Last year, about one in every 1,700 calls to a corporate call center in the United States was from a fraudster, and those malicious calls can cost large organizations as much as $27 million per year, new research shows. The rate of phone fraud in corporate call centers has jumped by more than 45 percent in the last three years, as the problem of attackers using the phone channel to steal money and other resources continues to expand and evolve.
Phone fraud once was a relatively contained problem, confined to specific industries such as banking and retail that rely on the phone channel for a large portion of their customer interactions. Banks have been battling this issue for many years and have developed strategies and processes for dealing with fraudsters who attempt account takeovers and other attacks over the phone. But now the problem has spread to any number of other industries, including health care, insurance, and others. IRS phone scams are a constant threat, as well.
Getting a handle on the scope of the problem can be difficult, as targeted organizations are reticent to release data on their fraud levels. But researchers at Pindrop Labs, who collect and analyze massive amounts of data on phone fraud from enterprise call centers, say in a new report released today that companies hit by phone fraud lose an average of $0.65 per call to fraud. Large call centers, which can handle as many as 80 million calls per year, can see losses well into the tens of millions of dollars from these attacks.
“Call center fraud goes beyond fraudulent transactions, which is why it can harm brand reputation and customers. Call centers that are unable to quickly distinguish fraudulent from legitimate callers end up spending time establishing identity before they can offer any assistance. This creates a frustrating customer experience and longer call handle times translate into higher operations costs for the call center,” David Dewey, director of research at Pindrop Labs, said about the data in the 2016 Phone Fraud Report.
“With regard to brand reputation, call center fraud attacks can result in identity theft and data breaches. News of these attacks can affect a brand’s reputation, especially in the banking, retail, and insurance industries.”
One of the key drivers behind the increase in phone fraud calls and losses is the adoption of chip-and-PIN, or EMV, cards in the U.S. These cards provide better security than magnetic stripe cards and that rollout over the last few months has led to attackers moving from point-of-sale fraud to other methods, especially phone fraud. Attackers tend to use the path of least resistance, and as security has increased on corporate networks and at the point of sale, they have shifted to the phone channel, which is not as well protected as more traditional attack vectors.
The rate of fraud in the U.K. was even higher than that in the U.S., with one in every 700 calls to a U.K. call center being fraudulent. Fraudsters in the U.K. have been running a wide range of phone scams for the last couple of years, notably fake bank transfer scams, and even a new scheme that uses couriers to collect victims’ bank cards. In February the U.K. government started a task force to fight phone fraud scams.
In addition to direct phone fraud scams, attackers also use the phone channel has a method for seeing whether stolen data they already possess is still valid.
“Attackers target call centers to gain access to funds and steal merchandise. They also use the call center to gather, test, and augment personal data to use in future fraud attacks or to sell on the black market,” Dewey said.