If I asked you what today’s contact centers are most concerned with, what would you say?
I bet customer service and efficiency make your list.
If you work in a large healthcare, financial services, or insurance contact center—then security is probably right at the very top.
Security, CX, and Costs:
Things that keep contact center leaders up at night
The bad guys are getting more sophisticated in how they target contact centers for fraud. Customers have access to more channels than ever – and they expect seamless, quality service across all of them. Contact centers are constantly looking to provide the best customer experience (CX) possible, at the lowest cost possible, to boost their bottom lines.
Nothing like a few major business objectives to keep you on your toes.
Software that gives you an edge over just one of these hurdles is worth adding to your toolbox. But how about one breakthrough contact center technology that addresses them all?
Voice authentication is a biometric solution for three of the most challenging contact center objectives. It’s a powerful tool that answers the call for more security, better customer experience, and
What are voice biometrics and how do they authenticate?
Instead of requiring a password, PIN, or answer (something you know) or proof of a physical token (something you have) – biometrics use unique biological markers (something you are) to authenticate and verify your identity.
It’s worth noting that the two former methods mentioned, knowledge-based authentication (KBA) and token-based authentication, are considered the least secure ways to verify identity now in the contact center. Even when used in tandem.
Not the most comforting fact, I know. More on that later.
Let’s get back to voice biometrics software, technology that can analyze 100s of behavioral and physical speech characteristics that form unique vocal signatures. Here are some examples of those biometric markers:
- Behavioral – pronunciation, accent, emphasis
- Physical – lung capacity, vocal tract, nasal passages
The combination of all these factors produces a unique voice pattern called a voiceprint.
Voice authentication takes place when AI-powered contact center software uses the customer’s unique voiceprint to securely verify any caller on future voice interactions with an agent or interactive voice response system (IVR) by comparing a caller’s utterance to the customer’s voiceprint and producing a confidence rating that the utterance and voiceprint belong to the same speaker.
The voiceprint is encrypted, meaning it only works in the engine in which it was created – so it can’t be hacked.
Not all contact center software is created equal, but the most sophisticated voice authentication solutions even allow agents to block unauthorized callers that cannot be verified, taking enhanced security one step further.
Voice biometrics tops Gartner’s list of secure authentication methods in terms of strength and accuracy. Using voice authentication as part of a multi-factor verification process is best way for contact centers to protect our data, safeguard our transactions, and reduce fraud.
Active vs. Passive Enrollment:
A big difference, and why it matters
Enrollment is a key differentiator among voice authentication solutions. Let’s break it down so you can see what sets active and passive enrollment apart, and why it’s a deciding factor when choosing the right contact center software for voice authentication.
Active Enrollment Voice Authentication
During enrollment, a customer is asked to recite a certain number of specific phrases into the phone to establish their voiceprint. Because they knowingly submit these phrases when asked and must perform an action, the enrollment is considered “active.” The customer is asked to recite one or more of the phrases each time they call, so the submission can be compared to the stored voiceprint on file for voice authentication.
Passive Enrollment Voice Authentication
The more advanced, secure and seamless form of enrollment takes place without any effort at all – it happens “in the background.” That’s why it’s considered “passive.” A customer’s voiceprint is automatically created during natural conversation with an agent – nothing special for them to do. The enrollment occurs in real time, and requires no effort or passphrases.
And next time the customer calls, they are instantly verified as soon as they speak to the agent or IVR. Again, all in real-time and completely effortless for the customer. For agents, they can rest easy knowing that the person on the other end of the line is who they say they are. This helps to protect against fraudulent access year-round – not just when the customer calls, which – let’s face it – might only be once or twice a year.
Who needs voice authentication and why?
Ideal conditions for fraudsters bring security into focus
There’s nothing like a global pandemic to bring existing business weaknesses, risks, and pain points into focus.
Call volumes have exploded. Wait times are stretched to the max. Organizations have scrambled to migrate contact center software, operations, and agents to a remote work-from-home environment.
This is especially troublesome for major healthcare, financial services, and insurance organizations, which are required to authenticate many of their contact center calls. The following numbers give you a better idea of their burden.
Contact centers in these industries deal with private data, personally identifiable information, and protected transactions all day long. They’re charged with safeguarding all of it in a world where data breaches and the dark web have become common threats to our privacy and security. This is a constant challenge for them, even under normal conditions. But the global pandemic has ratcheted up security risks at alarming levels.
Guess who’s loving it? Fraudsters.
COVID-19 has created the ideal conditions for fraudsters to take advantage of stressed teams, blind spots, and increased use of voice channels during quarantine. They’re targeting contact centers with social engineering attacks to gain missing pieces of personally identifiable information (PII) they can use to steal identities and take over accounts. It’s their typical routine, but, in these uncertain conditions, it becomes even more prevalent.
Last year, identity fraudsters stole $16 billion from 15.4 million victims in the US according to a study by Javelin Strategy & Research. The following Opus Researchstats show how much fraud increased in 2019, and predict its exponential rise in 2020:
- A recent poll of more than 1,000 Americans (18 and over) showed that 1 in 5 had been targeted by online fraud related to COVID.
- The results of that poll corresponded with a measured 347% uptick in account takeover fraud and 391% increase in shipping fraud attempts between 2018 and 2019.
- From 2018 to 2019, account takeover fraud was up 26% for major credit cards and as high as 78% for new payment services like PayPal.
- 2019 witnessed less frequent, but more ominous unauthorized access to highly personal customer records. The number of data breaches increased by 17% and exposed over 164 million instances of PII.1
Out with the old KBA questions
The security afforded by traditional knowledge-based authentication (KBA) and token authentication has been diminished over time by increasingly complex fraud tactics.
Yet we continue to see a large majority of organizations using only a series of answers to knowledge-based questions to verify identities, which is hugely ineffective, given today’s level of fraud sophistication.
Thanks to seismic data breaches like those at Equifax and even more recently, Marriot, mass quantities of personally identifiable information (PII) was hacked and sold on the dark web.
That means malicious actors can easily, and cheaply, purchase details like my mother’s maiden name, SSN, or street I grew up on. Then they can use the information to target a live contact center agent while impersonating me, and ace any of these ineffective knowledge-based questions right off the bat. This opens the door to more private data which is used for complete account takeovers and identity theft.
If that isn’t dismal enough news, consider this recent report from Opus Research on how the pandemic’s stress on contact center agents is diminishing and discouraging the use of knowledge-based authentication:
“Common customer queries like ‘Can I get a refund?’ ‘What are my healthcare options?’ or ‘Tell me my balance and whether I can change my payment terms’ all share several attributes. They are complex, time-consuming and involve personal information. In their rush to please customers or clients, even the best agents (some would say ‘especially the best agents’) can pay short shrift to posing those nagging challenge questions in order to get down to business. In a long-standing cat-and-mouse game, criminals employ variations of “social engineering” to gain fraudulent access to existing accounts and personal information.” 2
Several years ago, Gartner was already pointing out that 60% of fraudsters will pass authentication using knowledge-based authentication, while up to 30% of legitimate customers failed authentication, simply because they couldn’t remember what they listed as their favorite food at time of KBA enrollment. Or, they forgot what their second-grade teacher’s name was while trying to access their account, so they got frustrated and abandoned ship. (Put a pin in that – more on customer experience to come.)
In with the new, more secure voice authentication
Now that you’ve had the rundown on security vulnerabilities, attacks, and weak identity verification methods, voice authentication is starting to look even better, right?
Where a previous security blind spot was left in the wake of traditional knowledge and token-based verification, voice authentication has stepped in to answer the call.
AI-based voice authentication is not just powerful identity and verification contact center software. It’s a giant leap forward in enhancing our privacy and data protection, with built-in safeguards for more secure business transactions in real-time. Voice authentication automatically verifies customers and fraud is reduced in a more streamlined and reliable way, eliminating typical time-consuming KBA interrogation for faster service and a better experience. Simply put, it’s a smarter, better way to ensure you let the good guys in and keep the bad guys out.
Change the conversation, change the customer experience
Remember way back when I mentioned that customers have access to more digital and voice channels than ever before? And that they demand seamless, high-quality service across all of them?
Well, these demands extend to the authentication process as well. A legitimate customer’s main priority is being served faster and getting what they need. So, they’re not exactly thrilled when they’re forced to answer a barrage of personal questions at the top of every IVR or agent call in order to verify themselves(some of those questions they’ll probably fail, by the way, like we mentioned above).
Consider these stats:
- It varies greatly between contact centers, but this type of outdated and ineffective KBA interview we just described takes an average of 30 to 45 seconds at the top of every call to manually authenticate, based on our customer insights and feedback
- 82% of consumers say that getting their issue resolved quickly is the number one factor in a great customer experience
- 75% of consumers expect a consistent experience across all channels.
Agents themselves often have the most impact on the customer experience. So, let’s not forget the burden that manual authentication places on them, too.
Having to ask repetitive knowledge-based questions that tend to frustrate customers definitely gets old fast. While it’s a critical requirement for security and compliance, you can see where an agent is discouraged from enforcing KBA as part of their daily routine.
Plus, as an agent, it’s stressful enough knowing that the contact center – your place of employment – is under constant attack from malicious bad actors. Customer service and support agents came into their roles to help people. I’m pretty sure they didn’t sign up to be consistently tested as targets of fraud and social engineering tactics.
And frankly, it’s a little unfair to put such a massive responsibility – the security, safety, and privacy of your customers and their protected information – squarely on agents’ shoulders. Which is exactly what manual knowledge-based authentication does.
With voice authentication, your legitimate customers skip straight to service faster, with no hassle. And the bad actors are identified and blocked immediately. Customers are passively and seamlessly enrolled during normal conversation with an agent or through the IVR system, with no interruption or delay for a question-and-answer session.
Moreover, the agent experience is improved at the same time. Real-time, passive voice authentication allows them to skip the repetitive questions and focus their attention on the customer needs immediately. If there’s one other huge happy factor that voice authentication provides for agents, it’s the reassurance and stress reduction that results from automated, real-time pop-ups verifying the customers identity. No guessing, no grey area, no weight on their shoulders.
Real-time, passive voice authentication is contact center software that flips the script on old manual authentication processes. It allows your contact center to change the conversation from “Who are you?” to “How can I help you?”
Boost efficiency and lower costs:
Cut talk-time and open the door to more self-service
We talked about how voice authentication helps to solve the security equation that’s so desperately needed to protect businesses and customers, now that traditional knowledge-based authentication failed us. We talked about the much in-demand customer experience benefits and agent benefits that voice authentication delivers.
But once you start looking at all the loose ends that voice authentication helps to tie up, you realize it has major potential to close efficiency gaps and lower costs, too.
Remember how manual authentication takes up an average approximate handle time of 30-45 seconds for every call? For every 1,000 calls, that’s 8.5 hours of talk time. If voice authentication can put a dent in that, it’s surely on to something when it comes to cutting costs.
Here’s why.
Customers typically have only had limited access to the most basic information/services in self-service IVR, because almost every service required manual (aka ‘live agent facilitated’) authentication. So, to get just about anything done, customers were previously unable to stay contained in the IVR system. They had to be elevated to a live agent to verify their identity and take care of business. And live agent calls cost 7x more than those handled solely through an IVR system.
See where I’m going with this?
Passive voice authentication can reduce average handle time (AHT) by approximately 40 seconds, or in many cases even more. Voice authentication can also be processed fully in the background of a customer’s IVR interaction, which opens up customer access to a much wider variety of self-service options previously reserved for manual (live agent) authentication.
Lower AHT, improve self-service containment, and you’ve got yourself a recipe for significant cost reductions.
Taking the next steps
The benefits of voice biometrics and voice authentication have been discussed for several years. Yet, there’s nothing like a global pandemic to expose vulnerabilities and demonstrate why the solution is such a necessity now.
Voice authentication is truly the triple threat to our biggest contact center challenges. Not only does it enhance security, but it liberates agents and delivers a more exceptional customer experience with fewer resources at lower costs.
To find out more about how NICE CXone can help you integrate voice authentication into your contact center, contact us today.
1 Opus Research Report: A Cloud-Based Approach to Intelligent Authentication, June 2020
2 Opus Research Report: A Cloud-Based Approach to Intelligent Authentication, June 2020
