Opinion

From phone calls to online: Preventing fraud across all business channels

5 min read

31 March 2016

Over the past decade, organisations have stepped up their defences against criminal activity. With a commitment to protecting customers and their data, businesses are increasingly improving this line of defence as cyber attacks grow more sophisticated.

It is becoming increasingly clear that this type of criminal activity isn’t limited to a data breach but underpinned by fraudulent activity online. 

In March, the FFA UK observed that online banking fraud had risen by 72 per cent in 2015. It had also reported that five million frauds continue to occur every year across England and Wales, costing the UK around £24bn. 

With so much slipping through the cracks, it is evident that fraudsters aren’t just depending on one channel, but making use of cross channel tactics to commit these crimes.

Reason being that while defences across some channels grow stronger, organisations are increasingly overlooking their most vulnerable line of defence – the phone. The same research from the FFA reported that phone fraud had risen by 92 per cent.

This is only part of the story and frighteningly, not a new one. The extent of fraud on the phone channel has typically been neglected, because to date, it has lacked the same innovation, education and sophistication addressing online fraud. Fraudsters are taking full advantage of this.

When you think about agents in a call centres representing an organisation, they are tasked with one priority – offering an exceptional customer experience. This hinges on the length of call queues and verification and getting customers the money and information they need.

A fraudster knows that identifying and handling suspicious calls is not a core competency for that representative and techniques, such as social engineering, have made it easier to dupe these representatives on the frontline.

Read more on fraud:

Everyone is guilty of sharing too much information about ourselves online, whether this is our mother’s maiden name or date of birth. Fraudsters are using this data to create profiles that spoof agents into thinking they are genuine customers. 

Once on the phone, these attacks can vary between stealing funds via a wire transfer or requesting a replacement card. Alternatively, fraudsters may take several steps to set up a future attack by changing personal details to their own.

Currently, the only clear defence against these fraudsters is the asking of a few personal questions (known as knowledge-based authentication or KBA). If a fraudster can provide that information, the ability to move funds is practically unrestricted.

Technology such as voice biometrics give agents the ability to verify customers but it isn’t enough to arm them to detect fraud, particularly with new callers that have yet to register their voice.

This is why multiple layers of security and authentication is needed to enable organisations to identify attackers in all parts of the phone infrastructure – from live calls to recorded calls, automated answering systems and outbound calling systems.

By using key indicators that allow agents to build verification scores that help identify that a caller is who they say they are, agents will be provided with the confidence needed to move forward with the call in a timely manner. This confidence overrides any gap in core competencies needed to detect fraud.

Phoneprinting technology is fast becoming a new way to detect fraud and authenticate customers. It identifies specific components about each call such as the location a call is coming from, the device, whether it’s a mobile or landline or whether the phone has been used to call the company before. Combined this can aid in detecting fraudulent activity before it becomes an issue.

This quick and confident action is what is missing from the frontline and subsequently phone fraud is resulting in real financial losses for organisations as well as losses in call centre time, expense and incident response. It is also impacting on customer trust, in the same way any online data breach does.

Without the right authentication and fraud detection in place, organisations will continue to get duped, particularly as fraudsters see the opportunity to do so across the phone and online channels.

Of course, sometimes fraud can come within a company – check out the most outrageous business expense claims from across the globe.

Matt Peachey is the VP & GM EMEA at security services firm Pindrop

Image: Shutterstock