There is a lot to like about the digital age. Busy families can buy groceries without leaving the house. Businesses can pay bills at the touch of a button. The rise of eCommerce means it has never been easier for consumers to find the ideal product or service to meet their needs or wants.
Every cause has an effect and for the digital boom, it has been the staggering increase in victims of identity theft and cybercrime. IBM’s annual Cost of a Data Breach report revealed stolen or compromised credentials were the most common cause of data breaches last year and, at 327 days, took the longest time to identify1. This was supported by a UK Finance study that showed remote purchases accounted for 79% of card fraud cases in 20212. All told, the annual global cost of identity theft is estimated to be more than $16 billion3.
Little wonder then that customer authentication has fast become one of the highest priorities for companies and the people they serve. The days of customer data being protected by a flimsy password are long gone, with Google auto-enrolling 150 million users into using two-factor authentication as early as 20214 and other organisations desperately searching for ways to reduce the risk of compromised accounts.
Source: A Guide to Identity Theft Statistics for 2023 | McAfee
What is customer authentication?
Customer authentication is the process of using various methods to verify the identity of a person to protect them against fraud and other security issues. It is particularly important during digital interactions and can see customers asked to provide something they know (eg: password), something they have (eg: encryption token) and something they are (eg: voice, fingerprint).
What are challenges with authenticating users?
Staying ahead of cyber criminals is no easy task, with businesses forced to navigate various hurdles in the mission to protect their customers.
Password strength
- user passwords are a double-edged sword. On the one hand, organisations want to ensure the highest levels of security possible. On the other, many of their customers just want a simple and easy-to-remember password. Studies have found 80% of data breaches are due to poor password security5 and that is no surprise given many people reuse variations of the same theme due to how often they are asked to create passwords and the increasingly complex rules governing them. Password creation may no longer be convenient but it has never been more important.
Smishing
- how do you know when a digital concern has become a full-blown threat? When it gets a nickname all of its own. ‘Smishing’ – short for ‘SMS phishing’ – sees customers receive an SMS that appears to be from a trusted source and requesting sensitive information. A few clicks later and their personal data has been compromised. It may rely on user error but the onus is on businesses to educate their customers.
Secure communications
- one of the easiest ways for data to be intercepted is when it passes through insecure channels (eg: communication between users and certain authentication solutions). Unless encrypted, the data is at risk of being accessed by third parties and it is essential that businesses take appropriate steps to protect their customers. This includes establishing trust with the authentication client to ensure they only connect with trusted servers.
How can you improve customer authentication?
Multi-layer authentication
-one of the simplest and most effective ways of protecting customer accounts, multi-factor authentication requires additional verifications rather than merely providing a username and password. For example, providing customers with a one-time password digital code via email or SMS can significantly reduce the risk of fraud, while adaptive authentication uses details such as login time, browser, devices and location to detect suspicious login attempts and alert users and businesses. For proof of the benefits, look no further than Google’s decision to auto-enroll users into using two-factor authentication, which resulted in a 50% decline in compromised accounts6.
Voice verification and authentication
-few technologies have changed the authentication landscape quite like voice biometrics. The ability to use a human’s voice to uniquely identify and authenticate their identity provides an unsurpassed level of security and saves precious average handling time in the likes of contact centres by no longer requiring callers to physically input passwords or tokens. Along with providing peace of mind, investing in voice biometrics makes great business sense as the cost of global cybercrime is tipped to reach $10.5 trillion by 20257.
Account lockout policies
-it is one thing for a customer to type their password incorrectly once or twice. Numerous times? That is a different story and a reason that businesses should deploy policies that lock out an account when someone tries to log on unsuccessfully several times in a row. Such repeated failures can be a sign that they are trying a brute-force password attack by trying to guess the password until they get it right.
Summary
Businesses rightly invest in security measures against physical thieves – CCTV, deadlocks, nightly patrols – and the same should go for mitigating the risks posed by the digital kind. Customer authentication may be just one piece of the cybercrime pie but it is also one of the quickest and easiest ways to have a positive impact.
Saving costs while improving caller experience is the dream of every contact centre manager. Learn how Panasonic Australia did just that by using an easy-to-implement and low-cost contact centre plugin to reduce call volumes by 25%, average handling times by 17% and operating costs by 25%.
