3rd July 2019

The battle to protect contact centres from fraud

By Grant White

Financial institutions are at the forefront of tackling financial crime. This is not just about limiting financial losses through fraud, but increasingly about protecting consumers, defending your company’s reputation and stopping organised crime. Dealing with less fraud will naturally lead to increased operational efficiency and ultimately customer satisfaction. 

These battles are being fought on multiple fronts in various formats, from installing anti-fraud solutions, respecting financial sanctions, identifying tainted funds to implementing anti-money laundering tactics.

Millions of pounds are invested every year in advanced security solutions to root out fraud. Considering voice is still a key channel for organisations to engage with their customers, it is important to protect the contact centre. We know that protecting contact centres is challenging, especially as implementing technology into contact centres can be complex and therefore extremely slow. Most telecom operators, who have a privileged position in the network and a deep understanding of carrier level signalling, don’t always have the latest anti-fraud solutions to address these challenges so, call centres need to be proactive to keep fraudsters out. Let’s examine existing fraud prevention technology.

The first line of defence, identity and verification (ID&V)

Historically, the first line of contact centre defence has been the identity and verification (ID&V) process. Usually, the caller’s identity is validated by confirming their account number or referring to the caller’s phone number (CLI). Once a caller is successfully identified, they are typically verified using knowledge-based authentication (KBAs). With so many high profile data breaches, the answers to KBAs based on static data is becoming readily available to fraudsters through the dark web and data leaks in the IVR. Additionally, with VoIP technology, it is becoming increasingly simple for fraudsters to spoof their phone number to appear to be a genuine customer. Given these developments, it’s no wonder that the traditional ID&V process is no longer effective.

Using voice biometrics for authenticating callers

With the advances in machine learning in the last five years, voice biometric technology has significantly improved. Financial institutions are now shoring up their verification processes by introducing active or passive voice biometrics for authentication. These solutions involve customers registering their voice print either actively by repeating a phrase like ‘My voice is my password’ or their voice is registered passively during a conversation with the agent. When the customer calls in subsequently, their speech is compared to the stored voiceprint to authenticate them. While machine learning is helping voice biometric companies, the advances have also armed fraudsters technology to generate synthetic voice and clone someone’s voice to fool the same voice biometric systems. Voice biometrics solutions can be expensive to implement, enrolment rates can be low and there is a risk of fraudsters enrolling their own voice against the account by authenticating using stolen static data.

Using voice biometrics to identify fraudsters

Voice biometrics is not just used for identifying genuine customers, it can also be used to identify fraudsters. This is what the industry sometimes refers to as “bad voice” systems. There are black box bad voice systems, which take time to train to become effective. Bad voice systems, where known fraud voiceprints are explicitly fed into the database, tend to be more effective and provide a quicker return on investment.

Using voice biometrics for fraud detection suffers the same challenges as using voice biometrics for authentication, in addition, it doesn’t protect the IVR from data leakage which enables other fraud such as authorised push payment (APP) fraud.

Fraud detection systems

Finally, online fraud detection systems, which are effective at detecting suspicious transactions focus on web and mobile channels so leave the contact centre vulnerable. The most forward-looking financial institutions are already working on strategies to integrate their contact centre with online fraud detection systems. Bringing carrier level telephony events into the online fraud detection systems allows cross-channel fraud to be tackled, the accuracy of the fraud detection system to be improved and the contact centre channel to benefit from the advanced technology provided by the fraud detection system.

Strengthening fraud defences with Smartnumbers

The Smartnumbers service prevents fraud in contact centres by identifying and taking action on suspicious calls before speaking with an agent. By examining the call while it’s in the carrier network and routing suspicious calls to specialist teams, Smartnumbers protects the IVR from fraudsters. 

As an Ofcom regulated UK network provider, the Smartnumbers service has privileged access to information about the call signalling. Combined with Smartnumbers Call DNATM technology, the Smartnumbers service can detect fraudulent behaviour such as if the caller has tried to mask their identity by spoofing their phone number. Additionally, the Smartnumbers consortium blacklist capability highlights incoming calls from fraudsters who have attacked other banks, even if they withhold their phone number.

The Smartnumbers service is already in use by a number of financial institutions to bolster operational resilience and contact centre anti-fraud security. We are also partnering with customers and industry forums like CIFAS and UK Finance to build solutions to tackle other problems, like preventing Authorised Push Payment (APP) fraud and protecting consumers from scams. If you’d like to join these efforts or if you’d like to get a demo, please get in touch.