Authenticating User Profile Information Changes | GLBA Compliance
As more users take advantage of online services, online properties must be more cautious when allowing users to edit and modify the contact information in their user profile.
A decade ago, criminals would call customer service centers for banks, trading firms and credit card firms claiming they had moved and needed to change the address or phone number associated with an account. This "pretext calling" as it was dubbed was a precursor to identity theft and account hijacking.
The problem was serious enough for the U.S. Legislature to take action in the form of the Gramm Leach Bliley Act (GLBA) which included directives to the FDIC to issue guidance to help prevent the problem.
Essentially, financial institutions would be required to verify and authenticate requests for changes to user names, addresses or telephone numbers. One of the verification processes specifically cited was telephoning the end user to confirm the change at a trusted telephone number.
Authentify's services are frequently used in this fashion to validate self-service changes to user profile information. Typically a user logs on to an account in their normal fashion. Upon making modifications to name, address or other critical account information, the Web site displays a page informing the user that to finalize these changes, they must accept a phone call at a telephone number "of record" for the account.
Only if the end user successfully answers the call and confirms their intentions, the changes to the user profile information will be finalized.
Note: Authentify has analytical tools to help determine phone billing information, telephone line types, geographic information and other data to help raise the trust level of a telephone number.