As much as 61% of all fraud that occurs in the U.S. is actually traceable back to call centers. Gaps in proper verification methods for inquiring customers can make call centers a fertile space for fraud to take root and wreak havoc. In fact, call center losses have continued to increase from $393M in 2015 to $775M in 2020.
Stopping such a sudden influx of fraudulent calls from overrunning a mission-critical call center starts with understanding how it happens in the first place.
How Fraud Happens in Call Centers
Call center fraud takes on many forms, depending mostly on intent. The following fraudulent schemes are among the most common and they all revolve around tricking agents into revealing valuable information or altering an account:
Achieving a full account takeover tends to be the endgame for many fraudsters when they call contact centers. To do this, they may ask for account details to be altered or engage in “social engineering” (a variety of manipulative actions) to move agents to make spur-of-the-moment decisions. For instance, a simple social engineering tactic called the “mumble technique” allows some attackers to get through security barriers by intentionally mispronouncing answers to personal questions.
In some cases, simply being added to a user’s account can grant attackers enough leeway to get what they want. This form of fraud can be particularly tricky to rectify after it has occurred, leading to lengthy resolution times and high costs. In 2017, such scenarios took up to 15 hours to resolve on average.
By leveraging breached information obtained on the dark web, attackers can impersonate unsuspecting victims more effectively. If they have enough information to convince call center agents that they are who they say they are, they could be able to seize control of their victim’s account, funds, etc. with little difficulty.
Alternatively, attackers may use stolen information to convince agents to give them additional information for use elsewhere.
Where it goes wrong
Call centers of all kinds can fall short when it comes to security, giving potential fraudsters an easy opening to commit their crimes. Even call centers with proven security methods in place can be vulnerable if those methods are misused, inconsistently enforced, or misunderstood by agents in practice.
The following mistakes are common but devastating when taken advantage of by criminal callers:
1. Relying on KBA Questions
Although KBA questions can come in handy to help bar criminals from gaining instant access to a user’s information and account capabilities, they can also be deduced quite easily by persistent attackers.
A Google search can often yield reasonable answers for common KBA questions such as the following:
What area code is associated with your account?
What state was your SSN issued in?
What is your exact address?
Relying on KBA alone can open your business and customers up to a lot of threats, including full account takeovers.
2. General System Susceptibility
Despite geolocation, phone numbers, and device fingerprinting fraudsters can find their way into their victims’ accounts. By spoofing their IP location, caller ID, etc. even automated security systems can have a hard time catching malicious callers.
3. Little to No Person/Account Matching
Without matching a person to the account they have access to, businesses of all kinds can never truly be sure their customers are who they say they are.
As fraud tactics take on complex new forms, the need to tie a person’s online presence to their physical identity grows. For call centers, this is especially important, though difficult to do without the right tooling.
How To Protect Your Call Center
Call centers absolutely need efficient verification methods for customer identity validation to ensure the utmost security standards are upheld at all times. However, implementing a solution safe enough to protect both customers and the call center itself often implies introducing significant friction for both parties in the process.
Intellicheck’s solutions can fit neatly into your call center’s existing workflow, adapting to the hardware and system architecture you already have in place to provide seamless fraud protection. On top of this, Intellicheck runs in seconds, granting access to genuine users with 99 percent accuracy without turning them away in frustration.
With Intellicheck, users’ documents can be scanned deeply and thoroughly to match text, barcode data, and images with those on official records, ensuring they are exactly who they say they are. Photo identification capabilities go beyond mere image cross-referencing with Intellicheck as well, with pictures being parsed for perceived liveness to ensure they are real. To take a proactive approach to call center fraud, call on Intellicheck.