Paul LangMarch 28, 2022

Succeeding with Identity-centered Security in the Contact Center

Every interaction and transaction that goes through a customer service center (paying a bill, booking a flight, applying for a loan) requires identity authentication. Many security measures exist, like Knowledge-based Authentication (answering specific security questions), liveness detection (verifying the accuracy of a fingerprint or other form of biometrics), and masking and purging (obscuring and then eliminating verification data), but they no longer cut it in a world of relentless and ever-so-clever data hacking.

There are also security considerations from an internal standpoint. How can contact centers verify that the right people are viewing sensitive customer data, and just how much of that data should be viewable? Case in point: last year Instacart, online grocery delivery, and pickup service disclosed a security incident caused by two employees who gained access to shopping profiles. Not long before that, hackers put up for sale the details of almost 300,000 Instacart accounts on the dark web marketplace.

Were living in a new world of hacking that requires a new level of security and identity authentication. The answer is Identity-centered Security. Unlike older, existing tactics that aim to verify someone by proving what they know (a.k.a. knowledge-based authentication), Identity-centered security aims to prove who a person is – something hackers cant replicate. This is done by leveraging the sensors on a users phone, laptop, or another connected device (i.e., location services, cameras, keyboards, QR code scanning).

Identity-centered security can be done a heck of a lot faster, with far greater accuracy, and (to customersand employeesdelight) doesnt have to be repeated across different touchpoints. A groundbreaking innovation in cryptography called the Zero-Knowledge Proof” also allows contact centers to verify information without revealing the actual data to the other party (a.k.a. the employee/ agent). Its an incredible advancement in contact center biometrics and identity authentication, being led by innovators like Avaya and Journey.

The benefits of Identity-centered Security are proven: savings of as much as $3 per call by minimizing verification time, savings associated with increased fraud prevention in the contact center, greater customer satisfaction (and quicker time to sell) with the ability to create a biometric template for customers to reauthenticate against in the future, and greater employee satisfaction and retention with fewer security headaches and hassles.

Four Compelling Business Use Cases for Identity-centered Security

  1. Digital ID verification: Let’s say you’re interested in opening a new account with a bank. The bank will still have to collect information like your address and SSN or equivalent government-issued identification as part of the initial onboarding process; however, the bank can use digital ID verification as an easier, next-gen form of authentication. Using the sensors on your smartphone, they can capture your government photo ID (i.e., your driver’s license, passport) and match that ID to a 3D scan or photo of your face to digitally verify who you are. This significantly decreases the bank’s “false acceptance ratio” (the likelihood of the system incorrectly verifying a person’s identity) while increasing its scope of compliance, decreasing your friction as a customer, and improving your data privacy. How much would it be worth to the business if you could open new accounts in a single interaction in mere moments, collapse the time and resources required to do so, and significantly decrease fraud by collapsing someone else’s ability to pretend to be you?
  2. Everyday authentication: Lets say you expand your relationship with the bank by opening another account and applying for a new credit card. This extension of your relationship means more everyday interactions – about account fees, credit card upgrade offers, etc. Every time you contact the bank to do anything (transfer a balance, authorize a purchase, update your address), the bank can prove who you are by using the identity template it established during your initial onboarding. This makes things easier and more enjoyable for you as the customer, while minimizing verification costs and fraud in the contact center for the bank (this is a win-win). Again, as a consumer, this experience is faster and easier than ever and protects your account and the business against fraud and wasted time.
  3. Agent/employee authentication: Companies can also integrate Identity-centered Security into their work environment for agents and employees. Instead of typing in an employee ID and password that needs to be updated every 90 days, agents can scan their face on their laptop and prove against that every time they log in for a shift. Its the same kind of identity template created for customers, only its established during the employee onboarding process. This is a faster, more organic process for employees, and the bank, for example, can avoid potential internal breaches by virtually guaranteeing the right person is logged into the system. It also significantly reduces the pain and cost associated with password resets, which account for up to 50% of calls to IT helpdesks and cost around $70 per reset.
  4. Contact center compliance: Contact center compliance is expensive and complex, especially for businesses in high-risk industries like financial services. The bank in our example, for instance, has an avalanche of requirements surrounding data privacy, data transfer obligations, data monitoring, and payment obligations – all of which vary depending on the jurisdiction. Identity-centered security allows data that would normally be subject to compliance to be verified without being seen. All the agent sees is a checkmark verifying the data’s accuracy. By masking this data, compliance is taken completely out of the scope of the contact center. For the bank, this means less risk, cost, and effort. This is unique to Journey through its Zero-Knowledge Network.

Self-evaluation: Questions to Consider

Trying to build a business case or not sure if youre ready to move forward? Consider these qualifying questions:

  • What existing authentication methods do you use, and what have they cost you from a breach perspective?
  • How efficient are these current methods from both a customer and employee perspective? How much time does each authentication take? What about cases where you need to “step up” authentication for a high-value transaction?
  • What are the hard and soft costs of these methods?
  • How much of a security risk are you at if the wrong person gets into your system or is exposed to certain information?
  • What resources – talent, databases, and otherwise – do you rely on with your existing approach?

Ready to get started? Consider these three simple steps:

  1. Identify your problem area(s) within your department.  Collaborate with your IT, Security, and Legal stakeholders.  
    1. Are your costs and processes for compliance out of control?
    2. Are you losing customers in the onboarding process?
    3. Does authentication take too much time?
    4. Are your CSAT scores suffering because of the identity experience?
    5. Is fraud a big concern in your contact center?
    6. Do you find that your business weighs improving security against the friction caused on the customer?
  2. Assess the business impact of these problem areas based on prioritized criteria including Financial loss, Risk exposure, Brand reputation, Customer dissatisfaction, Employee attrition, etc.
  3. Inventory your existing systems and processes to understand the architecture and logical dependencies.  Consider the talent (both skillset and financial) required to maintain and evolve these existing systems, processes, and methodologies as your organization changes.  Is there room for growth?  At what cost?

Interested in learning more?  Email me to schedule a Complimentary Discovery Workshop with Avaya and Journey experts to discuss your challenges and risk factors, identify compelling use cases, and help you determine what you can gain in efficiency and customer experience and save on costs.

Tags

CCaaS
Succeeding with Identity-centered Security in the Contact Center

Paul Lang

Paul leads Contact Center Marketing for Avaya. His career spans 25 years in the Contact Center market with leading roles in Product Marketing and Product Management. Paul focuses on the marketing of the full range of Avaya's Contact Center Portfolio to drive adoption with new and existing customers.

Read Articles by Paul Lang