Voxeo Summit Day 2 - Securing customer interactions
-
Upload
voxeo-corp -
Category
Technology
-
view
507 -
download
1
description
Transcript of Voxeo Summit Day 2 - Securing customer interactions
Voice Biometrics, PCI, Location-Based Services, and More!
SECURING CUSTOMER INTERACTIONS
Risk, Challenge and Opportunity
Securing Customer Interactions
Risk
FraudAbuseData IntegrityLiability
Challenge
Customer ExperienceComplianceManaging Costs
Opportunity
Voxeo TechnologyAspect TechnologyQivox TechnologyIntegrated Cloud SolutionsCompetitive Advantage
3
FRAUD COSTS
• The global cost of fraud and identity theft is estimated to be over $200 billion per year. (Accenture Report, 2011)
• Contact centers spend more than $12 billion annually on agent handled security and identification (Contact Babel Report, 2010)
4
Voice Phishing (Vishing), social engineering attacks, fraudulent card activation, fraudulent financial transactions, premium rate toll fraud, employee errors and breaches
VOXEO SECURITY SUITE
5
6
VOXEO SECURITY SUITE
VOICE BIOMETRICS
7
8
• Static passphrase or number
• Random numeric
• Will by definition be language dependent
• Minimum 1.5 seconds of speech
Text-IndependentText-Dependent
“Please say 9, 5, 2, 1”
• Listen to someone speaking and pull out voiceprint from the spoken voice
• Like dusting for prints rather than having a print-to-print comparison
TYPES OF VOICEPRINTS
CAPTURE, THEN VERIFY
9
Enroll Once and Store Voiceprint
• User repeats phrases or numbers generally at least three times.
• Minimum 1.5 seconds of speech
Verify Many
• Repeat enrollment phrases• Random numeric
Text-Dependent Text-Independent
Text-Dependent Text-Independent
• Larger speech sample, at leasta minute
• May require at least 30 seconds of speech, typically “eavesdropping” on a conversation with an agent
10
COMBINE WITH LBS FOR GREATER SECURITY
Estimated EnrolleesThousands
LOCATION-BASED SERVICES
13
15
LOCATION-BASED SERVICES
16
USE CASES FOR LBS
Use Cases
17
LOCATION-BASED SERVICES• Locate callers in inbound calls or text
messages: Bypass the “What’s your ZIP code” step
• Store, branch, ATM, … locators• Local information services• 511 road assistance
• Mobile marketing (with geo-fencing)
• Workforce Management
• Fraud detection (multi-factor authentication)
New Services Available
• Cell-tower lookup• Assisted GPS
Characteristics• Works for all major carriers in US and Canada• Lookup accuracy between a few yards and a
mile• Doesn’t work all too well indoors
LOCATION-BASED SERVICESStatus Quo (2012)
Coverage – As it was
19
LOCATION-BASED SERVICE
New Services available
• Cell-tower lookup• Assisted GPS• IP Location
• available for 3.4 billion connected devices worldwide
• WiFi location (great accuracy indoors)• Device-based GPS• Landline location (North America)• Global Cell ID
New Services (2013)
Location Based Services
Single APIWorks with best or cheapest available method
Coverage – Now
21
LOCATION-BASED SERVICE
Types of Lookups
22
LOCATION-BASED SERVICES
• Fast• Works on any
handset• Moderate
accuracy
• Slower• Requires GPS unit on
device• High accuracy
Landline
23
LOCATION-BASED SERVICES• Find and verify name, address, lat/long
and telephone information for 130 million landline phone numbers
• Covers residential, business and government numbers, VoIP providers and non-published numbers
• Current and accurate data, updated daily
• Use cases: • Call centers, IVR systems, security services,
emergency services, credit and collections, risk management applications
Geo IP
24
LOCATION-BASED SERVICES• Uses user’s IP address for a real-time
lookup of Lat/long, state and zip code
• Works with all types of user connections
• Non-invasive, no additional privacy disclosures needed
• Useful in apps and mobile web application• Localizing content and currency,
personalizing advertising, targeting special offers
• Combine with other lookup methods for multi-factor authentication
Network WiFi
25
LOCATION-BASED SERVICES• Device location based on network names
of WiFi Access Points• Available on >189 mio WiFi access
endpoints worldwide• Measures the received signal strength of access
points and trilaterates the position• Accuracy is typically very good, down to 10-20
meters• WiFi access point location is changing quickly,
so having access to a source that is up to date is important.
• Used to “locate” users that access services from SmartPhones & Tablets: Fraud management, Mobile gaming, Mobile Lottery
Global Cell ID
26
LOCATION-BASED SERVICESCell tower lookup when roaminginternationally (200+ countries).
Problem: Geo-Location can be spoofed easily
27
What about the On-device GPS Unit?
GPS Unit not useable for fraud detection or multi-factor authentication
Location Spoofing Apps available in App stores
PAYMENT CARD PROCESSING
30
31
• Compliance is EXPENSIVE
• Voxeo makes it easier
• PCI-compliant hosting operations with Level 1 certification – the highest level achievable
• No storage of sensitive data
• Software ready for on-premise PCI audits
DELIVERING SECURE TRANSACTIONS
Secure, PCI-compliant credit card capture and processing over the phone
Integration with major payment processors
Secured connection to existing customer-based order management backend systems (SSL/HTTPS, VPN)
Supports touch-tone and optionally speech recognition
Multi-lingual caller interaction
Customizable greetings, prompts, application parameters
Reduced professional services costs through parameterizable template approach
Out-of-the-box reporting on IVR usage and caller behavior
Payment IVR: General Features
Payment IVR Solutions
• Standalone secure payment IVR application
• Dedicated 800#
Solution 1: “Standalone”
• Seamless integration of secure payment option as part of an existing IVR portal
Solution 2: “IVR Sub-Dialog”
• Seamless integration of secure payment option as part of a CSR interaction
Solution 3: “CSR Transfer”
Standalone IVR application, end-to-end hosted by Voxeo
Dedicated phone number (e.g. 1-800-…)• Can be owned by customer or managed by Voxeo• Voxeo is a RESP ORG and carrier agnostic, can route
around carrier outages
Customized greeting
Solution 1: Standalone
• Standalone secure payment IVR application
• Dedicated 800#
Solution 1: “Standalone”
Identifies caller and payment through customizable prompting
Integrates with customer’s order management
• Lookup order or payment information• Update backend after payment transaction
(success, different failure codes)
Optional transfer to call center at end of call
Solution 1: Standalone
Solution 1: Diagram
IVR
Bro
wser
PSTN
IVR
A
pp
licati
on
Serv
er
Payment Gateway
Se
cure
d C
on
nect
ion Order Management
Backend System
CUSTOMER
Caller interacts with existing IVR portal, selects payment option
Existing IVR transfers call to Voxeo-hosted payment IVR
A) Pass information on caller and payment via telephony parameters (custom SIP headers, UUI field) and/or backend call OR
B) Payment IVR re-authenticates caller (“as if standalone”)
Solution 2: IVR Sub-Dialog
• Seamless integration of secure payment option as part of an existing IVR portal
Solution 2: “IVR Sub-Dialog”
Integrates with customer’s order management
• Lookup order or payment information• Update backend after payment transaction
(success, different failure codes)
Optional transfer to call center at end of call, or back to original IVR
Solution 2: IVR Sub-Dialog
Solution 2: Diagram
IVR
Bro
wser
IVR
A
pp
licati
on
Serv
er
Payment Gateway
Se
cure
d C
on
nect
ion
Order ManagementBackend System
CUSTOMER
IVR PortalPSTN
Caller interacts with CSR, needs to make payment
CSR transfers call to Voxeo-hosted payment IVR, frees CSR for next call
A) Pass information on caller and payment via telephony parameters (custom SIP headers, UUI field) and/or backend callOR
B) Payment IVR re-authenticates caller (“as if standalone”)
Solution 3: CSR Transfer
• Seamless integration of secure payment option as part of a CSR interaction
Solution 3: “CSR
Transfer”
Integrates with customer’s order management
• Lookup order or payment information• Update backend after payment transaction
(success, different failure codes)
Optional transfer to general call center queue at end of call, or to original CSR
Solution 3: CSR Transfer
Solution 3: Diagram
IVR
Bro
wser
IVR
A
pp
licati
on
Serv
er
Payment Gateway
Se
cure
d C
on
nect
ion
Order ManagementBackend System
CUSTOMER
PSTN
OPERATOR LOOKUP
43
Numbering API
44
• Distinguish cell phones and landline phones
• Get information about mobile carrier (carrier name) for an MSISDN
• Works for all carriers that route calls in the US
OPERATOR LOOKUP
?
Early Adopter Use Cases
45
• Eliminate unnecessary IVR prompts• Intelligent use of SMS (for notification or authentication)
• Integration of mobile device workflows
OPERATOR LOOKUP
ANI VERIFICATION
46
Spoof DetectionANI VERIFIER
47
ANI SPOOF DETECTION
48
ANI SPOOF DETECTION
49
EMERGING TECHNIQUES
FACIAL RECOGNITION
51
52
Customer Experience
One tap multi-modal biometric protection that improves
customer experience
53
• Enhance security and convenience at the same time
• “Who you are” vs. What youhave/know
• Bi-modal vs single biometric • Take advantages of
capabilities of the devices • Next generation for
customer experience
Voice+Face ID can provide seamless and secure biometric access to mobile apps
Customer Experience
54
• FA 0.01% and lower for multi-modal verification (at FR 2%)
• Patent Pending: Liveness detection through linking speech and face movement during the utterance.
MULTI-MODAL APPROACH DRASTICALLY REDUCES EER
Enhanced Security
55
Benefits
MULTI-BIOMETRIC APPROACH
• Extremely high accuracy • Easy to use • Easy to integrate • No need for additional hardware
QIVOX
56
Introducing Q:Fraud
Reduces fraud while keeping transactions in motion
Q:Fraud detects and flags whenever a mobile communication is suspect
UK ONLY CURRENTLY
• SIM SWAPDetect SIM card swapped for ID theft
• Divert DetectIntercepting redirected communications
• Geo-LocationIdentify location of device to influence risk factors
Q:Fraud: Key Features
• Voice Biometrics• Verifying identity theft, establishing gender
• USSD• Channel removing potential for forwarded
communications within post transaction confirmation
• CLI Detection• Detecting inbound calls that are using spoofed
Caller IDs
Q:Fraud: Key Features
SECURITY IN THE CONTACT CENTER
60
The Power of Aspect+Voxeo
61
Security in the Contact Center
A RevolutionaryRelationship.
Risk, Challenge and Opportunity
Securing Customer Interactions
Risk
FraudAbuseData IntegrityLiability
Challenge
Customer ExperienceComplianceManaging Costs
Opportunity
Voxeo TechnologyAspect TechnologyQivox TechnologyIntegrated Cloud SolutionsCompetitive Advantage
62
63
Security in the Contact Center
Customer
Experience
Network Intelligen
ce
Caller Intelligen
ceAgent
Intelligence
Aspect ProductsVoxeo PlatformQivox Solutions
Voxeo Cloud
Aspect Services
Making it Easy
Gordon Cloke – [email protected] Volmer – [email protected]
THANK YOU!