Client Authentication - Participant Workbook Web viewManual Authentication. High-Risk Authentication. Third Party Authentication. Define Channel-link Platform features that facilitate

CLIENT AUTHENTICATION

Module Objectives.........................................................................................................................4-1

Module Introduction......................................................................................................................4-2

About Client Authentication..........................................................................................................4-3

Common Call Flow...................................................................................................................4-3

Four Types of Authentication....................................................................................................4-4

Channel-link Platform Screens, Prompts and Alerts.................................................................4-5

Basic Authentication....................................................................................................................4-12

Basic–Full Authentication.......................................................................................................4-12

Basic–Partial Authentication...................................................................................................4-14

Manual Authentication................................................................................................................4-16

High-Risk Authentication............................................................................................................4-19

Third-Party Authentication..........................................................................................................4-24

Transfer Calls..............................................................................................................................4-30

Authentication Simulation Exercise............................................................................................4-31

Features that Provide Added Protection......................................................................................4-38

Suspicious Call/Visit...................................................................................................................4-39

Module Exercise..........................................................................................................................4-44

Module Summary........................................................................................................................4-46

PARTICIPANT WORKBOOKDECEMBER 2010

Module 4

This page left intentionally blank.

PARTICIPANT WORKBOOKDECEMBER 2010

MODULE 4–CLIENT AUTHENTICATION

PW 4-III


MODULE OBJECTIVESModule objectives identify the learning goals for this module. This module session includes discussions, demonstrations, and a practice exercise that will help you understand and perform each of the objectives below.

ObjectivesWhen you complete this module, you should be able to:

Describe the four types of authentication, including:

o Basic Authentication

o Manual Authentication

o High-Risk Authentication

o Third Party Authentication

Define Channel-link Platform features that facilitate client authentication and lead to effective risk management, including:

o Client Authentication Dialog Box

o High-Risk Transaction Alerts

o Session Wrap-up

o Suspicious Call/Visit flag

Perform client authentications according to specific policies and procedures

Transfer calls:

o From one Channel-link Platform user to another Channel-Link Platform user

o From one Channel-link Platform user to a teammate using another system

Place a Suspicious Call/Visit flag on an account according to procedures

FOR INTERNAL TRAINING USE ONLY (12/2010) PW 4 -1


MODULE INTRODUCTIONDuring this module, you will practice using the authentication and risk management functions in Channel-link Platform. Client Authentication, also known as verifying a client’s identity, is a critical first step to providing account information or performing account maintenance. Client Authentication is an important security measure that protects our client accounts and account information. It also protects SunTrust from possible loss and liability.

By the time you complete this module, you should be able to navigate Channel-link Platform and take advantage of the tools and resources available to efficiently authenticate a client’s identify and effectively manage risk by protecting SunTrust from loss.

Throughout this course we will be learning to use Channel-link Platform to service our clients. Channel-link Platform provides an integrated approach for displaying and working with client information. With it, teammates will be able to provide a more effective and efficient service. This supports our current branding campaign, “Live Solid Bank Solid,” by giving teammates the tools to provide excellent service to our clients.

When using this or any application, it is important that teammates follow all compliance regulations, policies, and procedures when they access profiles and provide client and account information.

PW 4-2


ABOUT CLIENT AUTHENTICATION Channel-link Platform leads you through the Client Authentication process using system prompts. These prompts indicate when a client has been authenticated successfully and when they have not. When a client is not authenticated successfully, Channel-link Platform generates messages signaling that further authentication is needed, and sends questions that you need to ask to ensure effective authentication.

Common Call Flow1. When clients call SunTrust, they are prompted by the IVR (Interactive Voice Response) to

enter identifying data.

2. The Authenticate Client Dialog Box (aka authentication window) appears in Channel-link Platform.

3. The teammate is required to verify the required data on the Authenticate Client Dialog Box. (Required data varies depending upon the information the client input into the IVR)

4. If the client is unable to answer the required data on the authentication window, then additional authentication is required.

The Authentication Grid is available to help teammates follow the correct policies and procedures when authenticating clients. This information will be covered later in this module.

PW 4-3

Client Verification Client Authentication


Four Types of AuthenticationThe information that is input into the IVR will determine what type of authentication will be required. There are four types of authentication: Basic, Manual, Third Party, and High Risk.

Basic Authentication–When a client calls in through the IVR, the information provided via phone is automatically verified and passed along. Based on the information provided and its accuracy, one of the following scenarios may occur:

Full Authentication–Results when a client responds appropriately to the IVR prompts and the request poses minimal risk. In this case Channel-link Platform displays identifying information and all you have to obtain is the Name to complete authentication.

Partial Authentication–Results when a client enters only one piece of verifying data through the IVR or opts out of responding to the IVR prompts. The client is able to respond correctly to the verification question displayed on the Authenticate Client Dialog Box or posed by the teammate through manual authentication.

Manual Authentication–Results when a client bypasses, or responds incorrectly, to the IVR prompts and is not automatically authenticated. Manual authentication is also necessary when the Authenticate Client Dialog Box does not include sufficient information to verify.

High-Risk Authentication– Results when a client request is considered high-risk, or involves a high-dollar transaction. The Knowledge Based Authentication system is commonly used for High Risk Authentication. High-risk transactions are covered later in this module.

Third Party Authentication–Results when non-clients or persons whose names are not on the account are requesting information. Examples of this are merchants, car dealers, mortgage or title companies, insurance companies, banks or other financial institutions and family members who have a legitimate business need to obtain client information.

PW 4-4

0111


Channel-link Platform Screens, Prompts, and Alerts Channel-link Platform also displays screens, prompts, and alerts at critical points during account inquiries and system functions. This makes it easy for you to verify your client’s identity and feel confident that effective client authentication has occurred. You are also assured that when a high risk situation calls for it, Channel-link Platform will alert you to take the necessary precautions.

The following Channel-link Platform screens, prompts, and alerts provide information pertaining to features used for authenticating callers and keeping account information secure?

Authenticate Client Dialog Box

Authentication Section in the Left Navigation Menu

High-Risk Authentication Alerts

Session Wrap-up Authentication Results

Suspicious Call/Visit flag

Alert Icons

PW 4-5

VRU LocationClient Type PersonalPhone Number 404-555-7000Authenticated YesJames E Wills5555 RockinghamCrossville , IN 48555-1234


Client Search: Authenticate Client CheckboxThe Client Search screen includes an Authenticate Client checkbox. Use this check box if you do not have the CTI system, no information was passed through the IVR or if you are calling the client. In either case, you must initiate manual client authentication using the Authenticate Client Checkbox.

The Authenticate Client Dialog Box will be covered later in this section.

PW 4-6


Left Navigation: Client Authentication Section All screens that include the Left Navigation Menu also display the Client Authentication section in the upper left-hand corner.

The Client Authentication Section provides information about the caller:

Number Information Description

1 VRU Location Indicates the options that the client selected in the IVR. It may or may not display retail or business client. The VRU Location and Client Type information is only as accurate as the information given by the caller through the IVR prompts selected.

2 Client Type Indicates whether the caller identifies himself or herself as a personal or business client when making selections through the IVR

3 Phone Number

Lists the phone number where the call originated

4 Authenticated Displays the results of the client authentication process; in this example, Authenticated Yes indicates that the client has been authenticated.

Non-CTI users (teammates who are not connected to the Computer Telephony Integration system) will not see the Client Authentication Section on their screens.

PW 4-7


Authenticate Client Dialog BoxThe Authenticate Client Dialog Box is another key client authentication feature of Channel-link Platform. This box appears when the client passes through the IVR or when you initiate a client search.

Sections

The three most common sections on the Authenticate Client Dialog Box are: Verified by Caller, Verify the Caller’s Full Name (or Verify Business Name) and Verify the Following.

The Authenticate Client Dialog Box contains the following sections:


1 Verified by Caller Displays client information that has already been verified through the IVR prompts.

2 Verify the Caller’s Full Name ( or Verify Business Name)

If the call is regarding a personal account, verify the client’s name.

If the call is regarding a business account, verify the business name and verify the name of the caller which you will note later in Session Wrap-Up

3 Verify the Following Includes prompts to obtain any additional information needed to authenticate the client.

The questions displayed in the Authenticate Client Dialog Box differ, depending on the information that has already been authenticated by the caller in the Verified by Caller section.

Channel-link Platform may display up to five names with check boxes in the Verify the Caller’s Full Name Section, after asking the caller to provide his or her name, select the check box next to the correct caller.

PW 4-8


Buttons and Check boxes

Within the various sections of the Authenticate Client Dialog Box, there are additional buttons and check boxes that you should be familiar with.

The Authenticate Client Dialog Box contains the following:


1 Manually Authenticate Check-box

The manual authenticate checkbox should be used if the teammate has to ask further questions to authenticate the client.

2 Third Party Check-box

Select this check box to indicate when the client is a third party and must be manually authenticated.

3 Suspicious Call/Visit Check-box

Select this check box if you feel apprehensive during the authentication process, or doubtful of the legitimacy of the client or the request. Suspicious Call/Visit will be covered later in this module.

4 Action Buttons OK–Initiates the function you indicate on the dialog box. Cancel–Terminates the Authenticate Client Dialog Box and takes you to Session Wrap- up.

PW 4-9

0111

1 2

4 3


High Risk Authentication AlertsWhen the type of transaction involves high risk, Channel-link Platform displays a Caution message on the related screen or dialog box, alerting you to perform High-Risk Authentication.

Example: Client only requesting to change her phone number.

Example: Address Change (last 30 days) and a Statement Copy

Situations that require High-Risk Authentication are covered later in this module.

PW 4-10


Session Wrap-Up: Suspicious Call/Visit Flag The Session Wrap-Up screen includes a checkbox that enables you to indicate if a Suspicious Call/Visit took place. If you select this box, it is required to include a comment to explain why a Suspicious Call//Visit Flag is being selected in the Comments field.

In the example below, the client called in to request maintenance on his account, high-risk authentication was required and the caller disconnected during the process, causing the teammate to indicate a Suspicious Call/Visit during Session Wrap-Up.


1 High-Risk Authentication Occurred?

If Yes is selected, the following question appears “High-Risk Authentication Successful?” You must select Yes from the drop-down option box if the teammate performed KBA or, in lieu of KBA, performed Extra Business Authentication.

2 High-Risk Authentication Successful?

Was the High-Risk Authentication successful? When this question appears, a response is required. In the example above, No is selected because the Authentication was not successful.

3 Comments This field is used to provide information concerning a Suspicious Call/Visit. In the example, the caller disconnected when the High-Risk Authentication was in progress prompting the teammate to place the Suspicious Call/Visit flag.

4 SuspiciousCall/Visit

The Suspicious Call/Visit is used when a teammate suspects that the caller wasn’t the client or an unusual action occurs.

Suspicious Call/Visit Flags are covered in more detail later in this module.

PW 4-11


BASIC AUTHENTICATION

Basic–Full AuthenticationWhen a client calls in through the IVR, the information provided via phone is automatically verified and passed along. Full Authentication results when a client responds appropriately to the IVR prompts and the request poses minimal risk. Since the client entered all of the required information, you only have to verify the client’s full name (or if the client is calling regarding a business account the Business Name and the client’s full name.).

The following table describes Authentication Client Dialog Box when the client has been fully authenticated through the IVR:

# Information Description

1 Verified by Caller Indicates what was already entered and verified through the IVR. Compare the information in this section to the information on the Client Profile.

If a manual authentication is required, you will check the Manually Authenticate Checkbox and proceed with the authentication.

2 Verify the Caller’s Full Name (or Verify Business Name)

When only one name appears, ask the caller to verify her full name or business name.

When multiple names appear, ask the caller to verify her full name and check the box next to the caller’s name on the screen.

If a Business name appears, you will also need to obtain the name of the client who is calling in; this may be needed to check if the client is an authorized signer.

3 Click OK. This completes basic authentication.

Example – Personal client is fully authenticated through IVR:

Example – Business client is fully authenticated through IVR:

.

When authenticating a business client, Channel-link Platform only prompts you to Verify the Name of the Business. You are also required to verify the Name of the Caller, which you will later note in Session Wrap-Up.

PW 4-12


PW 4-13


Basic-Partial AuthenticationWhen a client calls in through the IVR, the information provided via phone is automatically verified and passed along. IVR Partial Authentication results when a client enters only one piece of verifying data through the IVR or opts out of responding to the IVR prompts. When this happens, the Authenticate Client Dialog Box displays the information that was entered and the information that you need to verify to complete the Authentication.

If the client bypasses the IVR, you will do a Client Search to display the client information. The Authenticate Client Dialog Box displays what you used to search for the client and prompts for any additional information required to complete authentication.

Client does not enter TIN:

The following table describes each section of the Authenticate Client Dialog Box when the client is only enters one piece of qualifying information in the IVR:

# Information Description

1 Verified by Caller The Account Number was entered by the Caller, but not the last four digits of their TIN.

2 Verify the Caller’s Full Name

Channel-link Platform prompts you to verify the caller’s full name.

3 Verify the Following

Verify the last four digits of the caller’s TIN. If No is selected for the Last 4 of TIN and then OK is clicked, you are taken straight to the Session Wrap-Up screen.

4 Click OK. When matching information is provided, click OK.

PW 4-14


Personal client is partially authenticated through IVR and does not enter the TIN:

In the example below, the client provided the account number. The dialog box also prompts you to verify the caller’s full name and the last four digits of his TIN.

Business client is partially authenticated through IVR and does not enter the TIN:

In the example below, the client provided the business account number. The dialog box also prompts you to verify name of the business and the last four digits of the TIN.

PW 4-15


MODULE EXERCISE

1. What is the difference between IVR Full Authentication and IVR Partial Authentication?

IVR Full Authentication

IVR Partial Authentication

2. What is the purpose of the Manual Authentication checkbox?

3. What situation leads to Manual Authentication?

4. How do you manually authenticate a client?

5. Name two situations that require Third-Party Authentication.

PW 4-16


6. What will you say to a Car Dealership before disclosing Loan Payoff information?

7. What information cannot be disclosed to a third party?

8. What is High-Risk Authentication?

9. Name two client requests that present the potential for high risk.

10. When would you click the Suspicious Call/Visit checkbox?

11. How long will the Suspicious Call/Visit flag stay on the account?

12. If you placed a Suspicious Call/Visit flag by mistake, how do you remove it?

13. In the Session Wrap-up screen, what must you do before you set the Suspicious Call/Visit flag on the account? Why?

PW 4-17


MODULE SUMMARY

Use this page to note the key points of this module.

PW 4-18

Documents

Client Authentication - Participant Workbook Web viewManual Authentication. High-Risk Authentication. Third Party Authentication. Define Channel-link Platform features that facilitate