customer

CustomerZone360 NEWS

Free eNews Subscription

Are Password Laws the Solution to Combatting Growing Fraud? Or Should We Be Doing More?

By Special Guest
Roanne Levitt
December 27, 2018

To say that identity theft and fraud is a major issue is an understatement. In fact, odds are you or someone you know is one of the record 16.7 million U.S. consumers who fell victim to identity theft last year—a group that grew by 8 percent and was cheated out of $16.8 billion by fraudsters in 2017 alone (according to Javelin Strategy & Research).

Why the increase? Over the past couple of decades, the fraudster persona has changed from the ski-mask, bank robber to the person—or network of people—using technology to steal identities and money from consumers and organizations at alarming rates. What was once considered more of a targeted action is now a web of steadfast theft across multiple touch points—web, mobile apps, contact center, etc.—with costly, domino-style effects.

Given the magnitude of this issue, various organizations and governing bodies are proposing measures to combat fraud. In California, for instance, the Information Privacy: Connected Devices bill (SB-327) is set to go into effect on January 1, 2020, making it illegal for companies who manufacture an internet-connected device (such as a router or webcam) to set a weak default password on the device. Given that consumers oftentimes do not change the passwords leaving them the targets of fraud, manufacturers will now be required to set complex, unique admin passwords on their devices or have a start-up procedure that requires the user to create a strong password when setting up the device for the first time.

While this law signals a step in the right direction, it’s a small Band-Aid for a much larger problem: there are still so many vulnerable points of entry to fraud. Not to mention that using traditional alphanumeric passwords across these touch points is like leaving your door unlocked and inviting thieves inside to steal your belongings.

The bottom line is that anything that is knowledge-based—such as passwords, PINs and challenge questions—will always be susceptible to fraud, no matter how complex they are.

So what can consumers and organizations do to protect themselves? As consumers, we need to demand a multi-modal authentication approach from the organizations we do business with. And businesses should subscribe to them. Single authentication methods should not be used.

Second, we need to move from knowledge-based methods to inherent safeguards like biometrics. As the name implies, knowledge-based methods authenticate using something we know (and must remember) while biometrics authenticate using a unique biological key that we always have with us. It doesn’t require us to come up with a password, remember that password, write that password down or put it in a computer file.

Not only are knowledge-based passwords easily stolen or duplicated, but they are also frustrating when forgotten and need to be reset via email or text (which is also hackable). Biometric technologies on the other hand, utilize a person’s unique inherent traits (our voice, behavior, fingerprint, face, etc.), and are the deciding factor as to whether we can access an account, make a transaction, or perform other tasks. These types of security mechanisms are extremely critical in today’s online and mobile commerce environment where we may interact with an organization through a number of vehicles. For instance, starting an interaction by calling the contact center, then moving on to a mobile app or website to complete a transaction.

In the case of voice biometrics, a person's voice is compared to a voiceprint stored on file, and is analyzed for hundreds of physical and behavioral factors, making it secure and reliable. Unlike knowledge-based authentication, a person’s unique voice cannot be stolen, copied or re-used. The beauty of a technology like voice biometrics is that it can be active or passive, securing against a broader range of fraud. An example of active is when a consumer utters a passphrase like "my voice is my password" to gain access to their account and self-serve through a digital channel (like an app or website). An example of passive is when the technology "listens" in the background of a conversation with a call center agent and compares the caller’s voice to the voiceprint on file without any additional input from the customer, authenticating the caller in as little as 3-10 seconds.

Additionally, with behavior biometrics, our interaction patterns (such as how we type, swipe, hold a device, apply pressure, use a mouse, and even the surface area occupied by our finger) can be compared to an expected profile of that same user. It provides continuous authentication where a user is constantly compared to her profile to ensure that someone else has not hijacked the session.

In addition to improving customer experiences via easy and seamless authentication, biometrics can save organizations millions while keeping customers happy and their accounts safe. While password laws, in theory, are a good idea and certainly an indication that more must be done to combat fraud, they ultimately won’t fix the issue that the username and password paradigm is fundamentally broken. It was never designed for—and is inherently incapable of addressing—the use cases of the modern digital environment.

Current and future authentication and security challenges require a modern solution. And biometrics is it.




Edited by Maurice Nagle
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE
Related Articles

FedRAMP-Approved Calabrio GovSuite Modernizes Contact Centers for US Government

By: Greg Tavarez    3/18/2024

Calabrio GovSuite helps enrich and understand human interactions, which better equips contact centers to quickly adapt to evolving citizen demands.

Read More

Blue skies and smooth sailing: Resolving the top five challenges in traveler support with AI

By: TMCnet Staff    3/18/2024

Join Language I/O experts live and learn about the latest AI solutions powering up customer support in the travel industry.

Read More

AudioCodes Adds Omnichannel Capabilities to Voca CIC

By: Tracey E. Schelmetic    3/15/2024

Communications software company AudioCodes has announced that its Voca Conversational Interaction Center (Voca CIC) is now an omnichannel contact cent…

Read More

Talkdesk Adapts its Autopilot Virtual Agent for Healthcare Applications

By: Tracey E. Schelmetic    3/15/2024

Contact center solutions provider Talkdesk recently introduced Talkdesk Autopilot for Healthcare (the next generation of the company's virtual agent t…

Read More

Managed Cloud Services Company InterVision Adds CCaaS to its Platform

By: Tracey E. Schelmetic    3/15/2024

Managed cloud services company InterVision is introducing its new ConnectIV CX product, a CCaaS solution designed to enhance customer and employee exp…

Read More