Three Ways Banks Can Improve Identity Authentication and Customer Data Privacy

Digitalization is a double-edged sword for banks, especially when it comes to security. A massive shift to cloud and API-based ways of working has made the sector become more agile and innovative, but it has also opened the floodgates for identity theft. As interactions and transactions become more interconnected, even the simplest processes like opening a new account or making a balance transfer become riddled with security concerns.

As financial services become more digital in nature, it’s important that banks think differently when using data analytics, security tools, and education to improve identity authentication and customer data privacy. Avaya’s research report reveals three critical ways to do so.

1. Make the Most of the Powerful Tool in Your Customers’ Hands

Almost every customer owns a smartphone, and they use that device to call into the contact center when they need to resolve an issue or complicated matter. Have you thought about what can be done with this device to enhance identity authentication? Older security methods like Knowledge-based Authentication (KBA) only prove what a person knows. By leveraging the sensors in a customer’s connected device, banks can go one step further to prove who someone is — and that makes all the difference.

These sensors, which include location services, cameras, and QR code scanning, make a customer’s smart device a valuable source of a vast amount of information and inputs that help banks create a trusted identity template for customers. Once this identity template is established, all transactions are tied directly to a customer’s verified identity. This allows simple but risky transactions like requesting a new debit card, ordering checks, or updating an address to be done simply, quickly, and with far lower risk to the bank and its customers.

2. Shield Sensitive Data from Agents Using Zero Knowledge Proof

When a customer calls into the contact center, all of that person’s information is made visible to the agent who needs to verify them: their address, their driver’s license number, their social security number, etc. What’s stopping an agent from using their cellphone to take a picture of a customer’s personally identifiable information? It’s a scary thought, especially with so many customer service jobs now offsite out of supervisors’ views. Customer service workers don’t need so much visibility into this data.

Zero Knowledge Proof is an advanced cryptographic technique that makes it possible for organizations to verify sensitive or personally identifiable information without revealing that data to workers. The agent doesn’t need to see the data to verify its accuracy or authenticity and will therefore have no knowledge of it — hence, “zero knowledge proof.” All employees will see are the results that matter to them (whether a payment went through, whether a document was signed, that a customer’s SSN checks out) with a green checkmark verifying its approval from whichever third-party company verified it.

3. Outbound Notifications for Fraud Protection

In a sea of scam callers, most customers immediately send unknown numbers to voicemail. This is a major challenge for banks trying to reach customers to perform a number of legitimate tasks and build relationships. By securely sending notifications across the channel of a customer’s choice (SMS, in-app message if the company offers a mobile app), banks can reach customers faster and with high veracity authentication. In this way, customers will receive a notification via text or in-app message before an incoming call asking them to “tap” and log in. They will be instantly authenticated and, if desired, can schedule the call for a convenient time.

These notifications can also be used to simplify routine interactions like checking an account balance or bill pay. For example, a customer can click on the link in a text message their bank sends them reminding them that a payment is due for their credit card. Notifications can be sent for non-payment interactions as well, such as post contact surveys and new customer eForms.  All of this can be done with full PCI compliance. In fact, banks can take their contact center out of the scope of compliance altogether.

Learn more from Avaya’s research about what banks should consider to digitally evolve. View the full report, Five Recent Trends Shaping the Banking Industry.

IT Leadership