(BPT) – As cybercrime continues to skyrocket and every day brings news of yet another data breach, many people worry that fraudsters will hack into their bank or credit card accounts and drain their funds or go on a shopping spree. While criminals do directly attack online accounts, the greater risk actually comes from a less obvious source: the telephone.
While banks and other financial firms have made significant investments in cybersecurity measures to protect their computer systems and online platforms, one critical area they often overlook is their call centers. The problem stems from vulnerable caller authentication procedures — the processes your bank uses to confirm that you are who you say you are when you call.
Unfortunately, many financial services companies rely on asking personal questions (“What’s your mother’s maiden name?” “What are the last four digits of your Social Security number?”) to determine whether people calling in are really the customers they’re claiming to be. This approach is called knowledge-based authentication — and it’s a fraudster’s paradise. They can easily beat it because so much private information is now public. Personal information stolen in data breaches is commonly available for sale on the dark web, and social media accounts offer a treasure trove of useful details as well.
This makes it too easy for a criminal who calls a bank posing as a customer to correctly answer the call center agent’s security questions. Before you know it, the password for the targeted account has been reset or the mailing address changed and — boom! — the imposter has cashed out the account without the real customer realizing anything has happened. This method of attack, called an account takeover, is used thousands of times a day as criminals convince call center agents that they are actual customers who need help accessing their accounts online. Banks are increasingly privy to this problem, but your bank might not be moving fast enough to protect your financial well-being.
The U.S. government and industry experts have recommended for years that financial institutions replace simple knowledge-based authentication with multifactor authentication — combining knowledge (something the person knows: a PIN, a birth date) with inherence (something the person is: a voice print, a retina scan) or ownership (something the person has: a trusted phone, a credit card) — and companies are starting to shift to stronger methods of caller authentication to keep their customers’ accounts safe. As an alternative to identity interrogation and part of a multifactor authentication solution, TRUSTID, a Neustar company, offers pre-answer caller authentication — identifying callers automatically, instantly and invisibly before their calls are answered. Many companies combine these technologies to create multifactor authentication systems that strongly protect customer accounts.
You don’t need to just sit around and wait for your bank to make the change. Here are three things you can do now to make sure your funds and information are being protected.
- See what process your bank uses to identify you when you call. When you phone the bank for help with your account, does the customer service agent first ask you several questions to determine who you are? If so, that’s a warning sign the bank is still just using knowledge-based authentication and may not be doing all it can to safeguard your account. Newer authentication technologies can confirm your identity by analyzing your phone or by listening to your voice and many of these approaches work in the background or before your call is even answered.
- Ask questions. Do a bit of research to find out what’s going on behind the scenes. Ask the agent how the bank authenticates callers. Does the call center use voice analytics to make sure callers’ voices match the customers’ recorded voice prints, or use telephone network forensics to confirm that customers’ calls are legitimate calls coming from their actual phones? If the answer is no, your bank may not be using the most sophisticated anti-fraud technologies available today.
- Move your business. If you don’t get the answers you’re looking for, it may be time to take your money elsewhere. Banks, credit unions, credit card companies, brokers and other financial services companies that make security a top priority are constantly evaluating and investing in technology upgrades to protect their customers’ accounts. Organizations that really want to earn your trust will do everything they can to demonstrate that they value account security.
Sometimes, the right place to park your money is not always the bank with the best interest rates or the most enticing credit card deals. You also need the peace of mind that comes with knowing your financial institution is fully committed to protecting your account. This means protecting your account against hackers, of course, but it also means making sure that criminals who get your personal information from somewhere else can’t use that information to trick call center agents into turning over the keys to your life.