Escalating fraud driven by technology and transaction focused reporting means organisations are missing critical fraud prevention insight
For Immediate Release
4th December 2024 – London, UK – Smartnumbers, the organisation that fights fraud by protecting contact centres, has today released the findings of a survey of 250 senior fraud professionals across the UK’s financial services, travel, retail and internet/mobile providers that seeks to understand the scale of fraudulent activity in their organisations and their fraud prevention approaches.
The research reveals companies across ALL surveyed sectors are seeing high levels of fraudulent activity in their online (90%), mobile app (89%), AI chat (89%), call centre IVR (90%) and call centre agent (87% ) channels, which suggests fraudsters are targeting consumers across the board.
UK Finance, the trade association for the banking and financial services sector, reports that the amount stolen through fraud in the UK in 2023 was £1.17 billion. Yet while fraud continues to be recognised at the point of financial loss, organisations are missing critical early signs of fraud that often start with a call to the contact centre.
Smartnumbers’ in-house data shows that 28% of fraudulent activity flagged by our customers is due to fraudsters attempting to validate or steal more customer data, while 59% relates to fraud ‘set-up’ activity, such as suppressing account notifications. A focus on preventing this kind of data leakage is key to avoiding larger financial losses overall.
Survey findings
Fraudulent activity in contact centres across all sectors
Senior counter-fraud professionals report widespread awareness of fraudulent activity in contact centres. Asked about the levels of activity they see in their contact centres, ‘extremely high’ levels were reported as follows (combined ‘extremely high’ and ‘fairly high’ figures in brackets):
- Fraudulent activity in the IVR (interactive voice response) channel across all sectors – 51% (90%)
- Fraudulent activity in the IVR channel by sector: financial services – 48% (91%); IT/telecoms – 37%% (83%); retail – 53% (89%); travel 66% (97%)
- Fraudulent activity when speaking with contact centre agents across all sectors – 47% (87%)
- Fraudulent activity when speaking with contact centre agents by sector: financial services – 37% (84%); IT/telecoms 49% (81%); retail 48% (90%); travel 55% (92%)
Matthew Addison, Smartnumbers chief revenue officer: The awareness of vulnerabilities within contact centres across multiple sectors is a particularly interesting part of the survey results. The focus now needs to shift to data loss to avoid financial loss down the line.
Tim Burton, Smartnumbers chief product and success officer: Fraudsters are constantly looking for softer targets in sectors like retail or airlines, where they can conduct last-minute attacks such as fraudulent ticket purchases.
Humans are an easy target
Human vulnerabilities are easy to exploit in the contact centre and this was clear in the survey results. When asked to indicate the most common fraudster tactics, the top two reported were as follows (sector split in brackets):
- Fraudster impersonating customer: social engineering of contact centre agents to reveal personal information about customers such as account information or answers to security questions – 40% all sectors (financial services 46%; IT/telecoms 46%; retail 32%; travel 37%)
- Fraudsters using voice changers/disguising their voice – 32% all sectors ( financial services 37%; IT/telecoms 29%; retail 27%; travel 36%)
Agents are trained to be helpful and they’re under time pressure, which means they might unwittingly overlook security rules for a fraudster who they think is a genuine customer with a difficult problem.
Beware the bots
Yet human-to-human fraud, with call recording, is relatively easy to track and understand – so it’s unsurprising that this is widely recognised and scores highly. But as a tactic it’s not scalable. It’s the activity we can’t see that we should be scared of.
Fraudsters are turning to automation technology such as bots to increase the speed and volume of their activity and they are targeting the IVR systems to gather data. It’s this that companies need to be aware of and track.
Matthew Addison comments: Fraudsters exploit the IVR by making numerous attempts to extract or validate information [using bots], a process that can take multiple calls before they get what they need. This activity is often invisible to businesses.
Current fraud prevention gaps
Many companies still take a reactive approach to fraud. When asked which measures are already in place, fewer than half of those surveyed have automated fraud-detection methods in place that would indicate a preventative approach:
- Flagging incoming calls from denylisted numbers – 44%
- Flagging incoming calls because of unusual behaviour, such as making multiple calls in quick succession – 39%
- Flagging incoming calls to the contact centre from withheld numbers – 42%
- Access to shared intelligence on denylisted numbers from other organisations – 44%
- Access to other fraudster details logged by other organisations – 37%
Tim Burton comments: Fraud signals – such as multiple calls within a short time – should be fed into overall fraud-prevention strategies because they’re signs of reconnaissance or data acquisition. But this data is not always shared or linked to the downstream fraud that occurs later in other channels.
Missed opportunities for data sharing
Data sharing is key because fraudsters commonly exploit weaknesses in one organisation or channel to gather the data needed to attack another, better-protected target. Fraud threatens entire sectors, not just a few companies.
- 94% of businesses share some form of fraud data internally, but only half have formal processes for this.
- Externally, there is a hesitancy to share fraud intelligence – because of fears about data quality, giving away a competitive advantage or concerns about perception.
Matthew Addison comments: Sharing should be easy and standard practice, because insights about fraudsters’ activities and behaviour patterns could make everyone safer. For example, if company A shares fraud intelligence that helps company B to strengthen its defences, then both companies might be more secure.
Moving beyond financial loss
Without proactive prevention measures, including solutions to automate detection and prevent early stage activity in the contact centre, fraud will continue to cost the economy billions in stolen revenue. But focusing on the financial loss alone can only take us so far. Counter-fraud teams, across all sectors, must prioritise the protection of customer data to make it harder for criminals to exploit such a vital resource.
About Smartnumbers
We help companies in the fight against fraud. Our solutions help protect organisations from downstream fraud by ensuring the contact centre stays secure.
Our cloud-based AI-powered platform – Smartnumbers Protect – analyses call signalling data, caller behaviour and data on known fraudsters shared by our customers to assign a risk rating to incoming calls. This helps contact centres prevent downstream fraud and improve customer experience for genuine callers.
Through the Smartnumbers Consortium, our community of customers and partners share intelligence in real time on the fraudsters they know. Organisations are also able to connect and collaborate through Smartnumbers Consortium events.
