When most people think of identity theft, they think of hackers breaking into secure databases. There is likely some frantic typing on a keyboard and incomprehensible text flowing down the screen. The reality hacking is a whole lot more boring than this (a surprising amount of hacking is automated), and is not even the best way to get at privileged information. No, there is a much simpler method by which personal information is stolen:
It is asked for.
The weakest element of any security infrastructure is the human element. Information is so often stolen just by pretending to be the rightful owner of that data and then asking for it without going through any verification process at all. This is not always the fault of the employee – as somebody who has worked in customer service, one can often find themselves forgetting whether or not they conducted proper verification at the start of the call.
In light of this, it is understandable that you’d want to eliminate or at least reduce the human factor from your identity verification equation as much as possible. The question, of course, is how to do that? The following are ways you can ensure that your customers are who they say they are without risking your security procedures over human error.
Minimize Information Exposure
A human employee can only give out the information displayed on screen. If you limit the information they have, you limit their ability to give that information away. Many companies go with a true/false approach where a customer gives certain information to the employee, and the employee only gets a return of true or false from it.
In some cases, this is not practical, and certain information needs to be displayed in full to the employee. In these instances, you can at least limit what type of information is displayed and how much. The complete social security number is rarely something an employee needs to see – the last four digits are usually sufficient. Similarly, only those addresses associated with the immediate business relationship need to be displayed – even if you required additional addresses when opening the account for security reasons.
Another approach is to simply remove the human from the equation altogether. An automated registration process is safer since all of the verification happens without additional human input. Certain third-party identification verification services such as Cognito can compare certain values and allow or reject registration on the basis of thresholds you customize.
Through streamlined and automated verification processes, you limit the information exposure to your employees. Even with over-the-phone registrations, automation can help minimize the amount of data required to be collected.
Consider What You Need
Ultimately, it pays to ask what you need for identity verification. The more information you ask for, the more likely it is customers will abandon registration altogether. So, there is both a business and a security reason for reducing the human element by minimizing the amount of information that changes hands.
Only ask for the bare minimum information required to successfully verify a person’s identity. Anything else is a waste of time and only increases the amount of information that can be mined from your employees by a clever thief.
More Systems, Less Uncertainty
Humanity has truly outdone itself. It is telling that we have come so far that the human factor is now the most limiting factor in all of our endeavors. Thanks to the innovations of some of the most brilliant members of our species, we have found ways to overcome even this limitation. The technology is there, the only thing required of you is to reach out and grab it.