Strengthening Security with MFA 🔍

We all have customers in some form or another and identifying them can be tricky. Mid last year ACMA brought in regulation to make it mandatory for telcos to use a second factor in verifying a customer attempting to perform a high risk transaction (for example, adding an account holder). Many telcos adopted this second factor as a One Time PIN (OTP) sent from their CRM.

Recently, this topic came up in a review we are doing on IT Service Desk operations for a LGA. Identity spoofing is a real threat for support teams whether they be internally or externally facing.

As put by the Australian Cyber Security Centre, there are three factors in verifying identity – something you know (like password or email address), something you have (a card, token, or known mobile phone) or something you are (fingerprint, voiceprint or other biometric). Your job – particularly in any high risk transactions initiated by your customer – is to verify two of these three factors.

Modern service desk and CRM solutions make this easier with built-in multi-factor verification functions or integrations. Into PowerApps? Create something like this to send a random PIN to a known email address (or modify to send an SMS via a gateway to a known phone number). Remember, Microsoft consider logging into a trusted device (eg enrolled in Intune) as a second factor.

Advancements in this space continue, with Microsoft recently announcing integration between Dynamics 365 Customer Service and Nuance Gatekeeper for voiceprint identification.

As The Who said in their ‘78 anthem of customer identify verification: “Come on, tell me, who are you?, ‘Cause I really wanna know”. The rest of the song’s not that relevant, but hey its hard finding a pop-culture reference sometimes.

Across the Industry