Call centre employees in the UK will readily accept less stringent identity checks in place of forgotten security passwords, according to mystery shopper research conducted on behalf of US voice automation outfit Intervoice.
Intervoice says researchers holding current accounts and credit cards with 20 of the UK's financial institutions contacted the call centre to determine whether they would be allowed to perform a transaction without their security password.
The study revealed that agents at nearly half (nine out of 20) of the call centres investigated can be simply coaxed into accepting less stringent identity checks from callers claiming to have forgotten their personal passwords.
In the case of three financial institutions that provide personal credit cards, no security password was required at all to conduct a balance transfer of £500.
However, in all cases where callers were allowed to bypass the password security check, alternative data such as landline phone number for the account holder, mother's maiden name or recent direct debit details were requested.
Commenting on the research, David Noone, director, Intervoice, says: "As financial institutions focus on cracking down on ID theft from computer viruses and over the Internet they are turning their back on the telephone as a channel for criminals. This has become one of the easiest back doors for criminals to conduct fraud."
Noone says call centre staff are trained to be helpful and in their efforts to avoid customer frustrations they will readily offer up alternative security checks. This is often with questions relating to personal data on the account holder that could be "second sourced", in the most extreme cases through stolen bags or through Internet research.
He says banks should seriously consider introducing biometric identity checks, including voice authentication for telephone transactions.