customer

CustomerZone360 NEWS

CustomerZone360 Home

Are Password Laws the Solution to Combatting Growing Fraud? Or Should We Be Doing More?

By Special Guest
Roanne Levitt
December 27, 2018

To say that identity theft and fraud is a major issue is an understatement. In fact, odds are you or someone you know is one of the record 16.7 million U.S. consumers who fell victim to identity theft last year—a group that grew by 8 percent and was cheated out of $16.8 billion by fraudsters in 2017 alone (according to Javelin Strategy & Research).

Why the increase? Over the past couple of decades, the fraudster persona has changed from the ski-mask, bank robber to the person—or network of people—using technology to steal identities and money from consumers and organizations at alarming rates. What was once considered more of a targeted action is now a web of steadfast theft across multiple touch points—web, mobile apps, contact center, etc.—with costly, domino-style effects.

Given the magnitude of this issue, various organizations and governing bodies are proposing measures to combat fraud. In California, for instance, the Information Privacy: Connected Devices bill (SB-327) is set to go into effect on January 1, 2020, making it illegal for companies who manufacture an internet-connected device (such as a router or webcam) to set a weak default password on the device. Given that consumers oftentimes do not change the passwords leaving them the targets of fraud, manufacturers will now be required to set complex, unique admin passwords on their devices or have a start-up procedure that requires the user to create a strong password when setting up the device for the first time.

While this law signals a step in the right direction, it’s a small Band-Aid for a much larger problem: there are still so many vulnerable points of entry to fraud. Not to mention that using traditional alphanumeric passwords across these touch points is like leaving your door unlocked and inviting thieves inside to steal your belongings.

The bottom line is that anything that is knowledge-based—such as passwords, PINs and challenge questions—will always be susceptible to fraud, no matter how complex they are.

So what can consumers and organizations do to protect themselves? As consumers, we need to demand a multi-modal authentication approach from the organizations we do business with. And businesses should subscribe to them. Single authentication methods should not be used.

Second, we need to move from knowledge-based methods to inherent safeguards like biometrics. As the name implies, knowledge-based methods authenticate using something we know (and must remember) while biometrics authenticate using a unique biological key that we always have with us. It doesn’t require us to come up with a password, remember that password, write that password down or put it in a computer file.

Not only are knowledge-based passwords easily stolen or duplicated, but they are also frustrating when forgotten and need to be reset via email or text (which is also hackable). Biometric technologies on the other hand, utilize a person’s unique inherent traits (our voice, behavior, fingerprint, face, etc.), and are the deciding factor as to whether we can access an account, make a transaction, or perform other tasks. These types of security mechanisms are extremely critical in today’s online and mobile commerce environment where we may interact with an organization through a number of vehicles. For instance, starting an interaction by calling the contact center, then moving on to a mobile app or website to complete a transaction.

In the case of voice biometrics, a person's voice is compared to a voiceprint stored on file, and is analyzed for hundreds of physical and behavioral factors, making it secure and reliable. Unlike knowledge-based authentication, a person’s unique voice cannot be stolen, copied or re-used. The beauty of a technology like voice biometrics is that it can be active or passive, securing against a broader range of fraud. An example of active is when a consumer utters a passphrase like "my voice is my password" to gain access to their account and self-serve through a digital channel (like an app or website). An example of passive is when the technology "listens" in the background of a conversation with a call center agent and compares the caller’s voice to the voiceprint on file without any additional input from the customer, authenticating the caller in as little as 3-10 seconds.

Additionally, with behavior biometrics, our interaction patterns (such as how we type, swipe, hold a device, apply pressure, use a mouse, and even the surface area occupied by our finger) can be compared to an expected profile of that same user. It provides continuous authentication where a user is constantly compared to her profile to ensure that someone else has not hijacked the session.

In addition to improving customer experiences via easy and seamless authentication, biometrics can save organizations millions while keeping customers happy and their accounts safe. While password laws, in theory, are a good idea and certainly an indication that more must be done to combat fraud, they ultimately won’t fix the issue that the username and password paradigm is fundamentally broken. It was never designed for—and is inherently incapable of addressing—the use cases of the modern digital environment.

Current and future authentication and security challenges require a modern solution. And biometrics is it.




Edited by Maurice Nagle
Related Articles

CUSTOMER Magazine Announces Winners of the 2019 CRM Excellence Award

By: TMCnet News    6/20/2019

TMC announced the winners of its 20th Anniversary CRM Excellence Award.

Read More

Constant Contact Leverages Glance Networks' Visual Engagement to Transform Service Centers into a Revenue Centers

By: Erik Linask    6/18/2019

Constant Contact increased its contact center efficiency, productivity, customer satisfaction, and revenue thanks to Glance Networks solution.

Read More

Trends that will Improve the Customer Service Experience in 2020

By: Special Guest    6/12/2019

Customer service has long been a necessary factor in a company's success. With a growing number of in-person and e-commerce businesses entering variou…

Read More

Will the Right Combination of Platforms and People Drive the Next Generation of Customer Service?

By: Shrey Fadia    6/11/2019

Recently hired Genesys CEO Tony Bates comes to Denver this week for Xperience19, bringing together thousands of customers, partners and contact center…

Read More

Blending High Tech and High Touch, New CX BPO Launched at Genesys Xperience 19

By: Special Guest    6/11/2019

Even as companies in the contact center and "CX" industry continue to push self-service, chatbots, social messaging apps and "automation" that enable …

Read More