It is becoming increasingly clear that this type of criminal activity isn’t limited to a data breach but underpinned by fraudulent activity online.
In March, the FFA UK observed that online banking fraud had risen by 72 per cent in 2015. It had also reported that five million frauds continue to occur every year across England and Wales, costing the UK around £24bn. With so much slipping through the cracks, it is evident that fraudsters aren’t just depending on one channel, but making use of cross channel tactics to commit these crimes. Reason being that while defences across some channels grow stronger, organisations are increasingly overlooking their most vulnerable line of defence – the phone. The same research from the FFA reported that phone fraud had risen by 92 per cent. This is only part of the story and frighteningly, not a new one. The extent of fraud on the phone channel has typically been neglected, because to date, it has lacked the same innovation, education and sophistication addressing online fraud. Fraudsters are taking full advantage of this. When you think about agents in a call centres representing an organisation, they are tasked with one priority – offering an exceptional customer experience. This hinges on the length of call queues and verification and getting customers the money and information they need. A fraudster knows that identifying and handling suspicious calls is not a core competency for that representative and techniques, such as social engineering, have made it easier to dupe these representatives on the frontline.
Everyone is guilty of sharing too much information about ourselves online, whether this is our mother’s maiden name or date of birth. Fraudsters are using this data to create profiles that spoof agents into thinking they are genuine customers. Once on the phone, these attacks can vary between stealing funds via a wire transfer or requesting a replacement card. Alternatively, fraudsters may take several steps to set up a future attack by changing personal details to their own. Currently, the only clear defence against these fraudsters is the asking of a few personal questions (known as knowledge-based authentication or KBA). If a fraudster can provide that information, the ability to move funds is practically unrestricted. Technology such as voice biometrics give agents the ability to verify customers but it isn’t enough to arm them to detect fraud, particularly with new callers that have yet to register their voice. This is why multiple layers of security and authentication is needed to enable organisations to identify attackers in all parts of the phone infrastructure – from live calls to recorded calls, automated answering systems and outbound calling systems. By using key indicators that allow agents to build verification scores that help identify that a caller is who they say they are, agents will be provided with the confidence needed to move forward with the call in a timely manner. This confidence overrides any gap in core competencies needed to detect fraud. Phoneprinting technology is fast becoming a new way to detect fraud and authenticate customers. It identifies specific components about each call such as the location a call is coming from, the device, whether it’s a mobile or landline or whether the phone has been used to call the company before. Combined this can aid in detecting fraudulent activity before it becomes an issue. This quick and confident action is what is missing from the frontline and subsequently phone fraud is resulting in real financial losses for organisations as well as losses in call centre time, expense and incident response. It is also impacting on customer trust, in the same way any online data breach does. Without the right authentication and fraud detection in place, organisations will continue to get duped, particularly as fraudsters see the opportunity to do so across the phone and online channels.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.