Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Banking and Finance
Smart Cities
Public Sector
Reinventing customer authentication in call centres: how digital credentials can transform the experience and unlock real value for businesses
We present a real proof of concept (PoC) showing how reusable digital credentials reinvent call center authentication, reduce fraud, improve customer experience and unlock business value using digital identity and telco signals.
______
How to improve caller authentication today, and why it matters
Every day millions of us call companies we do business with, in order to solve a problem, complete a transaction or purchase or make a change on our account. We know in advance the experience won’t be instant. There may be long wait times due to high call volumes and when finally we get to speak to an agent, we need to pass their security checks and authenticate ourselves, proving that we are who we say we are.
This authentication step can be challenging both for customers and for call centre agents. Typically, call centre agents will ask a number of questions that only the legitimate caller should know the answer to. This is called Knowledge-Based Authentication or KBA.
The problem is that these methods were designed years ago, for a very different digital reality. Many of us have forgotten the name of our first pet or the details of the last transaction on our bank account. Fewer still can remember characters five, seven and nine of our “secret passcode”, registered over ten years ago. As a result, authentication can become slow, frustrating and inefficient, even when everyone involved is acting in good faith.
Authentication remains one of the main friction points in the call center customer experience.
Tackling fraud and scams in an interconnected world
Not only is caller authentication frustrating for us as consumers, it also creates significant operational challenges for business, which also suffer high costs and significant fraud losses due to scammers exploiting traditional authentication methods.
Legacy authentication approaches are no longer sufficient to prevent large-scale scams over carrier voice channels, eroding trust in this very “human” channel, impacting both consumers and businesses. For example, Caller Line Identification (CLI) is a long-established method that businesses use to pre-identify callers via their number into the call centre, by matching the presented number or CLI to a customer account and profile. It is the very same technology that allows us to see who is calling before we answer the phone.
Today, however, scammers can spoof phone numbers using CLI spoofing technology, allowing them to impersonate legitimate customers and gain access to the victim’s account. This is often combined with stolen or phished data, enabling attackers to pass KBA checks and convince call centre agents that they are someone they are not, before attempting their fraud.
Legacy authentication methods are no longer sufficient to stop fraud across voice channels.
It is time to reinvent caller authentication
Taken together, these challenges have contributed to an erosion of trust in voice calling. At Telefónica Tech we believe now is the right time to reinvent caller authentication.
That is why we have partnered with GSMA Foundry, Dock Labs and TMT ID to create the Trusted Caller Identity proof of concept, applying technologies like decentralised identity, carrier risk signals and the cryptographically secure SIM card to establish a new global, scalable root of trust.
The loss of trust in voice makes it essential to reinvent customer authentication.
The Trusted Caller Identity solution: how does it work under the hood?
The technology part is not rocket science. We have integrated a number of relatively mature technologies using APIs for this proof of concept (PoC). This is a pioneering application of these technologies in a call centre use case.
The telco stack
There are two key parts here, both of which rely on APIs that are already widely available from leading telcos.
- Issuing the identity credential. When the mobile subscriber requests their credential, the carrier performs a series of real-time security checks using APIs (for example to check for a recent SIM swap and for possession of the phone number using Number Verify) before issuing the credential into to the subscriber’s digital wallet or app.
- Underpinning the credential as a trust anchor with real-time network risk signals. As issuers of the SIM cards and phone numbers, licenced by regulators, carriers manage the full lifecycle of each phone number and any changes to that number.
—For example, when a phone number is recycled or ported-out to another network, the associated credential is revoked because a trust condition has changed and can no longer be used by the subscriber to whom it was issued.
The identity stack
There are two key parts of this for the proof of concept and we collaborated with Dock Labs, using their technology for the PoC:
- Truvera digital identity wallet. This is a downloadable digital wallet which the subscriber installs on their smartphone. When they request their credential from their carrier, it is issued into the wallet. For a production solution this would most likely be a carrier app.
- Decentralised Identity platform and ecosystem, which includes the end-to-end encrypted communications built on the DIDComm protocol, ensuring all exchanges between the call centre and the subscriber wallet remain tamper-proof and confidential, as well as verifiable credentials, cryptographically signed proofs of identity (e.g. phone number ownership)
The call centre stack
For the call centre component we used a standard off-the-shelf Call-Centre-as-a-Service (CCaaS) platform, integrating it with the telco and identity stacks using APIs.
—This allowed us to build a mock healthcare company IVR that customers could call and then authenticate themselves quickly and securely using their identity credential stored in their smartphone wallet.
Decentralised identity enables secure sharing of only the data that is strictly necessary.
What’s the business context and outcomes we’re looking for?
At Telefónica Tech we are focused on driving positive business outcomes. While pioneering new solutions is always challenging, we never lose sight of the need for technology to solve real business problems and address real-world use cases.
Trusted Caller Identity fits this brief well. In terms of its impact on call centre business KPIs, here are some of the key expected outcomes:
- Call handling time. The authentication step within a call, which using traditional methods can take up to five minutes. This can be reduced to less than one minute.
—This results in shorter call handling times and associated cost savings for the business. - Improved customer experience. Faster authentication with Trusted Caller Identity frees up agent time to focus on helping the customer.
—This improves customer satisfaction and faster resolution of customer queries. - Reduction in fraud. Impersonation fraud into call centres is reduced, as legitimate callers prove their identity through encrypted channels.
—Combined with telco risk signals, frauds exploiting SIM swap and CLI spoofing methods can be significantly reduced.
Data privacy benefits for consumers and reduced liability for businesses
Trusted Caller Identity is based on decentralised identity technology, which puts greater control of data and identity into the consumer’s hands. The solution allows customers to share personal data from their wallet, protected by biometrics, without needing to share that data directly to a call centre agent. Advanced features such as selective disclosure enable a customer to prove their age to an agent without revealing their date of birth, for example.
For businesses, the benefits of this technology also extend to data privacy and risk reduction, through reduced liabilities associated with handling and processing customer data. For example, call centre agents no longer need to handle or store sensitive personal information.
—The solution also prevents rogue agents, potentially bribed by scammers, from capturing and using customer data in targeted social engineering attacks.
Data control returns to the customer, reducing risk and liability for businesses.
Moving beyond the proof of concept and scaling up
At Telefonica Tech we are demonstrating that a carrier can issue a cryptographically secure credential to its mobile subscribers, stored in their identity wallet or the carrier app. Those subscribers can then use that credential to prove their identity and ownership of their phone number when calling a call centre, in less than 60 seconds.
We believe this new ability for customers to deterministically prove their identity via their carrier identity credential unlocks significant value across the ecosystem. We have shown that the technology works, early customer feedback has been very positive, and there is a strong level of confidence that the resulting business outcomes are positive.
A scalable authentication model has the potential to transform the entire ecosystem.
The next step will be to move beyond the proof of concept into production mode. A big step towards this will be securing carrier commitments to issue identity credentials to their mobile subscribers. We will be making this call to action next month at Mobile World Congress in Barcelona, where the global carrier community comes together.
Imagine the power of billions of mobile subscribers with their own carrier-issued, cryptographically secure, reusable identity credential. Applying this to the reinvention of caller authentication is only the start.
