Multi-factor authentication is a foundational component of every well-rounded security posture. In March 2024, it will become an innate expectation that every contact center's identity security includes MFA as PCI 4.0 takes effect. As BPOs look to the future, they must know that traditional MFA will not cut it for contact centers.
Contact centers face security challenges on two fronts: internally and externally. From the outside, threat actors are constantly looking to breach BPOs because breaching a BPO gives the attacker access to the BPO’s customers’ infrastructure. This means hackers constantly seek and develop new tactics like prompt bombing and deploying tools like Man-in-the-Middle kits and RDP attacks to circumvent MFA. On the inside, BPOs worry about their own employees perpetrating fraud, credential misusage, and agents outsourcing their work to 3rd parties.
Contact centers need a multi-factor authentication tool that is more versatile than traditional MFA. Most contact centers adhere to strict clean desk policies, making multi-factor authentication that relies on mobile apps or text messages impossible to deploy. Hard tokens like YubiKeys are difficult and expensive to manage and scale. Traditional MFA also does not provide contact centers with additional security that protects them from agents that may be complicit in granting an unauthorized person access to an account in the event a remote agent is outsourcing their role.
Traditional MFA is no longer an antidote to sophisticated attacks or complicated security problems. The only answer is to deploy a solution that is able to protect against breaches and intentional misuse simultaneously.
Twosense Continuous MFA does exactly this. Leveraging machine learning and passive biometrics, Twosense is able to create a unique biometric profile for each user. Each model learns and adapts to changing behaviors to biometrically authenticate the user at every MFA challenge in an invisible way. The more behavior is observed, the more confident Twosense can be that the user is who they claim to be. Twosense can validate the user's identity and authenticate them not by what they’re doing but by how they’re doing it, generating a level of trust for every interaction in the background. That trust score is then used to authenticate the user continuously throughout the day or flag suspicious behavior.
Continuous MFA with passive biometrics is unique because, unlike traditional MFA, no password, token, or device can be stolen and used to bypass security. In the event of an outside attack, if the attacker doesn’t have the Twosense agent, their authentication goes no further. If the attacker uses something like an RDP to access a compromised user’s machine, the behavioral mismatch will be identified, and action can be taken in minutes.
If an agent attempts to outsource their work or hand off their access to a 3rd party, they will hand off everything they know and everything they have to the unauthorized user, but they can’t hand off everything they are. A behavior mismatch would be flagged immediately, alerting operational supervisors and security teams.
Continuous MFA through passive biometrics is the only solution capable of checking users' identities hundreds of times each day without requiring any participation from the users– making it secure, efficient, and compliant. The ideal combination for all BPO contact centers eager to prove their commitment to security.