Biometrics in Telecom: Improving Customer Authentication and Fraud Prevention

Carriers are constantly creating new ways for clients to interact with them that require as little friction and effort as possible, and are increasingly adopting voice and behavioral biometrics.

Biometrics in Telecom: Improving Customer Authentication and Fraud Prevention

Why, as larger subscriber bases and more devices per subscriber result in more customer interactions, are biometrics a win-win for customers and carriers? Read on this article to find out.

Better fraud prevention, all around.

In 2019 alone, telecom organizations lost $32.7 billion worldwide to fraud. Telcos hoping to protect and retain their customers must now tighten information security without complicating customer-facing processes.

With the help of biometrics, telecom organizations can simplify customer authentication while deterring fraudsters. Telcos that adopt biometrics as part of their security strategies can position themselves as trusted service providers, leading to higher retention rates. Read on this article for an in‑depth look into:

  • The current state of fraud in the telecom sector
  • Why biometrics are critical for improving security and providing richer customer experiences
  • How the use of biometrics has evolved over time in the telecommunications industry

Content Summary

Executive summary
Current risk issues
Determining the size of the problem
Why customer care is important
How biometrics works today
The evolution of biometrics in telecom

Executive summary

While today’s telecom networks themselves are very secure, fraud in the industry continues to be a challenge. From individuals to organised crime rings, fraudsters are obtaining devices and services by taking over accounts using stolen information, creating new accounts using synthetic identities, and targeting customer service agents with social engineering. Every leak of logins, passwords and personal information results in more and more consumer data being available for fraudsters to exploit.

Consider the results of :

  • 2017 CFCA (Communications Fraud Control Association) survey that showed global telecom fraud losses to be $29.2 billion, or 1.27 percent of annual telecom revenues.
  • 2019 Cyber-Telecom Crime report finding that showed global telecom fraud losses to be $32.7 billion, and reporting in the ACFE Report to the Nations that organisations lose 5 percent of revenue to fraud every year.

If someone is able to fraudulently access a subscriber account, whether in a store, online or through a contact centre, they will be able to order an extra line on the account, which can then be sold for cash on the street; they can obtain a new phone or other device which is again sold immediately for cash; they can purchase accessories, again charged to the account; or they can use their access to the customer’s telco account to gain access to the customer’s financial holdings and other accounts.

Carriers are constantly creating new ways for customers to interact with them that require as little friction and effort as possible. Unfortunately, this positively impacts the fraudster watching and waiting for any vulnerabilities in the carrier’s customer care infrastructure. These bad actors – whether motivated by money or more nefarious reasons – are constantly retooling and exploiting new techniques, in many cases working in teams to feed off each other and share real-time activities to strike when an opportunity is found.

iGR, a market research consultancy focused on the wireless and mobile industry, has conducted a considerable amount of research over the past few years on how mobile subscribers interact with operators: on average, iGR believes that each subscriber calls customer care once per quarter, across all channels and for the entire population, but not everyone calls each month; on average, those subscribers that do contact customer support do so on average every two months.

And it should come as no surprise that the quality of customer support by a mobile operator is a factor determining the churn rate. In a recent iGR survey, nearly 17 percent of subscribers who had recently switched mobile operators said that a customer service or billing issue was a reason to churn.

If the customer service interaction is to be successful, identity authentication needs to be as seamless and painless as possible. If the customer is repeatedly challenged for their identity throughout the interaction, the risk of having an unsatisfying experience increases. And, as people use more devices, the number of customer service interactions increases, presenting more chances to either make a good impression or fall flat. To put this in perspective, consider that at the end of 2018, there were just under 340 million cellular subscriptions in the U.S. with 488 mobile connections. If the average subscriber contacts the operator for support four times per year, that is 1.36 billion customer care interactions. That means that 1.36 billion interactions need authenticating. And by 2023, iGR forecasts that the total number of interactions will increase to 1.765 billion.

In 2019, the number of mobile subscriptions in the U.S. was at 404.57 million. If the average subscriber contacts the operator for support four times per year, that is 1.62 billion customer care interactions. That means that is 1.62 billion interactions need authenticating. And by 2023, iGR forecasts that the total number of interactions will increase to 1.765 billion.

Every one of these interactions requires some level of authentication and every authentication is a chance to make or break the customer’s experience. What’s more, every one of these interactions is potentially a fraudster trying to compromise a customer account. Telcos therefore need to find a way to protect their subscribers without adding undue friction and frustration to their experiences.

As this article will show, telcos of all stripes around the world are turning to biometrics for seamless authentication that enhances the customer experience and intelligent fraud prevention that protects their interactions.

Today’s telcos face four fundamental problems when it comes to customer authentication and fraud prevention:

  1. Protecting their subscribers.
  2. Reliably confirming a customer’s identity without undue intrusion, making the interaction as frictionless as possible.
  3. Reducing agent costs and handling time.
  4. Providing a consistent, effective experience across all channels.

Biometrics is being adopted for many reasons; three of the most compelling are:

  • Biometrics spans virtually every engagement channel that a carrier may offer, from voice (live agents and interactive voice response systems) to digital (web, mobile, apps).
  • Biometric authentication is proven to improve the customer experience (including reducing customer effort) while increasing agent productivity/reducing average handle time.
  • At the same time that it improves authentication for legitimate customers, biometrics is simultaneously detecting and preventing fraud.

As larger subscriber bases and more devices per subscriber result in more customer interactions, biometrics is a win-win for customers and carriers.

Current risk issues

Anyone who has called or contacted their mobile operator for customer care knows the drill: call or log in and then be prepared to answer a series of questions to confirm your identity. On the web, the standard approach for customer care systems is to require a login and password and then, before any purchase can be made, to confirm the account holder’s identity with a follow-up question or two-factor authentication, such as sending an email link or a code via SMS.

Nowadays, it is very hard to fraudulently clone a SIM card or obtain free cellular service via any other such method; LTE networks are very secure and can detect unauthorized devices on the network. But it is still possible to fraudulently obtain devices and services through customer care channels by imitating a valid subscriber. Every leak of logins, passwords and personal information exacerbates the problem.

As an indication of the size of the problem, consider the results of a 2017 CFCA (Communications Fraud Control Association) survey that showed global telecom fraud losses to be $29.2 billion, or 1.27 percent of annual telecom revenues. While the survey showed fraud losses had fallen by 0.42 percent from 2015, telecom fraud departments had increased by four percent and were spending 14 percent more time on customer care, billing and revenue assurance functions. Also, 10 percent more cases were reported to law enforcement in 2017 than in 2015.

If someone can fraudulently access a subscriber account, whether in a store, online or through a contact center, then they will be able to:

  • Order an extra line on the account, which can then be sold for cash on the street; by the time the subscriber and operator have discovered the fraud, the phone or SIM will have been sold.
  • Obtain a new phone or other device (charged to the account), which is again sold immediately for cash.
  • Obtain accessories, again charged to the account.
  • Use access to the telecom account to obtain other information or access to other accounts, such as bank accounts, etc.

Mobile operators take steps to correctly authenticate the identity of the genuine subscriber. But as more steps and precautions are put in place, the customer care interaction becomes more intrusive and disruptive. For example, this whitepaper author’s recent customer care interaction with a major mobile carrier required authentication of his identity three times in three different ways. The initial call was authenticated with a knowledge-based authentication (KBA) question before being passed to a different department to resolve the issue. The second interaction required another KBA question. Finally, the call was passed to technical support, which again authenticated the account, this time using a PIN. But also note that in many cases, the fraudsters have accurate personal information on the subscriber, while the actual account holder may forget a PIN or password.

Obviously, mobile operators take steps to authenticate the identity of the genuine subscriber. But as more precautions are put in place, the customer interaction becomes more intrusive and disruptive. For example, this whitepaper author’s recent customer care interaction with a major mobile carrier required authentication of his identity three times in three different ways. The initial call was authenticated with a knowledge-based authentication (KBA) question before being passed to a different department to resolve the issue. The second interaction required another KBA question. Finally, the call was passed to technical support, which again authenticated the account, this time using a PIN. But also note that in many cases, the fraudsters have accurate personal information on the subscriber, while the actual account holder may forget a PIN or password.

The problem with current authentication methods is that they can become a pain point for the actual subscriber. Remembering a range of KBA questions, PINs and other data becomes challenging and can strain the interaction with the mobile operator. This increases the friction between customers and the operator and increases the level of effort required on the part of the subscriber. Many consumers resort to writing the answers down or using simple, easy-to-remember questions and answers. This, of course, makes the fraudster’s work easier.

In summary, two clear problems need to be addressed: how to easily authenticate the customer as they access customer care, with as little friction as possible; and how to prevent fraud across all customer support channels.

Telcos need to solve two core challenges:

  1. How to easily authenticate the customer as they access customer care, with as little friction as possible
  2. How to prevent fraud across all customer support channels

Determining the size of the problem

According to CFCA’s 2017 survey, global telecom fraud was $29.2 billion; 2019 Cyber-Telecom Crime Report, global fraud losses were estimated to be $32.7 billion.. If a potential weakness is publicized by mobile operators, the fraudsters are more likely to try to exploit that weakness.

Determining the potential size of the problem, therefore, comes down to understanding the size of the customer support operation in the telecom industry. iGR has conducted a considerable amount of research over the past few years on how mobile subscribers interact with operators:

  • On average, iGR believes that each subscriber calls customer care once per quarter, across all channels and for the entire population.
  • But not everyone calls each month; typically, consumers will have multiple interactions to resolve an issue.
  • According to iGR’s research, 35 percent of subscribers have not contacted customer care/support in the last year and 15 percent have contacted support just once.
  • Those subscribers that do contact customer support do so on average every two months.

Why customer care is important

It should come as no surprise that the quality of customer support by a mobile operator is a factor determining the churn rate; as the following chart shows, the principal drivers of churn relate to price and network quality. Nearly 17 percent of subscribers who had recently switched mobile operators said that a customer service or billing issue was a reason to churn.

Figure 1: Reasons for Switching Mobile Service Providers. Source: iGR, 2019
Figure 1: Reasons for Switching Mobile Service Providers. Source: iGR, 2019

The quality of customer service is also a reason not to churn; i.e., to stay with the current mobile provider. The following chart shows the reasons subscribers say they chose to stay with their current mobile provider. In this case, “good customer care” is the second most popular reason, after network quality.

Thus, the quality of customer support a mobile operator provides is critical to maintaining the subscriber base and avoiding churn. And note that churn is expensive for the mobile operator: iGR’s recent research has shown that the average acquisition cost for a mobile subscriber in the U.S. is $362. It is therefore far cheaper to keep an existing customer than to replace a lost customer.

If the customer service interaction is to be successful, customer identity authentication needs to be as seamless and painless as possible. Lengthy authentication processes add friction and frustration to the subscriber experience that could lead them to churn. If the customer is repeatedly challenged for their identity throughout the interaction, the risk of having an unsatisfying customer support experience increases. This goes hand-in-hand with the premise of omnichannel communications: To many customers, the term “omnichannel means that the reason they’re calling or emailing is carried from one communications channel to another. If that context is lost as they move between channels and they’re repeatedly asked to authenticate themselves, customer effort increases quickly: Authenticate customers once reduces that effort and also the lost customer service agent productivity.

expectation is not being met. According to Gladly, while 71% of consumers say they want a consistent experience across channels, only 29% say that they actually get it. In addition, a Microsoft report found that 72% of consumers expect service agents to already know who they are, what they’ve purchased, and when they’ve engaged previously.

Figure 2: Reasons for Staying with Current Mobile Service Provider. Source: iGR, 2019
Figure 2: Reasons for Staying with Current Mobile Service Provider. Source: iGR, 2019

Of course, as more people use more mobile devices, the number of customer service interactions increases and there are simply more chances to either make a good impression or fall flat. As the following chart shows, while the number of subscribers is growing very slowly (because most people already have a mobile device), the number of connections is increasing due to the use of tablets, IoT devices, connected vehicles, etc. Mobile operators are also challenged with minimizing operating expenses, which includes customer support costs; according to iGR’s estimates, it costs approximately $1 per minute for a telco to provide customer care across all channels. (This includes the amount of time a customer is “on hold”). Thus, the longer the customer care interaction, including the amount of time to authenticate the subscriber, the more expensive the call. And, as the volume of customer support interactions increases, the cost per interaction needs to be reduced as much as possible.

The need for seamless, secure authentication is growing more and more urgent as consumer behaviour shifts to mobile-first. As figure 3 shows, while the number of mobile subscribers is growing very slowly (because most people already have at least one mobile device), the number of mobile connections being made is rising rapidly due to the increasing use of tablets, smart TVs and thermostats, and other connected devices. Every one of these interactions requires some level of authentication—and every authentication is a chance to make or break the subscriber experience.

Mobile operators are also challenged to reduce operating costs, including customer support expenses. According to iGR’s estimates, it costs approximately $1 per minute for a telco to provide customer care across all channels. (This includes the amount of time a customer is “on hold”). Thus, the longer the customer care interaction, including the amount of time to authenticate the subscriber, the more expensive the call. And, as the volume of customer support interactions increases, the cost per interaction needs to be reduced as much as possible.

Furthermore, the lines are becoming blurred between the traditional mobile carrier and the cable Multiple System Operator (MSO), as both offer mobile, internet and TV programming services. The need for a positive customer care experience is more vital than ever as the dollar value of a single subscriber across all channels has increased significantly.

Figure 3: North America Population, Mobile Connections and Mobile Subscribers, 2018 – 2023 (000s). Source: iGR, 2019
Figure 3: North America Population, Mobile Connections, and Mobile Subscribers, 2018 – 2023 (000s). Source: iGR, 2019

To put this in perspective, consider the basic math:

  • Consider that at the end of 2018, there were just under 340 million cellular subscriptions in the U.S. with 488 million mobile connections. If the average subscriber contacts the operator for support four times per year, that is 1.36 billion customer care interactions. That means that 1.36 billion interactions need authenticating.
  • By 2023, iGR forecasts that there will be 353 million subscribers but nearly 673 million connections. If each subscriber contacts their mobile operator five times per year (increased due to the greater number of devices), then the total number of interactions is 1.765 billion. This is likely conservative given the significant increase in the number of connections.

Communication service providers need a way to improve customer experiences without compromising on security; indeed, they need to actively increase security to protect their customers without adding undue friction and frustration. This is where biometric authentication and fraud prevention solutions come in.

How biometrics works today

Biometrics, once the domain of early adopters, has since become common for customer authentication and fraud prevention in telecom, financial services, government, and other industries.

Biometrics are the new standard for customer authentication and fraud prevention in telecommunications, financial services, government, and other industries. Consumers regularly interact with biometrics systems either actively or passively:

The most common solutions that consumers interact with are:

  • Device-based solutions using facial or fingerprint biometrics to access a mobile device. Device-based authentication is not used to confirm identity when using a network or interacting with customer support; they are limited to providing access to the device or a specific application. These factors are popular for opening user sessions and logging into mobile apps, but don’t provide sufficient security for higher-risk interactions and are limited to the users’ device, making them inapplicable in a contact centre.
  • Voice biometrics in interactive voice response (IVR) systems and with live customer support agents. Voice biometric solutions rely on having a valid voice print on file; authentication and fraud prevention rely on matching the caller to the voiceprint on file. Note that this voice print can be obtained actively (by asking the subscriber to say something) or passively, where the subscriber is authenticated during a normal conversation with the care agent. Voice biometrics solutions authenticate legitimate customers and identify fraudsters by comparing input voice audio to a collection of stored voice samples (“voiceprints”) that are known to be authentic or fraudulent. Voice authentication can be completed during the first few seconds of a subscriber’s natural interaction with a live agent or speech-enabled IVR. Voice biometrics are also increasingly being deployed in web and mobile apps as a faster, more secure form of 2-factor or step-up authentication.
  • Behavioural biometrics systems that work in the background of a digital user session to authenticate and detect fraud based on how a person interacts with their device, including how fast they type, how long they press keys, what pauses they take, how they use a mouse or make swiping motions, and other factors. Behavioural biometrics are an ideal factor for continuous authentication and fraud monitoring in mobile and web applications.
  • Conversational biometrics in messaging apps and live agent environments that analyse typed and transcribed text to authenticate and detect fraud based on word choice, grammar and sentence structure, emoji and acronym usage, and other elements. In this way, conversational biometrics add an additional authentication layer that detects additional forms of fraud such as mules hired to read from scripts.

Case Study: Large U.S. Telco

A large U.S. telecommunications provider was faced with the challenge of protecting its customers and business from telephone fraud in the customer support channels. The solution was to use Nuance Security & Biometrics.

Since deploying the solution, the telecommunications operator has prevented over 4,000 confirmed fraud attempts in under three years, contributing to savings of up to $7 million in transactional losses alone. Operational costs are low and the benefits were rapid, resulting in a major ROI.

The evolution of biometrics in telecom

Today’s telcos face four fundamental problems when it comes to authenticating customers in their support channels and reducing fraud:

  1. Protecting their subscribers from fraud and identity theft. Protecting their subscribers from account takeover, SIM swap, identity theft, and other forms of fraud
  2. Reliably confirming a customer’s identity without undue intrusion, making the interaction as frictionless as possible. Reliably verifying each customer’s identity without undue friction and without compromising on security
  3. Reducing agent costs and handling time. Reducing operational costs and increasing agent efficiency.
  4. Providing a consistent, effective personalised experience across all channels.

These challenges put a considerable strain on the traditional PIN/challenge question combination used by the majority of telcos today. Customer interactions can become frustrating if the subscriber forgets a PIN, for example, and a poor customer service interaction can lead to increased churn. Furthermore, as this paper has discussed, consumer personal information is widely available, potentially allowing fraudulent access to a customer account.

Traditional ways of authenticating customers undermine a telco’s efforts to meet these challenges. PINs, passwords and security questions rely on customer memory and add major friction and frustration to their experience. Agents are put in the position of interrogating customers instead of helping them, and every poor service interaction can lead to customer churn. What’s more, these factors are extremely vulnerable to fraudsters who can easily obtain customer information by buying it on the dark web or socially engineering a contact centre agent.

In order to reduce friction in this process, telcos began adopting biometrics for authentication. The first biometric factors to be deployed by telcos were fingerprinting and facial recognition. Once consumers grew accustomed to them through their embedding in mobile devices from Apple, Samsung, and other manufacturers, these factors took off in popularity. Face ID and fingerprint readers quickly became the standard for logging in to mobile devices and apps, and for authenticating small, low-risk transactions.

However, as discussed earlier in this paper, these factors have inherent drawbacks that limit their applicability. And so, telcos are turning to other biometric modalities to authenticate and prevent fraud, including voice, behavioural, and conversational biometrics.

Today’s solutions, such as Nuance Security and Biometrics, include biometric and nonbiometric factors that span voice and digital engagement channels. This coverage is important because telcos need to secure every channel: Subscribers insist on choice, while fraudsters will find and target any weak links. Factors that carriers should consider are:

  • Voice biometrics: Because voice is an important way that consumers engage with telcos, voice biometrics reduces the time and effort required to authenticate legitimate customers in IVR systems and with live contact center agents. It also serves the dual purpose of detecting and blocking fraudsters using stolen credentials.
  • One of the newest innovations is the ability to compare sentence structure and grammar to a profile rather than simply how a voice sounds. In essence, confirmation is obtained by analyzing what a consumer says and how they say it, rather than how they sound. This can be applied to both voice and digital interactions.
  • Behavioral biometrics looks at how a person types, uses a mouse, or even how they pause when accomplishing a task. This creates a profile of the user that can be compared to an expected profile. It excels at continuous authentication where a user is constantly compared to their profile to ensure that someone else has not hijacked the session. Behavioral biometrics is ideal for mobile and website applications.
  • Facial recognition allows subscribers to take a picture of themselves in real-time that can be compared to a face on file. Applications like Nuance Security and Biometrics achieve high levels of confidence by overcoming facial variances, and liveness detection allows it to detect if the customer is using a photograph.
  • These biometric indicators complement other techniques, including:
    • Determining the device type used during the interaction.
    • Analyzing network quality to detect changes.
    • Identifying the country and city the device is associated with.
    • Looking at the call metadata to determine when a call is from a legitimate customer.
    • Detecting when a fraudster is using a recording of the legitimate customer’s voice in addition to when they’re using synthetic speech.

Today, telcos can leverage AI-based solutions that layer these next-gen biometric modalities with environment detectors and anti-spoofing tools to quickly and reliably authenticate legitimate customers and stop fraudsters in their tracks. The best of these solutions can integrate into both digital and voice channels to streamline and protect every customer interaction, no matter where or how they engage.

Biometrics work best in concert with other authentication and fraud detection technologies, including environment detectors and anti-spoofing tools such as:

  • Device printing to determine whether the device being used matches a device type previously used by the same caller or digital user
  • Network identification to assess the risk of a call based on packet loss
  • Identifying the country and region or city that a call or user session is associated with to detect suspicious location changes
  • Call validation to detect spoofed ANIs and suspicious call paths
  • Synthetic speech and playback detection to foil attackers who are imitating or parodying legitimate users

Solutions should scale to address the needs of telcos of different sizes, from regional providers to tier-one mobile operators. Simply, larger subscriber bases and more devices per subscriber result in more customer interactions.

The goal is obviously to reduce subscription fraud and account takeover in the telco customer support channels and thus improve the bottom line. Determining how much is saved by preventing fraud is difficult, but it is clear that improvement is needed over the current PIN/challenge question methodology and that biometrics is an effective answer.

Modern authentication and fraud prevention solutions, such as those provided by Nuance, layer all of these elements together in a centralised AI risk engine. This layered, multi-factor approach creates a high-fidelity view of the human behind the device or on the other end of the phone. This in turn leads to higher authentication success rates and increased detection of fraud, and enables detailed personalisation by identifying the actual customer involved in every interaction.

Research by Financial Fraud Action UK has shown that voice biometrics can help reduce the cost of fraud in a customer contact centre by 90 percent and in the mobile channel by 80 percent. And a major, tier-one U.S. mobile operator has successfuly disrupted organised fraud rings using a Nuance solution, preventing more than 4,000 confirmed fraud attempts and saving an average of $2,000 per case, resulting in annual fraud loss mitigation of $1-3 million.

As well as reducing the potential risk of fraud and account takeover, biometrics can also reduce the risk of churn. As discussed earlier, the effectiveness of customer support is a major driver of telco churn. By easing the customer interaction and improving the relationship between agent and customer, by not being continually asked to verify identity, churn can potentially be improved. 82 percent of consumers have quit a company because of bad customer service, according to Zendesk, and as discussed earlier, customer service issues are a major driver that lead subscribers to switch mobile operators. Biometrics help telcos reduce churn and increase customer lifecycle value by reducing friction in customer support interactions and empowering agents to deliver efficient, personalised service.

Reducing client/agent effort and friction along with fraud is a win-win for the mobile carrier, the MSO, and consumers.

Case Study: Deutsche Telekom

Deutsche Telekom is one of the largest telecom operators in the world, with 168 million mobile subscribers, 28 million fixed network connections and 19 million broadband lines, in multiple countries.

The company was challenged with offering customers a secure but convenient way to access their accounts. Their solution was to deploy Nuance’s voice authentication, eliminating the need for subscribers to remember their 10-digit customer number.

The result has been fast and seamless customer authentication in the channel, giving agents more time to address customer needs and provide additional services. Two hundred thousand voice prints were registered by the system in the first five months, and 75 percent of customers say the system is more convenient.

The result is fast, seamless authentication that frees agents to focus on addressing customer needs and providing additional services. More than 200,000 customers enrolled their voiceprint in the first five months.