How to Prevent Telco Fraud with Voice Biometrics
April 13, 2022
By Pavel Jiřík in Blog
Do you think that phone support is slowly becoming obsolete because people have so many other ways to get in touch with companies? This isn’t true at all. While traditional lines are gradually being phased out, the mobile and internet calling industry is growing at a tremendous rate.
The global market for VoIP services is expected to grow to $102.5 billion by 2026, from $85.2 billion in 2021. As for mobile phones, we already have 7.26 Billion smartphone owners globally, which means over 90% of the world population.
Add to this the fact that the pandemic caused many companies to turn to phone support, and you may believe that it gets used more now than ever before. But unfortunately, that also means more challenges to solve. Some of the biggest ones are enhancing the customer experience by easing the verification process, doubling down on security, and preventing fraudsters from impersonating clients.
However, companies now have pretty handy technology to help them with all three tasks - voice biometrics. What is it, and how can Telco companies use it to thwart fraud attempts?
The State of Customer Support in 2022
Only the best telco businesses can meet rising customer expectations, that much is clear. The statistics make it obvious - 86% of buyers are willing to pay more for a great customer experience. So if those businesses can provide excellent customer service, increasing customer satisfaction, loyalty, and thus sales will be a piece of cake. But what are customers looking for, actually?
Many of them simply want to not spend so much time answering security questions or remembering multiple passwords. Whether customers contact customer support to report service problems or solve banking issues, they want to do so in a fast and easy manner. At the same time, though, they want a top-notch security method to ensure their data is safe from all sorts of scammers.
But finding the ideal balance between security and the customer experience hasn't been easy. With so many cases of identity theft and vishing attacks, support teams need to make sure they're talking to the right people, especially when handling sensitive issues. As such, when someone contacts customer service, the representative must take their time to confirm the caller's identity and ask several verification questions, and sometimes also send a One-Time Password. However, there are two main problems with this method.
The first is that for customers, getting verified via passwords, pin codes, or security questions simply takes too much time. And if they happen to forget one of their passwords or codes, it takes even longer as they need to be re-verified again.
Secondly, the regular verification process isn't even that secure anymore. Scammers regularly come up with clever ways to get their hands on customers' data and take over existing accounts or create new ones. By knowing the login details, fraudsters can check and change pin codes or security answers and then answer all support employee's questions with ease. Scammers can also be masters of social engineering, as they can easily convince support agents that they have lost their login data or had their phones stolen.
How can telecommunication companies know whether they are talking with a fraudster or a genuine client if the caller knows the answers to all security questions? Well, if they use voice biometric authentication, then they can - easily.
The Best of Both Worlds: Voice Biometrics
Voice biometrics as an authentication solution might be exactly what companies need to protect themselves from criminal attacks. But not only that, it can also make it far easier for customers to verify their identity while on a call. How?
Rather than relying on passwords, codes, or any other type of knowledge-based identification, voice biometrics analyzes speech patterns to identify each caller. There are two main methods of voice verification: active (when a caller is asked to say a phrase through which the system will recognize them) and passive (where the identity check is performed in the background). The latter is especially convenient for customers, as they can get verified while they are speaking to the support agent and without using any PIN codes or passwords.
Of course, new customers will need to first go through a voice enrollment process so that the system can create a voiceprint for them - but this can even be done as they speak to a support employee. How does the system work in practice? To verify a caller's identity, the voice biometrics system compares their voice with a stored voiceprint, and if there is a match, the customer is verified successfully.
But if there isn’t, the system will alert employees that there is a suspicious caller on the line. For example, suppose the caller knows the exact customer details (such as the answers to security questions) but fails the biometric verification. In that case, your support team can be alerted that there’s very likely a fraudster on the line, and they can notify the management.
What’s even more useful is that voice biometrics can also be used to identify professional fraudsters by recording and storing a database of their known voiceprints. That way, even if they try to use another client’s details or create an entirely new identity, you can quickly spot them and take appropriate action. So as a practical method of preventing telco fraud, passive voice biometrics is ideal.
How Can Telecommunications Companies Use Voice Biometrics?
Voice biometrics is one of the key technologies that companies are turning to fight fraud nowadays. Since HSBC introduced a voice authentication system in its telephone banking services, fraud there has declined by 50%. They also estimate that the extra layer of security prevented £249m of UK customers' money from falling into the hands of criminals in 2020 alone. Other companies such as Wells Fargo, Charles Schwab, Chase, and Lloyds Bank have also started using voice authentication so that their customers wouldn't need to use long and complicated passwords to access their accounts.
And this technology does work when it comes to stopping cybercriminals. According to a study made by UK Finance, telephone banking fraud losses fell by 7% during the first six months of 2021, with the number of cases falling by 50%. The company estimates that the main reason for this decline was the growing popularity of voice biometrics technology, making it far harder for criminals to commit telco fraud.
How exactly can voice biometrics be helpful in preventing fraud?
Voice Biometrics Addresses the Weakest Link in Security
81% of hacking-related breaches involved using stolen or weak passwords. Well, when you look at how many services, apps, and accounts we use right now, it's hard to blame people for using easy-to-remember passwords or reusing the same one in many places. Yet that just makes criminals' work easier - reusing a password is like having a key that opens many doors and handing it to criminals.
Voice biometrics rely on something that is far more difficult to steal, though - a customer's voice. By analyzing a callers' voice in the background during an entire conversation with them, voice biometrics can prove if the caller is who they claim to be in a matter of seconds and immediately flag all suspicious calls.
As a bonus, voice biometrics can also make customers far more vigilant. For example, if they know that their bank or support center uses voice biometrics to identify them, they will be far more careful whenever someone asks them for their bank details or login information for "verification procedures". After all, why would a "Telco technical support employee" need the customer’s login details instead of just running a voice check to identify them?
Enhance Security Without Increasing User Friction
In the past, using a login and password to protect an account was enough. Now though, that's hugely insufficient when it comes to securing an account because fraudsters can easily break through the defenses - especially if the account is only protected by a weak or reused password.
That's why many services have started to ask for a second form of verification before letting someone access their account, which is usually inputting a one-time code or clicking on a pop-up on their mobile device. Microsoft estimates that MFA can prevent even 99.9% of account attacks.
However, scammers have found their way around those defenses as well. For example, they are known for sending "confirmation" messages to their victims. Then cybercriminals can intercept SMS or email OTP codes by tricking users into typing them into fraudulent websites.
For some companies, using more than two verification methods when authenticating customers is the answer. Technically, the more verification steps, the lower the chances that a hacker will succeed because they are unlikely to be able to pass all stages of authentication. On the other hand, forcing the user to perform multiple tasks just to get verified is an easy way to frustrate them.
How about replacing one of the verification methods with voice biometrics, though? By doing so, your company can provide a much higher level of security without adversely affecting the user experience.
Customers wouldn't have to share their personal data over the phone or answer a series of questions in order to identify themselves. Three seconds is all a biometric system needs to find out whether a caller is an actual customer or someone attempting to impersonate one. And even if a scammer manages to intercept an OTP code or set their own device as the main one for receiving phone notifications, verifying the user's voice would still be required in order to complete the authentication process. That means there's a much lower chance that they would be able to falsely identify themselves successfully and cause any damage.
Ease the Re-Verification Process
There are various reasons why a user may need to re-verify their account. They might have bought a new mobile and need to set it as their main device. They might have forgotten one of their passwords or pin codes. Either way, they need to confirm that they are the real owners of the account, and, technically, they have many options to do that - reset links, OTPs, or answer security questions.
Sadly, those methods of regaining access to their account provide plenty of opportunities for fraudsters. For example, the links in password reset emails or OTP codes can be intercepted. A fraudster might also claim to have forgotten their password and be using a new device to force an agent into using only knowledge-based authentication methods for verification - and easily pass.
To prevent this situation, many companies ask customers to come to the main office with a valid ID, especially if they request to change their main account information. And while this might be a good method to ensure they are talking with the account owner, it's also one of the most frustrating things that companies could ask their customer to do.
Using voice biometrics here can simplify the re-verification process and help fight fraud. Voice biometrics can be easily used through a phone or computer, so customers wouldn’t need to travel to the company’s main office. A voiceprint is not tied to a specific device either, so it remains a reliable authentication method even when a mobile phone is lost, stolen, or replaced.
Telco fraudsters keep getting smarter, but so does the technology that businesses have access to. By comparing the voiceprints of callers with those belonging to account holders or system users, companies can identify suspicious callers and prevent them from getting their way.
So for a telco business that wants fraud protection without compromising the customer experience, biometric authentication is one of the smartest investments they can make. It can provide your business with speed, accuracy, and safety so that you won't have to worry about suspicious callers or frustrating your customers with endless security questions.