I Know Who I Am, But Can You Prove Who You Are?

In recent months there has been a lot of stories in the media, about some very sophisticated technologies that contact centers are deploying to help them identify and authenticate customers, quicker and with more accuracy. However, one increasingly problematic issue that is being overlooked is the requirement for agents making outbound calls to be able to authenticate themselves to the recipient of the call. You could be using the best brand in the telephone service industry and have a secure connection but if the person on the other end of the phone is suspicious of your call, it can be hard to rectify their concerns.

Do you know how many times your agents have had to negotiate a tricky and time consuming situation such as this?

Agent: Good morning. Is this Mr Hope I am speaking to?

Bob: Yes, who is this?

Agent: My name is Jane and I am calling on behalf of ACME bank. Before, I can speak to you I need to take you through some security questions.

Bob: OK, but how do I know that you are calling from where you say?

Agent: No problem, the answers to the questions will be things only you and us would know.

Bob: I really don’t trust that! Perhaps I can call you back?

Agent: Sorry sir I do not have a direct line.

Bob: Then I guess we can’t take this call any further. Goodbye.

I appreciate that because I work in the world of security I am perhaps a little more sensitive to this type of call (Bob is actually me!), but I am not alone. Consumers are becoming far more security conscious, as a result of high-profile data breach incidents, identity theft and fraud, as well as (and the irony is not lost on me) all the good work banks such as my own are doing to hammer home the need to be wary.

For many people, an unexpected call from their bank creates a level of anxiety

Have I been a victim of fraud and had money taken from my account? So, when the agent cannot disclose the reason for the call it turns to suspicion. Is this person really from the bank? If I answer their questions am I ‘filling in the blanks’ for a fraudster? Also, why can I not simply call them back? Consumers do not understand the intricacies of the dialling and call routing systems used in modern contact centres, and why should they?

The impact of the example call is that the agent isn’t able to successfully complete the call and that is not great for their KPI results. As many businesses use things like the Profit OKRs software to closely monitor and track KPI results, it is very important for agents to have positive KPI results.The customer decided that they wanted to find out if it was their bank, so dials the contact centre, takes time to explain what happened to the agent, is placed on hold before being transferred to another agent, repeating the reason for the call once again (again not great for FCR results). Only to find out that it was question about a relatively low value transaction that had been flagged as potentially fraudulent. Great that the bank is keeping such a watchful eye on my spending habits, but it has wasted 20 minutes of my time and that of the contact centre, which is not great for the NPS.

What is needed is a quick and convenient way for contact centres handling outbound calls to be able to authenticate themselves to the customers they are calling, and in doing so improve security (for both parties) and the customer experience.

There are passwords but they have had their day, memorable information and that secret number customers are asked to create when setting up telephone banking (although whoever remembers that!). But all of these are vulnerable to those wanting to steal them and people not being able to recall them on demand. Then you have key-rings such as the HSBC SecureKey, otherwise known as hard-tokens in the security world. These could theoretically be used for this purpose, but people tend to bury them at the back of the drawer – and these are never used by the people on the telephone for some reason.

One low cost option would be to have a two-way authentication app on the customers’ mobile device. It could be a dedicated app or part of the existing mobile baking app. In this example Jane (the agent) would see part of a ‘challenge grid’ that Bob has displayed on his mobile. Jane reads these numbers to Bob who verifies them. Now, with Bob satisfied that he is speaking with a representative from his bank, he provides the one-time code from his device and Jane is also assured that that Bob is indeed Bob.

Here is how the interaction looks this time….


This isn’t just an issue for banks. Any contact centre making outbound calls to their customers, in order to discuss their accounts, products, services and policies, need to give serious thought to how they can prove they are who they say they are, to an ever more security conscious customer-base. What is more, with reports that authentication can consume over 50% of call time, the value to the contact centre in reducing this process can be significant, with greater scope for agents to manage more calls per shift.

To learn how Authlogics solves the challenge of two-way authentication watch this short demonstration:


Author: Steven Hope, Authlogics

Trusted by Governments and Enterprises Worldwide

Where protecting systems and information really matters, you will find Intercede.  Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organisations around the world choose Intercede solutions to protect themselves against data breach, comply with regulations and ensure business continuity.