Authentication Is Every Company’s First Impression, Unfortunately

Dan Miller of Opus Research discusses how the authentication process in contact centres can make for a less than ideal first impression.

This is an underappreciated fact that plagues marketing executives, contact centre administrators and customer experience (CX) experts who strive to make each call a pleasant and successful activity for customers.

All enterprises were put to the test in early 2020, as the global pandemic accelerated the transition of daily commerce from malls, hospitals, airports, hotels or doctors’ offices to digital “platforms” for voice, chat and even video.

To be honest, healthcare, travel, communications, entertainment and shopping were already making a slow, irreversible shift from face-to-face encounters to a succession of remote interactions carried out through apps, browsers or portals on smartphones, tablets, PCs or smart speakers.

Customers and clients had already found it preferable to reach out to selected service providers or brands at the most convenient times, using their devices of choice and the associated channel.

The early days of the pandemic exposed authentication as a speed bump in the digital superhighway. When arriving at the point where they initiate a phone call, they were greeted by – and sometimes authenticated by – an interactive voice response (IVR) system that presented them with a series of options for routing the call.

More often than not, the options were unheeded or treated as irrelevant, as callers “zeroed out” to reach a live agent. When they finally reached a customer service assistant, they were subjected to authentication procedures that were always time consuming and too frequently unsuccessful.

Now we have learned that the existence of authentication annoyances for genuine customers creates major opportunities for organized groups of criminals who make hundreds of millions of dollars on what is politely called “social engineering”.

Simply stated, they take advantage of live agents’ empathy and desire to be helpful in order to gain access to accounts under false pretences.

Once they get through, imposters have been able to change passwords or mailing addresses; re-route packages; order goods and lay the groundwork for broader acts of fraud.

Beyond Consumer ID and Access Management (CIAM)

From their inception, customer authentication initiatives were concerned solely with using a short list of factors to keep bad guys out while letting validated customers carry out their desired activities.

PINs and passwords (something you know) prevailed, augmented by challenge questions or other forms of knowledge-based authentication (KBAs).

These required customers themselves to do the heavy lifting of remembering a password, answering a set of challenge questions or requesting and inputting a “one-time password” as it is displayed on a mobile phone or company-provided “dongle.”

In general, the techniques worked well enough for enterprise employees in the course of their work day, but they are not well suited for customer-facing applications.

Today’s solutions have to do a lot more. They must be context-aware, meaning that they are able to take a customer’s location, past activity, transaction history and current intent into account in order to derive the level of risk to assign to a particular customer or activity.

They must involve zero or minimum effort on the part of a customer as they seek to establish a trusted communications link with a brand.

IT security professionals and CISOs have long regarded contact centres as “attack surfaces” for imposters to gain entry to internal systems and databases. This is more true than ever as contact centres morphed into digital hubs for conversations with prospects as well as customers.

Pandemic-driven demand spiked interest in what security professionals call “Customer ID and Access Management” (CIAM). Yet when they think of CIAM, top of mind are subjects like end-to-end encryption, tokenization, 2-Factor Authentication, identity theft, phishing, malware and human engineering.

These are not first-order concerns of CX professionals or, frankly, customer care agents.

With the exception of a long-standing desire to “kill the password,” in favour of alternatives like fingerprints, voiceprints or selfies, there is little discussion of customer experience or other ways of creating a trusted conversational user interface.

But replacing passwords (something you know) with biometrics is just a baby step in a path to what Opus Research calls “Intelligent Authentication”.

Individual customers are best served by systems that provide friction-free, strong authentication that can be carried out in the course of a natural conversation.

By contrast, CIAM stops you in your tracks long enough for a company to send you a one-time password (OTP) employing a data channel (SMS) that world standards bodies have “deprecated” because it can be intercepted and employed by an imposter to gain access to your data.

Customers Don’t Call a Brand to Authenticate

Both customers and contact centre agents regard authentication as a necessary first step before getting down to resolving a problem or making a purchase.

With passive enrolment and authentication techniques that take into account location, device characteristics and both physical and behavioural biometrics, companies have the tools to painlessly speed individuals through strong authentication processes.

There are real challenges to IAuth that are being tackled by dozens of companies. In an upcoming report called the Intelligent Authentication Intelliview, Opus Research has gathered responses from 23 solutions providers with offerings designed to support the goals of a truly customer-focused forms of both authentication and fraud protection.

The leaders, including NICE Real Time Authentication (RTA), can conduct enrolment and authentication passively, without getting in the way of a good commercial conversation.

NICE’s Enlighten Fraud Prevention takes the bold step of identifying known imposters, in the background, before calls are routed to live agents.

Passivity, proactivity and continuity are major factors in promoting pleasant, secure and trusted conversations between millions of customers and the brands of their choice.