The Power of Mobile Authentication: Seamless Security in the Voice Channel

Matt Smallman: Hi. Good afternoon everyone, and welcome to the Modern Security Community. Uh, my name is Matt Smallman. I’m the author of Unlock Your Call Center and the founder of Modern Security Community. And so thank you so much, uh, for joining us this afternoon. Uh, before we begin, Begin. I think it’s worth, uh, introducing our panel and we’re gonna have a, a fascinating conversation this afternoon about the potential for Mobile Authentication to unlock the voice channel.

So before we begin, I’d like to introduce our panel panel, uh, and we’re gonna go quickly round the house and do a quick introduction before we dive into the topics. So, Sean, over to you first.

Sean McIlrath: Thanks Matt. Sean McIlrath. I’m in charge of the US go-to market and strategy for Artificial Solutions and the Teneo platform.

Matt Smallman: Thanks, Sean and Tim.

Tim Holve: Yeah, Tim Holve, I head up the CCAS channels and ISV ecosystem for our Vonage in North America, and I’ve recently been chartered with, uh, helping the launch of new Ericson, um, network based APIs through our platform.

Matt Smallman: Brilliant. Thanks Tim and Kane.

Kane Simms: Hello, I’m Kane Simms. I’m the founder of V U X World or VUX, as it is sometimes known.

Uh, we are a consultancy that specializes in helping enterprises implement and adopt artificial intelligence for customer experience transformation successfully. So thank you for having me along, Matt.

Matt Smallman: Thanks, Kane. Um, so the, the afternoons topic’s, one that’s been of, of interest to me for a, for an awful long time, as some of you may know, uh, my background really was starting with, um, Voice Biometrics, uh, and, uh, how, and use how that really, um, unlocks the potential of contact centers in some industries.

It, but it’s not applicable for everyone. Uh, and I think we all feel the pain of traditional security methods, whether that be mother’s maiden name, pins, passwords, or, or OTPs. Um, but what’s particularly struck me over the last few months and in even year or so, is, is just the huge advances that have taken place in the call center industry, and particularly the application of AI and, uh, voice and natural language understanding to help solve more customer problems.

But it has remained clear to me that there’s, there’s a constraint in there, which is. Those security processes that were, um, holding back some of our agent-based, uh, experiences are now even more of a barrier to engagement with some of these services. So, so I’m delighted to bring this panel together this afternoon, um, to talk about a couple of, uh, topics in this area that I think are really interesting.

Introducing our panel

Matt Smallman: So the first off is, um, I’m gonna lean on Kane and Sean’s, uh, massive experience in this area to explore how those advances in technology we’ve seen over the last few years, um, really, um, create opportunities for the voice channel. So talking about AI and natural language understanding, et cetera. We’re then gonna look at the potential for mobile Authentication.

So Tim and I are gonna discuss some of the ch some of the opportunities that are created by the move to 4G and 5G networks. Uh, increased standardization, uh, and. Uh, coming together of APIs that are more easily consumable by the enterprise to, to really allow the mobile device to be used far more seamlessly for Authentication.

Uh, and then finally, we’ll all come back together and look at how those two things could come together, uh, and help us in the voice channel in the call center, uh, in the future. So without, without further ado, then we’re gonna, we’re gonna jump onto our, our first topic. And I’m really hoping to, um, leverage the experience of, um, uh, Kane and Sean here.

What do advances in Artificial Intelligence and Natural Language Understanding mean for the Contact Centre?

Matt Smallman: So, I’ve seen some pretty amazing advances in AI and related technologies over the last year or so. But, but you guys are far closer to the coalface. Um, so what are the, what are the implications of some, of, some of those advances that you, that you’ve seen over the last year or so? Uh, Kane, let’s start with you.

Kane Simms: Cool. Yeah. Thanks. Um, so. The, the big thing is as you, as you know, and as you’ve alluded to, conversational AI, natural language understanding and being able to put that technology into a contact center is, is huge. And so much so that like in some circles, conversational AI is seen as a contact center technology, even though it’s application goes a lot further and, and, and broader than that.

But the way I like to think about it is that, If you think about the internet in general, like when the internet came around and when websites were first kind of launched, that the value of the internet from a scalability perspective was that you can just create one website and that one website can serve millions of customers.

It’s a one to many channel, but often the contact center has always, for businesses being a one-to-one channel, you take, you, you need one member of staff to have one conversation with one customer, and so you, it’s very difficult to scale and so, Live chats potentially could, you could think, well, live chat might help with that, but the issue with live chat is that it doesn’t scale very effectively either.

You can have like three conversations at once and each one of every new conversation you add onto live chat, the the, the quality goes down. And so the value of applying these natural language solutions into the contact center is that you turn a one-to-one channel into a one-to-many channel. And so an AI assistant in your call center can have conversations with thousands of people at the exact same time.

And so, Lots of businesses are starting to jump on this. All of the contact center vendors over the last three, four years have have really kind of made this a core part of their offering. And so with that comes challenges, as you’ve alluded to on the Authentication side. If you want to get stuff done, you wanna serve people in areas that matter, you know?

Mission critical use cases, you can’t go much further without proving that the person who you’re talking to is who they say they are. And so the, the potential for it is absolutely huge. The potential across the customer journey is huge, but there is still challenges in there, as I said, around around Authentication and, and Verification.

Matt Smallman: Cool. Thanks Kane and, and, and Sean, you are, you are at the coalface, so I guess you are seeing some of these things really come to bear and make a real difference for, for end user organizations. Have you, have you got any, uh, any examples to share of what’s been particularly transformative over the last year or so?

Sean McIlrath: I, I mean, I think in the last few years, I, I agree with what Kane said. I like kind of how you described that in terms of the one-to-one relationships and. The difference between the websites and stuff that have been in the past. I mean, what I love the concept of, you know, what we’ve been discussing with Tim here, which is basically a way to short circuit and improve that customer experience on the front end to do the Verification, because really everything starts with security, right?

Like you need to make sure that your data’s confidential and private and nobody’s stealing information on those types of things. That’s, I think, pretty table stakes these days, but it’s really a much more complicated process when you look at these flows like. For what Kane referenced within an I V R, at some point you need to verify your identity, right?

And, and it’s the, the more that we can expect, expedite that and automate those pieces, but still maintain security is really key to actually getting something done. For that user that’s out there. And I see a lot of the legacy, even SaaS solutions right now, still have kind of boxes around ’em. So I love seeing these types of plugins that solve a real business problem that then enable, you know, sort of the machines to do what they need to do for the end user.

So I think that’s highly transformative as we get from these like more clunky SaaS platforms to more plugin based things that drive accuracy or drive security and, and those types of things.

Matt Smallman: That’s, that’s another, another set of great, great examples.

How do poor security processes limit th opportunity of AI and NLU technologies?

Matt Smallman: I, I always think that, um, that a lot, a lot of how I characterize traditional security mechanisms is very, um, effortful, like the security comes from the work you have to do.

It’s like, uh, I guess it’s like kind of. Bitcoin mining or something like that. We prove who we are because we we’re prepared to work hard. But the truth is that, um, when we work hard, we’re quite fatigued by that process. Uh, and, and I’ve certainly seen from, from real world clients, um, even though they may have the, the best kind of natural language understanding and the most feature rich kind of self-service solutions beyond that.

When they try to apply the kind of traditional security mechanism, we’ll talk about a few of those in a minute. Um, customers are just tired by the time they get to the end of it. And, and they’re not prepared to give the benefit of the doubt that some to, to these solutions that some of them really need.

Because whilst they are really good, they’re, they’re not perfect and they’re not humans and people kind of know that, and therefore they have a higher level of expectations. So, Traditional security processes, um, tend to add a lot of friction to that process. And I, and I think there’s even some more specific examples, like, so I think, Sean, you were telling me the other day, like, um, if you try to ask for someone’s mother’s maiden name in a, in a natural language understanding solution, there is an almost infinite number of permutations, combinations and pronunciations of that and the, and therefore it’s, it’s ni on impossible to do it. Um, to do it successfully. I dunno if you’ve seen any other examples, Kane or Sean, that, that just don’t translate that the work at an agent, work for an agent or face-to-face, but just don’t translate across.

Sean McIlrath: Addresses and phone numbers and things like that become very complex. You know, when you add in the more variables that you can in there. That’s kind of ideally why, like a lot of folks in in the past, while they do multi-factor authentications, sort of stick with the last four social security, for example, in the US you know, it’s more simplistic, but it’s not necessarily more secure.

And I think what we all wanna move towards is a more secure but a more simplistic, you know, experience as the user there.

Kane Simms: Yeah, the, the, the, although we’ve, we, we’ve taken great strides forward as far as the technology. Natural language understanding is improving, speech recognition is improving greatly.

You know, open AI’s whisper model is great, but it’s not perfect.

And these speech models are not perfect. And so if you’re gonna use things like information based Authentication, like your, you can probably hear my dog barking in the background. My dog’s called Winston. A friend of mine’s got a dog called Bo. Now, if your dog’s name is part of your security questions, and the dog’s called Bo a speech recognition system might perceive that as Bo as in B O might be Bow and Arrow as in B O W, or it might be Bo as in Beau Nash, the old philanthropist from from Kent which, which is B A E U. And so if you are trying to match a password, You need to spell that word correctly. And so a speech recognition system doesn’t have a clue which version of Bo matches your actual password. And so it’s really challenging to authenticate.

And you know, Sean’s alluded there to, to letters and numbers. That’s traditionally difficult for speech recognition systems. ’cause if I say A am I saying, Hay as in, as in the bale of hay, or hi as in, hi. Hey. Or am I saying the letter A. And so these challenges are inherent with the technology and you can’t really break away from it. Um, and the other, the other examples is, you know, you’ve alluded to Biometrics earlier on. Now in a dream scenario, that is the perfect use case. Someone calls up. They just say what they need.

The act of seeing what they need runs it through a Biometrics Authentication system proves who they say they are. And they don’t even need to go through any kind of, uh, Authentication whatsoever ’cause it’s done based on the sound of the voice. But the challenge there is you need to know the proportion of of returning customers.

Because they need to be onboarded into the Biometrics platform. And so the first time you go through that, there’s friction involved in that as well. And so it doesn’t seem to me at least, and obviously we’re gonna talk about some potential solutions to this problem, but at the moment, everything that is being sort of tried still has that element of friction.

And the last kind of point I’ll make is that you alluded there, Matt, to people’s expectations. And although people know that we’re talking to bots and AIs these days, The fact that these things are talking to us, we cannot help but an anthropomorphize them. We cannot help assign physical and and human traits to them.

Everybody calls Alexa her. Everybody calls Siri, he or her, whatever voice they’ve got. And so we cannot help but assign human traits to these things, which raises our level of expectation even further because we expect that when we have a conversation. The other person understands us and when we say what we mean, they people understand it as well.

And so there’s lots of cha challenges inherent in that channel. One’s technology based, and the other one is human behavior and attitudes and expectations.

Matt Smallman: And it’s a, yeah, no, I, I, I’m not gonna try and say the word you said about making people human ’cause I’m gonna gonna trip over it. Um, but, but I think you’re absolutely there.

There’s this kind of, there, there are three things that I think about. One is the kind of the, um, effectiveness of it overall. And we talked about those challenges with recognition rates and this so, How successfully can we complete it with confidence? And, and we know that some of these traditional methods are really challenging to complete that way.

The second is kind of how it makes, uh, how much effort needs to go into doing it, how many repeats and all the rest of it. And then, and to what extent that sets people up for the interaction that follows. And I think your anthropomorphising comments if I got that right. Uh, Just just plays to that. If they, if they have to go through too much effort, they’re not prepared.

Like, it’s almost like they’ve, they’ve written the service offers incompetent and they want to speak to somebody else. Um, so that then reduces their level. So even those people who are successful, if, if they were successful but it was hard for them, they are less likely to engage with these solutions and all of the efficiency and service or benefits that those solutions provide to the enterprise.

Um, so. So it’s really clear that kind of traditional Authentication methods are, are a big constraint for applying these, applying these technologies. Um, I, I did it I think, Sean, you were telling me about, uh, kind of one, one time passcodes and some of the challenges you’ve seen. Um, trying to implement those within a, within a.

Um, technology decisions, theoretically, they’re a lot easier. They’re just numbers. But I think you were telling me the other day about some challenges there.

Sean McIlrath: Yeah, I think there’s a lot. Something just kind of came to mind as we, as I was thinking about it from like a past use case as well. But we often talk, and we’re talking right now about the machines, right?

Or the systems right. Doing the Verification and not humans, but in actuality too, like at the root of security, I mean, you know, this Matt better than anybody like that. Humans are the biggest threat vector that you have really in any sort of security solution. And we found in a lot of the situations, depending on the customer care environment, that just verifying the identity of users is actually a very stressful thing for the agents in there.

So the more that piece can be automated, it’s a better experience for everybody. ’cause just like Kane’s example going through, you know, kind of the different words that you might interpret it. Humans are gonna have the same problem. It’s not really just a machine-based problem, like you’ve got different dialects acronyms.

You kind of have that experience. So the faster and the more confidently the agent can actually have somebody verify to do their work, that also decreases the stress on their part. We’ve seen in the past, um, with, you know, more automated but secure solutions to do the Verification of identity.

Kane Simms: There’s, there’s one point, uh, sorry, Matt.

I think to the, another complication to add on top of what Sean was saying there, which, which is spot on, is that even the one time passcodes, they, they seem fairly straightforward, but the issue is you’re introducing another step in the conversation. Every step in the conversation adds a potential for that person to get frustrated, as you’ve alluded to Matt, and just hang up.

So what you want is you wanna reduce the friction as much as possible. And even though technically speaking, you’re not asking them to change channel necessarily because, A lot of people are calling the contact center on their mobile, sending a one time passcode to their mobile, and then reading it back is not a big issue.

But the issue you add is a conversation design issue, which is if I start reading a password out and it says, read me the password, I’ve just text you and I start saying stuff like, 1, 7, 5, or actually no, no, it says if that’s a six, uh, 6, 7, 9. You know what the hell number is that, you know, you know, a human would understand that, but you can’t write enough rules or process enough kind of, uh, uh, dialogue management to be able to make sure that you cater for all of those conversational nuances.

Google found in 2016 that there was 7,000 ways that somebody can ask Google Assistant to set an alarm. And so the, the, the amount of twists and turns with somebody making mistakes and stuttering, and actually now scratch that. I’ll say it again. And you’re just introducing. Far more friction than is necessary into the conversation, which introduces the risk of people getting fed up and, and, and hanging up, you know,

Matt Smallman: so, so another, another two great points and yeah, Sean, I completely missed that.

Yeah. The, the agent side of this as well, I think. To some extent, and, and as Kane said, agents are better at handling some of the ambiguity around these processes, but the stress that goes on them for doing that and the, the, the, the expectation that leaders sometimes have that they will spot the one fraudster from all of this kind of messy noise out there.

Um, means that they don’t really necessarily always give the benefit of the doubt to the, the customer. And I, I often see examples when I’m side by side with people in call centers of, of agents just like wanting to get through security. They’re not really listening to the customer and their needs and trying to understand what they’re really calling about, what emotional state they’re in, what is their unwritten, unspoken needs, as well as the spoken needs. They’re just like getting through security because if I get that wrong, I’m gonna get a compliance failure and I get a black mark and I’m gonna be on a warning and I’m gonna be out the door. Um, so it’s a great, great point Sean.

So tha thanks very much for making that.

Beyond usability what are the other challenges with using SMS OTP for authentication?

Matt Smallman: Just, just to, just as we think about how we tr transitioning to look at, to look at mobiles like there’s a truth though in that SMS as, as you were saying, Kane, like we are all calling call centers. We’re calling everyone on our mobile. Our lives are sitting on our mobile.

Uh, I think I saw some recent stats, like the 80% of callers to call contact centers in one, one business area. Were calling from a unique mobile number that was potentially already recognized by, I wanna say, so people are using their mobile and there are some. Incredible pieces of technology, uh, on there that we could be using for security.

Uh, and I think that’s a great point to start bringing Tim into the conversation, um, to look at some of the more specific challenges with, um, S m Ss O T P, uh, and particularly what Vonage and, and Ericsson are doing, uh, and the industry as a whole really doing to, to improve that. So thanks very much Kane and Sean, and we’ll, we’ll come back to you guys in a second.

Hey, Tim. How you doing?

Tim Holve: Good, good. How are you?

Matt Smallman: Good. Uh, I think we, in our conversations previously, we, we’ve, we’ve obviously, like there’s some, there’s some things that we can all see related to SMS OTP that happen on the surface that we as consumers experience on a day-to-day basis. But I know there’s more behind the scenes than just these usability challenges and potentially security challenges. What, what, what are some of the other challenges that you see from your position as a provider of these types of services and within the networks and, and supporting, uh, organizations?

Tim Holve: Yeah. So, you know, there, there is that convenience, the, you know, disrupt, it’s disruptive and the whole point with conversational AI and natural language, you know, conversation.

And, uh, some of the issues with SMS go into just the era of the code. Um, you know, a, a code in a separate channel, uh, introduces error. And, um, the delivery of using sm just getting that s m s delivered sometimes in international countries doesn’t happen. In fact, we had, uh, one customer who the conversion rate, uh, was not very high.

It was about, you know, sixty five, mid sixties percent just trying to get conversions and it was, uh, Big box retailer. So that’s, that’s revenue to them. And not only do they wanna eliminate friction to keep the sale going, but they want, um, you know, to, to make sure that it happens and not lose transactions because that’s, that’s revenue. Revenue to them.

And we actually found out in some of the stats that we looked at for them, that 13% of the failures were just due to error in the code either. The user put the code in wrong or they, the SMS wasn’t delivered or it timed out, or something like that.

Matt Smallman: Interesting. And I, and I think we’ve also seen SMS, uh, Authentication process being used as a vector for fraud in their own right, haven’t we?

I think there’s, is it? Yeah,

Tim Holve: yeah. Yeah. SMS, uh, that it’s just, it’s on the rise since Covid 19, actually. Something called SMS toll fraud, where there’s. Call ’em virtual imaginary numbers, or they could be attached to, say, um, not a mobile phone, but some other software phone in a, in a computer that where, you know, you really want someone who’s calling in from a, a mobile number to to be that person who.

Me, this is my number. I have a sim card that identifies me. So using the sim card to authenticate, that’s a real number. It’s registered on the network. It’s been given entitlements by the carrier. And yeah, that, that’s really Tim, um, is important. And so that’s very helpful to getting rid of these fake numbers that are creating lots of fraud.

Um, and, you know, you really wanna make sure that you’re talking to the right person and someone’s not trying to impersonate me. And call in on my behalf.

Matt Smallman: Which, which are the, which was really, um, and it’s been very timely for this session actually. I, I dunno if you saw, but the, um, the US Cyber Safety Review Board published their findings of a deep dive of the lapsis, uh, hacking attacks.

Uh, and they were pretty scathing about the, um, dependence on SMS OTP for multifactor Authentication and just how easily that, that had been socially engineered, particularly, um, in through, through. Through carriers and through telcos enabling sim swaps with, with very little, um, protection. And I, and I think ’cause we’re gonna get onto it, I think it’s important to make a very specific kind of technical description when we say sim swap.

That that’s not about changing the sim because the sim and we’ll talk about this a little bit more in a second, is a very specific cryptographic component that sits within the mobile phone, either electronically or, or physically. Um, and, Sim swap is actually about moving the number to another sim, not any changes to the sim itself.

What new security features do 4G and 5G networks make available to contact centres?

Matt Smallman: Um, so I, I know Tim, you’ve, yeah, you’ve been really close to some of the advances. Like we we’re all here about 4G and 5G networks. And to some extent I kind of think this is just an excuse to sell me a more expensive handset, but actually there’s a lot of fundamental change happening under, under the, under the car, under the covers.

Uh, I dunno if it is worth. You sharing what some of the security implications of that are for our audience?

Tim Holve: Yeah, I mean, if the security implications are great because you’re reducing friction, um, you know, once I’ve given consent to, Hey, check my SIM card when I call you, or when I’m in an app and I’m in there and I wanna do something, I’ve already registered and the apps gonna remember me, the company’s gonna remember me, I’ve given consent to the company.

So, you know, for me it’s great because it frictionless and its more secure.. We’ve gone, we’ve finally gotten to not, you know, security by what someone knows, right? The information about you, but who you are, right? This is who I am, not what somebody knows. So, you know, it’s not just information. People can social engineer to get from me and pretend to be me, but they have to actually be me.

Matt Smallman: And, and I think, I think that’s a really important. I think that’s a really important distinction between, um, SMS OTP purports to be like a, a possession based Authentication mechanism. ’cause you are thought to be in possession of that phone number. But in practice, phone numbers belong to the phone networks and they are in, ultimately in control of the, the carrier in the telco.

Whereas a SIM card, a SIM card, Is actually in your possession. The cryptographic component of your phone is generally in your possession. We can do other checks to make sure it is actually in your possession at the time. But that’s a very, that’s a very big, and I think some, it’s a very big difference, but can be very subtle and lost in, lost in translation if we’re, if we’re not careful about how we explain this.

So the, the new set of standards that are emerging, uh, through GSMA and Camara, which I believe, uh, Vonage and Ericsson are, are, are part of, are, are really interesting and, and there are some early, uh, and, and they really rely on exposing the security components within the underlying network. Like I always say, they, the, the phone network, the phone company’s never gonna not make sure the phone company’s always gonna make sure they get paid.

Yep. So they’re not gonna allow anyone on their network who they aren’t sure they are who they claim to be. Uh, and they’re not gonna allow ’em to make calls

Tim Holve: or they know exactly who’s real and who’s not.

Matt Smallman: But previously all of that had been kind of wrapped up in their internal systems and wasn’t necessarily purported to the same standards, but, but now what we’re doing is we’re exposing some of those components, some of the underlying infrastructure in a more standardized way to the world as a whole.

Yes. With. Requirements for customer consent. Yeah. With requirements to aggregate it. Um, but I, I think that’s a really, really important and, uh, and significant change. And I know there are some kind of, uh, early path products that, that you guys have, have on the market. Um, I think one of them, one I was most interested about was the silent Authentication, which I think is a, is worth talking about for a minute or two.

What is Silent Authentication?

Tim Holve: Yeah. You know, Silent Authentication Authentication. That’s the first wave of identity management, I guess you could say, where, you know, it’s tied to a trusted device. Um, like anything, depending on the level of Authentication you get into, multifactor, multifactor can be a number of things. Right now it means only 2FA and and OTP.

But, uh, if you guys say a transaction gets higher, you can start to use other network capabilities where. Not only is it, yeah, that’s a real number belonging to a real sim card that this is actually Tim calling. But is Tim in the right location for this transaction? Right. Uh, let me check with the network to see, has the SIM been changed in the last two months?

Or, you know, could there be a possible SIM swap so you can start getting information like this, having multi multifactor Authentication and use more than one vector to. Actually confirm the identity and really take the burden, you know, off the agent or the, the person who is trying to get through security..

Matt Smallman: Yeah, because the, the thing I really liked about, um, Silent Authentication as, as we looked at it a few weeks ago, was, um, how I, I can actually be confident that, um, like I, I can set up a code and be confident that because the carrier tells me that, that iP packet with that code in is actually coming from that device.

And it is coming from an on network device that is asserted to be the one it, the one I want to speak to. And that in many ways removes all of the requirement for the SMS to be delivered for the SMS to arrive for the user, to transcribe it, for them to correctly key it in, and for you to correctly check it back against it.

It can all happen silently, um, in the background. Now, I, I know there’s some, some constraints with the technology today, so you need to be on network and. It is in, in many cases, therefore dependent on a, on an, on an app-based, uh, usage because we can make sure the device is on network. But I think for, for me, it’s just kind of the first sign that, um, carriers and, and, uh, device manufacturers and network, uh, infrastructure providers are serious about extending their internal security architecture in a, in a way in which enterprises can use it.

And, and I’m. Really looking forward to the, the next few years as some of these standards and ways of working and device manufacturers in incorporate them such that, um, in the future I’d love to be in a position where, uh, and, and I think we’re not far from it now, where number A is purporting to call me and because I can prove that I am me, I can check that it really is number A that’s calling me. Uh, and if number A agrees I can effectively get a, get a fingerprint from their, um, SIM cards such that the next time number A calls me, I can know it’s the same person who called me again.

And in many ways, that moves us away from, um, what in, in security and Authentication of fraud prevention. We’ve had a very kind of, um, probabilistic period. It moves us to a far more deterministic period like that is, The same, that is the same SIM card that Tim Holve called me on last week. And therefore the chance that that is Tim Holve are, are very high. And therefore, I don’t need to ask him his date of birth. I don’t need to ask him his mother’s maiden name. I can move straight on to solving his, uh, his reason for calling with some of the, the great tech that we, we’ve talked about with, with Kane and Sean a minute ago.

Tim Holve: Yeah. And you.

There’s no, in this scenario, there’s no user action really required. You can just ping it and determine it. But I think, you know, as fraud has really become a worry, I think it’s a great opportunity for a lot of these, uh, companies to use something like that. And then during that process, start to show them, I’m using your sim card to authenticate you and verify it’s really you and the number.

And give them a, because you just wanna, wanna know, wanna, wanna be educated that, you know, my financial institution is really checking that it’s me and, and reducing fraud because I’m concerned about people, you know, impersonating me or stealing my identity. And so, you know, we can give a message saying, Hey, I just authenticated you through your sim card, or however it is that you’re educating your user that we’re taking steps to make sure. You are, you are who you say you are in, in getting the correct identity.

Matt Smallman: I think. I think that’s, that’s really interesting. It’s, it’s kind of parallels to where we were with things like Voice, Biometrics, maybe a, a decade or so ago when kind of the, the technology’s there and it, and it, and it works, but we just have to figure out the business and customer processes that, that create the right experience, that get people through that.

What are the implications of mobile authentication for the contact centre?

Matt Smallman: So, so, so with that, with that in mind, I think it’s worth. Uh, add adding, uh, Kane and, uh, Sean, back to our conversation to just think about how, um, some of the technologies you’ve heard about and some of the other innovations that are taking place in the security space. How, how do you think that changes, uh, the call center, uh, the.

For the future, how do you think that changes security and Authentication in, in the call center? I dunno. Ka Kane, let’s start, let’s start with you.

Kane Simms: Definitely. Thank you. Yeah. I think the big thing from, from what I’m hearing is that, um, this technology has the, for me, it’s all about customer experience.

It’s all about the, the kind of design of the experience. And whenever you introduce. Friction into that experience, you’re setting yourself up for a potential failure and enough points of friction across a customer journey is enough to make people give up as you suggested earlier on, Matt. So anything that’s gonna reduce friction for me is definitely where we need to, need to be, need to be looking at anything that’s gonna reduce time and effort also.

And so this, these solutions are absolutely straight up my alley. You know, I think that, um, the potential to be authenticated without having to do anything basically is that, was the, that was the promise of Voice Biometrics. That is what? You know, I, that was my hope, really, is that someone could just call up, say something that would authenticate them and then move on.

But if we can do it, uh, in the way that you’ve described, then that’s, uh, that’s great. Nobody makes a phone call to, to go through tho that pain of having to prove who you are. And to be honest with you. I’ve actually called some places where they’re asking me for certain passwords or whatever, and I don’t actually know what they are.

You know, I, I can’t actually get into my, the, my own account for this, for this company ’cause I don’t know what these passwords are. So I think yeah, absolutely. Anything that’s gonna reduce friction and streamline the customer experience absolutely gets my vote. I

Matt Smallman: I love that. And I’ve used that many times.

No, no one calls an organization to prove they are who they claim to be. They’re called with a, a reason, a need Yeah. That they want the organization to solve. And, and the first thing we do is say, well prove who you are. Um, which is very disruptive to that, that customer experience.

Tim Holve: Yeah. My favorite one was, um, what’s your address?

And you give ’em your address and you just figure it, that’s enough, and you don’t give ’em the zip code and they wait to, uh, I need the zip code as well.

Kane Simms: Yeah. Or you give them the address and you say, and they say to you, that’s not your address. I’m like, that is my address. He’s like, that’s not the address we’ve got.

I think, well, you’ve probably got an old address. Yeah.

Matt Smallman: Uh, I, I think there’s some, some of those challenges, some of those challenges are, are, are, are real, but I do think the. Kind of the promise, or you talked Kane about it. Like we, we absolutely have organizations, and actually some of them are on this call today who have implemented solutions like the ones you described in, in high risk industries with long, long running relationships where there is value in investing in the highest available forms of security.

Then things like Voice, Biometrics and natural understanding that like when they work together, It is a dream, but as, as you said, like we have this, it’s a cost associated with enrolling people. There are privacy implications with handling and managing that data. Uh, and many organizations, either it is not applicable for them or they don’t want to, or it’s just not worth the, the effort for them.

Um, so for everyone else though, they’re kind of. We’ve kind of been stuck with these kind of half, what I call kind of, uh, second kind of transitional methods like SMS OTP or even pins and passwords to some extent, where we’re trying to kind of, we’re trying to move away from the stuff we did face-to-face and we’re trying to do that stuff where, um, it’s kind of, it’s a bit more automatable, uh, and a bit more secure.

But in nearly every case we do that, we’re trading away usability and, and usability is the thing we can’t afford to lose if we want people to engage with the first generations and even the. Following generations of the kind of natural language understanding solutions and the, the, the voice AI that, that we’ve talked about?

How to overcome data privacy challenges?

Kane Simms: Uh, I think so. Sorry, Matt, you, you touched on something there, which is, uh, which is important, is that the, the, it’s the, um, what we try and what we’ve done in the past is we’ve tried to kind of like, uh, Replicate the processes that people have. Whereas what we need to understand now is that there is far more potential in using technology to do things a lot better.

And the um, the kind of. Like people have concerns about privacy. Everyone has concerns about privacy. Everyone has concerns about, you know, where’s my data going? And all that kind of stuff. But what you’ll find is that people are quite willing to give up data. They’re quite willing to give permission for a company to use data like, Data that’s on their mobile phone registered to them, providing they get a benefit from it, providing they they benefit somehow.

And in this instance, they benefit immeasurably because they cut out. Like it’s painful enough having to call a contact center. Like unfortunately, we don’t really wanna admit this, but people don’t want to call your contact center. It’s the last thing people want to do in their day. And when they do do that, You add friction after friction point, after friction point where they’re waiting on hold for half an hour, and then they have to go through it, answer all these questions like an exam, and it’s like all of this just to do something that they didn’t wanna do in the first place.

So the, the, the kind of like question is, oh, would people kind of opt into this and would people share data? And I think you’ll find that history shows people are willing to give up. Or at least give permission rather, for companies to utilize their data in this manner if they can benefit from it. And I think if you combine conversational AI, which removes the wait times with the technology we’ve been discussing today, which removes all of that kind of conversational friction, for me, that’s kind of, that’s, that’s, uh, an ideal combination.

Matt Smallman: Now, I, I, I dunno how to follow that. So, you’re right. Absolutely right. Sean,

Sean McIlrath: you’ve been saying a lot stuff like here too and like, just kind of. Try to simplify it back down. Right. You know, like in a lot of ways, like knowing your address, your phone number, or your social security number. Like anybody can know these things, you know?

So like what I really love about the solution is at its core, it’s more secure. It’s gonna be something you have on you. I know plenty of people, including myself, that don’t even carry wallets anymore because we have Apple Pay and different credit cards that are connected to our phone. So if it’s secure enough to make. You know, financial payments from like in person, like without requesting your id, it’s definitely at a minimum gonna be more secure in a more automated fashion. Right. Kane, you know, struck on something there too, that without making it overly complicated, like obviously the overall experience I. Some of the, the forkiness, if you will, for it is really just based on the technology being coded down many different paths to try to take users to, and then maybe something stitched together and having something that can be automated along the journey can prevent you from.

Going through that, like I’m transferring to a different agent, or I’m now doing a different thing and I’ve gotta go do the whole Verification thing again. I mean, there’s no question that’s upsetting. You know, when you’re like, even if you’re getting good customer service, and it still happens today, annoying.

You know what I mean? Like that you’re like, I just did this, you know? And. Again, I just think there’s a better way when you look at the devices and how you’re associating with it and like, you know, I know that some of the things behind the scenes that companies will use too is not just the SIM cards and the Verification there, but they’ve got identity graphs and they understand how those are associated with numbers and that can now lead to better outbound experience.

’cause I’m sure you’ve all had the conversation where it’s like you get the cold call and you actually answer your phone and they’re like, tell me your social security number. You’re like, I’m not doing that. Like, this is crazy. You called me, you know. So I think across the board there’s an ability for these technologies to work together.

Like I was saying in the beginning, to simplify this experience. Like when we look at like, the Verification is tough for conversational AI and humans, honestly, like I, I would say that the humans don’t quite have that figured out either. Like we’re literally talking about why it’s not great, you know, in that situation.

So there’s a chance for improvement across either function. And the service and the role of conversational AI is really to get you to where you need to go very easily and get you, get your problem solved.

Kane Simms: That’s a great, uh, a great piece there, which is, you know, being transferred from one person to another and having to reauthenticate is a pain.

But yeah, when people, when you get the phone call and you answer, And it’s like, I’m just, I’m calling from such and such. Can you just confirm your address please? It’s like you should know that you call you, you know, you, you’re the one calling me. You know, like, what, what is like, I’ll be interested in how this could be used also on the outbound front as Tim was, as Sean was alluding to there, you know, to, to get rid of all of that.

’cause that’s the first thing as when you pick up the phone and someone’s quizzing you. About all this information without even telling you what the phone call’s about. It’s, it’s jarring. You know, it’s like, what, what’s going on here? You know?

Matt Smallman: Yeah. I think, I think, I think you’re absolutely right, Ken. And, and when, when I look with my fraud hat on, um, the, the consumers are becoming the biggest vector for attack of every description because they don’t have the advantage of some of these technologies and the, the thinking that goes into security at the enterprise side. So actually, whether it be deep fake voices or sim swap or number spoofing that like consumers are at. Uh, so much more vulnerable than, uh, enterprises too, and, and they can give out all that information that can be then used to compromise the enterprise.

So, yeah, I, I, I agree. It would be, it’d be really interesting to see how some of this kind of same tech can be, um, kind of switched rounds and, and put back to the consumer. How can I, as. XYZ Bank asserts back to my user that it really is me calling. Um, and therefore they don’t have to worry. We don’t have to do this mutual Authentication dance that, uh, that disrupts the whole reason for calling.

And there’s many of the reasons why you just don’t like, you don’t even answer it. I, I think in the, in the US it’s far more prevalent in the UK, but like most people I know in the US, like they will not answer the phone from a number they do not recognize because. Spam calling and the like is so, so more prevalent and, and STIR/SHAKEN hasn’t really kind of changed that in the way we thought it might.

Sorry, Sean.

Sean McIlrath: I think there’s a, I think there’s also, I mean, again, I think there, this hits multiple areas, right? Like it’s a better experience for consumers either way, inbound or outbound, you know, can definitely enhance that. But enterprises too, why it’s not as prevalent, right? Like in, in the in EU is GDPR.

So it, and I think this solution also helps solve for location. When we’re looking at these types of things and can triangulate there, and really again, like when you look back through like knowing that this is a live user and that in theory, like as a say, like a telco calling out for outreach and stuff like that, like we have FTC, you know, compliance and regulations here that are quite significant in terms of penalties if you’re calling the wrong people and they’re not really opted into those types of things as well.

Matt Smallman: No. Fair, fair, fair point. So, uh, no, no pressure, Tim, but, uh, productizing these, uh, new set of serv, the range of services and the stuff that’s available has a, is a huge opportunity. I think we’ve, we’ve talked about, um, I, I, I would be, I’d go to, to questions from our, um, participants right now. So if you’ve got any questions, please feel free to drop them in the, in the q and a or the, the chat feature.

How do organisations make sure they are successfull when implementing new security technologies?

Matt Smallman: Uh, I’ve got one that’s, uh, come in already, uh, and it’s really about, um, when organizations are thinking about, uh, implementing, um, new security methods, what, what are the things they should be thinking about? And I know Kane, we’ve, you’ve already, um, kind of half talked about the kind of the user experience. That user experience is important. What other things should enterprises be thinking about or organizations be thinking about when changing their security processes?

Kane Simms: I mean, I’m the first to confess, I’m not a security expert. So in terms of like, you know, if I was gonna go through a, a process of putting this kind of stuff in place, I’d be calling on someone like you to, to be talking on us.

Matt, my concern. Yeah, there you go. My, my concern from, and, and you know, Justin our CTO, would certainly be, uh, be a lot more kind of, um, Eloquent in his response, but my sort of concern as the, as the kind of strategist in design, it is first and foremost the customer experience. And you are always at pains to, to kind of push through a solution that works for the customer.

Because the issue with things that work for the customer is because sometimes they. They are a nightmare to implement for a business. They always say that good design goes unnoticed, and also good design is harder to implement because you have to reorchestrate and re-architect a whole bunch of backend kind of systems.

The one thing I would say from a kind of automation perspective is that. If you are, uh, wanting to use the, the kind of AI technologies that, that myself and Sean have been speaking about. Then the main thing, and, and Sean could probably speak to this, uh, as well from a artificial solutions point of view, but the main thing is when you’re selecting that kind of technology, that you’ve got a platform that’s open enough to be able to implement these kind of things within the conversation.

Um, because it may be that. During the, uh, conversation, you might not want to authenticate someone straight away. Someone might call about one thing and you can just get on with serving them in that, in that, for that use case. But then later on their needs develop and now they have to be authenticated. So you need to have technology that’s got the ability to pull that Authentication, uh, capability into it.

And so you want definitely the, from the AI automation perspective, An open kind of platform that allows you to integrate and all that kind of stuff. But for me, as I said, first and foremost, the main thing is considering the customer experience and doing something, even if it might make mean that you have to do a bit of hard work in the background.

Doing that work is a net benefit because it improves the customer experience. You want the most frictionless journey possible.

Sean McIlrath: I fully agree. I fully agree with Kane on that. I mean, it’s. You know, experience, not, not really bias, just, you know, doing, basically working with conversation AI solutions for about 15 years now.

I think to me, like in many cases, like the solutions are totally fine within the cloud services for speech to Text, Text to Speech, NLU, like these features, the, the problem is really accuracy and certainly security in terms of the Verification of things. And, you know, that’s where we, you know, from, from my perspective at my company, we come in and basically enhance the accuracy across those native services, which, In a very simplistic fashion is that the machine can only understand eight outta 10 words that you’re saying in general and figure out the intent.

It’s really hard for you to get whatever you need to have done, and the workaround for that limitation and also with security is that you just keep creating very complex workflows, which is why you are in that sort of keypad experience. Even if it’s not keypad dialing, where it’s, where do you want to go?

It’s just keep routing you down basically a maze to try to isolate by probability what you need to do, and that doesn’t really work super great.

Matt Smallman: No, great. I, I mean, yes, there are secure, yes, there’s a kind of, almost an absolute insecurity. Uh, but really security is a function of adoption. Like if people don’t use it, then the security value is pointless.

Uh, and adoption in nearly every consumer facing security method is a function of usability. Uh, and as Kane says, kind of like how, how effective we can make it use, like we are probably, despite everyone’s best wishes, we are probably never gonna turn off. Passwords, um, or mother’s maiden name and the like, because at some point there may require a lowest common denominator, Authentication.

And yes, we’ll have to dress that up in lots of things and do lots of fraud prevention around that. But if we want to improve that aggregate level of security in enterprises, we need consumers to adopt more secure methods. Uh, and that is a function of their usability and. SMS OTP is not a particularly usable method in the pho in the phone channel.

In the voice channel, whereas using the phone that they actually are already calling on the cryptographic properties contained within it, uh, is, is a, is a, is a, is a bit of a no-brainer. So we just need those services to be exposed to us, uh, and we, we will be, we’ll be off to the, off to the races, figuring out what the, what the, the usage and the, the optimal patterns should be.

So, um, unless you’ve got anything you want to add, um, to, to that, Tim, I, I think it’s probably time we, we drew this conversation to a, to a close. Thank you so much. Uh, everyone who’s joined us, uh, live today and who, who’s watching this on a, on a recording, uh, thank you to Sean for your, for your contribution, uh, to Kane, uh, and, and to Tim.

Um, I’m. I’m really excited about the, the potential of, uh, mobile Authentication and the use of the mobile device to make these voice channel journeys far more seamless. So again, thank you very much, uh, and we will see you all next time. Thanks.