by guest blogger Laura Zegar (@laurakzegar)
Phone fraud is rampant in today’s contact centers. Companies are sitting up and paying attention to the advanced techniques that today’s fraudsters use to attack vulnerable contact centers.
Over the past 10-15 years, fraud prevention focused heavily on securing online channels, while contact center phone security took a back seat as customers increasingly turned to the Internet for their transactions. Sophisticated online fraud detection technology developed to minimize risk. Meanwhile, fraudsters watched as online security tightened and began exploiting security holes in contact center technology, authentication practices and social media sites.
Today, an estimated 90% of fraud incidents include at least one contact center interaction.
How does this happen?
Fraudsters employ a host of advanced techniques to commit contact center fraud.
Many pose as customers via “spoofing” by manipulating caller ID to display a customer’s phone number and name to conceal the fraudster’s actual number and identity. Upon calling the contact center, they appear to be the actual customer if the information matches customer records on file. Fraudsters who also successfully authenticate as the customer further avoid detection by presenting no outward indications of fraud when interacting with unsuspecting agents.
Savvy fraudsters also exploit authentication processes and weak agents. Because many legitimate customers fail authentication, contact centers often view this as a standard transaction. By targeting overly helpful agents who aren’t experienced or sharp enough to spot fraud, fraudsters can use traditional knowledge-based authentication questions to reset the customer’s PIN, create a new one, and take over the customer’s account to complete fraudulent transactions.
Often, fraudsters use social media or other websites to compile enough information to impersonate the customer. By gathering data such as date of birth, social security number, phone number, or other publicly available personal details, the fraudster uses it to complete knowledge-based authentication questions and gain access to the customer’s account. If a customer, for example, publicly posts their date of birth, previous cities lived in, phone number, family member names and a photo / name of their dog across various social media sites, the fraudster can eventually gather enough information to successfully answer knowledge-based questions (i.e., pet’s name) to authenticate as the customer.
In response to these increasingly clever techniques, many technologies to thwart contact center fraud have cropped up in recent years.
Anti-spoofing technology sniffs out spoofing attempts by verifying the caller’s geo-location and device type against caller ID and automatic number identification (ANI) information to determine if a fraudster is concealing their identity. The technology can detect if the caller is using a landline, cell phone (including untraceable prepaid phones) or VoIP (Voice over IP) technology such as Skype. Some anti-spoofing technologies also allow customers to place their name, phone number, address and other sensitive information on file across multiple companies using the technology for easier authentication and enhanced anti-spoofing.
If, for example, a fraudster calls from California using a prepaid phone to impersonate a Chicago-based landline customer, anti-spoofing technology will indicate that the caller is not in a Chicago-area geo-location or using a device type consistent with their landline phone number. If the customer’s personal information is on file with the anti-spoofing company, the technology will also determine if the caller’s information does not match.
Voice biometrics is another fast-growing technology in the call center world. Instead of using conventional authentication methods (i.e., PIN, password, SSN or knowledge-based authentication questions), the customer simply authenticates with their voice once the company captures their unique voice sample (either passively during a regular customer interaction or actively by providing a specific voice sample). The customer’s voiceprint may include over 40 voice, speech and language characteristics. Some voice biometrics programs can even determine if the caller’s voice is pre-recorded instead of live – a trick fraudsters often use to bypass the technology.
Analytics also play a key role in contact center fraud prevention. Interaction and speech analytics, for example, identify caller speech and language patterns, phrasing and emotion combined with agent desktop events to detect potentially fraudulent interactions. Context analytics use information also gathered in anti-spoofing technology (caller location, ANI, etc.) and Interactive Voice Response (IVR) events to determine the customer’s overall fraud risk.
Additional tools used to assess fraud risk include case management and real-time agent decision tools. Case management solutions may open investigation tickets after an identified fraud attempt and/or flag suspicious interactions for review/playback to proactively manage suspected or confirmed fraud. Real-time agent decision tools identify suspicious transactions and prompt additional knowledge-based authentication based on the assessed level of fraud risk. The agent might also receive instructions to ask the caller other additional questions, notify a supervisor, and/or transfer the call to a fraud department to complete the interaction.
Individually, the above technologies provide significant fraud and risk reduction; used together, they become a powerful anti-fraud strategy to protect contact centers from many common fraud techniques.
Adoption of fraud technology varies by industry. Banks require stringent anti-fraud measures to protect customers’ financial assets, while a utility company or retailer may employ less protection due to reduced risk.
But regardless of risk, all companies share one common goal when it comes to fraud: Protect both customer and internal company resources.
The following statistics make a startlingly clear case for advanced fraud prevention across industries:
- Once they become fraud victims, 40% of customers churn (leave a company)
- Another 40% reduce their overall dollars spent with the company
- 85% of customers are dissatisfied with traditional authentication processes
Once a customer’s account is compromised, they won’t stick around and risk allowing it to happen a second time. They’ll take their compromised funds or identity to other companies until they find one who protects them. The company’s customer service reputation may falter until their revenue is also seriously compromised.
As fraud techniques become increasingly sophisticated, so must fraud prevention to stay one step ahead of fraudsters. More safeguards in place equal safer customers and companies.
Bottom line: Anti-fraud technology is a win-win solution for everyone…except fraudsters.
Makes quite the case for prevention, doesn’t it?