Preventing Fraud in Call Centers - transcript

Hello this is Andrew Horner CMO of Validsoft we’re excited today to present to you regarding fraud and preventing fraud in the contact centers. Validsoft is a leading provider of voice identity assurance solutions to some of the most respected brands in the world we were recently featured by the opus analyst team as a leader in voice biometrics and we’re very thrilled today to welcome Daniel Thornhill who is a senior vice president at validsoft again we’ll be talking on the topic of preventing fraud in contacting call centers with our voice identity solutions so with that I’m Daniel i will hand it over to you.

Thank you very much andrew uh yeah I’m really excited to be here today and to represent weld soft in this webinar as andrew said we’re going to be talking about how businesses can prevent fraud in a contact center how they can apply security in a way that makes sense for both their customers um from a simplicity point of view but also from a security point of view and specifically we’re going to be focusing on the valid soft voice identity product voice id as andrew said my name is Daniel Thornhill I’m a senior vice president of ValidSoft um I’ve got a background in in telecoms cyber security and i really love this space it’s great exciting technology and I’m really pleased to be sharing it with you all today let’s jump to the next slide so first of all a little bit about valid um so validsoft uh is a company that’s been in the cybersecurity space for many years we started off um uh delivering some of the foremost um uh user authentication products delivering both strong authentication to customers and also providing transaction uh integrity uh to prevent more sophisticated cyber-attacks like man in the middle and man in the browser um you know we consider ourselves experts in both digital fraud and fraud prevention solutions and we sell into um sectors such as financial services banking government health care we’re set where you know security is of the utmost importance both from uh to you know protect customers protect customers data um but also to differentiate themselves to their customers ValidSoft has been investing in their own voice biometric technology since about uh well early 2009 um we looked at what solutions were available on the marketplace and realized a number of um you know things lacking those in those products around accuracy around cross-channel applicability things that are really important to you to enterprises and to the customers of these enterprises particularly in sectors where uh you know such as retail banking uh government services where simplicity and security are key um valid soft um are solving what we see is many significant challenges uh today but particularly we’re looking at things like improving security helping enterprises reduce their operational costs uh you know increasing the trust in those enterprises helping them improve their brand and differentiate through security products and through an emphasis on security and simplicity one of the ways that ValidSoft uh differentiate ourselves is through our focus on security and our focus on privacy which is important to our customers we’re one of the only companies that have gone to the extent of being externally evaluated uh in our approach to data privacy how we manage data how we process it and to that extent we’ve been awarded four European privacy seals uh the in fact the only security company in the world with four uh European uh data privacy sales so what we’re um going to be uh focusing on today or discussing today is firstly why are contact centers targets for fraud um you know what’s why is there that draw why do fraudsters want to attack that particular target um what do we feel is lacking in in contact centered security how can it be improved and you know to that extent what are the best practices for customer authentication specifically within the contact center but also more generally and then we’re looking to look at you know the use cases for voice biometrics how can voice biometrics be applied how can it improve a context sensor how can it improve an enterprise more broadly and linking into that is why as a business can i benefit from it what’s in it for me you know those types of questions what’s in it for my customer so we’re going to be tackling all those and at the end we’re going to show a demo which we feel is a really compelling demo um and it kind of brings to light the technology the simplicity of it and how um you know how it interacts with customers so firstly why are contact centers targets for fraud

 There’s primarily three main reasons um the first reason is security historically contact centers have relied on knowledge based authentication or asking customers secret questions um to gain entry to their account um we know that many of these questions such as you know what’s your social security number or your date of birth have firstly been compromised so they can no longer be considered secret questions we know that that approach has been compromised and is somewhat reliable unreliable and also it’s very difficult for the customers right so in the end you know we’ve all been asked crazy questions such as you know what’s the first name of your third grade teacher or you know what’s your most memorable day of your life which in my opinion is slightly it’s a trap you know is it your kid’s birth is it your second kid’s birth is it your marriage uh i don’t know um so you know but all these questions are to a human being they’re transient questions the answer may change depending on your mood um and you grow older your greatest moment may change so fundamentally the premise for the security that a lot of these contact centers used is compromised secondly um they offer a wealth of information it’s actually a two-way street with contact centers firstly it’s what do i gain access to but it’s also what can i gain information about to perpetrate fraud on other channels or in other ways you know particularly things like payment data uh credit card information uh you know personally identifiable information such as date of birth um because contact centers are unique in that they have they have access to all of this information together it actually makes them a significant target not just for fraud gaining access to accounts but also for data mining for perpetrating fraud in other enterprises in other ways and lastly and probably most importantly is contact centers fundamentally interact with human beings and in any security model the human being is always the riskiest factor uh human beings have the ability to empathize they have the ability to make decisions and they have the ability to you know go deviate from a set script so then comes social engineering that’s fraudsters are very good at social engineering so fundamentally the involvement of a human being weakens your security model and it’s that it’s that oh it’s that open door to that that privacy data in the way that they interact with that customer so it’s actually the combination of all these factors actually that that create a challenging um environment to secure a contact center but also uh it makes it a big target for uh for fraudsters trying to um uh you know where they perpetrate fraud so a little bit about why is contact center uh security ineffective or more specifically why is knowledge-based authentication um ineffective so historically multi-factor authentication has relied on two things so one is not what they call knowledge data or data that is secret to a human being so your date of birth your social security um and that works on the assumption that that data has not been compromised the second the second way that you know strong authentication models typically operate is through um you know a secret or a personal device such as a token you know a soft token or hard token that generates a number or a mobile phone and again it assumes that that device that mobile phone that um you know telephony network they haven’t been compromised which we also through a number of attacks throughout the years whether it’s ss7 attacks or trojans on devices we already know they have been compromised lastly it assumes that any personal devices or transport mechanisms have not been compromised so if i send um a you know an SMS message or a text message does that message go to the right person has that text message being diverted has that call been diverted it assumes that it has not been diverted and in all cases in all three of those cases those assumptions we know to be false the difference with voice biometrics is voice biometrics doesn’t rely on assumptions it’s actually intrinsically linked to an individual the basis of whisper metrics is actually um you know measuring the distortion that your physical makeup creates on sound so it’s intrinsically linked to your physical makeup so whether that phone call is diverted to me or my mother or a bad guy you know it has to be Daniel Thornhill at the end of that phone if it’s not then it fails the authentication model you know.

Secondly we’re asserting identity of an individual knowledge-based authentication or SMS-based authentication it’s not about an individual it’s about do they know something or do they have something right and it doesn’t necessarily know it’s the right person at the end of that phone voice biometrics doesn’t it has to be that that particular person that’s what ValidSoft called identity assurance it’s the assurance that we write identify the right person is on the end of that phone and then you can take away all of these other risks like where are they calling from um you know are they calling from a country known to orchestrate fraud uh you know things like that it doesn’t matter anymore is it a no is it a known device is a trusted device it doesn’t matter it has to be the right person at the end of the phone so we talked we’ve already talked a little bit about this so I’ll kind of rush through this but you know it’s important to understand what’s driving the need for voice biometrics specifically in the contact center and it’s kind of three main areas one is customer satisfaction making sure your customers are actually doing you know they’re being given the right service they’re calling in and they’re not spending loads of time authenticating themselves they’re actually when they ring into a contact center it’s for a reason you need to focus on that reason and not focus on trying to identify whether it’s the right person so it’s about improving customer satisfaction um secondly it’s about improving uh or reducing fraud improving your security so you know contact centers have quite high levels of fraud voice biometrics have been proven to reduce those fraud levels by you know between anywhere between 80 to 90 percent and lastly it’s about reduction of operational costs so it’s about taking that handling time where that can be between anywhere between 30 to 60 to 90 seconds and either eliminating that from the call because voice biometrics can do it in under three seconds um or it’s about taking those that time um which you’ve eliminated and you can reapply it back to your customer service to focus on that customer’s problem to improve their experience so these are the main drivers for the application of voice biometrics so we talked a little bit about the problems with um you know knowledge based authentication now let’s talk about a little bit about how can contact centers improve their security uh and this is taking the technology side out of it there’s three main uh sorry four main ways firstly is authenticate the individual you need an authentication model which relies on is this the right person is this the account holder not are they receiving an SMS not do they know an OTP code not do they know what their date of birth is it the actual person secondly is about delivering consistency um particularly in in the world we live in today customers connect through many different ways a contact center is one of those ways an app is another one of those ways a smart speaker is another way a web the website is another way it’s about delivering consistent security across all of those channels so if you fix it if you fix your security model in the contact center process are smart enough to then begin to tackle the other channels they’ll look for the lowest common denominator so you need to deliver consistency across all of those channels and voice is unique in that it can be applied across all of those channels from your contact center through to your internet banking where you speak into a browser or into an app thirdly removing reliance on things you can’t control such as telephony networks where you send sms’s or make calls through knowledge knowledge-based data which has been compromised will continue to be compromised questions which may change and evolve um and human beings you need to take that reliance away and you need to move control back into your authentication model and lastly is layers so even valid soft we believe we’ve got some of the greatest uh authentication and security technology globally but even ValidSoft would say you need to have a multi-layered multi um uh you know factor approach to security um and the beautiful thing about wishbone metrics again is if you want to layer on a one-time passcode and how to use a speak back a one-time passcode for a really secure transaction that’s absolutely fine so then you’re combining knowledge base so they know the secret code and is it the right person speaking it so again you’re layering in all of these different models so before we jump into the benefits to your business and then into a demo and you know realize we’re short on time it’s a little bit about the ways that voice biometrics can be applied so firstly it’s about customer authentication you know ensuring the right customers on the phone delivering a great customer experience and preventing fraud on their account you know people accessing their account it shouldn’t be but the second way is also around trusted agents particularly in in the world we live in today where a lot of agents are remote um you know businesses struggle with how do you maintain regulatory compliance how do you know the right agent is on that call processing the right data or that the um the agent that you trained is doing the right thing voice biometrics allows you to seamlessly authenticate both your customers and your agents so you’re delivering um a continuous experience for authentication for the agents and a simplified authentication experience for your customers so you’re reducing your operational costs you’re reducing your operational risks and you’re ensuring the right people are on the phone at the right time so lastly a little bit about the value to your business and we touched on this earlier so really the main drivers for um for your business are reduction in costs huge reduction in cost actually the roi we’ve seen some of our ROIs be returned within you know six months to a year um you know ensuring that you are compliant with you know regular regulations particularly in the world of healthcare and banking you know you need to be sure that you’re doing the right things and by using something while applying identity assurance you can do that you know the right speaker is on the call you know it’s the right people um next about improving your customer experience you know ultimately delighting your customers is one of the best ways that you can differentiate yourself from your competitors you know do your customers love your product and we’ve seen that time and time again um you know so you know voice biometrics offers that capability in a very seamless way with all of these other benefits and then lastly it’s an increase in security right you’re reducing that time to authenticate um and you’re reducing your fraud by anywhere up to 90 on the contact center channel but we’re going to show you a very quick demo um of both customer and agent authentication and then we’re going to ask uh some questions um and you can see here all of the different benefits um that that you know voice biometrics will bring and we’ve discussed it throughout the call but i think the best way to see it is just to show you and roughly this demo is going to be about two minutes and then we’ll take any questions [Music] welcome to bank of wealth customer support please wait while we connect use your customer support agent [Music] hi it’s a good day bank of wealth my name is dan how can i help you oh hi um i’d like to know three remaining money in my account please sure i’ll be glad to help you may i get your bank account number and the name on the account please yeah my name is davies and the account number is 9876.543.200. okay great thank you i can see you’ve enrolled with our voice biometric system so I’m going to start securing you with your voice how is your day going so far um yeah um it’s it’s pretty good actually it’s a lovely sunny day here and um yeah it’s uh everything’s okay so far thanks very much for asking yeah great stuff okay I’m just bringing up your account details as you’ve now been authenticated using your voice oh wow that was that was quick I’m very impressed yeah it’s this great new technology we brought in voice biometrics it makes things very simple and secure for our customers um okay great you still have eighty four thousand and sixty five cents in your account um is there anything else i can help you with today what we’ve seen there is the agent’s been authenticated the customer’s been authenticated so we know the right agent’s treating the customer in the right way um and we know the right customers access their account the customer was ident was identified with um in about seven seconds and the agent was identified within in 10 seconds so you can already see the benefits to the customer this it’s completely transparent it’s completely seamless to that customer it delights them so with that said um I’m gonna end the presentation there um and i know uh that we’ve uh got some questions um in in the chat window so excuse me so i can i can address those uh now so at this point andrew I’ll turn back over to you sure great yeah we’ve got a few chat questions here um first of all an interesting one can the system distinguish between twins uh yes so uh voice biometrics uh fundamentally is tying it to a specific speaker’s physiology so to give you a very high level summary of um what we’re doing we’re when you speak air flows up through your um your body and your body resonates around your throat and your larynx um and um off your tonsils and various physical attributes and what that does is that distorts sound and we’re measuring the distortion that your physical makeup creates on sound so we’re intrinsically tying it to an individual speaker so even with twins while it may look similar to you and i their intrinsic physical makeup is different so we can uh differentiate voice and to that extent we’ve actually got a video on our website um which shows uh a pair of twins breaking face id and not breaking voice id so um that’s quite a great a great video to go and check out if you [Music] what about if you’re tired though will it still help yeah again no it’s a great question um and we get we get asked it a lot i mean i think the key one there again is it’s tied into your physical makeup and it’s about the distortion that you create on sound so whilst you may sound different to a human being our technology is working on a much wider spectrum of audio from low spectrum audio to high spectrum so um even though you may sound tired to you and i our audio can still differentiate you because your body is still distorting sound in the same way as it was before because your physical makeup hasn’t changed that is fascinating i think I’m going to need a phd here okay one more question for you uh thanks for your time today uh where are the voice prints stored and how so again another great question i mean the voice print so ValidSoft does provide global cloud services we also deliver on-premise solutions so the voice prints fundamentally are stored in our server side um and that can be in our cloud or it can be in in the infrastructure of a client we use all the latest cryptographic techniques such as hsms uh and for you know key derivation and things for security um and so we cryptographically uh encrypt those models and then we store them in a database um for four later retrieval and we used uh the highest level of security standards um to achieve that yeah great well Daniel i want to thank you so much and thanks to everyone for viewing this today um there’s more information available obviously at validsoft.com including a copy of a summary of the opus report uh naming us a leader as well as other information and videos so check back with us soon thanks for coming today appreciate it thank you thank you andrew