The fraud landscape is a complex one, and the criminals who run these schemes have a wide variety of ruses to choose from. Which one a fraudster selects for a given attack can depend upon the target, the end goal, and the criminal’s particular talents.
Almost all of these scams involve some form of social engineering, which has become the key skill for fraudsters in today’s environment. That skill is especially important when it comes to phone fraud schemes, which depend solely on the fraudster’s ability to be convincing on the phone. By targeting contact centers, phone fraud groups sometimes are simply gathering information to use in other schemes, but in other cases they’re attempting to initiate fraudulent transactions on victims’ accounts.
Initiating transactions through the contact center is a risky proposition for financial institutions. The employees who interact with customers (and fraudsters) in the contact center are trained to provide customer service and also typically receive some training in identifying fraud attempts. But they’re not fraud or risk experts and so there are a significant number of financial institutions that don’t allow customers to initiate transactions in their contact centers.
But for those banks that do allow those transactions, it’s difficult path to navigate, and the potential for fraud is high. Of the executives at these financial institutions, transactional fraud in the contact center is a critical issue for 11 percent of them. Another 39 percent of executives say it’s a major issue for them, according to new data from the Aite Group. One of the things that’s standing in the way of more banks allowing customers to initiate transactions through the contact center is the inability to positively identify them over the phone.
“Executives at FIs (financial institutions) that do not currently allow transactions to be initiated in contact centers state that their FIs would allow more activity if customers could be better authenticated in contact centers,” the Aite Group report says.
Authenticating customers over the phone is one of the more difficult security problems that banks and other financial institutions face. Most banks will log a customer’s known home and mobile numbers and use those as initial authenticators. But caller ID spoofing software makes this system simple to defeat. Voice biometrics can add another layer of authentication, although voice distortion apps can bypass that, as well.
Technology such as phoneprinting can pick up where these systems leave off. Rather than simply identifying a phone number or a voice, phoneprinting pulls together a caller’s device, voice characteristics, and many other attributes and ties them to a specific identifier. It prevents fraudsters from using a stolen device or spoofing software or other popular techniques to impersonate a customer.
With better authentication in the contact center, financial institutions would have the ability to allow customers to initiate transactions over the phone, providing better service while reducing risk at the same time.
Image: Taxcredits.net, CC By license.