January 13, 2014, was a pretty tough day for Gregg Steinhafel, chairman, president and chief executive officer of Target, the giant retail department store chain. That was the day he appeared on the business television network CNBC to answer questions about a security breach that impacted upward of 70 million credit card customers. He apologized directly to customers for the breach as well as for the initially slow response times in the company’s call centers. In the misery-lovescompany department, the Target CEO may have been consoled by the news that the upscale Neiman Marcus chain also had been hacked.
Cost of Identity Theft
According to an extensive analysis of the cost of fraud in the United States, total merchant losses “continued to be a $100 billion-plus problem” (“2011 True Cost of Fraud Study,” sponsored by LexisNexis). The report also found that, for every $1 of direct fraud, merchants incur a “multiplier effect” of $2.33.
And it’s no picnic for consumers either. According to the Federal Trade Commission, more than 279,000 people registered complaints about identity theft in 2011, making that the 12th year in a row that identity theft was the No. 1 consumer complaint category. While, for most consumers, the impact is modest, one out of 20 victims suffers median out-of-pocket losses of $400 or more and spends up to 60 hours trying to clean up the mess afterward.
Call Centers: Weak Links in the Security Chain
Trained and motivated to provide good service and satisfy consumers, agents can sometimes be cajoled by experienced fraudsters into approving purchases or making account transfers—known within the industry as “social engineering.” Typical tricks are to assume the persona of an anguished account holder who is out of town and desperately needs to use his forgotten credit card to make a flight or access funds but cannot remember the PIN number or answer the security question. The caller has enough (stolen) details to convince the agent that the caller is legit.
Another approach is for a team of fraudsters to attack a bank call center with a crush of calls and take advantage of the disruptions to create a lapse in normal security procedures. According to fraud expert Avivah Litan, an analyst for Gartner, “The telephony channel is the weakest link in the chain when it comes to bank authentication of customers.” Call centers account for an estimated 50% of fraud losses incurred by large enterprises.
A biometric is a distinguishing physical characteristic. Examples include fingerprints, retinal scans, handwriting, facial features and voice prints. These are useful for authentication purposes because they cannot be forgotten, lost, stolen or duplicated.
However, retinal scanners, handwriting samples and fingerprint analysis are useless when the fraud is perpetrated over the telephone. From the fraudsters’ perspective, the telephone is perfect for separating unsuspecting individuals from their money. The perpetrator is not visible, and through the use of IP telephony, the phone number delivered to the receiving phone could belong to anybody or nobody.
Catching the Bad Guys
A voice print, or spectrogram, is a visual representation of the voice created on a computer. It captures the vibration frequency (pitch), amplitude (volume), and time (rpm) of a person’s vocal cords. It is a digital interpretation of a person’s voice. It is not a recording and cannot be played back.
SINCE EVERY HUMAN VOICE IS UNIQUE, VOICE
AUTHENTICATION IS THE IDEAL TECHNOLOGY FOR STOPPING
TELEPHONE FRAUD ATTEMPTS.
Since every human voice is unique, voice authentication is the ideal technology for stopping telephone fraud attempts. Victrio is one of the young companies that uses voice print technology to help corral telephone fraudsters. Founded in 2008, and recently acquired by Verint Systems, Victrio has built a global database of 15,000 fraudulent voice prints, and has created algorithms that takes into account the voice attributes and other pattern indicators that collectively help pinpoint the identity of the offender. The software analyses the caller’s voice in real-time, matches it against its database of known offenders, and calculates a score that determines the level of alert that will be delivered to the agent’s desktop. If an alert is prompted, the agent can put a hold on the transaction while collecting whatever additional identity information the caller may reveal that could help security forces track down the offender.
When a known fraudster’s voice is identified during or soon after a call, the fraud is stopped. What makes this approach effective is the fact that the majority of contact center fraud consists of repeat calls by the same set of professional fraudsters over time. Studies in the financial industry measure “repeat attacks” to be 80% to 90% of total fraud calls. Accordingly, the ability to detect repeat calls by known voices can dramatically drive down fraud attacks and losses. Victrio’s customers, primarily in the financial services field, can subscribe to the service or install the software onsite.
Keeping the Good Guys Happy
Current methods of authenticating callers include confirming telephone numbers, account numbers, requesting the last four digits of social security numbers or a credit card, requiring PIN numbers, the date of last transaction and even so-called social questions like the name of one’s first grade teacher or mother’s maiden name. It is estimated that over 80% of calls to contact centers today require some sort of caller verification. It is not unusual for callers to be challenged with multiple confirmation layers, even for mundane queries such as requests for technical support. Intrusive screening questions are a major annoyance for the 99.96% who are not trying to dupe anybody.
Deploying voice biometrics technology for the purpose of authenticating the good guys is a different type of problem than identifying identify potential perpetrators. In this case, it is necessary to build a library of voice prints for all customers. This will take some time. The voice print can be secured by requesting callers to submit a voice or simply tapping into the storehouse of voice recordings collected for quality management purposes.
The technology is not 100% foolproof. It is always advisable to use at least one other authentication layer. However, even with duo or multilevel authorization can shave precious seconds off handle time. Another significant advantage to both the enterprise and the customer is that voice authentication makes it much easier to make queries or conduct transactions from mobile devices. Mobile customers are less likely to have account numbers with them, which means they get stymied at the IVR. Similar problems may arise when trying to remotely access their account through the web interface. Logins require usernames and passwords, which traveling customers may not remember. The result is lost business for the enterprise and the poor customer experience for the caller.
So Far, So Good
We are in early phases of voice biometrics deployment, but results so far have been promising. A banking customer of Victrio reports that it has reduced of fraud losses by $20 to $30 million in the first year, and reduced fraud attacks by 50% for targeted call types.
The private banking division of Barclays Wealth is an early adopter of the voice biometrics’ solution provided by Nuance Communications. Barclays reports that more than 84% of its customers have enrolled in the Nuance voice biometrics solution and 95% of those customers were successfully verified upon their first use of the system.
It is hard to argue with any solution that cuts crime, reduces costs and improves the customer experience.
– Reprinted with permission from Contact Center Pipeline, www.contactcenterpipeline.com