Fraud has been around in one form or another since humans invented the concept of money. When payments shifted into the digital realm with online and mobile channels, fraudsters followed. In response, banks tightened security measures for online and mobile channels, and embraced chip and PIN technology. Their moderate success in thwarting fraud in those channels has simply led crooks to turn their attention elsewhere, to a channel they can still exploit as the weakest link in a bank’s chain of security: call centers.
Dialing down on call center fraud prevalence
In a recent study by Aite, fraudsters have started migrating from card counterfeiting to new application and account take-over fraud. Account take-over fraud is frequently committed by contacting the FI and asking for an address change, new PIN, a new card or similar. One study found about one out of every 2,500 calls to a call center is fraudulent. Although each fraudulent call causes an average loss of just 57 cents, according to the study, potential losses climb with subsequent calls, until losses could balloon to more than $42,000! In total, call center fraud bilks financial institutions of $7 million to $15 million per year, the report author says.
Banks and Credit Unions are particularly susceptible to call center fraud for a number of reasons.
First, everyone in the industry is acutely aware of the potential backlash of appearing impersonal to their account-holders. With the proliferation of digital communications between financial institutions and consumers, it’s more important than ever for financial institutions to excel in their personal interactions, and the call center is the most-used touchpoint of person-to-person communication. The drive to offer a superior, personalized customer experience is strong at every level of the organization, from management right down to the call center operators.
Second, the widespread availability of personal identifying information (PII) on the Internet is, perhaps, the most significant inspiration for fraudsters to attempt to scam phone centers. Huge amounts of PII are readily available online and few consumers are as savvy and vigilant about protecting their personal data as everyone would like. With just a few minutes on a search engine, a smart scammer can come up with just enough information, and the right type of data, to convince an eager-to-please call center representative that they are Joe from Albuquerque looking to transfer a few thousand dollars from account to account.
Hanging up on call center fraud
It’s critical for financial institutions to take action to disconnect fraudsters from this channel. Solutions may include:
- More strenuous and detailed training for call center workers to help them recognize and thwart instances of fraud. The human element — the very factor that makes call center fraud so attractive to crooks — can also be a financial institution’s first and most effective line of defense. For example, education on how to identify people that are attempting to “socially engineer” conversations to get information.
- Implementing authentication technologies that validate the phone number and physical location of the caller, biometric technology that detects altered voices or that can compare a caller’s voice to a database of customer voices.
- Have a clear policy and related system limitations on what can be done real-time from call centers.
- Ask the consumer validate their PIN in the IVR
- Have the caller validate something that the real consumer would have in their possession like the code on back of their card
- Use two-factor authentication by texting/emailing a code to their phone/email, then have them repeat it, to ensure they have access to it
- Ensuring that new cards are not sent to a new address unless validated; a common ploy is to claim they lost their card on vacation and need it sent overnight to a hotel address
- If suspicious, ask questions that only the consumer would know. This could be done with an ID Authentication service or asking about transactions done at your financial institution.
The battle between financial institutions and fraudsters is epic and on-going, and the rise of call center fraud is just the latest salvo in the war. Banks and Credit Unions must take steps to balance the personalized customer care that’s the goal of every call center with the need to protect account-holder’s privacy and financial wellbeing, as well as the bottom line.