Managing IVR Monitoring: Balancing Self-Service Risks

Has your organization expanded its contact center to offer more self-service options? Have you also noticed a notable uptick in fraud attacks?

If so, you’re not alone. Organizations across industries are facing a critical challenge: how to enhance customer experience without compromising fraud detection.

As businesses introduce more self-service options to improve accessibility and satisfaction, they’ve also—often unintentionally—opened the door to new fraud risks.

So how are fraudsters adapting so quickly?
It comes down to a familiar investigative framework: means, motive, and opportunity.

While IVRs are designed to deliver fast, convenient access to account information, they often operate in isolation—lacking real-time monitoring and human oversight. This “black box” environment creates the perfect opportunity for fraudsters to gather intelligence undetected.

The risk inside the IVR

Pindrop internal analysis of U.S.-based regional and community banks revealed that 75–80% of total call volume in Q1 2025 occurred within the IVR—meaning only 20–25% of calls were actively handled by a contact center agent and monitored. This limited visibility leaves the vast majority of call traffic vulnerable, which can lead to 4x to 6x of the fraud events going undetected or detected too late in the fraud lifecycle.¹

The problem isn’t the self-service model itself—it’s the combination of easy access to sensitive account details or transaction capabilities and a lack of visibility into how fraudsters interact with the IVR.

Fraudsters are playing the long game

Contrary to common belief, most fraud attacks aren’t impulsive or based on a single suspicious call. They’re the result of multiple IVR interactions—often five or more—spread across several days. This allows fraudsters to first map stolen PII to victims’ accounts through IVR mining and then gather critical account details, such as:

Once enough reconnaissance has been gathered, attackers typically pivot to another channel—such as online or mobile banking—to carry out the actual account takeover (ATO).

One large North American bank found that 70% of fraud activity occurred more than 30 days after the initial IVR call. ² This pattern reveals how fraudsters use the IVR as a stealth reconnaissance tool—not an attack channel.

Key best practices for IVR monitoring and fraud detection

To effectively disrupt stealthy and prolonged fraud attempts, organizations must evolve how they monitor IVR activity—and, more importantly, determine when and how to intervene before attackers pivot to more vulnerable channels.

1. Shift to real-time risk intervention

Relying on next-day or batch reporting is no longer sufficient. Organizations should implement real-time monitoring and intervention within the IVR to help prevent fraudsters from completing reconnaissance or exploiting self-service options.

Real-time actions—such as limiting menu options, restricting access, or escalating to enhanced verification—can actively disrupt suspicious activity as it unfolds, significantly reducing exposure and risk.

2. Use account and call risk intelligence

Leverage solutions that deliver risk scoring at both the call and account levels to assess the likelihood that an account is being targeted. This intelligence should power automated or semi-automated decisions (e.g., block, restrict, or escalate calls) based on high-risk patterns observed in the IVR.

3. Integrate enhanced verification within the IVR

Deploy enhanced verification for high-risk interactions, such as stronger knowledge-based authentication (KBA), SMS one-time passcodes (OTPs), or mobile push authentication. These measures—triggered by behavior, account status, or risk signals—can deter fraudsters and increase drop-off rates for malicious actors.

4. Restrict IVR access and functionality based on risk

For high-risk calls or accounts, limit access to sensitive menu options (e.g., balance or transaction history) or block IVR access entirely. Redirect such calls to secure channels or specialized agent teams for further review.

5. Segment callers and route intelligently

Help ensure that suspicious or high-risk calls are routed to specialized fraud teams—either at IVR exit or earlier, based on risk thresholds. Intelligent routing can improve both risk detection and operational efficiency by avoiding unnecessary escalations.

6. Understand evolving fraud flows and adapt controls

Fraudsters often begin with breached data, validate and enrich it via IVR, and then move to exploit digital or other channels. Controls must address both the reconnaissance and monetization phases. Monitor for coordinated patterns—such as multiple reconnaissance calls over time—to detect and dismantle organized fraud rings before they escalate.

Organizations can operationalize one or many of the above best practices. Oftentimes organizations have multiple operationalization motions in place at the same time, leading to enhanced fraud detection capabilities and helping organizations save between $600K and $4M annually in fraud losses.³