KBA twice as helpful to bad actors as customers: Pindrop report
The propagation of data breaches, organized crime rings on the dark web that sell hacked security credentials, and sophisticated fraud reveal the extent of vulnerabilities of knowledge-based authentication (KBA) and the urgent need for alternatives, suggests a report from voice biometrics developer Pindrop.
The company’s annual ‘Voice Intelligence & Security Report’ for 2022 offers a look into the threat that bad actors pose to the contact center and security industries. The company undertook a study of two national contact centers over a period of three months and conducted confidential analysis of contact center data across various industries, fraud calls, and total call volumes to examine the danger.
In one controlled study, Pindrop and a national contact center discovered that 92 percent of fraudsters passed KBA questions while genuine customers passed only 42 percent of the time. The stunning contrast is due to the prevalence of bad actors and data breaches that have fuelled the selling of login data and platform credentials on the dark web, according to Pindrop.
Other problems emerged, like how one in 40 interactive voice response calls were high risk and agents from retail and insurance companies failed to verify customer identities up to 12 percent of the time.
The report also cites research from the Identity Theft Resource Center’s ‘2021 Data Breach Report’ that found a 68 percent spike in data breaches compared to 2020.
This is despite Pindrop finding the average fraud call rate in 2021 declined compared to data stretching to 2017, with one-in-1199 calls being fraudulent, the lowest on record.
To rectify these concerns, the Pindrop report concludes by suggesting that companies replace KBA with passive authentication methods. It uses the example of its client FNBO, a bank subsidiary that saw a 59 percent jump in account takeover recognition rate that led to a 47 percent decrease in average loss. Pindrop is a notable company in the passive authentication sphere with its voice biometric authentication solutions.
“With 2021 seeing a sixty-eight percent increase in data breaches, bad actors are compromising data easier and more efficiently. Now is a good time to change the locks and advance the way customers can open more worlds safely and privately with just their voice,” says Vijay Balasubramanian, CEO and co-founder of Pindrop.
The Atlanta, Georgia-headquartered company frequently publishes market research on security, with a recent one suggesting that passwordless authentication and voice biometrics are becoming popular with IT and cybersecurity professionals due to frustrations with passwords and KBA.