Insuranceciooutlook

The Ostrich Effect with Standardized Authentication

By Nimesh Mehta, SVP and CIO, National Life Group

Nimesh Mehta, SVP and CIO, National Life Group

Our digital culture is saturated with so much gloom and doom over data breaches and lost data that many of us feel helpless. Doesn’t it feel like reports of large-scale data breaches and lost data are constantly in the news?

So often, it feels like it would be easier to ignore all of the chatter and gnashing of teeth and continue what we’re doing. But what we need to ask is, “What does this mean to you and me?” Can we stick our heads in the sand and hope the problem goes away?

We hear a lot that if we get a strong password, we’re good to go. But then a restful night of sleep is gone if your password shows up on the dark web. So what about 2-factor authentication? That’ll take care of me, right? Great if you are sure your second factor — i.e., your cell phone — can’t be spoofed, or your email account is not compromised, to begin with.

So, should we be worried about our passwords or what lies behind them – our digital and personal identities?

Once they are compromised, hackers use simple means of telephone communications, email, or even snail mail to access and manipulate victims’ accounts using their credentials to move money from compromised accounts across consumers, corporations, and government organizations.

The insurance industry has not been spared, with call centers increasingly being targeted by fraudsters and social engineers to take over accounts and commit fraud. It has been estimated that the call center fraud rate has increased more than 350% from 2013 to 2017 with no signs of slowing down, and about 58 cents per call is lost to fraud in the call center.

It has also been estimated that over 60% of fraud losses from account takeovers involve the call center, and targeted account-takeover attempts by fraudsters are successful 60% of the time.

A common element of all these attacks is the attacker’s ability to leverage weaknesses in the authentication capabilities of modern telephone systems and to deceptively assume a trusted identity with ease. With the simplicity of caller ID spoofing and the growth of VoIP calling, attackers can spoof any desired caller ID, change their caller ID for every call, and place millions of VoIP calls around the world simultaneously, all while enjoying the protection of being nearly untraceable.

"A common element of all these attacks is the attacker’s ability to leverage weaknesses in the authentication capabilities of modern telephone systems and to deceptively assume a trusted identity with ease"

As companies dial up the authentication process with tools like Knowledge-Based Authentication (KBA), One Time Passwords (OTP), Caller ID identification, or hardware tokens, they dial down customer experience. The additional friction includes longer hold times or, even worse, legitimate customers sometimes can’t remember the correct answers to some of the questions we have to ask when authenticating an account.

As the friction grows, it adds sparks. Operational costs rise internally when authentication tools fail, the cost-per-call goes up, customers are left unsatisfied, and revenue is lost as organizations desperately seek to protect their customer information.

Is this “checkmate” for the hacking community? I believe we must continue to think one step ahead with biometric authentication solutions. Do I know who you are when you call?

The only way to know is ensuring we can digitally match a person across multiple channels like cell phones, speakers, and Bluetooth devices using a voiceprint – just like a fingerprint.

Voice biometric solutions operate by analyzing the unique characteristics of the caller’s voice, also known as the caller’s voiceprint, as it comes through the telephone channel. Such methods make the authentication decision based on “who you are,” resulting in the strongest form of authentication. Biometric solutions have another unique advantage over standard Caller-ID validation based solutions. By leveraging voiceprint analysis, they can be used to detect fraudsters in real-time, even when caller IDs has been spoofed.

While there is a range of Voice Biometrics solutions in the market today, the state-of-the-art solutions enable “active authentication.” This technology allows us to authenticate a caller over the course of natural conversation without requiring them to remember any PINs or passwords.

This eliminates friction in both the enrollment and verification processes, resulting in improved customer satisfaction, higher opt-in rates, and reduced operational costs in a contact center.

Unfortunately, most solutions in the market today that offer quality passive voice authentication capabilities have some critical roadblocks. They’re limited to complex integrations. Maintenance and enrollment is complex. And they’re generally not the best customer experience.

These critical challenges have put promising voice biometric technologies out of reach of most small and mid-size financial institutions. The “holy grail” will be the next-gen solution that minimizes implementation costs, is a cloud-based even with an on-premises telephone system, and operate without any customer information leaving the company entrusted with it.

Until then, the Ostrich Effect continues to play a role in the war against fraud and account takeovers in the industry.

Weekly Brief

Top 10 Policy Administration Solution Companies - 2020
Top 10 Policy Administration Consulting/Service Companies - 2020

Read Also

It's all about Scalability, Adaptability, and Flexibility

It's all about Scalability, Adaptability, and Flexibility

Kevin Guenthner, CIO & Chief Strategy Officer, First Interstate Bank
The Ostrich Effect with Standardized Authentication

The Ostrich Effect with Standardized Authentication

Nimesh Mehta, SVP and CIO, National Life Group
Radical Candor: The Key Going Forward for Insurtech

Radical Candor: The Key Going Forward for Insurtech

Sam White, Founder and CEO, Freedom Brokers, Action 365 and Pukka Insure
Higginbotham- Staying Ahead of the Race

Higginbotham- Staying Ahead of the Race

BJ Meyer, CIO, Higginbotham
Transforming Insurance in the AI landscape

Transforming Insurance in the AI landscape

Vineet Bansal, CIO/CISO, iptiQ SwissRe