May 11 – August 31, 2020: The Calm Before the Next Storm
Since the beginning of COVID-19, Next Caller has tracked the call behavior of consumers and fraudsters to help understand the impact of the pandemic on contact centers. From the early waves of urgent, highly-charged calls from consumers to health care companies and financial institutions to the equally overwhelming influx of attacks from opportunistic criminals trying to impersonate them, contact centers across all industries have been put to the test. Our initial reporting showed that behavior by criminals and customers alike was highly correlated to news and events surrounding stimulus checks and loan opportunities. Now, it’s been months since the last checks were delivered and since loan opportunities closed. So, where does it leave us?
Six months after the country first went into lockdown a lot has changed for consumers and businesses. For consumers, the initial panic of facing an unanticipated and unexpected event has subsided thanks to a greater understanding of (or at least familiarity with) the virus and the ways to manage life around it. Similarly for businesses, a reconfiguration of operations and innovative adaptation has allowed many to resume servicing customers–in better and safer ways. However, for both, the impact of COVID-related fraud continues to be pervasive.
A study we recently commissioned to over 1,000 American consumers, as well as data taken from Next Caller’s Fortune 500 clients, suggests that new trouble could be just around the corner.
55% OF AMERICANS BELIEVE THEY’VE BEEN TARGETED BY FRAUD, YET 59% HAVEN’T TAKEN ANY ADDITIONAL PRECAUTIONS
Though the volume of calls from individuals to U.S. businesses has shown a clear ebb and flow throughout the pandemic, consumer anxiety has continued to grow. In our ‘Week 4 and 5’ report, 32% of Americans surveyed believed that they had been targeted by COVID-19 related fraud. By Week 8, 37% of Americans said the same. Fast forward to today, and things are looking much worse. More than half of Americans (55%) say that they believe they’ve been targeted by COVID-related fraud.
This significant jump is concerning in its own right, but it’s arguably more worrisome considering that 59% of Americans say that they have not taken any additional precautions to protect themselves from these attacks. While the reasons given for not taking precautionary measures are logical; ‘not having time’ or ‘having bigger concerns’, additional findings–only half check their accounts for fraud more than once or twice a month–are frightening when weighed against the amount of fraudulent activity taking place. Keeping track of one’s accounts and personal information is one of the simplest yet most effective ways to prevent being victimized. With so many saying that they think they’ve been targeted and are likely still vulnerable, we can assume the dark web is ripe with the sensitive PII needed to silently and effectively fuel countless scams and schemes.
In fact, the early wave of criminal activity so impacted consumers that almost 1 in 3 Americans are more worried about becoming a victim of fraud than they are about contracting the virus.
While it of course represents a minority of survey respondents, it’s stunning to imagine that even in the middle of a global pandemic that has claimed the lives of over 200,000 Americas to date, 1 in 3 worries more about being defrauded. Perhaps the currently precarious financial standing of millions of Americans is in part to blame. Becoming a victim of fraud in the midst of such extreme circumstances would surely be devastating, if not untenable for many. But regardless, it should serve as a blinking red light to every business when it comes to how seriously they prepare for the next several months, which could see another round of stimulus checks that pretell the second series of spikes in calls from consumers and fraudsters.
In addition, aside from acute events that drive people to the phone, the long term fallout from the pandemic is far from over. The unfortunate reality is that as individuals face prolonged stress and financial hardship, there is no reliable indication of what to expect from consumers. What is clear though, is that fraudsters are well prepared to use the fallout to their advantage. In the next section, we’ll discuss what to expect and how to prevent it.
WHERE THE NEXT WAVES WILL COME FROM
Surprisingly, most Next Caller clients experienced a significant decrease in call volume starting in Week 11 (May 18), with many showing call traffic at or even below Pre-COVID levels for most of the last 4 months. Similarly, high-risk call traffic also seems to have returned to normal levels. However, hiding within the data is a trend much less comforting. While overall high-risk traffic is down, some clients face unexplained spikes in high-risk calls on an inconsistent basis from week to week. For example, over the last 4 months, one client saw spikes in high-risk calls top out at a 10% increase in one week, where high-risk calls were otherwise at or below Pre-COVID levels for most other weeks. However, another client weathered a whopping 245% increase during one week, and high-risk calls remained consistently elevated 50% to 90% above Pre-COVID levels since May 11.
So, what does it mean? In short, it’s still too soon to tell. Each industry and even each business within the same industry can experience wildly different call patterns from its customers and the more unpredictable criminal element. For example, banks that participate in the PPP lending program saw spikes in high-risk calls during news announcements of those loans where other financial institutions did not.
What we do know is that while the early months of COVID reveal fraudsters and customers calling in waves that very closely mirrored each other, that is no longer the case. Short bursts of high-risk calls are cropping up out of nowhere, and without a lot of indication as to why. Businesses that were relying on previous traffic patterns to predict the next wave might be caught by surprise with an unexpected influx of criminal activity. Perhaps these blips are driven by fraudsters acting on random one-off schemes, or maybe they are part of elaborate, long-term strategies aimed at working past security measures in phases. Independent from their intent, the important takeaway for businesses is not to be lulled to sleep by any decrease in activity within the phone channel. Many criminals may have laid the groundwork for their plots early in the process and have yet to fully exit the trojan horse.
The good news is that, at least for the moment, the lull in overall call volume means that there is still time to ensure that contact centers have the proper procedures and protocols in place to deal with the next wave of volume spikes. However, with new stimulus proposals being considered in Congress and the results of the 2020 election looming, the clock is ticking.
In our previous Fraud & COVID reports, we also established a clear correlation between economic responses to the crisis and surges in call volume and high-risk calls. As our data showed, there was a direct relationship between stimulus-related news (announcements, the distribution of personal checks, and PPP loans) and spikes in volume and high-risk calls taking place inside the contact centers of some of today’s top financial services and telecommunication brands. A simple equation has emerged: stimulus news and events = contact center chaos. And when chaos ensues, fraudsters always use it as cover for their nefarious activities.
While we learned quite a bit from the first wave of activity, businesses should also prepare for a more sophisticated criminal strategy this time around. Rising reports of fraud activity signal not only that fraudsters are eager to replicate their initial success, but that some of those early schemes may just be getting started. For example, the phony mailing address unceremoniously added to a bank account in April is likely just the trojan horse for a scheme ready to be set in motion under the cover of the next stimulus package.
But, how do we know that there will be chaos simply because of a stimulus? Simple — the data tells us it’s all but inevitable. When asked about their view of the next stimulus checks, “41% of Americans said, “I really need another check”. An additional 53% of Americans say that they have already sought out information related to the next round of checks, further illustrating the urgency around this financial relief.
Specifically for contact centers, a terrifying 7 out of 10 people said that they would, or would likely make phone calls to inquire about the status of their checks. For fraudsters, this provides an enormous amount of opportunity to deploy spoofing and social engineering techniques targeted at contact centers who will undoubtedly be bombarded with urgent customer queries — especially if the dissemination of the next stimulus is as friction-filled as the last.
WHAT BRANDS CAN DO NOW TO PREPARE
At times, the pandemic has revealed a stunning lack of preparedness in the contact center. It is already clear that criminals may be a close second to the virus itself in their test to operational readiness. While there are enterprise-grade solutions that are well-suited to mitigate certain aspects, not all challenges are created equal. Contact center security remains particularly vulnerable because of its inherent weakness: humans. Working from home can present a learning curve for anyone, with new distractions and a blurring of work/home boundaries. But there is less room for error doing business over the phone. To obfuscate the inherent vulnerability and alleviate the strain on agents, many organizations have defaulted to technologies like AI that often end up frustrating consumers more than helping them. Striking a delicate balance is difficult.
This is compounded by the increasing expectations of consumers, 56% of which believe brands are equally responsible for providing flexible and accommodating customer service and protecting personal information and accounts from fraud. While these are reasonable expectations under normal circumstances, today’s environment is anything but normal. When considering the fact that an even greater percentage of consumers say they are not taking steps to protect their own information (59%), fair or not, the onus falls to businesses. In short, customers want their cake and plan on eating it, too. In their weakest moment, consumers expect their experience to be accommodating and free from frustration, while also expecting total protection against fraud. All the while indicating that a lifetime of brand loyalty is at stake.
GREAT EXPECTATIONS: WHICH IS MORE IMPORTANT, CUSTOMER EXPERIENCE OR SECURITY?
Archiving the right balance often falls to contact center agents, who have the power to empathize and accommodate customers and remain vigilant in security practices that help to prevent fraud. However, even under normal circumstances, agents are inclined to rush through security to avoid angering callers and damaging satisfaction scores. With stakes at an all-time high, the pressure ratchets up incalculably and mistakes or lapses are more likely. Even the smallest oversight can lead to massive repercussions. Imagine interrogating a distracted parent with secret password questions to complete a grocery shipment. Or declining a wire transfer to a sick patient in need of life-saving medication because of a forgotten PIN. And yet, each of these scenarios is also a perfect cover for phone fraud.
The good news is that, at least for now, the lull in call volume means there is still time to prepare the entire operation before volumes spike again.
Here’s now to act now:
- Start collecting and analyzing data. Call traffic patterns and caller behavior can quickly identify problems and new opportunities for efficiency. It’s time to become intimately familiar with which metrics you are currently tracking and develop a plan to start tracking new ones.
- Be predictive. Circumstances have changed for everyone and they will continue to evolve. Typical caller behavior at large and on an individual basis is no longer reliable, yet anticipating why someone is calling is a crucial step to increasing self-service and ensuring a good experience. Informing customers of outages, changes, updates, or self-service opportunities early in the call process can translate to big savings and much-needed customer goodwill.
- Start Budgeting. Plans for 2020 went out the window in March. It’s time to adapt. Reprioritizing ways to manage increased calls from consumers while also protecting the security of your contact center should be paramount. Digital channels often receive the most budget attention, but in times of extreme stress and disruption, consumers prefer human interaction over the phone. If the call process is excruciating, it will be on full display.
- ANI Match. Particularly over the phone, less is more. If you can safely match an incoming phone number to a customer account (ANI Match), you avoid delays caused by less secure authentication methods like knowledge-based questions and one-time passcodes. It also translates into a more seamless experience that already-anxious callers will appreciate. ANI Matching is easy to implement, but does require the ability to detect criminal techniques like call spoofing. ANI Validation is a fast and easy way to secure ANI matching.
- Ensure proper agent staffing, training, and equipment. With record unemployment levels and new work from home schedules, calls may not only increase–they will start coming at all hours of the day. Agents should also be up to speed on the latest policies and procedures. Fraudsters take advantage of confusion. Underprepared and overwhelmed agents are a liability that no one can afford. Speaking of which, do your agents normally use multiple programs at once? Consider investing in equipment (like dual monitors) to help them manage the workflow. Agent efficiency translates to smoother, faster, safer calls.