Three ways banks can improve identity authentication and customer data privacy

Digitization is a double-edged sword for banks, especially when it comes to security. The massive shift to cloud and API-based ways of working has made the sector more agile and innovative, but it has also opened the floodgates to identity theft. As interactions and transactions become more interconnected, even the simplest processes like opening a new account or performing a balance transfer are becoming fraught with security concerns.

As financial services become increasingly digital in nature, it is important that banks think differently when using data analytics, security tools and training to improve identity authentication and customer data privacy. Avaya’s research report reveals three critical ways to do this.

1. Make the most of the powerful tool in your customers’ hands

Almost every customer owns a smartphone and uses this device to call the contact center when they need to resolve a problem or complex question. Have you thought about what could be done with this device to improve identity authentication? Older security methods such as knowledge-based authentication (KBA) only prove what a person knows. Using the sensors in the customer’s connected device, banks can go one step further to prove who someone is is – and that makes all the difference.

These sensors, which include location services, cameras and QR code scanning, turn the customer’s smart device into a valuable source of vast amounts of information and incoming data which help banks create a trusted identity template for customers. Once this identity template is established, all transactions are linked directly to the customer’s verified identity. This allows simple but risky transactions, such as requesting a new debit card, ordering checks or updating an address, to be carried out simply, quickly and with much lower risk to the bank and its customers.

2. Protect sensitive data from agents using zero-knowledge proof

When a customer calls the contact center, all the information about that person becomes visible to the agent who needs to verify them: their address, driver’s license number, social security number, etc. What’s to stop an agent from using their cell phone to take a picture of a customer’s personal information? That’s a scary thought, especially with so many customer service jobs already out of line for executives. Customer service agents don’t need as much visibility into this data.

Zero Knowledge Proof is an advanced cryptographic technique that allows organizations to verify sensitive or personal information without disclosing that data to workers. The agent does not need to see the data to verify its accuracy or authenticity, and therefore will not know about it — hence “Zero-Knowledge Proof”. All employees will see the results that matter to them (whether the payment went through, whether a document was signed, that the customer’s SSN is being verified) with a green checkmark confirming its approval by whichever third-party company verified it.

3. Outbound Fraud Protection Notifications

In a sea of ​​scammers, most customers immediately send unknown numbers to voicemail. This is a major challenge for banks trying to reach customers to perform a number of legitimate tasks and build relationships. By securely sending notifications via a channel of the customer’s choice (SMS, in-app message if the company offers a mobile app), banks can reach customers faster and with high-credibility authentication. This way, customers will receive a text or in-app message notification before an incoming call asking them to “tap” and sign in. They will be immediately authenticated and, if they wish, can schedule the call for a convenient time.

These notifications can also be used to simplify routine interactions such as checking an account balance or paying bills. For example, a customer might click on a link in a text message their bank sends them, reminding them that a payment is due on their credit card. Notifications can also be sent for non-paid interactions, such as contact posting surveys and new customer e-forms. All this can be done with full PCI compliance. In fact, banks can take their contact center out of compliance altogether.

Learn more from Avaya’s research on what banks need to consider to evolve digitally. See the full report, Five recent trends shaping the banking industry.