Phishing-Resistant Behavioral Multi-Factor Authentication For Contact Centers

BPO contact centers face an ever-increasing threat of phishing attacks against agents. In fact, according to IBM, phishing was the most expensive initial attack vector across the globe, costing $4.9M across industries in 2023. The same report found that it took, on average, 293 days to identify and contain data breaches where phishing was used. However, for BPO and contact centers, the financial consequences of a breach far exceed this. The average cost of a BPO breach can be 10x higher.

Traditional multi-factor authentication (MFA) methods, such as OTP-based authentication, are proving inadequate in the face of sophisticated social engineering tactics. However, there is a path to achieving robust, efficient, and PCI-compliant identity security in contact centers with Behavioral MFA.

Twosense's one-of-a-kind approach provides BPO contact centers and their customers with a phishing-resistant solution. Behavioral MFA is 100% software, meaning no keys or codes can be compromised during a phishing attempt. By considering user behavior, including typing patterns, mouse movements, time patterns, app usage, and system flow, Twosense builds a comprehensive model for each user. This behavioral data is then processed in a cloud-based machine learning system, allowing for seamless and secure identity verification. Twosense’s phishing-resistant MFA also makes it easy for contact centers to integrate behavioral authentication, helping them meet PCI DSS standards.

Contact center breaches year after year highlight the limitations of PIN-based MFA. As social engineering techniques become more advanced, the industry must continually reevaluate its security measures. While traditional MFA methods like one-time passwords and push notifications have their merits, they fall short if users are tricked into entering sensitive information during a phishing attack.

Implementing PCI-compliant MFA in contact centers has historically been challenging, leaving many vulnerable to data breaches, fines, lawsuits, and reputational damage. Most contact centers adhere to strict clean desk policies, making deploying multi-factor authentication that relies on mobile apps or text messages impossible. Hard tokens, the other common option for BPOs, are expensive to manage and scale. However, Twosense provides a path to compliance, aligning with the PCI DSS emphasis on multi-factor authentication for both on-premises and work-from-home agents.

PCI 4.0 takes effect starting March 31st, and the updated standards highlight the importance of multi-factor authentication. Twosense’s no-phone, software-only, multi-factor authentication solution seamlessly fits into this framework. It utilizes behavioral biometrics, a key aspect recommended by PCI DSS, which defines biometrics according to NIST standards.

In the contact center environment, where traditional methods like hardware tokens are impractical, biometrics such as agent behavior emerge as a viable solution. With Twosense, BPOs, and their customers can achieve PCI compliance without needing mobile apps, hardware tokens, or additional equipment like thumbprint readers. To learn more about how your organization can become PCI compliant with Twosense, please read our Blueprint To PCI DSS v4.0 Authentication.

As the threats to contact centers evolve, so must security measures. Twosense Behavioral MFA provides BPO contact centers with automatic, frictionless, and phishing-resistant MFA that meets PCI compliance.

Talk To An Expert on our team to see how your organization can effortlessly incorporate Twosense's invisible MFA into your contact center operations. Elevate security without causing any disruption to your agents' workflow.