Securely verify callers to the help desk in less than 10 seconds
WHY CALLER VERIFY?
Caller Verify extends Okta MFA to your Call Center or IT Help Desk, allowing you to quickly and securely verify callers and eliminate the use of annoying and weak security questions. With Caller Verify, you can enhance your callers' experience, eliminate call center fraud risk with NIST compliant verification, reduce your average handle time to verify callers, and provide a unified verification experience across all channels.
EMBEDDING CALLER VERIFY IN YOUR ITSM
Caller Verify integrates into the ITSM systems you already use for a single pane of glass. We have out of the box integrations with: ServiceNow, Jira, Manage Engine & FreshService, Zendesk
Use Caller Verify today with a quick and seamless integration from the Zendesk Marketplace!
CALLER VERIFY OUTCOMES
USER EXPERIENCE
Enhance your caller's experience with a simple one touch verification. Reduce verification friction and help your callers with their needs faster than ever.
MORE SECURE
Prevent bad actors from impersonating your callers. Caller Verify leverages Okta to send a push notification to your caller's registered phone.
REDUCED CALL TIMES
Reduce average handle time by verifying callers in less than 10 seconds!
UNIFIED VERIFICATION
Your brand is built on consistency and enhanced by security. Create one familiar unified experience across online, mobile AND the Call center!
VIDEO CONFERENCE CALLS
We have all heard about deep fakes in the news that are so convincing that they can be used to socially engineer people on the call to do high value transactions for the caller. Assurance the caller is who they say they are, is provided by Caller Verify so your organization has a mitigation plan for deep fakes!
In this use case, a legitimate video conference caller requests a high-value transaction. The person actioning the request must securely verify the caller before completing the transaction, in accordance with Caller Verify business rules.
In this use case, a fraudster, calling via video conference and impersonating a real employee using deep fake technology, requests a high-value transaction. The person actioning the request is compelled by Caller Verify business rules to verify the caller. Since the verification fails, the person actioning the request can refer this incident to the fraud team for further investigation.
CALLER VERIFY PROCESS
CALLER VERIFY WITH YOUR IVR
Caller Verify easily integrates with Automated Telephony systems. In this video we have integrated with the Genesis IVR and leveraged the successful verification to provide assurance for a self-service password reset using Okta.
BRANDING CALLER VERIFY
Caller Verify now has the ability to use your brand in the push notification by leveraging Okta's SDK functionality. Grow your brand trust by providing a unified experience for your Members or Customers.
VERIFICATION FACTORS
Knowledge based authenticators like security questions are specifically called out as being insecure by the U.S. National Institute of Standards and Technology (NIST). Be compliant by implementing a secure factor of authentication such as a push notification to a cell phone application.
PHISHING RESISTANT CALLER VERIFICATION
Leveraging phishing resistant factors such as device biometrics helps strengthen your caller verification practices.
In the video below, we demonstrate this with a stand-alone Caller Verify instance while using Slack and Okta FastPass to deliver and receive the verification.
Discover how callers to your IT Help Desk can use YubiKey to verify who they say they are.
YubiKeys are phishing resistant and can be integrated with Caller Verify.
Caller Verify can be integrated into existing ITSM tools like ServiceNow.
In the video below, we use this to verify a caller while notifying them via Slack and leveraging device biometrics via Okta FastPass.
BUSINESS RULES
Business rules allow you to configure when you want caller verification to be required for your business needs.
COMPLIANCE
Caller verification software is essential for compliance with various regulations such as OSFI, HIPAA, PCI DSS, and GDPR.
Here are some facts and specific clauses that support this statement:
OSFI: The Office of the Superintendent of Financial Institutions (OSFI) is a Canadian independent federal government agency that regulates and supervises more than 400 federally regulated financial institutions (FRFIs) to determine whether they are in sound financial condition and meeting their requirements, including the implementation of MFA . In Guideline B-13 Technology and Cyber Risk Management Section 3.2.7 OSFI requires that federally regulated financial institutions implement MFA across external-facing channels, and ensure that accounts are securely authenticated, managed, and audited to detect unauthorized access requests. Caller verification software can help entities comply with this requirement by verifying the identity of callers using MFA, before granting access to systems and data and by logging verification attempts.
HIPAA: The Health Insurance Portability and Accountability Act (HIPAA) requires covered entities to implement reasonable and appropriate administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). One of the technical safeguards required by HIPAA is access control, which includes implementing unique user identification, emergency access procedures, and automatic logoff. Caller verification software can help covered entities comply with the access control requirement by verifying the identity of callers before granting access to ePHI. HIPAA Security Rule, 45 CFR § 164.308(a)(1)(ii)(D).
PCI DSS: The Payment Card Industry Data Security Standard (PCI DSS) requires entities that accept, process, transmit, or store payment card data to implement various security controls to protect cardholder data. One of the requirements under PCI DSS is to restrict access to cardholder data by business need-to-know. Caller verification software can help entities comply with this requirement by verifying the identity of callers before granting access to payment card data. PCI DSS Requirement 7.1.
GDPR: The General Data Protection Regulation (GDPR) requires controllers to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. One of the security measures recommended by the GDPR is two-factor authentication, which requires at least two independent factors to verify the identity of a user. Caller verification software can provide a second factor of authentication by verifying the identity of callers before granting access to personal data. GDPR Article 32.
NIST: The National Institute of Standards and Technology specifically calls out knowledge-based authenticators as being insufficient. This means that call centers and help desks using security questions to verify callers are not NIST complaint. Caller Verify opens up all the factors Okta supports including high assurance factors like push notifications and TOTP codes.
SUPPORTED FACTORS
We can support any factors that Okta supports, including, but not limited to:
​
​
​Okta Verify
Google Authenticator
Microsoft Authenticator
Yubikey
RSA tokens
TOTP codes