Fraudsters find call centers attractive targets during and after COVID-19
Financial services organizations said concerns about fraud originating from call centers ticked up last year, as fraudsters used pandemic to exploit vulnerabilities.
Call center operations experienced added complexity last year, as the pandemic changed the way business got done. While inbound call volumes and complexity have increased during the past year, so have fraudulent calls seeking to take advantage of the disruption and high emotions of the pandemic, according to a white paper produced by Neustar.
According to the report, contact center fraud was up 40 percent last year, with account takeover attempts becoming increasingly prevalent. Nearly two-thirds of financial services organizations said they were concerned about fraud originating from contact centers. Concerns about call center fraud were on par with website-originated fraud last year, a change from prior years when websites took more of the blame, the report said.
The contact center is often a first stop for fraudsters on their way to exploiting digital channels. Once they gain access to a victim’s account via a phone call, they can then change online passwords or phone numbers associated with the account.
Neustar said fraudsters are attracted to call centers to carry out fraud because call center agents are highly vulnerable to social engineering and are more easily manipulated into granting access to an account. This dynamic was exacerbated last year as many agents worked from home with associated disruptions and were sympathetic to an increased level of anxiety among callers.
As such, there is an overwhelming preference to keep the authentication process out of the hands of human agents, the report found. Instead, respondents prefer pre-answer authentication or interactive voice response (IVR) systems to verify callers. Minimizing agent involvement in authentication mitigates the risk of fraud and decreases call handle times, said Neustar.
To combat call fraud and account takeover attempts, call centers must be able to detect two kinds of fraudulent activity: call spoofing to impersonate customers and the use of virtual call centers to launch anonymous attacks.
Fraudsters can manipulate call signaling (SIP) data that many spoof detection approaches rely on to make their calls indistinguishable from actual calls. As such, many call centers perpetually treat all calls with a certain level of caution, which can make interactions with trusted customers more difficult.
In addition, assessments of call signaling data are powerless against fraud that originates through virtual call services such as Google Voice, Pinger or Text Now, said the report.
It is much easier for fraudsters to reach a call center with a virtual service than it is to engineer a call that can beat spoof detection tools because their signaling data and call certificates appear correct.
Using a virtual call, fraudsters first reach an agent from a legitimate number unrelated to the customer’s record and then attempt to socially engineer the agent into granting access to the customer’s account. Virtual calls represent about 2 percent of call volume today, said the report.
The STIR/SHAKEN protocol, which went into effect June 30, helps digitally authenticate phone numbers from incoming calls to combat illegal spoofing. While many enterprises have been focused on making sure their outbound calls comply with the protocol, call centers also may begin incorporating STIR/SHAKEN information in their analytics platforms to help identify spoofed calls.
As this data source grows, call centers can use the information to help identify which calls should receive more scrutiny from agents because they are more likely to be from a fraudster.
Fraud-detection technologies can provide a variety of benefits for inbound call centers, according to respondents to the study. These include minimizing false positives, leveraging widespread data to identify attacks, alerting to first-time and unfamiliar attacks, and providing a risk signal before a call is answered so suspicious calls can be routed to agents with more fraud prevention training.
Kristen Beckman is a freelance writer based in Colorado. She previously was a writer and editor for ALM’s Retirement Advisor magazine and LifeHealthPro online channel. She also was a reporter for Business Insurance magazine covering workers compensation topics. Kristen graduated from the University of Missouri with a degree in journalism.
READ MORE: