customer

CustomerZone360 NEWS

Free eNews Subscription

Are Password Laws the Solution to Combatting Growing Fraud? Or Should We Be Doing More?

By Special Guest
Roanne Levitt
December 27, 2018

To say that identity theft and fraud is a major issue is an understatement. In fact, odds are you or someone you know is one of the record 16.7 million U.S. consumers who fell victim to identity theft last year—a group that grew by 8 percent and was cheated out of $16.8 billion by fraudsters in 2017 alone (according to Javelin Strategy & Research).

Why the increase? Over the past couple of decades, the fraudster persona has changed from the ski-mask, bank robber to the person—or network of people—using technology to steal identities and money from consumers and organizations at alarming rates. What was once considered more of a targeted action is now a web of steadfast theft across multiple touch points—web, mobile apps, contact center, etc.—with costly, domino-style effects.

Given the magnitude of this issue, various organizations and governing bodies are proposing measures to combat fraud. In California, for instance, the Information Privacy: Connected Devices bill (SB-327) is set to go into effect on January 1, 2020, making it illegal for companies who manufacture an internet-connected device (such as a router or webcam) to set a weak default password on the device. Given that consumers oftentimes do not change the passwords leaving them the targets of fraud, manufacturers will now be required to set complex, unique admin passwords on their devices or have a start-up procedure that requires the user to create a strong password when setting up the device for the first time.

While this law signals a step in the right direction, it’s a small Band-Aid for a much larger problem: there are still so many vulnerable points of entry to fraud. Not to mention that using traditional alphanumeric passwords across these touch points is like leaving your door unlocked and inviting thieves inside to steal your belongings.

The bottom line is that anything that is knowledge-based—such as passwords, PINs and challenge questions—will always be susceptible to fraud, no matter how complex they are.

So what can consumers and organizations do to protect themselves? As consumers, we need to demand a multi-modal authentication approach from the organizations we do business with. And businesses should subscribe to them. Single authentication methods should not be used.

Second, we need to move from knowledge-based methods to inherent safeguards like biometrics. As the name implies, knowledge-based methods authenticate using something we know (and must remember) while biometrics authenticate using a unique biological key that we always have with us. It doesn’t require us to come up with a password, remember that password, write that password down or put it in a computer file.

Not only are knowledge-based passwords easily stolen or duplicated, but they are also frustrating when forgotten and need to be reset via email or text (which is also hackable). Biometric technologies on the other hand, utilize a person’s unique inherent traits (our voice, behavior, fingerprint, face, etc.), and are the deciding factor as to whether we can access an account, make a transaction, or perform other tasks. These types of security mechanisms are extremely critical in today’s online and mobile commerce environment where we may interact with an organization through a number of vehicles. For instance, starting an interaction by calling the contact center, then moving on to a mobile app or website to complete a transaction.

In the case of voice biometrics, a person's voice is compared to a voiceprint stored on file, and is analyzed for hundreds of physical and behavioral factors, making it secure and reliable. Unlike knowledge-based authentication, a person’s unique voice cannot be stolen, copied or re-used. The beauty of a technology like voice biometrics is that it can be active or passive, securing against a broader range of fraud. An example of active is when a consumer utters a passphrase like "my voice is my password" to gain access to their account and self-serve through a digital channel (like an app or website). An example of passive is when the technology "listens" in the background of a conversation with a call center agent and compares the caller’s voice to the voiceprint on file without any additional input from the customer, authenticating the caller in as little as 3-10 seconds.

Additionally, with behavior biometrics, our interaction patterns (such as how we type, swipe, hold a device, apply pressure, use a mouse, and even the surface area occupied by our finger) can be compared to an expected profile of that same user. It provides continuous authentication where a user is constantly compared to her profile to ensure that someone else has not hijacked the session.

In addition to improving customer experiences via easy and seamless authentication, biometrics can save organizations millions while keeping customers happy and their accounts safe. While password laws, in theory, are a good idea and certainly an indication that more must be done to combat fraud, they ultimately won’t fix the issue that the username and password paradigm is fundamentally broken. It was never designed for—and is inherently incapable of addressing—the use cases of the modern digital environment.

Current and future authentication and security challenges require a modern solution. And biometrics is it.




Edited by Maurice Nagle
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE
Related Articles

CUSTOMER Magazine Announces Winners of 2025 Voice AI Technology Excellence Awards

By: TMCnet News    6/30/2025

The Voice AI Technology Excellence Awards honor innovative solutions that harness the power of artificial intelligence to elevate voice-driven experie…

Read More

Burnout on the Line: Smarter Solutions to Combat a Growing Crisis

By: Contributing Writer    6/17/2025

Burnout is draining your contact center. Discover how better training and the right tools can keep agents sharp, calm, and performing.

Read More

VoIP Provider Zadarma Integrates Three AI Voice Agents into its PBX Platform

By: Erik Linask    6/11/2025

London-based VoIP provider Zadarma integrated three AI-powered voice assistants directly into its PBX platform, a first in Europe, according to the co…

Read More

CUSTOMER Magazine Announces Winners of the 2025 CRM Excellence Awards

By: TMCnet News    6/11/2025

The 2025 CRM Excellence Awards recognize companies whose products and services go beyond traditional customer relationship management, encompassing th…

Read More

The Future of CX: Mosaicx Unveils AI-Native Engage Platform

By: Erik Linask    6/6/2025

Mosaicx has launched Engage, its next-gen AI-native CX platform to drive improvements in customer engagement and experiences.

Read More