Fraud was never fun – its costs for corporations can climb high when you consider the personnel, re-issuance, and other remediation costs incurred on the operational side in addition to customer attrition and brand damage. As the world adjusts to an incurable disease and devises ways to stay connected – voice interaction with customers has spiked and fell and so has fraud rates. As more consumers are staying home and dealing with economic uncertainty and heightened stress-levels, fraudsters and fraud rings are stepping up their targeting of consumer information via the phone channel.
Though the targeting of consumers may not be of particular interest to you, if you are concerned with the verification of consumers; the prevention of their information being harvested from your phone channel; the threat of malevolent access to their accounts, you may find this post of particular interest. Today, we will look at how consumer-focused vishing attacks impact your contact center and are costing you money.
“Contact centers are impacted by vishers operationally and financially.”
What is Vishing, and How Does It Impact Corporations?
Vishing is a form of phishing that occurs in the phone channel. Instead of hackers sending bogus emails with malicious links to your employees to access systems, vishers leverage the phone channel inside and outside of the contact center, posing as genuine callers or entities to trick the consumer or customer service agents to provide them with bits of information they can later use to defraud.
Compromised customer records and vished information threaten your corporation’s security posture inside and outside of the phone channel. The information that fraudsters gather helps to strengthen profiles that, once complete, allow fraudsters and fraud rings to bypass legacy security measures like KBAs. Contact centers are impacted by vishers operationally and financially. The time lost handling these calls, account takeovers they result in, and brand damage you incur as your customers are compromised, violated, and inconvenienced is what costs you money.
How Vishing Costs You Money
Since about 75% of fraud complaints to the FTC involve contact with consumers by phone, when you think of vishing – you think of consumers receiving calls. But phishing activities are also occurring via the phone channel, inside your contact center.
Professional fraudsters leverage IVRs to perform data reconnaissance. Testing your IVR using guessed passwords, and advancing strategies by validating details like account balances using information they gathered on the phone with consumers, inside the IVR itself, or from your contact center agents. The IVR is also a home for fraud rings. With low or no monitoring present, teams of fraudsters call simultaneously, slowly building consumer profiles until they finally gain access and cause monetary loss. Fraud reconnaissance is a necessary step in but is completely separate from an actual fraudulent withdrawal which may happen months after reconnaissance often 30 or more days later.
Contact center agents are also susceptible to vishing, though we commonly refer to this as social engineering. Fraudsters bypass KBAs 20% of the time, and even if they don’t, they are still often able to mine information from even the most seasoned agents. Using psychological tricks and leveraging any uncertainty or anxiety from the news headlines, these fraudsters too often act in organized crime rings and leverage the IVR.
These crime rings have multiple parties strike your contact center at once, without visibility at the account level or some way of monitoring data reconnaissance – contact center fraud leaders cannot adequately address vishing’s impact.
In short, vishing impacts your contact center via consumer-focused attacks designed to socially engineer and mine data from those contact center resources. You can address vishing, data reconnaissance, and fraud ring activity with risk-based authentication and anti-fraud strategies.
Pindrop has curated comprehensive tools and resources on verifying customers quickly, safely, and seamlessly; preventing malevolent access to accounts leveraging risk-based anti-fraud solutions.