Search
Close this search box.

Are you giving
fraudsters your clients’
banking details?

If you’re using an Interactive Voice Response
System (IVR), you probably are.
grey-bkg-1-full.png

The Fraudster’s Journey

In more than 60% of fraud cases, bad actors used a contact
center -- frequently an IVR -- for pre-crime research. It’s like
casing a bank before a robbery -- only much easier.

Please enter your 16-digit card number.

orange-quote-icon.png
01

Research

After purchasing a list of compromised accounts on the dark web, a fraudster calls your customer center to verify which accounts are still active.


Sometimes, they use a bot to auto- matically dial numbers and try to guess the accounts that are active.

Accordion Content
Sell an updated list of active accounts on the dark web for more money, or immediately make smaller Card Not Present (CNP) transactions.
02
orange-quote-icon.png

Now enter the last four digits of your social security card number.

Verification

A fraudster uses the IVR to test out different combinations of sensitive financial data. There’s no limit to how many combinations he can type into the keypad.


In 3 days, he successfully cracks a customer’s 3-digit CV2 number. In 4 days, he successfully cracks a customer’s 4-digit pin.

03
Accordion Content
Change a customer’s pin number and passwords to launch an account takeover (ATO), gaining access to all of a customer’s banking, credit card and retirement accounts. Fraudsters can use these accounts as a “mule” to finance illegal activity, or worse.

Cross channel fraud

Fraudsters take the information leaked in the IVR and apply them to pass authentication in other channels, be that online, in the call center or in person. Suddenly, none of your customer’s finances are safe.

Are you seeing the whole picture?

Only monitoring agent calls could leave you blindsided. Opening monitoring
into IVR helps you see a more complete picture, and protect your
customers accordingly.

Customer
Account

Account Alterations

Look for anomalies in calling behavior, like multiple redials or excessive call lengths.

Call Behavior

Look for anomalies in calling behavior, like multiple redials or excessive call lengths.

IVR Interactions

Look for anomalies in calling behavior, like multiple redials or excessive call lengths.

Online Activity

Look for anomalies in calling behavior, like multiple redials or excessive call lengths.

To Catch a Fraudster

Pindrop is a leader in IVR fraud protection. To catch fraudsters

in their tracks, we apply machine-learning models from:

50-plus-col.png

50+

Ph.D. research scientists
8-out-of-10-col.png

8

out
of

10

of the top US Banks
2-years-col.png

2 years

analyzing the IVR leg of phone calls
1.2-b-col.png

1.2B

analyzed calls

Pindrop Protect safeguards your IVR

grey-bkg-2-full.png

Incoming Calls Scored

Our optimized processing engines can soft through 9,000+ calls at the same time. Every call that lands into the IVR gets a call risk score based on factors like frequency and duration to the call center.

Cross-Channel Correlation

Pindrop Protect correlates the call with the account information to ensure the account in question hasn’t been compromised.

High Risk Activity Flagged

High-risk calls will have limited access to valuable information. Callers will only be able to access information like the business hours, address and fax number.

Risk-Based Routing

The call is rerouted to a specialized customer service agent, who uses the risk score and call metadata to assess risk.

Marked and Monitored

Every time a call ends, an account’s risk score will be immediately recalculated in real-time, so there is no lag between when a fraudulent attempt is made, and when an account is marked as compromised.

Time is Money

The vast majority of IVR fraud isn’t detected until after a fraudulent
transaction has been made. Pindrop Protect detects suspicious
activity 18 days earlier than agent monitoring alone.

Day 0

Fraudsters call IVR to research (no transaction made yet)

Day 4

Fraudsters crack the 4-digit pin

Day 10

Fraudsters call the contact center to change email associated with the account.

Day 28

Fraudsters reset the password on the account using the changed email.

Day 30

Fraudsters transfers money out the account and vanishes.
footer-bkg-full-1.png

Ready to stop fraudsters from
exploiting your IVR? Watch our Protecting the IVR 101 webinar.