Contact Center Solutions Featured Article

Authentify Combats Social Engineering in Contact Centers with Mobile App

March 10, 2015

There is a term that unfortunately contact center administrators have or are about to become way too familiar with. The term is “social engineering” and refers specifically to a nasty practice by the bad guys, particularly in looking for vulnerabilities to exploit in the banking sector to monetize their efforts.  In simple terms, it is a fraud characterized by imposters using stolen credit card info to activate Apple Pay accounts on new smartphones and purchase high value goods.  With the forthcoming launch of Apple Watch scheduled for April 24, which is being promoted heavily because of its ease of use for mobile payments for retailer who are Apple Pay friendly, the interest of fraudsters in such exploits is only going to increase. 

The challenge for contact centers in the banking industry is how to nip this in the bud before it really explodes on the scene.  In this regard, the announcement from mobile multi-factor solutions provider Authentify looks like a solution to carefully evaluate. 

Chicago, IL-based  Authentify has announced Authentify xFA SecureCallCenter. It is aimed at addressing the problem just cited above, i.e., to help financial institutions protect contact center agents from social engineering attempts. As noted, based on the expected growth of traction for Apple Pay, the timing could not come soon enough.  In fact, this activity has already been occurring even as Apple Pay really is just getting its competitive footing.  It is also of increasing importance as users more and more employ their smartphones as their communications device of choice for all types of interactions.  And, while some start as self-service inquiries, or even move to chat, a majority begin as voice and many of those begun in one channel end up resulting in a phone call.

How it works

 SecureCallCenter app is all about those voice interactions between mobile customers and contact center agents.  The way it works is as follows.  A user logs into their copy of the institution's mobile app and taps a contact center button.  This triggers Authentify xFA's biometric authentication sequence while a voice channel call is also placed to the contact center.   After the user has been authenticated SecureCallCenter app connects the call and passes the end user's contact and account information to a module at the contact center console. The module interprets the information for the console, enabling the information to be displayed to the next representative in the queue.

Importantly, in terms of operations, financial account information is managed by the financial institution's app and procedures. This leaves the authentication and biometrics to be managed by Authentify. It also means the impact on responsiveness of agents will likely be imperceptible to the calling party.

"The SecureCallCenter functionality provides a one-touch connection to an institution's call center," said Alan Dundas, Authentify's vice president of Product Architecture. "As financial services customers migrate to using mobile channels as the primary connection to their accounts, reusing the authentication from the mobile app across a different contact channel makes a great deal of sense."

Creating trust through authentication to fight fraud

Authentify is making the announcement pointed to its history of authenticating online users for financial services firms using phone-based authentication which started in 2001. Even in the mobile space, the company has expertise having introduced its first mobile, app-based authentication services in 2011.  "This is a unique combination of security features where digital certificates, voice biometrics and a fingerprint could be coupled for authenticating an inbound call," said Dundas. "There are 60,000 customer service representatives employed across just the top 20 call centers in the U.S. The majority of them are operated by financial services. If you saved each representative only five minutes a day on authentication tasks, that translates to 250,000 employee hours per week. The ROI is easy to measure."

The other good news is that customers do not have to wait. Authentify xFA SecureCallCenter is available immediately and requires the Authentify xFA mobile SDK to integrate with a financial institution's own mobile app. 

It is often said in the security community that identity/authentication is the new perimeter when it comes to thwarting the efforts of bad actors.  Because e-commerce is all about trust, and interactions with banks are so critical, it is no wonder that there is intense interest by financial institutions in authenticating people who wish to make credit card purchases when they call.  The mobile calling part of interactions with contact centers has represented a true and inviting expansion of the attack plane.  And, while no security solution is perfect, making it hard for the bad guys should be a significant enough deterrent to make them look elsewhere.  

Edited by Maurice Nagle