Close this search box.

Written by: Pindrop

Contact Center Fraud & Authentication Expert

Contact center authentication defends your business, but many leaders are struggling with choosing the best type of authentication solution for them. In addition, recent shifts to massive swarths of the workforce staying home have created new challenges in security, workforce optimization, and consumer behavior.

We’ve organized a collection of tools, assets, and other resources to aid contact center leaders in their race to optimize operational costs, improve customer experience, and improve security measures, as organizations restructure and prepare for the road ahead. You can explore the tool kit on this page linearly or choose the section you need.

Table of Contents


Caller authentication is the process of verifying the identity of persons via the phone channel. From email to bank logins, many companies have employed tools like two-factor verification to make their services more secure. Along with a potential spike in call volumes, a similar need for proper identification of callers surges to the forefront. Businesses deploying effective caller authentication ensure that the entire process is customer friendly while maintaining a secure operation – not always an easy balance to strike.


When it comes to caller identification, it’s all about giving your customers a secure and enjoyable experience. You definitely have to review your related processes if:

  • There is a lack of personalization in the customer experience especially when calling from a verified number.
  • The average handle time on your calls is above the industry average.
  • There are frequent security issues possibly leading to account takeovers.

You are getting bad reviews from your customers regarding their experience when contacting your call center. Pindrop’s data shows that 41% of consumers blame the brand for the fraud happening. Furthermore, 90% of consumers say 3 or fewer bad experiences cause them to churn.


Caller authentication – in general, follows 3 steps:

  1. A call is placed to a contact center
  2. The call is connected to the contact center
  3. Caller authentication takes place

Authentication operationally comes in two flavors: Passive and Active.


Passive Authentication is the process of authenticating callers without any interaction with the caller or required actions on behalf of the agent or the caller themselves. Passive authentication results in calls that are authenticated before being connected to the agent. Creating a smoother, more personalized customer experience, reducing average handle time by eliminating required actions on behalf of the agent & caller, and strengthening the front lines of your contact center against attack. Passive authentication methods also help increase self-service options in the IVR.

Active Authentication is the process of authenticating callers by requiring callers and/or agents to actively participate in authentication. The most common permeation of this is the use of knowledge-based authentication questions. Here, agents are expected to ask questions to ascertain whether or not the person is who they say they are. 


Designing an optimal passive caller authentication process:

When establishing your authentication process, it’s best to think about Authentication on a spectrum. Not every transaction is created equal. For transactions that are at less risk of fraud, fewer factors of authentication can be appropriate. Higher risk transactions, by contrast, will require more.

For lower-risk transactions (require 2 or fewer factors of authentication), ANI Validation combined with ANI match can be a powerful tool to verify customers quickly and easily without compromising security. 

What is ANI Validation?

ANI Validation confirms that a call is coming from the device that owns the number. In other words, the call has not been spoofed or manipulated.

What is ANI Match?

Automatic Number Identification (ANI) is a telephony service that allows the receiver of a phone call to capture and display the phone number making the call.  In short, an ANI represents the phone number that is calling you. 

On an inbound call, businesses can use the ANI to search their own database for a match with an existing customer account. This process makes it fast and easy for the business to know when a customer is calling, personalize the call, and reduce security steps to make authentication easier for customers.

The Threat of Spoofing

Call spoofing undermines trust in the Caller ID process by allowing the calling party to manipulate the ANI. Criminals often use this tool to replace their calling number with the number of a real customer. Businesses that are not able to detect call spoofing run the risk of authenticating calls from impersonators. 

Combining ANI Validation and ANI Match

In order to safely match an ANI with an existing account, businesses must first validate that the ANI has not been changed or manipulated. ANI Validation is the process used to make this determination. 

Once your business can trust the number on the caller ID, then match it to an existing customer account, two factors of authentication have been completed. For businesses that only require two factors of authentication to complete certain transactions, ANI Match + ANI Validation is a light-weight, simple solution to streamlining the security process in a way that benefits customers while remaining safe from bad actors. 


For transactions that come with a higher risk of fraud, multi-factor authentication is required. Multi-factor authentication is the use of multiple disparate data points to authenticate or verify identity. In practice, its application in call centers means the utilization of numerous data points to ensure the caller is genuine. Voice, device, and behavior are 3 common points used to authenticate callers- though multi-factor authentication generally refers to the use of two or more ways of verifying an identity. Using multi-factor authentication technology to assist the agent in authenticating the caller, reduces the cost per call by reducing the amount of time agents are on the phone and can improve customer experience by personalizing it.

Multi-factor Authentication typically leverages at least two of 5 “factors”:

Something You Know:
Like the answer to a knowledge-based question

Something You Are:
Like a Voiceprint

Something You Have: Like a mobile device or keycard

Something You Do:
Like your dialing pattern

Something You Use:
Like carrier signaling or call dialing


Knowledge Based-Authentication (KBA) is the combination of real and fake-out questions that should help agents root out imposters and fraudsters. However, due to the answers to these questions being available publicly or leaked online – the effectiveness of this method is no longer accepted. Knowledge-based authentication comes in two flavors:

  1. Dynamic knowledge-based authentication is the use of publicly available information to verify identity and the questions are updated as your public information changes. An example would be “Which of these addresses have you been associated with in the past?”
  2. Static knowledge-based authentication is the use of questions with presumably unique answers that should be specific to you – for example, “What is your favorite food?” The assumption here is that this information is something that only you or someone very close to you would know – and therefore could be used to identify you. 

Pindrop’s research shows that a third of the time genuine consumers cannot remember the answers to static KBAs and that more than half of the time fraudsters guess the right answer. Additionally, dynamic knowledge-based authentication questions have been compromised as mega-breaches have spread addresses, phone numbers, and credit information across the dark web for years. 

In short, multi-factor authentication, and more so passive multi-factor authentication, is a more effective and beneficial form of caller authentication. The passive approach offers many benefits concerning security, operations, and customer experience. Call center leadership looking to increase capacity, improve customer experience, reduce agent stress, and address fraud costs should seriously consider passive multi-factor authentication as a solution.


Enrollment optimization is the transformation of the processes concerning enrollment into their most efficient state for the callers and the business. Enrollment processes differ but are typically categorized as either passive or active. As noted above, optimization leans towards passive solutions as they do not require consumer interaction, nor agent involvement. Passive enrollment requires no human interaction and optimizes enrollment by ensuring a seamless experience for the caller and the best return on authentication investments.

A seamless experience is essential not only for customer experience and brand loyalty but also for the effectiveness of your authentication planning. Its simple, passive enrollment of every caller better ensures enjoyable experiences during each call, which welcomes consumer interaction, and deepens their affinity to your brand. The more seamless you can make every interaction, the better the customer experience. In short, passive enrollment is the optimal solution for authentication enrollment.


Because your authentication solution is only as useful as the number of your customers enrolled, your goal should be 100% adoption. Though this is impossible, it is critical to note that should few consumers enroll, your authentication solution would be much less effective, as inferior enrollment rates translate to inferior authentication rates. Again, passive enrollment goes a step further, ensuring the better authentication rates by delivering the higher enrollment rates.


Leverage ANI as a factor in the ID claim. ANI, or automatic number identification, helps to take the cognitive load off the caller by leveraging data that already comes with the call. ANI of an incoming call can be matched with data on the file to look up a uniquely matched identity. This data can be leveraged not only for a first-time caller but also for an identity claim for a returning caller. Rather than having to answer a knowledge-based authentication question or share sensitive information over the phone to verify identity, ANI can be looked up silently in the background of the call.

Leverage a unique identifier. Having a consistent, asserted identity claim, ensures that call after call, time after time, you can identify a caller across different lines of business. Leveraging a unique identifier provides a seamless, passive process, authenticating the caller in the background of a call so you can get them where they need to be faster. 

Avoid clunky active enrollment. Active enrollment with specific passphrases is time-consuming for customers just wanting to have their issues handled; customers calling into a call center may find that as a distraction to resolving the issue at hand, resulting in sub-optimal user experience. Make the enrollment process seamless and straightforward by enrolling callers as they naturally engage with call center agents instead of forcing a separate enrollment process.

Keep things simple with API integration whenever possible. Pindrop’s APIs are straightforward – the footprint is small, they’re effortless to use. It’s a simple process, and the APIs are leveraged across both the agent leg and the IVR leg of the call. 

Engage experts, including process engineers, privacy by design, and Pindrop’s Business Intelligence Team to craft an ideal end customer experience.


Contact centers use authentication tools to provide frictionless, personalized customer experiences. But some authentication tools are better suited to that task than others. Exploring best practices for contact center authentication translates to positive gains in other areas. Optimizing your authentication practices can reduce average handle times, empower your customers, and improve operational efficiencies. You can leverage authentication best practices for quantifiable operational gains for your contact center. But more importantly, applying caller authentication best practices will improve your customers’ experience, increase your performance in customer experience metrics and give a boost to your brand’s power and the overall loyalty around it.