Home

 

Malware. Phishing. DDoS. These terms are well known to any large enterprise today trying to keep their business safe. It may seem there are a series of complexities that play into enterprise security to mitigate cyberattacks. However, one note to remember is that criminals will always seek out the path of least resistance. As more and more companies work to keep their cyber gates closed to threats they may not be focused on other vulnerabilities that are in plain sight.

Enter the call center.

Pindrop’s latest State of Fraud report found fraudsters are using the call center for conducting criminal activity at an alarmingly frequent rate. Call centers receiving as manya 40M calls per year are losing on average more than $25 million annually. The value of this fraud is staggering. When you drill down, one in every 1,700 calls to financial institutions are fraudulent and can be much higher for credit card companies. Yet this is only part of the picture.

There is an unknown cost of fraud - the far reaching effect it has on the customer experience. Particularly when call centers can’t quickly filter fraudulent callers from legitimate ones. In such circumstances, agents spend more time establishing identity before assisting an actual customer, which in turn can end up making genuine customers feel like criminals.

Business and call center leaders must be weary of these three methods fraudsters use to hinder the customer experience and subsequently rob the enterprise of valuable customer resources:

1. The use of voice alerting technology

We’ve seen a number of mainstream banks look at ways to strengthen their phone defenses by implementing voice recognition technology. This step to combat fraud must be welcomed by the industry, but it’s important to note that voice biometrics alone will not be enough to counter the growing fraudulent threat.

Fraudsters have many techniques which help them bypass this level of security. Distortive or synthesized noises, for example, can alter the sound of a voice, making it hard to verify and accurately define calls as fraudulent. For example, when analyzing calls, we’ve put together a list of known fraudsters that regularly target call center centers and coupled them with techniques that are making them successful. At Pindrop, we’ve nicknamed one particular fraudster “Distorted-please” since they rely on voice-distortion technology to leverage their attacks on unbeknownst call center reps.

2. Duping call center agents

Most businesses have been focusing on improving their cyber defenses, as attacks online grow more sophisticated. These breaches are continually hitting the headlines, causing organizations to rethink their defense strategy against fraud. But in doing so, businesses need to recognize their most vulnerable channel – the phone.

Fraudsters are typically professional social engineers and experts at manipulating people. When speaking to a call center representative, whose objective is to rightfully prioritize being helpful and dealing with customers in a timely manner, a criminal knows that identifying and handling suspicious calls is not their core competency. Criminals are taking advantage of call center workers eagerness to delight customers and using it to gain the information needed to attack businesses.

3. Fraudster ability to pass as knowledge-based authentication

Call centers do give their reps a number of personal questions or KBAs to ask and determine whether a caller is legitimate or fraudulent. It is well-known to fraudsters though and they can easily bypass these questions. If they can provide that basic information, the ability to move funds is practically unrestricted.

These details are becoming increasingly easy to access via the dark web or through social media and leaves organizations exposed to two things – the risk of transferring funds to a criminal in an attempt to deliver on a great customer experience or alternatively, treating a genuine customer like a fraudster and impacting on their customer experience. It’s a Catch 22.

Security teams can take back control by making the call center a priority in their larger security strategy. Businesses combating fraud across all channels need to ensure their multiple layers of defense include phoneprinting™ technology that identifies specific components about each call. Getting as detailed the original locating of a call, the device in use, and whether the phone was used to call the company. These pieces of intelligence may seem small but they are the details that aid in detecting fraudulent activity before it becomes a bigger issue and ensures your real customers receive an excellent experience.

Ultimately, the call center and the overall company will thwart attacks and remain steps ahead of fraudsters, reducing financial losses and maintaining the trust of their customers and their reputation.