprints, rules for obtaining member consent, breach notification requirements, and more. The FinTech solution you choose should support compliance.
Voice authentication supports digital transformation
For credit unions and banks, voice verification provides a way to move call center digital transformation forward while capturing gains across multiple fronts.
- Seamless verification process augments the brand’s reputation for taking tangible action to improve customer and member experience during every contact center conversation.
- Enhanced fraud prevention shields account holders against the increasing threat from fraudsters who use social engineering and data breaches to compromise accounts.
- Reduced operating costs with shorter handle times allow agents to serve more callers and make the most of available resources.
With more and more consumers embracing the use of biometrics in everything from smartphones to wearables, they will soon come to expect it from their banks and credit unions. Financial institutions that adopt voice authentication now have a unique opportunity to lead their industry in what will soon become the standard for convenience and security across the financial services sector and beyond.
About Illuma
Illuma, a Credit Union Service Organization (CUSO), specializes in voice authentication software that replaces traditional knowledge-based authentication practices in call centers. Illuma provides frictionless voice authentication and fraud prevention for credit union contact centers to substantially reduce call handle times, improve member experience, and increase account security.