To make this more concrete, let’s consider how zero knowledge verification would work for an inbound call to a bank contact center. The account holder calling in must authenticate with the bank before the contact center agent will discuss anything about the caller’s accounts. At the present time, the bank authenticates the account holder by having the agent, or the IVR, ask for information such as the last four digits of the caller’s SSN, mother’s maiden name, and account number. Not only has this private information been revealed to the agent, but it is now also part of a recording, and possibly a permanent transcript.
Using Journey’s solution, the bank could take several easy zero knowledge verification steps:
1. After receiving a call, the contact center sends a notification to the caller’s mobile device asking the caller to log into the bank’s mobile app on the phone. Logging into the app using facial recognition provides one in a million accuracy; the bank could also use more complex back-end facial recognition provided by a third party that would provide one in a billion accuracy.
2. The caller is authenticated in a couple of seconds and the bank can send a message via the secure Journey orchestration layer telling the caller that they’ve been verified and sharing the name of the agent to whom they’re talking.
3. The bank may require additional verification information, such as the account holder’s address, date of birth, or SSN. Rather than sharing this private information with the agent, the caller enters it into the mobile app. The data is sent through Journey’s orchestration cloud to the bank’s back-end systems for validation.
4. Once the account holder has authenticated, following the bank’s rules and protocols, Journey sends a signed, digital certificate to both the call center software on the agent desktop and to the user’s mobile device. This certificate is proof that the person has properly authenticated. If the call is passed to another agent, this certificate flows with the call so that the new agent knows the user has already authenticated, simplifying identity authentication even during call transfers.
Using zero knowledge verifications, the agent can see verification certificates without ever needing to see or hear any confidential information, yet the caller is securely authenticated, which increases customer privacy and improves the customer experience throughout the interaction.
Journey estimates it can save its customers at least $1 per call through faster authentication. Plus, the Journey solution eliminates silly or painful security Q&A experiences. In addition, it solves some issues for the contact center:
- It can reduce or eliminate the scope for compliance for PCI, HIPAA, GDPR, and CCPA.
- The underlying privacy and security-related details bypass the contact center stack entirely.
- It eliminates or reduces the need to prohibit cell phones in the contact center, delete call recordings, mask out sections of agent dashboards, and rely on “secure IVR.” In addition, it allows agents to work at home because an “evil person” looking over the agent’s shoulder will never see or hear any useable confidential information.
Journey sees several other fertile application areas for its technology, as shown in the graphic below. Another one that I can see moving to the forefront in coming months is voter verification, should we still be in quarantine or under other physical distancing guidelines and people don’t want to go to a polling location. A voting application embedding Journey’s technology on a mobile device would enable millions of people to cast ballots remotely, securely, and with less fraud.
Conclusion
As one of the judges in the Best of Enterprise Connect competition, I found Journey’s technology and demos quite persuasive. The capabilities, while not the typical communications and collaboration ideas we encounter in the industry, may have far-reaching effects on how contact center software stacks are built and how people interact with the companies that make the products and services they use.