Close this search box.

Written by: Kristapher Massenburg

Sr. Fraud & Auth Consultant

In the past 24 months, has your organization’s contact center shifted to offer more self-service options? Has your organization also experienced a significant increase in fraud attacks? Do you feel that these phenomena are somehow connected? You are not alone. Organizations across multiple industries are at a crossroads to find the perfect balance between customer experience enhancement and fraud prevention.


The COVID-19 pandemic changed the priorities and behaviors of both the organizations and their customers: call volumes increased, wait times became longer and consumer experience worsened. As a result, more self-service options became the need of the hour. 54% of financial institutions surveyed plan to increase their contact center’s self-service options in the following 12 months. This speaks to a desire for improved customer experience and a pressure to reduce operational costs, which in turn led to growing investments in self-service options via Interactive Voice Response (IVR) systems. Customers saw increased accessibility in a shorter timeframe and organizations were able to limit agent calls and lower average handle times.


However, as organizations implemented self-service enhancements and improved customer experience, they also became more vulnerable to fraud attacks. According to Forrester Consulting research commissioned by Pindrop, a survey of 259 global financial institution decision makers revealed that one of the significant impacts of COVID-19 on their business was the vulnerability of the IVR to fraudster account mining and reconnaissance. 

So, how were fraudsters able to adapt so quickly? It can be explained by the familiar adage used in criminal investigations: means, motive, and opportunity. The fraudsters’ means (access to basic information via data breaches, phishing, malware, etc.) and the motive (financial gain) are common. The opportunity (exploiting the IVR for account reconnaissance), though, has proven to be a new territory for most organizations. While IVR systems enhance customer experience through “quick and easy” accessibility to account information, the self-contained and closed nature of the interactions in the IVR has also proved to be a blind spot for most organizations.


Due to the absence of human interaction, there is a lack of visibility within IVR systems that attracts fraudsters who view the IVR as a playground to exploit new self-service options.


For many organizations, approximately 70-80% of call traffic is contained in their IVR and never reaches a live agent. Our analysis of a US-based regional bank’s call traffic showed that 84% of their total calls during Q4 of 2021 was contained in the IVR. This means that only 16% of all call traffic was being actively monitored while the majority of the calls were in a blind spot with limited visibility into fraudster activity. Similarly, a community bank reported 70% of calls contained during the same timeframe. Although varying in revenue and call volume, both organizations experienced an increase in call containment and account mining within the past year and are seeing no signs of this decreasing. A wider analysis of 13 organizations, across multiple industries, showed that there is 20x more risky activity in the IVR than in the agent leg, with some type of loss occurring on 1 in 4 targeted accounts.


The enhancement of self-service options itself is not an issue. However, the ease of account accessibility combined with the lack of visibility into the IVR activity makes contact centers vulnerable. In 2020, Pindrop knew that self-service enhancements were becoming more popular and that organizations were beginning to feel the impact of fraudsters mining in their IVR. We have continued to conduct analysis and work with customers to better understand what is occurring in their various fraud management ecosystems to provide, and continuously improve upon, a solution. 


Read The Case for Better Self Service Whitepaper on achieving IVR goals today!


What we know today is that fraudsters are not making one call a day or two before an attack. Most attacks occur after multiple calls (>5) have been made into the IVR and multiple days after the initial call into the IVR. Fraudsters require substantial lead time and multiple calls to perform enough reconnaissance to successfully takeover an account. They typically utilize the calls for the following:

  • Confirm account status (Open, Closed, Blocked)
  • Check account balances
  • Verify recent transactions
  • Confirm payroll schedule/direct deposit amounts
  • Initiate account changes/updates


After gathering some, if not all, of this information, fraudsters typically turn to other channels to initiate a full takeover of an account. Rarely will they return to the phone channel to speak with an agent for assistance with performing a transaction. A call analysis for a regional community bank revealed that 61% of IVR related losses occurred over 11 days after the initial call in the IVR with more than 50% of the events having 5+ calls prior to the attack.


% figures represent the amount of fraud loss that occurred during each time interval after the first call was placed in the IVR by Fraudster


Often, the initial thoughts for a resolution typically revolve around wanting to assess the riskiness of a single call. Analyzing call risk helps to determine if a caller isn’t genuine, however, it does not help to identify fraud rings or determine which accounts may be the target of fraudulent behavior. The Pindrop Protect IVR solution assesses risk within the IVR and provides intelligence, referred to as Account Risk, that scores the likelihood of a given account being at risk of a fraud attempt, or an account takeover attack. The solution utilizes technology, such as Pindrop® Trace™, to analyze large sets of IVR activity across calls and accounts to identify complex patterns and provide an assessment of which accounts might be under surveillance by a fraudster.



Account Risk intelligence can be utilized to secure your IVR by limiting access to account information or be combined with other account details across multiple channels to allow your organization to direct focus to high exposure accounts that may require immediate action. This allows for early and increased visibility that can help drive faster detection to minimize fraud while driving better customer experience.


For one of our regional bank customers, a fraud ring was recently identified in their IVR by way of Account Risk intelligence. The fraudsters attempted attacks on 5 unique accounts. The account takeover (ATO) attempts were preceded with 9 calls into the bank’s IVR system using 1 phone number or ANI. All calls were IVR contained with the first call into the IVR occurring 7 days prior to the attacks beginning. It is important to note that the attempt occurred outside of the phone channel. Due to the increased visibility and early detection, the bank was able to secure and monitor the targeted accounts across multiple channels. Account Risk intelligence allowed the bank to be proactive and prevent a fraud loss of approximately $1.5mm (based on current available balances of all 5 targeted accounts).


Although we are on the path of returning to normalcy, for most organizations call center operations will not revert to fewer self-service options, which have already raised the bar for customer experience and reduced operational costs. We know that fraudsters want to remain hidden and exploit these self-service enhancements. To stop these fraudsters, your organization needs to monitor the IVR activity closely and immediately respond to risks before they manifest in fraud losses. Pindrop Protect IVR allows you to have that visibility through Account Risk intelligence to help prevent or minimize fraud while still driving better customer experience.


For more information, download the Account Risk Report or chat with one of our experts.


*Disclaimer: Except for externally cited and linked facts, all data cited in this article is based on analysis performed by Pindrop on actual customer accounts.*