As the contactless economy evolves from necessity to preferred – the lines between fraud attacks have been blurred. Increasingly criminals have begin stitching together information from social media and professional networks to target consumers and your employees. Staggering rises in call volumes have helped to hide network vulnerabilities originating from unmonitored customer service tools like the IVR. IVRs that are leaking data are being leveraged to develop new attacks and network threats. Organizations concerned with the reduction of fraud loss and exposure should begin looking outside of traditional network concerns and into their contact centers’ IVRs.
Pindrop has organized a collection of tools, assets, and other resources to aid contact center leaders in their race to optimize operational costs, improve customer experience, and improve security measures, as organizations restructure and prepare for the road ahead. You can explore the tool kit on this page linearly or choose the section you need:
“The fraudster’s greatest liability is the certainty that the fraud is too clever to be detected.” – Louis J. Freeh Former U.S. F.B.I Director
- The IVR Experience – CX Essential or Network Vulnerability?
- Network Threats in an IVR: IVR Fraud Defined
- Network Threats in an IVR – What Does It Look Like?
- 3 Benefits of Fighting Fraud in The IVR- Beyond Cost Savings
- Best Practices For Employing Network Security IVR Monitoring For The IVR
- Going Forward The Future of IVR Security
The IVR Experience – CX Essential or Network Vulnerability?Traditional Contact center IVR security solutions are employed to reduce costs surrounding fraud targeted at your contact center. However, with the evolution of fraud tactics and the expansion of the attack surface due to a focus on the phone channel as a vector, IVR security technologies are being expanded with capabilities to help identify fraud loss across channels, accounts, and time in advance of the actual occurrence. On this page you will find a comprehensive toolkit complete with IVR security resources you can use to protect your consumer’s data inside and outside of the contact center.
The IVR Experience: CX EssentialKnown IVR best practices focus on customer experience and increasing call capacity through the implementation of IVR design, conversion, and self-service tools. The capabilities these technologies add are meant to improve customer effort scores and improve value but in 2020 the IVR is now a testing ground for fraud tactics and an unmonitored channel for data validation. Though customer experience is regarded as the primary focus of IVR implementation, the focus for security and fraud professionals concerning the IVR- should be the vulnerabilities that exist within it and the opportunities it provides for future fraud loss.
The IVR Experience: Network VulnerabilitiesCriminals use the IVR to validate data, these data reconnaissance activities don’t look like account takeover or other fraudulent activities. Instead, network threats originating in the IVR and later resulting in fraud, often look like innocuous low-risk transactions or nothing at all. This is because IVR Fraud is about information mining- not your typical network threat, these “fraud anomaly” look like genuine query, this is not an intrusion but reconnaissance. Fraudsters use the IVR to gather and validate information, as you would on a search engine- turning your CRM into a free-entry amusement park for cheats. Unmonitored IVRs are security gaps that provide the perfect cover fraudsters need to test passwords, query account statuses and optimize their strategies for social engineering scams later.
Network Threats in an IVR: IVR Fraud DefinedIVR Fraud is defined as fraudulent activity or activities leading to fraudulent activity that occurs within an interactive voice response system, or IVR. Fraudsters exploit IVRs to surveil accounts and to operationalize their fraud and planning tactics. Low monitoring rates in the IVR has allowed fraudsters to build up formidable attacks by first mining and validating customer information and then using the verified data to execute social engineering attacks against customer service agents or fraudulent activity across other channels like chat and email. Highly trained and organized, professional fraudsters can manipulate even seasoned agents into taking over accounts. Protecting the IVR means employing software capable of leveraging all data in the call lifecycle as even the non-audio data from within an IVR, can help identify:
- Suspicious behavior that could be mining or validation
- At-risk accounts across communication channels
- High-risk callers before they are ever connected to an agent.
Network Threats in an IVR – What Does It Look Like?Fraudsters use IVR to do surveillance on accounts to optimize their operations. Because these actions are reconnaissance in nature and most most IVRs do not permit “high risk” transactions, IVR fraud monitoring is low. Professional fraudsters know this and use automated scripts to gather, test, and augment data for future use.
Fraud Hides In-between Genuine TransactionsFraudsters use your IVR as a search engine for your CRM. For years call centers have been developing processes focused on creating an enjoyable customer experience. As a result, IVRs have become information and feature-rich playlands that fraudsters use to target accounts and optimize their operations. The data-validation step is essential for fraudsters as good data is necessary for fraudulent transactions and activities. With organizations focusing on better self-service for customers, contact centers will gradually evolve to allow for higher risk transactions in the IVR. As this happens, the same attacks fraudsters launch today on call center agents will become more prevalent in the IVR, and at an even greater scale due to increases in call volume.
IVR Fraud manifests in 4 ways:
- Information Mining & Leakage When fraudsters gather, test, and augment data in your IVR, they are information mining. They need little to no information to start and using your IVR they can collect the tools and information they need to commit fraudulent transactions.
- Account Surveillance Fraudsters understand contact center technology, they come into contact with it every single day. They know IVRs are developed to be easy to use to ensure positive customer experiences and leverage this vulnerability along with the assumption that the IVR is unmonitored to verify account availability and balances. Account surveillance helps criminals determine which accounts they will attack next.
- PINs & Passwords Low risk transactions like pin changes are allowed in some IVRs. Fraudsters often use this capability to crack PINs, change them, and the use the new PIN to take over the targeted account.
- Cross Channel Fraud IVR fraud also enables fraudsters to leverage information mined from or leaked in the IVR for use across channels. Fraudsters use the ill-gotten customer information to pass through authentication procedures in other channels – online, in the call center, and in-person.
3 Benefits of Fighting Fraud in The IVR- Beyond Cost Savings
- An Extra Layer of Protection Before Connecting to an Agent
- IVR Insights Predict Fraud Outside of the Phone Channel
- A Simplified Way to Identify At-Risk Accounts