Knowledge-based authentication for call centers is cumbersome and can increase risk of spoofing, but there are tech-based alternatives.
Businesses know the high cost of an underwhelming customer experience. Organizations engaged in commerce have invested in applications and platforms that provide frictionless, secure customer experiences online or via phone — enabling businesses to build and retain loyalty and to protect sales and growth prospects. In turn, consumers have been conditioned to expect a high level of service in a wide range of interactions, including those with government agencies.
Fortifying trust in government systems
Government agencies can take a page from the private sector playbook, and the timing is critical. Earlier this year, the Pew Research Center reported that trust in the federal government was near historic lows, while other surveys reported greater faith in commercial brands than in government. One way to begin reversing the trend is for government agencies to improve the citizen experience by restoring confidence in a primary mode of interaction: the phone channel.
Government's priority is to serve the people it represents. Profits may not be at stake, but the efficient use of tax dollars and belief in the system and its safeguards are. A telephone call is often a constituent's first interaction with a government agency, driven by questions about or issues with procedures, benefits or status updates. Inevitably, rather than getting to the heart of the matter, a caller must first authenticate their identity, which can consume the first 30 to 90 seconds of a call and set the tone for the rest of the interaction. An arduous authentication process will likely only enhance any frustration a caller is experiencing, rather than alleviating it.
Knowledge-based authentication insufficient for today's threats
While government agencies may cite fraud-fighting efforts as rationale for their authentication practices, their commonly selected method of knowledge-based authentication (KBA) may inadvertently expose citizens and agencies to greater risk. KBA questions — date of birth, last four digits of a Social Security number, mother's maiden name, etc. — balloon average handle times, frustrate citizens, and most importantly, represent personally identifiable information (PII) easily bought or found by those perpetrating fraud. The 2020 State of Call Center Authentication survey found that call center agents in the financial services industry have become increasingly susceptible to social engineering attacks as customers' PII has become easier to acquire illicitly.
For agencies that rely on KBA, fraudulent account takeover is a real threat. Criminals can appear to be calling from a citizen's phone number through actions like SIM swapping, unauthorized number reassignment, spoofing, call forwarding and call virtualization, or using virtualized services to make calls that are untraceable. Combined with the practice of socially engineering a customer service representative, these methods can quickly negate legacy defenses and give fraudsters unauthorized access to account data and additional identifying information.
Many agencies struggle to identify citizens quickly because, on average, over 60% of their records are out of date after only two years. Citizens often call from numbers other than those associated with their records in agencies' databases, and they are unlikely to give notice that they have changed carriers or phone numbers. But relying on multiple questions to authenticate a caller is not the answer.
Automated inbound caller authentication offers promise
Instead of empowering criminals armed with someone's PII, frustrating legitimate callers with a litany of questions, and becoming distracted from resolving the purpose of a call, government agencies can improve the citizen experience and reduce the risk of fraud by implementing inbound caller authentication. Proven in many major call centers, including those of the largest U.S. banks, inbound caller authentication uses real-time data to verify identity without agent intervention and before the first "hello." Legitimate callers are passed through to customer service representatives for assistance quickly, while suspicious callers receive a closer look.
Through inbound caller authentication, many common phone fraud risks — spoofing, call virtualization, etc. — are mitigated. The best authentication solutions use a variety of authoritative data sources to compare and corroborate citizen and device identity, even if a number is different from one stored in customer relationship management software. By using continuous, real-time data, authentication solutions can ensure their information is accurate and current. As a result, such solutions should be able to confirm a device is legitimate and is following expected routing from one end to the other, passing it through with confidence.
A better way to serve citizens
Government agency contact centers need better ways to authenticate and verify citizens, in real-time, to prevent fraud and loss of trust in the systems designed to protect and serve them. To achieve this balance and attain these results, federal contact centers must implement solutions that establish a clear understanding of the citizen behind every transaction or interaction. Inbound caller authentication can be that solution, offering an opportunity to reduce fraud while introducing a better citizen experience and greater assurance in government systems.