Why Passwords Are Passé as Part of the Customer Authentication Process

Author: Craig Pumfrey, Vice President Marketing EMEA at NICE Systems

For those of use working in customer service you could argue that we make the worst customers. Afterall, we are all too aware that things can always be done better. We pick-up on why we need to be placed on hold, the reason the agent doesn’t have the information to hand, and even their manner. However, there are certain parts of a call that even we have come to accept and the authentication process is one of them. However, yesterday I had two calls with my bank that was a wakeup call as to just how antiquated and frustrating the current methods of customer verification can be.

It was me that made the first call to the customer service department and I went through the usual process of entering my account details via the IVR. After just a few moments on hold I was greeted by Vicky. Before I could begin my enquiry I was asked the all too familiar questions…

“Can you give me your full name?”

“What is your date of birth?”

“What is the first line of your address and your postcode?”

“How much was the last mortgage payment?”

“Can you give me the third and last digits from your passcode?”

Craig Pumfrey

Of course this is all information that I could instantly recall (apart from the passcode which always takes me a little while to remember) but it still takes a few minutes to get through and it is a frustrating necessity, in order to complete such a simple request. Vicky was very helpful and resolved my issue within a few minutes. However, five minutes later my mobile rang and it was Vicky. “Sorry but I need to ask you another question”. No problem I thought! It was great that she had been proactive to recognise there was a problem with the transaction and wanted to solve it for me straightaway. Then she said: “Before I can ask you the question I need to run through some security questions again!” Next thing I know I was asked…

“Can you give me your full name?”

“What is your date of birth?”

“What is the first line of your address and your postcode?”

“How much was the last mortgage payment?”

“Can you give me the third and last digits from your passcode?”

Now I want to feel that I am adequately protected as a customer and I also want my bank to be secure, but the current methods of authentication being used by many organisations (banks in particular) are failing to keep pace with other technology innovations that have been made to improve the customer experience. It is apparent that there is a need to look at new ways to authenticate customers quickly and accurately, but without compromising security. In fact, it should look to improve it!

Passwords have changed little since their inception and all that has happened is additional layers (or factors) have been added on top in an attempt to improve the protection they offer. All of which require us to know something.  The problem is when we need to prove who we are, we are burdened with knowing all this information (think of how many passwords and codes you have!) and disclosing it takes far too long. This doesn’t just inconvenience me as a customer it has a knock-on effect for the organisation who shoulder the cost of unnecessarily long calls.

The answer to the problem may not be using something we know, but something we are.

Biometrics have become increasingly popular in recent years with finger-print readers being used to control access to buildings, palm-vein readers being integrated in to ATM machines and optical scanners deployed at passport control. But none of these work when you are on the end of the telephone. So what about the human voice?

The human voice has up to 50 unique traits, more than the fingerprint, and even though some impressionists are very good it is almost impossible to truly mimic a person’s actual voice! The latest advances in voice biometrics enable an organisation to take a ‘voice print’ and this has been proven to reduce the time it takes to verify the identity of a customer by 75% (under 15 seconds) and with a success rate of more than 90%. What is more the customer doesn’t need to remember anything!

If my bank had this in place yesterday the two interactions I had would have been at least 50% shorter and I, as a customer, wouldn’t have been left mulling over the craziness of the duplicate process Vicky and I had to go through in order to have a conversation.

The good news is that this technology is now being piloted and deployed by a number of organisations around the world, and I am glad to say that it is the banks who are leading the charge. So, it seems that there is light at the end of the tunnel and thankfully the passé password is set to become a thing of the past.