Preventing fraud across any organisation can feel like an endless exercise – as soon as one control weakness is strengthened, another emerges for fraudsters to abuse. In this article we focus on banking contact centres, exploring why they are still highly vulnerable to fraudulent activity and the tactics used by fraudsters to target them.
Telephone banking in the digital era
Over recent years, the ways in which people are engaging with their financial services providers has changed significantly. Today, remote banking – whether online, via mobile applications or telephone – is the primary way in which customers choose to interact with their banks.
Despite mobile and online banking becoming ever more popular, contact centres remain a vital channel for customer communication, especially amongst certain demographic groups. In addition, we are seeing the rise of omni-channel banking, where customers are using different channels for different purposes. For straightforward transactions, self-service via a seamless customer journey is preferred but when dealing with more complex financial products or situations, people prefer human interaction.
As a result, banking call centres are still an important channel for accessing banking services, and at times of stress or uncertainty, people are more likely to want to speak to a fellow human being Indeed, in the Financial Conduct Authority’s (FCA) 2022 Financial Lives survey, 15% of all adults reported using telephone banking.
Fraud in contact centres
Unfortunately contact centres and telephone banking are also vulnerable to attacks from fraudsters and often security measures are not as robust as those put in place for online channels.
Banking contact centres are particularly vulnerable to two types of fraud – unauthorised remote banking fraud (also known as facility takeover or account takeover fraud) and Authorised Push Payment (APP) fraud. Both APP and account takeover transactions take place across all customer channels, but even for fraud completed in other channels, contact centres are often involved at some stage in the process.
Account takeover fraud
Unauthorised remote banking fraud, also known as account or facility takeover fraud, is defined by Action Fraud as occurring when ‘when a fraudster or computer criminal poses as a genuine customer, gains control of an account and then makes unauthorised transactions’.
According to the CIFAS Fraudscape report, social engineering is a ‘ key enabler of facility takeover as threat actors engineer consumer and contact centre staff to understand the verification process in order to take over accounts.’ The report found that in 2022 26% of facility takeover cases occur through telephony channels and overall most victims are over 41 years.
Authorised Push Payment (APP) fraud
Fraudsters also use contact centres as a means of gaining information to enable them to commit APP fraud. Here, scammers use a range of methods to convince victims to make bank transfers to them, including posing as bank employees. In the first half of 2023, UK Finance found that APP fraud losses had already amounted to £239.3 million, 45% of which originated in the telephony channel.
Scammers use a number of methods to commit APP fraud, including romance scams, CEO fraud and malicious payee fraud. These types of scams can be particularly traumatic for the victims, causing feelings of shame, guilt and embarrassment as well as the financial losses they have incurred. At first glance, APP fraud tactics do not always appear to directly involve telephone banking but fraudsters use contact centres to gain useful insights to allow them to perpetrate APP fraud via other channels. For further information on fraud in banking contact centres and ways to combat it, read the full report here. Or get in touch.
