Every week, I speak with leaders in financial services who are confident in their fraud prevention systems. Until we talk about the support desk.
Not the perimeter. Not the firewall. Not the encryption layers. The support desk.
That’s where uncertainty starts to creep in, and the consequences are often underestimated.
The assumption is that a person calling in with the right name, date of birth and maybe ZIP Code, is who they say they are. Maybe you're using voice authentication as well, and you presume that if the voice matches, it must be them. But in 2025, these are no longer reasonable assumptions. Anyone who’s ever had their personal data leaked, which now includes most of us to one extent or another, understands that static identity markers are no longer private. And with generative AI, even the voice on the phone can no longer be trusted.
The Human Element in a Post-Voice World
I’m not saying this to stir alarm. I’m saying it because it’s what we’re seeing in the field. In our work with financial institutions, we’ve observed attackers who sounded indistinguishable from their target. Same cadence. Same phrasing. Same personal details. They knew the spouse’s name. They had every “correct” answer.
The frontline staff followed protocol. They asked the right questions and yet the attacker still gained access.
It’s time we reassess how identity is verified in customer support. Not just to prevent fraud, but to protect the people on the front lines who are being asked to make impossible judgment calls. Deciding whether someone’s voice is real or synthetic is not a skill we should expect from a support rep. That’s not a fair ask. It’s a point of failure waiting to happen.
Fixing What We’ve Normalized
And the risks extend well beyond voice. Every day, customers send sensitive documents, such as bank statements, tax returns, mortgage files, personal IDs, often sent through email or unsecured portals. Support teams, trying to be efficient, forward those files internally or store them in inboxes that rarely get cleaned up. These are vulnerabilities we’ve normalized. But we shouldn’t have.
There are more reliable, less burdensome ways to manage identity and information exchange. Workflows that authenticate a user before a support interaction even begins. That provide a secure path for documents to be shared without being permanently stored. That vanish the moment they’re no longer needed.
This doesn’t require a reinvention of infrastructure. Just a reframing of responsibility. Give your teams tools that eliminate ambiguity. Let them focus on helping customers instead of evaluating threats. Let them communicate securely without carrying the liability of data retention.
The systems we build should support both safety and simplicity. That’s the balance we’ve been chasing, and in many cases, missing.
Trust is the foundation of financial services. But trust without a reliable mechanism to verify identity is no longer trust. It’s guesswork. And it’s not sustainable.
This shift is overdue. And it’s one I believe the industry is finally ready for.
– Gene
Co-Founder, Traceless