Imagine you're a customer trying to resolve an urgent issue over the phone—for example, a bank transaction, an online order, or a technical support request. Before the agent can help, they need to verify your identity. They ask you for your security passcode, which you’ve forgotten. Then come the security questions: your birthday, your last bank transaction, your best friend's name. These questions are easily compromised and create security concerns.
This frustrating experience is all too common across industries. From financial services to retail, organizations face the challenge of verifying customers securely and efficiently for online, over-the-phone, and in-person interactions. That's where CIBA comes in.
In this blog post, we’ll explore how our new Client-Initiated Backchannel Authentication (CIBA) feature, part of Auth0, improves customer authentication for call centers and in-person interactions. CIBA makes authentication faster, more secure, and eliminates the need for outdated PINs or security questions.
Moving Beyond Less Secure Security Questions and OTPs
Call centers are just one out-of-band scenario currently burdened with inconvenient and insecure authentication protocols. Say you’re trying to verify your Identity so you can personalize the settings in your new car, but in order to do so you need to go through a cumbersome process: open the car’s app, scan a QR code, open a browser and log in –all before you can update your personal settings. Or maybe you’re trying to pick up a retail order in person, but in order to do so, you need to authenticate yourself with security questions or personal information. The problem is that these questions are vulnerable to data breaches and phishing attacks (just like passwords) and revealing private information directly to agents creates obvious privacy concerns that customers shouldn’t have to deal with.
Some organizations may try to get around this by using SMS or emailing one-time passwords (OTPs). However, these methods often introduce an additional, cumbersome step into the authentication process and present security challenges. SMS for example is vulnerable to SIM Swapping, which allows attackers to intercept SMS OTPs. Email OTP assumes that the email account is secure, which may not be the case. Plus, both email and SMS OTPs are vulnerable to the typical phishing and social engineering attacks that trick people into compromising their OTP, and they lack biometric authentication methods (e.g. face ID, fingerprint, etc.).
CIBA offers a more consumer-friendly and secure way of authenticating “out-of-band” customers.
CIBA: A Superior Approach to Out-of-Band Authentication
Safe, seamless brand experiences go beyond the login box. They extend to critical customer touchpoints—like when customers seek support over the phone, online, or in person. CIBA empowers businesses to deliver both enhanced security and a smoother user experience, leading to stronger customer satisfaction and better business outcomes. Let’s unpack what CIBA is and how it drives business success:
Client Initiated Backchannel Authentication (CIBA)—also known as a decoupled authentication flow—is a protocol that enables a client application (e.g., call center systems, POS terminals, in-person service tools, or autonomous AI Agents) to initiate the authentication process on behalf of the customer.
Let’s walk through an example workflow.
A user would like to withdraw from their bank and agrees to initiate the CIBA mobile app verification process.
Right away, the user gets a notification on their phone to approve the request and authenticates with biometrics through the app.
Lastly, the user approves the request and seamlessly and securely continues their withdrawal.
Achieving Better Business with CIBA
CIBA improves your business and your customer experience with some great features:
Stronger Security and Privacy
Traditional out-of-band authentication methods, like security questions or email/SMS one-time passwords (OTPs), are insecure and frustrating. CIBA replaces these outdated approaches with secure, seamless in-app biometric authentication (e.g., Face ID or fingerprint). A simple push notification lets customers verify their identity effortlessly with just one tap, without sharing sensitive personal information.
A Financial-Grade Protocol
Trusted by financial institutions, CIBA is a financial-grade protocol that provides stronger safeguards against phishing and data breaches. By securing highly sensitive customer interactions, CIBA acts as a robust fraud prevention tool, protecting both businesses and customers from scams and breaches.
Non-Repudiation for Trust
A CIBA authentication flow with the Guardian mobile SDK supports non-repudiation—so that neither party in a communication can deny their involvement. For example, in a call center scenario, this prevents customers or agents from disputing that certain information was exchanged. Non-repudiation builds trust and ensures authenticity for sensitive interactions.
Enhanced Customer Experience (CX)
CIBA delivers smoother CX with one-tap in-app authentication —no browser redirects. This simple, efficient flow reduces abandonment rates, increases app engagement, and empowers customer-facing teams to drive satisfaction and business growth.
With Auth0 Guardian SDK, you can further enhance CX by customizing every aspect of the CIBA customer journey to reflect your brand and meet unique business needs—creating an experience that’s as secure as it is smooth.
CIBA in Action: Real-World Examples
A decoupled authentication flow leveraging CIBA adds a much-needed security boost to sensitive interactions, all while supporting seamless customer experiences across a number of different scenarios and use cases:
Call center verification. Say you’re a financial services institution, and a customer is calling in to request help with their bank account. Using CIBA, the bank teller can authenticate the customer by sending a push notification to the banking app your customer has installed on their phone. There, they can confirm their identity using the already-enabled biometric sign-in. No more asking customers to share SMS passcodes or make their social security numbers, and (forgotten!) answers to security questions vulnerable by speaking them out loud.
In-person verification. In all kinds of in-person scenarios (e.g., withdrawing money at a bank, checking into a hospital, picking up meds at the pharmacy) CIBA gives employees the option of confirming customers’ Identity in real-time by initiating a push notification sent immediately to their phone. The alternative in these situations is often asking customers to present physical documentation such as utility bills or their driver's licenses––an insecure authentication method that can leave customers vulnerable to fraud if they are stolen or compromised.
Connected device verification. CIBA also allows internet-connected devices to initiate push notifications in IoT scenarios. For example, if a customer is registering a new car and customizing their settings, CIBA lets them kick off this process in an easy, authenticated manner by confirming their Identity through a push sent directly to a consumer app. Not only is this a more secure means of authentication, it also allows customers to avoid clunky options currently on the market, e.g., scanning a QR code that redirects to the app.
POS terminal. In a retail environment that increasingly favors hybrid shopping experiences (e.g. ordering furniture online and picking it up in person) a CIBA flow allows customers to confirm their Identity on-site through self-serve kiosks that initiate a push notification sent to the customer’s phone. This not only keeps the transaction secure, but it also eases any labor constraints retailers might be experiencing by preventing employees from getting roped into the authentication process.
Better security. Better CX. Better business.. CIBA represents a new addition to the security toolbelt for organizations looking for a more secure, more seamless way of authenticating users in call center scenarios and beyond.
Curious about where CIBA can improve your operations––and your bottom line? Schedule a demo with your account rep to see it in action.
