Knowledge Based-Authentication (KBA) questions attempt to validate identity using information that, in theory, only the account owner could answer. Knowledge-based authentication comes in two flavors:
- Dynamic knowledge-based authentication is the use of publicly available information to verify identity, where the questions are updated as your public information changes. An example would be “Which of these addresses have you been associated with in the past?”
- Static knowledge-based authentication is the use of questions with presumably unique answers that should be specific to you – for example, “What is your favorite food?” The assumption here is that this information is something that only you or someone very close to you would know with certainty – and therefore could be used to identify you. An individual is responsible for providing the answer to the static knowledge-based authentication question.
Dynamic and Static KBAs can be used by businesses to authenticate individuals who contact them using the telephone. This process can be referred to as “Active” authentication, where the caller must participate in the process of identifying themselves. Active authentication can be problematic for a variety of reasons:
- Pindrop’s data shows that one-third of the time, genuine consumers cannot remember the answers they provided for static KBAs, and that more than half of the time, fraudsters are able to supply the right answer.
- Dynamic knowledge-based authentication questions have been compromised as mega-breaches have spread addresses, phone numbers, and credit information across the dark web for years.
- It takes time for a caller to go through KBAs, which adds to the overall duration of the call. Each KBA required to complete authentication increases the average handle time required to authenticate a caller and increases the average cost per call for the contact center.
- Customer experience can be negatively impacted when KBA requires extra time and effort on the part of the caller.
WEBINAR: Caller Authentication 101
Be equipped with the latest caller authentication insights and best practices.
What is AHT and how is it calculated?
Average Handle Time (AHT) is the average duration of the entire customer call transaction, from the time the customer initiates the call to ending the call, including call hold times and transfers.
AHT is a call center key performance indicator (KPI) meant to gauge operational efficiency and agent effectiveness. It’s an informative metric that can reflect the impact of agent training programs as well as organizational processes and resources. It’s also key to understanding and improving the customer experience.
Companies sometimes also incorporate After Call Work (ACW) into the calculation of AHT. ACW is the average duration after each call that it takes an agent to carry out post-call processing, including data entry and updates, scheduling follow-ups, and any other communication requirements.
To calculate average handle time, consider the following formula:
AHT = [Total Talk Time] + [Total Hold/Transfer Time] + [ACW (if necessary)] then, divide by the [Total Number of Calls]
Because each KBA question must be read to the caller and the caller must provide an answer to the question, each KBA requires additional handle time to complete the authentication process. The added time, which can be further exacerbated if the process does not go smoothly, is a significant contributor to negative customer call experiences. In a recent case study with one of its key customers, Pindrop learned that reducing the number of KBAs not only helped its customer to achieve a higher customer satisfaction level, but also improved the agent morale.
When establishing your authentication process, it’s best to think about authentication on a spectrum. Not every transaction is created equal. For example, when considering transactions that are at less risk of fraud, requiring fewer factors of authentication can be appropriate. Higher-risk transactions, by contrast, may require more factors to safely authenticate the caller. A more efficient authentication process is one that is capable of calibrating the authentication requirements based on the desired action of the caller. However, regardless of the authentication needs of any particular call, the use of KBA to satisfy them will result in added time and cost that could be avoided by using Passive authentication methods instead.
Passive Authentication is an authentication process where the caller is not asked to participate. In other words, authentication is completed behind the scenes. A passive authentication process can be achieved by combining the incoming ANI (Automatic Number Identification), ANI Match, and ANI Validation.
ANI Match is a telephony service that allows a business to search their own database for a match with an existing customer account. This process makes it fast and easy for the business to identify the person calling and potentially personalize the interaction. However, ANI Match can only be used safely if the business can trust the number displayed on the Caller ID. For that, a business will need to validate the ANI.
ANI Validation confirms that a call is coming from the device that owns the number–the call has not been spoofed or manipulated, and the number on the caller ID can be trusted. Once the number calling has been validated, the ANI Matching process can begin.
For lower-risk transactions, ANI Validation combined with ANI match allows the business to replace 1-2 KBAs during the authentication process and can be a powerful tool to improve the customer experience while also saving time and money for the contact center. For some lower-risk transactions, this could also mean eliminating KBAs entirely.
For higher-risk transactions, ANI Match combined with ANI Validation may not be enough to fully authenticate a caller. In these instances, additional layers of authentication may need to be added (including some that are not passive). However, even high-risk transactions can benefit from a reduction in KBAs, even if they are not eliminated entirely.
In order to calculate the return on investment for replacing KBAs with ANI Match and ANI Validation, consider the following formula:
[Total number of KBAs used] x [Avg. Time per KBA] x [Average cost per minute of handle time] = [Total Authentication Cost Per Call]
ANI Validation and ANI Match can replace 1-2 KBAs, depending on your organization’s business rules governing authentication. Generally speaking, the value of this replacement process can be calculated as follows:
[Total Authentication Cost Per Call] – [Cost Per KBA (up to 2)] = Savings per call.
Replacement Value = [Savings Per Call] x [Total Number of Calls] x [% of calls ANI Matched] * [75%*]
Additional Resources on Caller Authentication
The 2021 Caller Authentication Guide for Contact Centers
Contact center authentication defends your business, but many leaders are struggling with choosing the best type of authentication solution for them. In addition, recent shifts
KNOWLEDGE DOES NOT EQUAL SECURITY
Airlines, banks, stock exchanges, and trading platforms suffered brief website outages this week1 after a key piece of internet infrastructure failed, sparking the second major
