customer

CustomerZone360 NEWS

Free eNews Subscription

Are Password Laws the Solution to Combatting Growing Fraud? Or Should We Be Doing More?

By Special Guest
Roanne Levitt
December 27, 2018

To say that identity theft and fraud is a major issue is an understatement. In fact, odds are you or someone you know is one of the record 16.7 million U.S. consumers who fell victim to identity theft last year—a group that grew by 8 percent and was cheated out of $16.8 billion by fraudsters in 2017 alone (according to Javelin Strategy & Research).

Why the increase? Over the past couple of decades, the fraudster persona has changed from the ski-mask, bank robber to the person—or network of people—using technology to steal identities and money from consumers and organizations at alarming rates. What was once considered more of a targeted action is now a web of steadfast theft across multiple touch points—web, mobile apps, contact center, etc.—with costly, domino-style effects.

Given the magnitude of this issue, various organizations and governing bodies are proposing measures to combat fraud. In California, for instance, the Information Privacy: Connected Devices bill (SB-327) is set to go into effect on January 1, 2020, making it illegal for companies who manufacture an internet-connected device (such as a router or webcam) to set a weak default password on the device. Given that consumers oftentimes do not change the passwords leaving them the targets of fraud, manufacturers will now be required to set complex, unique admin passwords on their devices or have a start-up procedure that requires the user to create a strong password when setting up the device for the first time.

While this law signals a step in the right direction, it’s a small Band-Aid for a much larger problem: there are still so many vulnerable points of entry to fraud. Not to mention that using traditional alphanumeric passwords across these touch points is like leaving your door unlocked and inviting thieves inside to steal your belongings.

The bottom line is that anything that is knowledge-based—such as passwords, PINs and challenge questions—will always be susceptible to fraud, no matter how complex they are.

So what can consumers and organizations do to protect themselves? As consumers, we need to demand a multi-modal authentication approach from the organizations we do business with. And businesses should subscribe to them. Single authentication methods should not be used.

Second, we need to move from knowledge-based methods to inherent safeguards like biometrics. As the name implies, knowledge-based methods authenticate using something we know (and must remember) while biometrics authenticate using a unique biological key that we always have with us. It doesn’t require us to come up with a password, remember that password, write that password down or put it in a computer file.

Not only are knowledge-based passwords easily stolen or duplicated, but they are also frustrating when forgotten and need to be reset via email or text (which is also hackable). Biometric technologies on the other hand, utilize a person’s unique inherent traits (our voice, behavior, fingerprint, face, etc.), and are the deciding factor as to whether we can access an account, make a transaction, or perform other tasks. These types of security mechanisms are extremely critical in today’s online and mobile commerce environment where we may interact with an organization through a number of vehicles. For instance, starting an interaction by calling the contact center, then moving on to a mobile app or website to complete a transaction.

In the case of voice biometrics, a person's voice is compared to a voiceprint stored on file, and is analyzed for hundreds of physical and behavioral factors, making it secure and reliable. Unlike knowledge-based authentication, a person’s unique voice cannot be stolen, copied or re-used. The beauty of a technology like voice biometrics is that it can be active or passive, securing against a broader range of fraud. An example of active is when a consumer utters a passphrase like "my voice is my password" to gain access to their account and self-serve through a digital channel (like an app or website). An example of passive is when the technology "listens" in the background of a conversation with a call center agent and compares the caller’s voice to the voiceprint on file without any additional input from the customer, authenticating the caller in as little as 3-10 seconds.

Additionally, with behavior biometrics, our interaction patterns (such as how we type, swipe, hold a device, apply pressure, use a mouse, and even the surface area occupied by our finger) can be compared to an expected profile of that same user. It provides continuous authentication where a user is constantly compared to her profile to ensure that someone else has not hijacked the session.

In addition to improving customer experiences via easy and seamless authentication, biometrics can save organizations millions while keeping customers happy and their accounts safe. While password laws, in theory, are a good idea and certainly an indication that more must be done to combat fraud, they ultimately won’t fix the issue that the username and password paradigm is fundamentally broken. It was never designed for—and is inherently incapable of addressing—the use cases of the modern digital environment.

Current and future authentication and security challenges require a modern solution. And biometrics is it.




Edited by Maurice Nagle
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE
Related Articles

Modern Keystones of CX Success: New Report Reviews Competitive Growth Differentiators and Trends

By: Alex Passett    9/22/2023

The customer experience (CX) yardstick is changing and companies need a bevy of comprehensive and modernized CX capabilities (e.g. AI, analytics tools…

Read More

Cross-Channel Customer Experiences Surge through Vonage's 'Conversations for Salesforce'

By: Greg Tavarez    9/20/2023

Vonage launched Vonage "Conversations for Salesforce," a configurable omnichannel messaging app powered by the Vonage Communications Platform.

Read More

BPO Company ibex and ITEXPO 2024 Keynoter Genesys Partner for Customer Experience Solution Offering

By: Tracey E. Schelmetic    9/19/2023

Business process outsourcing company ibex recently announced a partnership with Genesys to offer next generation omnichannel customer experience (CX) …

Read More

ITEXPO 2024 Keynoter Genesys Sees Cloud CX Platform Surpass 1 Million Users

By: Greg Tavarez    9/19/2023

Genesys ended the second quarter of fiscal year 2024 with nearly $1.2 billion in annual recurring revenue.

Read More

Study Finds the Cost of Poor Customer Support Continues to Rise

By: Tracey E. Schelmetic    9/18/2023

A new study commissioned by generative AI customer service platform Airkit.ai found that customers' expectations continue to rise, and the costs for d…

Read More