.png){kind=small}
WHY CALLER VERIFY?
Caller Verify extends Okta MFA to your Call Center or IT Help Desk, allowing you to quickly and securely verify callers and eliminate the use of annoying and weak security questions. With Caller Verify, you can enhance your callers' experience, eliminate call center fraud risk with NIST compliant verification, reduce your average handle time to verify callers, and provide a unified verification experience across all channels.
EMBEDDING CALLER VERIFY IN YOUR ITSM
Caller Verify integrates into the ITSM systems you already use for a single pane of glass. We have out of the box integrations with: ServiceNow, Jira, Manage Engine & FreshService, Zendesk
Use Caller Verify today with a quick and seamless integration from the Zendesk Marketplace!
CALLER VERIFY OUTCOMES
USER EXPERIENCE
Enhance your caller's experience with a simple one touch verification. Reduceverification friction and help your callers with their needs faster than ever.
MORE SECURE
Prevent bad actors from impersonating your callers. Caller Verify leveragesOkta to send a push notification to your caller's registered phone.
REDUCED CALL TIMES
Reduce average handle time by verifying callers in less than 10 seconds!
UNIFIED VERIFICATION
Your brand is built on consistency and enhanced by security. Create one familiar unified experience across online, mobile AND the Call center!
VIDEO CONFERENCE CALLS
We have all heard about deep fakes in the news that are so convincing that they can be used to socially engineer people on the call to do high value transactions for the caller. Assurance the caller is who they say they are is provided by Caller Verify so your organization has a mitigation plan for deep fakes!
In this use case, a legitimate video conference caller requests a high-value transaction. The person actioning the request must securely verify the caller before completing the transaction, in accordance with Caller Verify business rules.
In this use case, a fraudster, calling via video conference and impersonating a real employee using deep fake technology, requests a high-value transaction. The person actioning the request is compelled by Caller Verify business rules to verify the caller. Since the verification fails, the person actioning the request can refer this incident to the fraud team for further investigation.
CALLER VERIFY PROCESS
CALLER VERIFY WITH YOUR IVR
Caller Verify easily integrates with Automated Telephony systems. In this video we have integrated with the Genesis IVR and leveraged the successful verification to provide assurance for a self service password reset using Okta.
BRANDING CALLER VERIFY
Caller Verify now has the ability to use your brand in the push notification by leveraging Okta's SDK functionality. Grow your brand trust by providing a unified experience for your Members or Customers.
VERIFICATION FACTORS
Knowledge based authenticators like security questions are specifically called out as being insecure by the U.S. National Institute of Standards and Technology (NIST). Be compliant by implementing a secure factor of authentication such as a push notification to a cell phone application.
.png)
PHISHING RESISTANT CALLER VERIFICATION
Leverage Phishing Resistant factors such as device biometrics or Okta FastPass.
In the video below we leverage Slack to deliver a secure link.
BUSINESS RULES
Business rules allow you to configure when you want caller verification to be required for your business needs.
COMPLIANCE
Caller verification software is essential for compliance with various regulations such as OSFI, HIPAA, PCI DSS, and GDPR.
Here are some facts and specific clauses that support this statement:
OSFI: The Office of the Superintendent of Financial Institutions (OSFI) is a Canadian independent federal government agency that regulates and supervises more than 400 federally regulated financial institutions (FRFIs) to determine whether they are in sound financial condition and meeting their requirements, including the implementation of MFA . In Guideline B-13 Technology and Cyber Risk Management Section 3.2.7 OSFI requires that federally regulated financial institutions implement MFA across external-facing channels, and ensure that accounts are securely authenticated, managed, and audited to detect unauthorized access requests. Caller verification software can help entities comply with this requirement by verifying the identity of callers using MFA, before granting access to systems and data and by logging verification attempts.
HIPAA: The Health Insurance Portability and Accountability Act (HIPAA) requires covered entities to implement reasonable and appropriate administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). One of the technical safeguards required by HIPAA is access control, which includes implementing unique user identification, emergency access procedures, and automatic logoff. Caller verification software can help covered entities comply with the access control requirement by verifying the identity of callers before granting access to ePHI. HIPAA Security Rule, 45 CFR § 164.308(a)(1)(ii)(D).
PCI DSS: The Payment Card Industry Data Security Standard (PCI DSS) requires entities that accept, process, transmit, or store payment card data to implement various security controls to protect cardholder data. One of the requirements under PCI DSS is to restrict access to cardholder data by business need-to-know. Caller verification software can help entities comply with this requirement by verifying the identity of callers before granting access to payment card data. PCI DSS Requirement 7.1.
GDPR: The General Data Protection Regulation (GDPR) requires controllers to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. One of the security measures recommended by the GDPR is two-factor authentication, which requires at least two independent factors to verify the identity of a user. Caller verification software can provide a second factor of authentication by verifying the identity of callers before granting access to personal data. GDPR Article 32.
NIST: The National Institute of Standards and Technology specifically calls out knowledge-based authenticators as being insufficient. This means that call centers and help desks using security questions to verify callers are not NIST complaint. Caller Verify opens up all the factors Okta supports including high assurance factors like push notifications an TOTP codes.