Caller authentication and identification

By Mike BanbrookJanuary 26, 2022

Decades ago, nearly all transactions were carried out in person, which meant verifying a customer’s identity was rarely ever thought about. But today, with so much activity taking place online or over the phone for convenience, opportunities for people to misrepresent their identity are rife. Unsurprisingly, call centres are becoming more aware of this as they facilitate increasingly complex transactions, from processing payments to managing vast amounts of sensitive customer data.

Being mindful of call centre authentication best practices is now critical, not just to ensure the safety and security of customer transactions but to enable call centres to do more for their customers over the phone including offering a range of self-service options. Consequently, authentication processes are the key to enabling IVR systems to perform tasks for customers automatically without the help of a real agent, therefore also saving call centres time and money. So, what is caller authentication exactly?

What is caller authentication?

Caller authentication refers to the task of verifying a person's identity over the phone without interacting with them in person. In essence, it's about finding ways to leverage up-to-date technologies that enable customers to prove that they are who they say they are without them presenting any physical material.

In the modern era, call centre authentication is also vital for customer satisfaction. Not only does it give a positive and professional impression of businesses, but it also offers peace of mind around the safety and reliability of tasks and transactions they’re often expected to carry out over the phone.

How does authentication work in a call centre?

Once a call is received in a call centre, authentication processes can take place using either active or passive techniques. As the name suggests, passive authentication usually takes place without the caller knowing, or the agent having to perform any tasks themselves. Taking place through a series of automatic steps, passive authentication methods are critical to customer self-service within call centres.

On the other hand, active authentication processes require callers to participate in the authentication process themselves, such as asking the caller a question that only they will know the answer to.

Types of authentication

Types of authentication


Knowledge-based authentication (KBA)

Scammers and hackers are always finding new ways to access customer data which is why knowledge-based authentication techniques are a preferred method within many call centres. Rather than relying on common data points that are sometimes accessible through emails or digital databases, it works by asking callers a specific and sometimes seemingly random question, the answer to which would almost be impossible for a scammer to pre-empt. For example, this could be anything from the name of your first school or street you first lived on through to a parent’s date of birth or mother's maiden name.

There are also three different types of knowledge-based authentication to keep in mind. First, static KBA is where the caller is asked a question they have already selected and recorded the answer to, so they can verify their identity on all subsequent occasions by answering the same question. Questions like where were you born, where did you go to school, and what is your favourite colour are typical examples of questions used in static KBA.

Although minimal, there is always a risk that an impersonator may know the answer to a static KBA question, which is where dynamic KBA comes in. With dynamic KBA, questions are non-generic and generated from information gathered from a customer's unique profile. For example, this might include asking a customer to reveal the value of their last transaction with the business.

Finally, going one step further, enhanced KBA is where customers are presented with multiple-choice questions based on their individual profile that only they should know the specific answers to.

Voice authentication

Voice technology has only recently become reliable enough for call centres to use as an authentication method. With fraudsters completely unable to mimic the characteristics of the voice of another person over the phone, voice authentication is a passive authentication method that enables IVR's to automatically and securely perform tasks that would have been unthinkable only a few years ago.

Using innovative technology, call centres using voice authentication will allow their customers to set up a unique voiceprint that will be instantaneously recognised and verified every time the customer calls. While voice biometrics opens opportunities to contain more calls within the IVR, without customers having to answer questions or enter pin numbers, it also reduces the time it takes for customers to verify their identity and creates a more positive customer experience overall.

Caller identification

Caller identification is sometimes referred to as automatic number identification (ANI). This is where call centre technology has the capability to recognise a caller's number and match the caller with an existing customer record. Caller identification, which may also associate the call with a specific type of customer, can also be used to route calls to the most appropriate agents as well as allowing agents to instantly bring up a caller's records from a CRM system that’s integrated with the IVR.

Multi-factor identification

Multi-factor identification is often used where there are increased risks of fraud or for higher-value transactions. Essentially, to ensure the verification process is as fail-safe as possible, the process uses two or more ways to verify a caller's identity, bringing together multiple data points. For example, multi-factor identification might ask a knowledge-based question as well as verifying the caller ID and sending the caller a one-time code or password via email or SMS.

Caller authentication best practice guidelines

Focus on authenticity

If you're planning to set up some knowledge-based questions, make sure they are not so generic that it would be possible for a dedicated scammer to find the information via online platforms or even social media. To get around this, call centres can request that their customers set up unique verbal passwords or provide answers to highly specific questions like “What is your favourite city?”.

Make sure your customers actually know the information that you intend to ask

Perhaps most relevant to dynamic knowledge-based authentication processes, it's important to make sure your customers have access to or are likely to know the answers to the questions that you intend to ask (and that your authentication process doesn't come across as tricky). For example, if you intend to ask a customer about the details of their previous transactions, consider whether these are clearly visible through your online platforms, or even if you ask a customer for their account number, you must make sure that this information has been clearly communicated through previous correspondences.

Create seamless transfer of authentication between channels

Nothing will frustrate your customers more than being asked the same questions several times and repeating information they have already provided. For this reason, it's important to ensure that your customers’ authentication steps only take place once and are passed over if their calls are transferred to other agents or if they switch to other digital channels such as live chat.

Of course, there may be circumstances where a caller is required to go through a second layer of authentication, such as if they request a different type of transaction to the one they initially called for. In this case, it is important to explain the reasons for the second authentication process to turn any potential frustration into feelings of reassurance and a positive impression.

Always offer your callers a way out

When it comes to passive authentication methods, callers can become stressed and incredibly frustrated when they have trouble remembering answers to questions or navigating the automated authentication processes. For this reason, always offer your customers the chance to be transferred to an agent to avoid them feeling as though they are at a dead end with an authentication process they’re unable to understand or successfully get through. Difficult or unsuccessful attempts to self-authenticate, with no way out, could have an impact on customer loyalty or revenue through lost sales.

Keep your records up to date

If your caller authentication processes rely on matching data with customer records, then you’ll need to maintain the effectiveness of your authentication process with up to date and accurate record-keeping practices. For example, caller identification can be optimised by keeping track of different phone numbers that your customers may be calling from, such as a mobile phone or work number, while making sure that any changes to phone numbers associated with customers are promptly updated.

Authentication plays an increasingly important role in call centres today, enabling them to offer a wider range of services to customers while minimising security risks. By choosing the right authentication technology to suit your individual business, services and products, and customers, while also following a few key call centre authentication best practices, you’ll empower your customers while improving operational efficiency through reduced average handling times and even call volumes.

With caller authentication key to driving up IVR containment rates, read our blog and learn about what containment rate mean and the best ways to improve it.

How AI-powered technology can help transform your contact centre

Watch Demo Book a Demo