2018 has been another year of rampant data breaches, with criminals targeting organizations in all sectors of the economy. According to the Identity Theft Resource Center, the first half of 2018 saw 668 confirmed data breaches representing 22.41 million records exposed.
In light of these attacks, what steps are organizations taking to ensure that stolen information can’t be used for account takeovers and other types of fraud? TRUSTID, the leading provider of pre-answer caller authentication, has reviewed the year’s developments and the company’s own research to identify four key learnings from 2018:
- The phone channel is at high risk.
Call centers continue to rely heavily on knowledge-based authentication (KBA) – granting access to accounts if callers provide the correct personal information. Thanks to data breaches, fraudsters often have access to this information and can socially engineer call center agents to reset passwords for online accounts.
- Call center agents don’t trust KBA.
TRUSTID’s 2018 State of Call Center Authentication report revealed that although KBA remains the default authentication method for call centers, only 10 percent of respondents said they felt very confident in the ability of KBA to accurately authenticate callers.
- Call center professionals want effective authentication technologies for the phone channel.
KBA – which for call centers means identity interrogation – is unpopular: it provides a false sense of security, it degrades the customer experience and it drives up costs. Survey respondents said they want new technologies to reduce agent time spent on authentication.
- The growing recognition of the limitations of KBA is steering contact centers in a new direction.
Although change may be slow, the market is recognizing the limitations of KBA, and awareness of other authentication methods is growing.
Even if all future data breaches could be prevented, too much information has already been lost to criminals. Data security isn’t enough; organizations also need to make sure that information that has already been acquired elsewhere cannot be used in account takeovers. Replacing KBA with more effective authentication methods would be a major step in the right direction.