KuppingerCole’s newest report on “Passwordless and Authentication Solutions” includes FUTURAE! The right time to integrate the future is now. Start here!

We value your privacy

We use cookies to improve your experience on our site through website traffic analysis. To find out more, read our updated privacy policy.

Market Insights

Why Removing Security Questions In Helpdesk Calls Puts Money In The Bank

Helpdesks are an important part of the customer service process. They are the first point of contact for customers and provide a vital function in the customer journey. Kicking off a call with security questions creates a cumbersome customer experience. Using other authentication methods can help companies increase security, efficiency and the overall customer experience of inbound calls.


Helpdesk authentication is a process of authenticating a customer who requests support from the helpdesk. The most common type of helpdesk authentication is usually through knowledge-based authentication, a system that authenticates a user based on what they know, like answering a series of security questions.

58% of customers call the helpdesk for urgent or sensitive matters

A customer with an urgent issue with their bank or insurance provider typically does one of two things to get clarification to their problem. Either they send an email or pick up the phone and call the helpdesk center. While it may seem that text-based support methods are the default nowadays, a recent study by Accenture shows that 58% of customers prefer to solve urgent issues, such as access problems or fraud attempts, by calling the support of their service provider. Such helpdesk interactions are key moments in the customer journey as these issues are usually important, time-sensitive, and tend to be emotional for the customer. A reassuring voice on the phone can make all the difference in the satisfaction and comfort of the customers.

As a result, creating a trustworthy customer journey and secure user experience in these critical moments is significant for a company’s success.

What is your current account balance? Authentication that leads to customer discomfort

Most helpdesk calls start off with the support agent that tries to authenticate the customer by asking questions, such as: What is your current address? What is your date of birth? What is your current account balance or what was your last transaction? These highly detailed questions for which customers need to share personal data with an unknown support agent often feels invasive to customers and result in poor customer experience. The issue creates even further stress when calls are held in a public space such as a shared office or co-working space.

Security questions are not a secure method of authentication

More importantly, generic questions are not a safe method for authentication. Security questions, specifically known as knowledge-based authentication (KBA), are widely considered an insufficient method for crucial security processes. The reason is because some of those methods include passwords which are no longer considered safe), and security questions that are easy to guess. Hackers are often able to guess answers to the most common questions as much as 20% of the time. Information, such as a personal address, can be simply retrieved by conducting a Google search. Other information, such as information about previous card transactions, is harder to obtain. However, in some cases an old account statement might already be enough to guess the right answers. As for customers, answers to security questions are difficult to remember and are one of the main sources of friction when forgotten.

Another security issue which is often forgotten when it comes to helpdesk authentication is the human factor. Employees at helpdesk centers can ask for additional means of authentication if they feel something is off with the customers trying to access sensitive information. However, the support agents themselves can also become victims of social engineering. For instance, agents can be pushed to accept incomplete authentications when faced with sufficient pressure by the attackers.

Save your customers’ time and your business’ money

There are several reasons to invest in alternative solutions to security questions. Firstly, alternative solutions enhance the customer experience when interacting with a support agent. Secondly, they improve the security procedure when verifying the identity of the caller. Thirdly, they increase the efficiency of the helpdesk by providing a streamlined authentication experience based on modern methods compared to a traditional questions and answers game. Finally, there is also a cost benefit. Large banks report that they receive on average between 600 and 850 helpdesk calls per day, with an average call length of 7.25 minutes. Considering such call times, their helpdesk results in over EUR 5 million helpdesk costs per year. If security questions to authenticate the customer take up to a minute to get through, removing this element of the process and thereby reducing the helpdesk call length results in almost EUR 1 million in savings.

By adopting modern authentication methods in helpdesk centers, companies save valuable time and money with every call for both their employees and customers. As a result, customer satisfaction and retention is increased through an efficient and secure authentication process.

Push Authentication as a solid alternative to security questions for helpdesks

Learning from other use cases, there are various alternatives to knowledge-based authentication (KBA). Generally speaking, these can be split into methods of something the user has (such as a hardware token or mobile device) or something the user is (such as biometrics). There are many options that support a safe and convenient customer journey without the traditional, cumbersome security questions. Here is one example of how a simplified user journey could look like:


  1. The customer encounters a problem in the app
  2. The customer calls the helpdesk from the app
  3. A support agent triggers a push notification
  4. The customer receives a push notification on their registered device
  5. The customer unlocks the app using biometrics (first factor)
  6. The customers reads the message “Are you trying to talk to our support staff?” in the app
  7. The customer clicks “Yes” (second factor)
  8. The customer is successfully authenticated with the helpdesk in seconds

This process can of course be customized to the specific requirements of the business. Since the customer should have their phone or device on hand, and there is a two-step verification factor including a biometrics check, the risk of a hacker gaining access to sensitive information is significantly reduced. All the while, time and cost of a helpdesk call is reduced, and customer satisfaction is increased.

Getting ready for the future of helpdesk

Helpdesk is an important factor of a customers’ journey with the company. In a digital world, customer interaction can make or break the relationship a customer has with a business. To create an efficient helpdesk authentication process without compromising on security, changing from KBA to push-based authentication is one of the most simple steps a company can take.

Learn more about Futurae’s Push Authentication solutions. If you have questions or feedback, please let us know.