ID&V (Identification and Verification)

The traditional approach that everyone hates

The standard ID&V process goes something like this:

“For security purposes, can I take your full name, date of birth, and postcode?”

Customer provides these.

“And can you confirm the first line of your address?”

Customer provides this.

“Finally, can you tell me the answer to your security question: what was the name of your first pet?”

Customer: “Uh… I set this up 10 years ago. I have no idea what I answered. Was it my childhood pet or my first pet as an adult? And did I use the nickname or the proper name?”

This is where everything grinds to a halt. The customer cannot remember what they answered a decade ago. The agent cannot proceed without correct answers. The customer gets increasingly frustrated. The agent suggests resetting the security question, which requires more verification through a different channel.

What should have been a quick account balance check has become a 15-minute ordeal about forgotten security questions.

Even when it works smoothly, knowledge-based verification eats time. You’re spending the first two minutes of every interaction confirming identity before you can discuss the actual reason for contact. Multiply that across thousands of daily interactions and you’re burning enormous amounts of agent and customer time on security theatre.

The fraud versus friction problem

Fraudsters are sophisticated. They research targets, harvest personal information from social media and data breaches, and rehearse their approach. They can often answer knowledge-based security questions because the answers are discoverable or guessable.

Your mum’s maiden name? Probably on Facebook. First pet’s name? Might be in old photos. Postcode? Public record. Date of birth? Social media again. Street name? Electoral roll.

So you add more questions and make them harder. Now legitimate customers fail verification whilst fraudsters sail through because they’ve done their homework. You’ve increased friction without meaningfully improving security.

This is the ID&V trap. Simple questions are easy for fraudsters. Complex questions frustrate customers. You cannot win with knowledge-based verification alone.

Modern approaches to ID&V

Voice biometrics

Voice biometrics analyse unique characteristics of a customer’s voice – pitch, rhythm, accent, speech patterns. After initial enrolment, the system passively verifies identity whilst the customer speaks naturally. No security questions needed.

From the customer perspective, verification is invisible. They call, start talking, and the system confirms identity in the background. Agents see authentication status on their screen without the customer needing to answer anything.

This dramatically reduces friction whilst improving security. Fraudsters cannot easily fake someone else’s voiceprint, whilst legitimate customers benefit from seamless verification.

The challenge is enrolment. Customers need to provide enough speech samples initially to create an accurate voiceprint. Some customers feel uncomfortable with voice recording for biometric purposes. And voice biometrics can struggle with poor line quality or customers with health conditions affecting their voice.

Passive verification

Caller ID, device recognition, location data, previous interaction patterns – all provide verification signals without asking customers anything. The system builds confidence in identity based on multiple factors that match the customer’s normal behaviour.

Low-risk activities (checking balance) might require only passive verification. Higher-risk activities (changing direct debit details) might require additional active verification even if passive signals look good.

This risk-based approach tailors verification to the situation rather than applying the same process regardless of what the customer wants to do.

One-time passcodes

SMS or email verification codes provide additional security layer when needed. The customer receives a code on a registered device and reads it back to confirm they have access to that device.

This works well for high-risk activities but creates friction when overused. Customers hate having to find their phone, wait for the text, read out the code – especially when they’re just trying to do something simple.

Biometric authentication

Fingerprint, face recognition, or other biometric methods work brilliantly for mobile apps and digital channels. Customers authenticate themselves before reaching an agent, so the agent receives pre-verified contacts.

This shifts verification away from the voice channel entirely, reducing the burden on agents whilst maintaining security. But it only works when customers are comfortable using biometric authentication and when your digital channels support it properly.

The vulnerable customer challenge

Standard ID&V processes can exclude or frustrate vulnerable customers. Someone with memory problems cannot reliably answer security questions about historical information. Someone with speech difficulties might struggle with voice biometrics. Someone without mobile phone access cannot receive one-time passcodes.

Contact centres need fallback verification methods that maintain security whilst accommodating different customer needs. This might mean allowing authorised representatives, using different verification approaches for vulnerable groups, or providing additional verification channels.

The Equality Act requires reasonable adjustments for disabled customers. ID&V processes that create barriers need alternative options.

The agent perspective

Agents spend significant time on ID&V – time they’d rather spend actually helping customers. When verification goes smoothly, it’s tolerable but tedious. When it fails, it’s excruciating.

The customer has forgotten their security answer. The agent cannot proceed. The customer gets angry. The agent is stuck between security requirements and an increasingly hostile customer who just wants to check their balance.

Some customers become abusive when denied access, creating awful experiences for agents who are simply following security policy. Other customers are embarrassed about failing verification, making the interaction awkward for everyone.

Agents also face pressure from fraud attempts. Fraudsters are often charming, plausible, and put agents under social pressure to bypass verification. “I’m the account holder, I just cannot remember that answer, surely you can make an exception?” Some agents make exceptions that let fraud through. Others rigidly refuse all exceptions and frustrate legitimate customers.

Failed verification scenarios

What happens when someone cannot pass ID&V varies by organisation and circumstance. Options include:

• Offering alternative verification methods (send a code, call from registered number, visit in person)
• Creating a case for callback after verification through another channel
• Resetting security credentials through secure process
• Absolute refusal to proceed without successful verification

The worst outcome is when legitimate customers cannot access their accounts through any available channel. They’ve genuinely forgotten security answers, lost access to registered phone numbers after moving, and cannot verify through the options available. Now they’re locked out of their own account with no clear resolution path.

This is where ID&V processes need safety valves – difficult but possible routes for legitimate customers to regain access when standard verification fails.

Omni-channel complications

Omni-channel creates interesting ID&V challenges. Should verification in one channel carry forward to another? If someone verifies on the website, should the agent trust that when they call 10 minutes later?

The answer depends on risk and timing. Session-based verification makes sense – once verified, stay verified for that session across channels. But verification from yesterday probably should not carry forward to today’s interaction.

Managing verification status across channels requires integrated systems that track when and how verification occurred, then apply appropriate policies based on risk and timing.

Getting ID&V right

Effective ID&V balances security with experience by:

• Using risk-based approaches that verify proportionally to risk
• Implementing passive verification where possible to reduce friction
• Offering multiple verification methods to accommodate different customer needs
• Being clear with customers about why verification matters
• Training agents to handle failed verification sensitively
• Having clear escalation paths for customers who cannot verify through standard methods
• Regularly reviewing whether verification questions remain appropriate and secure

The goal is security that customers barely notice rather than interrogation that frustrates everyone. When ID&V works well, it’s nearly invisible. When it fails, it dominates and ruins the entire interaction.

Most customers understand that security matters. What they cannot stand is security that feels pointless, questions they cannot possibly remember, or rigid processes that lock them out of their own accounts with no reasonable resolution path.

Get ID&V right and it protects everyone whilst staying out of the way. Get it wrong and it becomes the most hated part of contacting you – the barrier customers have to fight through before they can even explain why they called.