
We talk a lot about caller verification and best practices in this blog, but what does that actually mean for you and your organization? Here are a few guiding principles to think about when setting up verification for your callers:Â
Don’t use information that can be guessedÂ
Yes, this means no security questions. With social media more popular than ever, it’s easy for fraudsters and bad actors to look up information about your callers and impersonate them. If you’re relying on a caller providing their employee number or their cat’s name, you can’t be sure if it’s your caller. Anyone could have looked up that information online.Â
Â
Think twice about biometricsÂ
Voice authentication may seem like a simple solution, but not in the new world of AI. Voice authentication is easily phished or faked, whether with AI imitation or a good old-fashioned phishing phone call. Is that really a bad connection, or is someone splicing together a recording of your caller’s voice?Â
Â
Consider device-based factorsÂ
Since knowledge or biometric factors are not secure, what should you use instead? We recommend device-based factors, such as an authenticator app or code.Â
Â
Using an authentication code or prompt sent to a device the user controls is best. You can set this up by having your callers install an authenticator app and use the app to authenticate. For corporate devices, you can increase the security of this method by requiring the device owner to set up a PIN or passcode to access the verification. Â
Â
Can’t use an authenticator app? A TOTP (time-based one-time pad) code sent to a phone number or email the user controls can be an OK substitute, though there is a risk of compromise if an attacker compromises the caller’s email or SIM (e.g. via a SIM swap).Â
Â
Keep it simpleÂ
The simpler your verification is, the easier and quicker it will be for callers and call center employees to manage. Surprise and delight your callers by verifying them quicky and easily and helping them move onto the purpose of their call faster. Not only will your callers be more secure, they’ll be happier too!Â
Â
Don’t go it aloneÂ
Call in some expert help to make your call center verification the best it can be. We’re here at TechJutsu to help set you up with caller verification that keeps you secure and your business moving with Caller Verify.