Voice 'fingerprints' could plug call-centre security leaks
Adding additional security features like voice biometrics
By Brandon Butler | Network World US | Published: 11:47, 10 January 2013
You've heard such stories. Mat Honan, a reporter for Wired magazine had almost his entire digital life erased when a fraudster used social media account information to trick Apple and Google into allowing him access to Honan's account information.
Paul Allen, the billionaire co-founder for Microsoft fell victim to identity theft when an AWOL US Army solider called Citibank and changed the address of Allen's card from Seattle to Pittsburgh, which he then used on a $15,000 shopping spree.
The common theme between these two high-profile stories is the way fraudsters were able to penetrate the contact centres of these big companies and misrepresent themselves as legitimate customers.
Related Articles on Techworld
Call centre fraud has recently become the hack-de-jour for fraudsters, some industry experts say. Shirley Inscoe, a fraud analyst at Boston-based Aite Group, says many financial institutions have beefed up their online defenses, particularly in response to new guidelines that have been released by the Federal Financial Institutions Examination Council (FFIEC) about how best to comply with existing regulations.
There has not been as close scrutiny on call center security though. "Many banks have really shored up their defenses in the online channel in the last two to three years," she says. "As a result, now we're seeing fraudsters go to the call center, where there it's perceived to be an easier target with fewer defenses."
Not only have organizations focused their security efforts outside of the call centre, but information fraudsters can use to launch attacks is much easier to obtain online. Knowledge-based authentication - "what's your mother's maiden name?" - are far from private.
Inscoe says she's heard of databases listing the maiden names of individuals. Even more dynamic questions such as what street did you used to live on or what high school did you attend are not fail-safe. "People post that information on Facebook," Inscoe says. Easier access to information combined with the call center being perceived as a weak link has left the contact center vulnerable, she says.
There are a variety of new tools being used in contact centres today and perhaps one of the most promising is voice biometrics. Today, NICE Systems, a provider of both contact centre software and fraud prevention, released a voice biometrics product as part of its Contact Center Fraud Prevention product.
Like a fingerprint, each person's voice is unique, which can be used to identify known fraudsters, says Ori Bach, director of solution management for NICE. The voice biometrics system cross-references the callers against a list of known criminals. The system also analyses the rate of calls coming into the contact center, talking patterns of callers and emotion. Fraudsters, for example, often yell at call center agents in an attempt to portray an angry customer, coercing the agent into agreeing to the fraudster's demands.
The move was a natural progression for NICE Systems, says Sheila McGee-Smith, a unified communications analyst. NICE focuses on banking and financial institution security, which is where it developed the voice biometrics technology, now it's broadening the technology to serve its contact center business.
Contact centre service providers are beefing up their systems in specialised ways. One trend is that instead of subjecting all customers to these enhanced security procedures, instead alerts are created to identify which callers should be screened for additional authentication. For example, caller ID systems can alert the call center agent to whether the caller is calling from an unknown number.
Queries of the phone system can inform the call centre as to whether a stolen cell phone is being used. If a flag is cued, then the call centre operator may take additional authentication measures, such as using the voice biometrics. Don Van Doren, president of Vanguard Communications, a unified communications consultant, adds that voice biometric systems can have flaws too - weak connections, cell phones and having a robust voice registry of criminals are all challenges
Most of this security work is done by specialised third-party vendors though and not the major contact centre service providers, says Van Doren. "It's a very specialised area, and frankly it's a distraction for the vendors," he says. The Ciscos Avayas and Siemens of the world have bigger fish to fry managing the migration from PBX to next-generation, mobile-first UC systems. They leave security up to customers to pursue with niche providers.
Vendors in the space include Nuance on the voice recognition side while providers like TrustID have caller ID services. Inscoe believes this could all change soon though. If attacks become more frequent and losses for organisations mount, more customers will look for security tools for the contact center and vendors will respond, she predicts.