Call center agent

Here’s Every Authentication Technique Possible for Modern IVRs

We live in an age where a person’s entire life can be represented digitally. It could be argued that every minute of our days, no matter how trivial, can be accounted for by some digital process: The alarms that wake us, the clothes and gear we bought online, the coffee and bacon we got at the grocery store; everything about our vehicles, computers and the appliances in our house; the news we read; our conversations with friends and family; the state of our finances; even the most intimate details of our health – it’s all out there, stored somewhere in 1s and 0s.  

Paradoxically, just because it’s out there doesn’t mean just anyone can have access to it. And thus, we come to the critical importance of authentication in IVR transactionsYour company’s data safety and security is based on your customers’ ability to prove that they are, indeed, who they’re claiming to be: the person who should have access to this private data.  

At the same time, customers are easily frustrated by overly fussy and time-consuming authentication systems where the return doesn’t seem to justify the time and effort spent. Therefore, your business’ choice of IVR authentication is vitally important to not only your data security, but your customer satisfaction. So what are your options for authentication methods? For instance, recent technological advances in personalization have made some new options possible, but are they really viable for your needs? 


Types of Authentication 

The most common form of authentication used in IVR is knowledge-based authentication (KBA). At the most basic level, this usually starts with the customer’s account number and can be followed by a secondary number for additional confirmation. This secondary number is often a birthdate, the last four digits of a Social Security number, or zip code. It’s common for modern IVRs to allow for this data to be supplied via voice, although inviting a customer to recite their identifying data out loud can bring up security concerns if such calls are recorded or if your customers must call from a public area.  

Perhaps the most secure way to prove that “you are you” is through biology, as no one else has the same fingerprints, eyes or voice characteristics as any one of your customers. The identification method most useful to IVR is voice biometrics software, which can be easily deployed over the phone and is designed to detect impersonators, recordings or synthetic voices. This method has two parts: registration and authentication. Registration, which creates a voice print of your customer, requires the recording of 4-6 audio samples. Then, during subsequent calls, the caller’s voice is verified against the voice print already in the system. Registration needs to be done only once, making the authentication process a fast and efficient security measure once it’s set up. However, customers might find the registration process frustrating, and it’s critical that your system include a backup method of authentication as the voice system is dependent on unpredictable variables like call quality, too much noise in the customers’ background, etc.  

Other authentication methods use items that only your customer should have, such as mobile phones. Caller ID is one such option, but again, it’s not 100-percent reliable because: 

  • Not everyone calls from the same phone number on every occasion. 
  • Caller ID, on its own, can’t verify who’s holding the phone.  

This kind of item-based authentication may be most effective as a validation of other methods. For instance, in addition to caller ID, location trends can establish if your caller is calling from a location they frequent such as their home or work. If your caller’s location is outside the threshold established around their frequent places, then your system can throw up a red flag. At that point, you can decide what action to take, whether that involves locking an account, requiring additional security information, or taking other action. 

To really earn customers’ trust when it comes to data security, it is recommended to implement two- or even multi-factor authentication. If your IVR starts with a level or two of KBA, confirming steps could include biometric or object-based security measures as described above. Plum Voice has hand-selected third parties that offer these options if you’d like to add them to your Fuse installation.  


Reducing IVR Frustration 

Let’s get back to that concept of customers being frustrated by levels of authentication they feel are excessive or too time-consuming – even while they acknowledge how important it is to them that their data be secure. The key to minimizing this frustration is for your company to ensure your system smooths the way up to and through the authentication process as much as possible. Best practices here include: 

  • Make sure all account numbers are clearly indicated on all bills and other account communications. Your customer should be able to tell at a single glance what account number they’re contacting you about.  
  • Keep in mind that the most accurate KBA involves asking for and receiving straight numbers. However, if your account numbers would take more than a few seconds to enter or recite, or if they include alphabetic characters that would be confusing to key in, use only the last four numbers of the account number in your authentication. 
  • Don’t make your customers re-enter their information if they transfer to your IVR from another channel. Implementing SIP transfers from Internet-based and/or mobile channels like chat and text means a seamless transfer of authentication from one channel to the next, which is convenient for your callers and also helpful for your agents if they need to get involved 
  • Speaking of agents, don’t code your callers into a dead end. Your IVR is meant to facilitate self-service, but if they’re having problems on any aspect of their call, including establishing authentication, always provide an easy option to transfer to an agent.  

Finally, learn from others by taking a look at the IVR authentication processes in use around your industry – what works and what doesn’t, what’s considered best practice and why. Not only will your IVR reflect excellent standards of security, it will also reflect what your customers consider to be reasonable standards for usability.  


For help creating or updating your IVR to reflect the latest in effective authentication, contact us today.