Last December I received a call from my bank, checking in with me due to an unusual amount of credit card activity on the internet. I had been doing a lot of holiday shopping online, but when they started asking me questions about my personal information, I got suspicious. Since I had no way to authenticate the caller, I terminated the call and immediately called the bank's toll-free number. Thankfully, the representative confirmed that the previous call was legitimate. But the process made me more aware of the risks of ID theft and fraud over the phone.
Most call centers are authenticating callers by asking some combination of the same set of questions. Yet these venerable “knowledge tokens” are quite vulnerable to ID theft, even through simple genealogy searches on the internet. Answering these questions for customer service reps opens the door to insider-assisted fraud, which is on the rise.
I'd prefer to see multifactor authentication utilized in call centers, like it has been in online systems. Voiceprint technology has been proven effective in dozens of password resets, and would streamline the authentication process over the phone. TD Waterhouse recently deployed a system I'd like to see more companies emulate. Their customers just say their phone number and a secret date. It is fast and secure, and not vulnerable to fraud due to ID theft.
It is about time enterprises, especially financial institutions, implement multifactor authentication systems for their call centers. Now that the technology is proven and successful deployments are in place, the obstacles to implementation are out of the way.