The Equifax data breach, first exposed to the public in September last year, is still one of the most significant cybersecurity breaches in the history of the digital age. With the personal data of more than 145 million Americans hacked, the implications are massive and the magnitude of the damage is not yet completely understood. In fact, even Equifax itself keeps finding out more details about this breach and has recently revealed that cyber-thieves accessed additional records including tax identification numbers, email addresses and driver's license information beyond the license numbers it originally disclosed.
While the full implications are not yet clear, there are 3 things that have definitely changed:
#1 SSN is no longer sufficient as ID&V factor - Although it was pretty known among professionals prior to the scandal, the Equifax data breach made it clear to all that social security numbers are not sufficient as an identification & verification factor.
#2 Identity theft is easier than ever -Ever since the Equifax data breach, identity theft became much simpler. Fraudsters can easily phish for information using social security numbers and other exposed details, and their number one target for that is the contact center. Contact centers are known as organizations' weakest link when it comes to phishing, especially since customer service representatives are service-oriented and trained to assist callers rather than being suspicious about their identity.
#3 Consumers are worried and lost trust - All this made civilians feel insecure and suspicious. A recent survey among 7,500 consumers shows that 90% of consumers are concerned about their personal data being lost, manipulated or stolen, with monetary theft (74%) and identity theft (70%) highlighted as the biggest data security concerns.
What can organizations do about this?
#1 Use strong authentication, especially in the contact center
Since the contact center is highly vulnerable when it comes to phishing for identity fraud, reliable authentication of callers is not something organizations can compromise on. While there are much stronger authentication methods and technologies available, many organizations still use knowledge based authentication as their main factor for identity verification. This is very risky as these knowledge based questions are easy to fool, especially when some personal details are just out there, accessible by fraudsters. Therefore, applying more accurate methods that tie an identity to a specific individual rather than his/her knowledge is a MUST. This is where biometrics comes into the picture, with an increasing number of organizations using voice biometrics as their main authentication factor at the contact center. Voice biometrics by itself is considered the most secure and accurate authentication method for contact centers. Combining it with additional authentication factors, such as device and phone number verification, makes fraudster access almost impossible.
#2 Identify fraudsters the second they call in
Knowing that you have a fraudster on the line before they start phishing for information about your customer is priceless. With the understanding that fraudsters may steal customers' data but they will still have their own voices, it is no surprise that more organizations use voice biometrics watch lists to identify fraudsters within seconds and prevent them from not just stealing, but also phishing.
#3 Regain customer trust by letting them know what you do to secure them
A survey conducted following the Equifax incident reveals that 72% of consumers claim to be more aware of privacy threats compared with five years ago. Another survey shows that 44% of consumers rate identity theft and banking fraud as their top concern (higher than being a victim of a terrorist attack). This is just an indication that consumers care about their data and are highly concerned about the breach implications for the long term. On the other hand, most consumers are not convinced that organizations do everything possible to protect them from identity theft, with 40% saying that businesses are not doing all they can, and 38% are unsure if businesses are doing enough to safeguard their information. Considering that, organizations must communicate to their customers what they have changed or what they are planning to change in their authentication and fraud prevention process in order to regain their trust.
Learn more about how NICE can help you prevent identity theft.