Fraud Prevention and Happy Customers - You Really Can Have It All

Customer Data

By: Tim Prugar

Ponemon Institute found that “more than two-thirds (70 percent) of [executives surveyed] said they plan to increase their investments in next-generation security technologies.”  Maybe you’re one of these executives – What’s your plan?

Next Caller and IntraNext Systems recently sat down to discuss call center fraud prevention and customer experience - areas both companies are extremely passionate about.   The discussion explored how different vendors complement and support each other to prevent fraud while adhering to regulatory guidelines and providing a seamless customer experience.  

If there’s one definite that this conversation surfaced, it’s that call center security leaders need to take a holistic approach to call center fraud and customer experience. Here’s a closer look at why:

 

The Push-Pull of Fraud and Customer Experience

Defeating fraudsters and improving customer experience is not about checking boxes. There isn’t one solution to solve each respective problem; conversely, solutions always have effects on both problems.  For example, if you implement an in-depth screening authentication technique that cuts down fraud, it probably adds some friction to the customer experience.  On the other hand, adding solutions that make it easier to access your account often makes it easier for fraudsters to access your account too.  Luckily for consumer-facing businesses, there are solutions that don’t force this tradeoff, helping to both prevent fraud and improve customer experience.

 

Passive, Multi-Layered Authentication

Authentication is a big buzzword these days.  It should be - preventing fraudsters from gaining access to accounts plays a huge role in fraud prevention, and saving customer time plays an equally important role in customer experience.  With new authentication methods, customers can complete a transaction via any customer service channel they choose, be authenticated quickly, and move on to carry out their business.  That is a game changer for customers.  Compare that to customers getting stuck in the IVR loop, repeating information multiple times, or being interrogated to prove their innocence and only then being allowed to carry on with their inquiry. As call centers move to technically advanced biometrics and call analytics, they must employ an integrated multi-layered approach to authentication with as passive a process as possible.  That way there will be multiple catching points for fraudsters along their path to account access that combine to form a comprehensive case for suspicion, and the customer experience will be more seamless than any password or knowledge-based authentication.

 

Compliance, Regulation, and Fraud Prevention

Regulations and guidelines cannot just be a box to check off either.  Call centers handle an extraordinary amount of Personally Identifiable Information (PII).  Companies in the financial sector, the healthcare industry, or anywhere in between are responsible for adhering to different compliance standards and security regulations.  Compliant doesn't necessarily translate to fraud prevention or data security for your customers, so working with a vendor that can help bridge the two should be something to consider.

 

Continuous Cybersecurity Throughout the Call

Similarly, implementing layered passive authentication and rigorous regulatory compliance do not mean that fraud will not occur during the call. Call centers must spend time looking at vendors that offer data security options within live agent transactions as well. Technology exists that completely eliminates the verbal exchange of sensitive data and allows customers to control the input of their information - reinforcing a company's commitment to security and customer experience. If sensitive information is not heard or seen, it makes it difficult for it to be misused.

 

Choosing the Right Solutions for You

Preventing call center fraud while delivering a seamless customer experience can seem like a daunting undertaking when faced with stats like

But it doesn’t have to be.  Vendors exist that can help call centers excel in integrated multi-layered authentication methods, biometrics, call analytics, regulatory compliance, and security measures in live agent environments. Both Next Caller and IntraNext Systems propound that when call centers employ a holistic approach and engage with the right group of multiple vendors they can significantly cut down fraud and improve customer experience.

Law of the Land: The Spokeo Decision

Law of the Land: Spokeo, Inc. v. Robins

By: Ryan Cash

The recent Supreme Court case involving Spokeo, Inc. and Thomas Robins has implications for data providers and companies handling consumer information. Next Caller takes a deeper dive into the case, decision, and importantly, the dissent, to evaluate what this means for the industry moving forward.

Background:

One can search Spokeo for personal information (address, marital status, age, economic health, occupation) about an individual via his or her name, phone number or email address. The case invokes the Fair Credit Reporting Act of 1970, (FCRA), which applies to companies that provide information bearing on someone’s credit standing, character, reputation, etc. Given the nature of the information Spokeo provides, it is alleged to be subject to FCRA. Companies subject to FCRA must follow “reasonable procedures to assure maximum possible accuracy of” consumer reports. To make sure reporting agencies follow FCRA, Congress grants consumers the right to sue noncomplying agencies.

Thomas Robins’ Spokeo profile contained inaccurate information. He was unemployed and claims the misinformation affected his ability to get a job. By presenting wrong information, Robins says Spokeo willfully violated FCRA’s requirements. The key is establishing whether Robins has standing to sue. To have standing, he must show that Spokeo’s conduct caused him “injury in fact” which requires “particular and concrete harm.” In English, Spokeo’s conduct injured Robins himself, as an individual, not the greater public, and the injury is real, not hypothetical. The District Court ruled Robins’ did not meet the requirements. The Ninth Circuit reversed saying Spokeo violated his rights under FCRA, and the mishandling of his information harmed him as an individual, so he has standing to sue. The Supreme Court evaluates the Ninth Circuit’s decision.

Decision and Reasoning:

The Supreme Court rules the Ninth Circuit’s analysis was incomplete. This rests on a distinction between the terms “particular and concrete.” According to the Supreme Court, the Ninth Circuit wrongly combined the two independent requirements, and their analysis only satisfied one of them: “particular.” They successfully showed that the handling of Robins’ personal information affected him as an individual, rather than the greater public (ie. the wrong information in Robins’ profile did not harm you or I). However, their analysis did not take up the question of concreteness. They did not adequately address whether the FCRA violation resulted in real harm. Justice Alito provides examples of where FCRA violations may cause no harm, such as if Spokeo gives an incorrect zip code, it would be a rather innocuous violation. It’s important to understand the Supreme Court is ruling on the Ninth Circuit’s analysis, not the case itself. The Court takes no position on whether the Ninth Circuit’s conclusion was correct or not. They simply rule that the analysis is incomplete, and send the case back to the Ninth Circuit.

Dissent:

Justice Ginsberg leads the dissent, and her reasoning rests on two arguments. One is historical precedent. She provides multiple cases where the terms “concrete and particular” were combined in the ruling. In other words, historically the court has not needed to discuss “concrete” and “particular” independently, as this ruling claimed it did. The second, and in my opinion, more interesting argument, is that Justice Ginsberg believes the violation of FCRA’s requirements in this case did in fact cause concrete harm, and that Thomas Robins has standing to sue. She essentially finds the court’s observation to be a red herring. The opinion stated there are cases where an FCRA violation would cause no harm, such as providing an incorrect zip code. However, in Ginsberg’s eyes, this case is fundamentally different. Spokeo misrepresented Robins’ education, economic status and family situation, which could create an impression that he is overqualified for the positions that he is seeking and materially affect his job prospects. FCRA’s requirements were designed to prevent situations exactly like this. Therefore, she sees merit in Robins’ complaint and would affirm the Ninth Circuit’s decision.

Discussion and Implications:

Okay, enough legal jargon. So what does this mean? There are important considerations embedded in this ruling. First, the Supreme Court did not officially rule in favor of Spokeo or decide on the merits of Robins’ allegation. They gave the legal equivalent of a “maybe, but I’m not convinced yet; go back to the drawing board.” In other words, this case is very much alive and not settled. Second, Justice Ginsberg’s dissent gives an indication of the type of reasoning that will be used moving forward. She says there is concrete harm here. The misinformation from Robins’ Spokeo profile constitutes real and concrete harm to his employment prospects. The Ninth Circuit’s judgment simply did not address it in full, but if they do, they can reaffirm their decision. Hopefully they do not just copy and paste, but you never know. 

For data companies, it’s important to be aware that protection of consumer information is top of mind for litigators and the courts. Companies need to take extra precaution to ensure that they are carefully, responsibly and accurately handling consumer information, and they are compliant with relevant statutes, like FCRA. If you do not wish to fall under FCRA, know that a disclaimer alone is not enough to exempt you. Know who is using the information you are providing and how they are using it. Ensure that those using the information are aware of the requirements of legislation like FCRA, because if they use it in a way that violates said requirements; the hammer comes down on the agency. If you provide information that could relate to credit, character, personal characteristics, etc. make sure it is not being used for discriminatory practice or creditworthiness evaluation (ability to pay bills, employment, etc.). For further reading on best practices consult the FTC Big Data Report here.