Fraudsters use a variety of sophisticated techniques to exploit vulnerabilities in contact centres and gain access to either bank accounts or vital security information to allow them to illegally obtain funds. More on this in our blog, How do they do it? Three key fraudster tactics.
Banks must ensure they have the right defences in place to protect their customers. Given the variety and complexity of the tactics that fraudsters use, there is no single solution for preventing contact centre fraud. Instead, banks should be thinking about a layered approach to security including the following methods:
1. Customer authentication via IVR
This works by associating a customer’s telephone number with their bank account to allow automated checking via the IVR. Each time a customer calls the contact centre, their number will be matched to verify that it is actually the account holder who is calling. This method of authentication is not immune to masking or spoofing by fraudsters, so on its own, it will not be sufficient to deter or prevent attacks. But it is a good start.
2. Knowledge based authentication (KBA) methods
Another layer of protection can be applied by making use of information that only the account holder knows. This is known as knowledge based authentication and includes security questions, such as the name of your first pet or mother’s maiden name. But it is important to remember that scammers have become very adept at data harvesting using techniques such as quizzes on social media to identify possible answers or social engineering techniques to convince CSRs to bypass these controls.
3. Voice biometrics
Like fingerprints, our voices have a unique pattern and voice biometrics use this to validate a customer’s identity. Voice biometrics add another layer of defence—like other methods, they are completely immune from being manipulated by scammers. Techniques such as mimicry, voice synthesis and even DeepFakes can fool voice biometric authentication systems.
4. Training for customer service representatives
Each CSR should be provided with training to help them spot social engineering attempts and arm them with the confidence and responses to avoid breaching security controls. This training is important not least because contact centre agents’ instincts are to ‘put the customer first’ and provide the best customer service, and it can sometimes be difficult for them to resist the pressure when they are being targeted by a skilled scammer.
5. Smartmumbers Protect – front line defence
The above solutions mitigate attacks once the call has entered the contact centre environment. But what if an additional layer could be implemented before calls enter the IVR system or are put through to a call centre agent? This is where technologies such as Smartnumbers Protect can help. By analysing calls before they are answered, the fraud risk associated with those calls can be identified and calls routed appropriately. Suspicious calls can then be sent for further investigation, while the authentication of legitimate calls can be streamlined and levels of customer service improved.
By heading fraudsters off at the pass, using technology which is difficult for fraudsters to manipulate, Smartnumbers adds a much-needed first line of defence and bolsters other fraud prevention techniques, without impacting customer experience.
For further details on Smartnumbers Protect, read the brochure.