What how many questions do you need to ask to complete 'low risk' personal authentication and what are they?
3 questions;
Name
DOB
1 additional question (3a)
What information do you need to get from the customer when answering "recent transaction:
how the transaction was made - transfer in IB, withdrawal at ATM, BPAY at a post office
amount - -/+ 50
who it went to - reference/merchant name
DR - always customer initiated
not an a statement yet
Is not a purchase authorisation or outstanding transaction.
How many times, in what timeframe can a customer fail auth over the phone?
Can fail auth twice in a fortnight
What are the 2 questions you ask before sending a code?
Name & DOB
5 questions
Name
DOB
3A
4A
5A
Are you able to accept answers from accounts that have a T (third party) and a Y(signatory) next to them?
No, you are only able to accept answers from O, P & S
What must you advise before completing outbound authentication?
"This call will be recorded and may be used for quality, training and identification purposes."
What next steps can you advise your customer to take after failing at the allowed amount of auth attempts?
Help them find their nearest NAB branch, and advised them they'll need to take photo ID with them.
If your customer is unable to receive the sms code after you have sent them a code twice, what must you do?
proceed to complete high risk manual authentication.
Why don't we ask for a last deposit amount?
Because anyone can transfer money into someone's account and is too easy for a fraudster to know
What details do you need to get from your customer to accept an answer for 'another party'
full name of joint party and the type account that is joint
is outbound auth a HR type or LR type of auth?
it' only LR, if the enquiry turns into a HR you need to complete HR auth (exclu Sms auth)
What steps do you take to record a failed auth?
Following ticking the questions you have attempted to ask, in the Authentication screen in the bottom window, click Fail. A red flag displays in the Authentication window
Leave a clear Siebel activity around why the customer failed auth.
When aren't you able to SMS auth a customer? list 3
What do you need to get from the customer to be able to accept an answer for regular payments
If you become suspicious of a customer’s behaviour or transaction patterns (with no concerns over the customers identity), what much you submit?
An Unusual Activity Report (UAR).
What do you do if you feel unsure or suspicious of a customer where you have only outbound authenticated them?
You can authenticate using the inbound auth method
List 3 tell-tale signs may be displayed by fraudsters over the phone claiming to be NAB customers?
Vocal or Audio cues - muffled, difficult to understand, hear another person in the background giving answers, age may not match voice tone
Financial cues - large transactions going in and out without a ongoing salary
Behavioural cues - customer wanting something that doesn't match their usual activity
Reliance on documentation
High risk country whisper from IVR
Private or unusual numbers
Diversion tactics - avoiding directly answering questions you are asking
Failed Authentication or Repeated Call-backs
External Support Services - National Relay Service or external interpreter service
Lost or Stolen Cards
Phishing or Compromised NINs
Can you customers be sms authed if they have no NABID or accounts on their profile. If so, how would you do it?
Click New Customer in IBADMIN.
In the Mobile Number field, type a mobile number from Siebel/eBOBS.
Click Challenge Number. The verification number displays in a message on the top right corner of the screen.
When asking for a recent transaction what type of transaction types can we accept?
The customer manually initiated (such as a funds transfer, bill payment, credit card purchase)
Name 2 reasons to why you would move to a B question during authentication?
Only move to the B (or C) question if:
When are you able to use an alternative number that isn't on the customer's profile and outbound auth them?
Only use an alternative number the customer has provided if the customer was authenticated on the call where they provided the number.
If you have received a call where you suspect you are speaking to a fraudster, what must you do?
Complete DFAS Notification eForm and select Suspected ID takeover as the fraud type. You must also follow the failed authentication process.
What do you do if the code doesn't match after you have gotten your customer to repeat the code back to you?
If the codes still do not match Record a failed authentication attempt.
When asking if there is another party on an joint account, what must we confirm with the customer?