1. What are the key challenges of authenticating callers into the call center and IVR channels?
Traditional contact center anti-fraud and authentication methods no longer stand up to the advanced tactics leveraged by today’s criminals. Most contact centers rely on caller ID, a facility that identifies and displays the telephone numbers of incoming calls made to a particular line, but these telephone numbers can be easily spoofed. Contact centers also rely on knowledge-based authentication (KBA), asking questions that only the legitimate consumer can supposedly answer, to identify a caller. KBA has an average failure rate of 10-15%, and this rate can sometimes go as high as 30%. Most of these failures comes from legitimate customers, not criminals. Meanwhile, over 60% of these criminals can successfully answer these questions because of data they’ve already stolen.
2. What are the most effective methods for securing the phone channel?
“We need to reduce our reliance on static data,” says Avivah Litan, VP Distinguished Analyst at Gartner. All of the data compromises from the last few years have resulted in hoards of data being stolen by criminals and put into databases that are being resold to other criminals. Enabling accurate identity assessment in the contact center relies on endpoint-centric measures, which look at the originating call and the originating phone that is making that call in order to assess the legitimacy of the user that’s calling. Litan describes phoneprinting technology combined with voice biometrics as “the strongest method for detecting fraudsters who call into enterprises.”
3. What are call centers most concerned about and how are their needs satisfied?
Contact center and fraud teams have a mutual interest in protecting customers, their data, and the overall security and reputation of an organization. Call center agents aim to provide high levels of productivity and consistent customer satisfaction. Security teams aim to eliminate weak call center authentication processes and reduce dependence on call center agents for screening out fraudsters. Phoneprinting combined with voice biometrics provides user authentication and fraud detection, enabling both contact center and security teams.
Pindrop’s patented technology, Phoneprinting™, analyzes 147 different factors in the audio of a phone call in order to create a unique signature that allows contact centers to authenticate callers and detect fraud. To create a phoneprint, Pindrop examines the call audio and breaks it down by to it’s most subtle characteristics. This allows a fraud analyst to create a unique signature for fraudsters, while also determining the caller’s true geographic location, device type, and more, which provides valuable information that is invisible to most. Unlike a voice or a phone number, this information is impossible to manipulate. Phoneprinting allows Pindrop’s customers to catch over 80% of fraud calls with less than a 1% false positive rate.
For first time callers, Phoneprinting provides real-time risk factor detection and anomaly detection. For repeat callers, Phoneprinting provides unique fraudster identification and fraud analytics tools. Unlike other solutions, Phoneprinting provides universal protection for all incoming calls to the contact center, allowing contact center agents to identify unknown attackers on their very first call while also creating a robust intelligent blacklist of known attackers. Phoneprinting enables contact centers with the technology necessary to stop fraud loss, reduce operations costs, protect brand reputation and compliance, and improve the customer’s overall experience.
Lloyds Banking Group is the first organization in Europe to implement Pindrop’s state-of-the-art technology into its contact centers to protect its 30 million customers from telephone fraud. Financial Fraud Action (FFA) figures show that consumers lost £755 million to financial fraud across the UK financial services industry in 2015, and Pindrop Labs reports that 1 in 700 calls to UK financial services contact centers is currently fraudulent. Phoneprinting has already helped prevent millions of dollars of fraud at three of the top four banks in the US, and this implementation will strengthen Lloyds Banking Group’s defenses against fraud to further protect customer account information.
Customers will benefit from this protection against new tactics, including caller ID spoofing, voice distortion, and social engineering, that allow fraudsters to disguise their calls and manipulate vulnerable individuals.
“Protecting our customers, their money, and their information is our priority and investing in ground-breaking technology is just one of the many ways we are able to remain a step ahead of potential fraudsters. Our partnership with Pindrop will enable us to further strengthen our multi-layered defenses and allow us to continue to lead the industry in this important area.”
Learn more about Lloyds Banking Group’s commitment to fraud prevention.
The wealth of information housed by contact centers can be leveraged by fraudsters for data mining and cross-channel attacks. In an effort to prevent phone fraud, many businesses implement authentication methods; however, most fail to administer the authentication required to provide a layered defense system. As social engineering and fraud technologies have become more advanced, standard authentication methods have proven to become less sufficient. “You have to assume the criminals can get through one layer [of authentication]; they can get through two, they can even get through three,” says Avivah Litan, Vice President with the consultancy Gartner. “But if you have multiple layers, up to five, and you’re continuously authenticating that user and continuously looking at their activities against their profile, you should be in pretty good shape.”
Multiple layers of security allow organizations to meet regulatory requirements and effectively safeguard customer data. Knowledge-based authentication (KBA), has served as a standard authentication method for years; however, 10-15% of KBA fails entirely, proving that authentication requires another layer of security in order to ensure data protection. A layered approach to authentication starts with “protecting the endpoint, trying to secure the browser, going all the way up to looking at the navigation, building profiles of users and accounts and looking for anomalies, doing that across channels,” says Litan. This kind of identity assessment analyzes endpoint and user data, metadata, and ehavior as it identifies linkages across and between entities.
No singular authentication method used on its own is sufficient enough to keep determined fraudsters out. Creating a layered defense system makes it more difficult for an illegitimate caller to access desired information, such as a physical location, computing device, network, or database. If one barrier is broken or compromised, the fraudster still has at least one more barrier to breach before successfully accessing the desired information. This system ensures that each layer defends the previous layer, making it more difficult for a fraudster to circumvent the security of the entire system.
Aite Group, an independent research and advisory firm focused on business, technology, and regulatory issues, interviewed 25 executives at 18 of the top 40 largest U.S. financial institutions based on asset size in order to provide an accurate evaluation of the most effective technology solutions to protect against fraud. On Tuesday, Aite’s Senior Analyst, Shirley Inscoe, joined Pindrop’s Director of Research, Dr. David Dewey, for an online discussion of the growing threat of fraud in the contact center.
Top 10 Takeaways
- As EMV continues to gain momentum in the US, organized fraud rings will move to the phone channel, replacing traditional counterfeit card fraud.
- The contact center is the cross-channel fraud enabler. Current authentication factors in the contact center often fail due to various data fraudsters can acquire through social engineering tactics.
- The majority of financial institutions (72%) expect contact center fraud loss to continue in an upward trajectory.
- The root source of fraud, the contact center, is often misdiagnosed due to fraud enablement in other channels, such as debit card, credit card, and check order takeover – online fraud that exists from reset credentials being reset by the contact center agent.
- Fraud will move downstream toward smaller institutions and credit unions as phone fraud solutions are integrated into larger firms.
- Organized fraud rings are using automated attacks, specifically robotic fraudsters, targeting interactive voice recordings (IVRs), to keep their cost down while still managing to dramatically increase market coverage.
- In the U.S., Contact center fraud is expected to double to a $775 million problem by 2020.
- 61% of account takeover losses trace back to the contact center.
- For every 1-second authentication is reduced, an organization can save $1 million annually.
- Of the 23 different technology solutions reviewed by leading executives, Pindrop’s phoneprinting and voiceprinting technologies hold the highest combined ranking on industry awareness of the product, overall product ranking, and likelihood of recommending to colleagues.
75% of Tuesday’s webinar attendees confirmed having seen a recent rise in fraud. Contact centers will continue to enable cross-channel fraud until technology solutions are implemented to thwart it. Ensuring optimal protection against fraud in the contact center requires multiple layers of security that provide high coverage, high accuracy, high speed, and low friction without being easily fooled by fraud techniques, such as spoofing, voice distortion, and social engineering. Pindrop’s technology provides multi-factor authentication through layered intelligence scores, reason codes, and risk factors.
Thank you for listening!
This week, Financial Times met with Pindrop CEO, Vijay Balasubramaniyan, to discuss the future of voice authentication. Voice is an “extremely rich” and quick way of authenticating someone’s identity.
GB Times reported after an over 70 Chinese wire fraud suspects were deported from Kenya to China in April, a gang of Chinese and Taiwanese fraudsters were arrested in Turkey on suspicion of phone fraud. The gang reportedly stole information from over 3,000 Chinese tourists.
Forbes: Scam Alert: Why the IRS won’t call you – Fraudsters frequently use psychological attempts to scare people into give up personal information used for identity theft. Once the fraudsters have possession of that sensitive information, they can open credit accounts and start stealing away. Generally anyone who asks for money immediately over the phone is a fraudster.
Tech Dirt: AT&T Falsely Blames the FCC for Company’s Failure to Block Annoying Robocalls – AT&T is pointing fingers at the FCC as the cause of the company’s lack of robocall-blocking technology. Recently, the FCC gave permission to the carriers who wanted to offer consumers robocall-blocking services. AT&T is one of the only companies that did not implement such technology.
South China Morning Post: Phone scam targets Hongkongers, exploits rocky relations between China and Philippines – Crime bosses behind an Asia-wide phone scam operation that has fleeced hundreds of Hongkongers out of HK$350 million in less than a year has shifted their sights to the Philippines as law enforcement tightens.
The Morning Call: Arrests Made in IRS Phone Scam – Five more people were arrested in Miami due to their involvement in an IRS phone scamming ring. Accused of stealing over $2 million from 1,500 people, the perpetrators targeted people all over the US. Progress is being made in combatting IRS scams, and the number of successful calls is dropping drastically.
The Journal News: Harrison cops go to Maine to bust phone scammer – Harrison Police traveled to Maine to arrest known fraudster, Donovan Wallace after cheating a woman out of over $23,000. Wallace is also linked to similar scams along the East Coast and a ringleader in Jamaica, where authorities are helping with the investigation.
KRON4- Bay City News: Elderly man falls victim to IRS phone scam in Santa Clara – An elderly Santa Clara man made 3 deposits totaling over $5000 when a fraudster posing as an IRS agent informed him that he was being audited for $5,900. The victim made 3 deposits while on the phone with the fraudster, and 2 were claimed before the police got involved. No arrests have yet been made.
This month HUB Magazine featured Pindrop CEO, Vijay Balasubramaniyan, as the cover story. In the article, Balasubramaniyan explains Pindrop’s beginnings as well as how he sees the future of voice authentication and security.
Market Wired reported every second, 963 robocalls are made somewhere in America. Research indicated that 2.5 billion robocalls were made to US phones in March, which is a 13% increase to February numbers. For the 4th straight month, Atlanta has been the top city for robocalls.
On the Wire: Hear a Real Bank Phone Fraud Call from a Fake Cop – Fraudsters are expanding upon a common phone scam that targets senior citizens. These phone scammers are now showing up at victims’ homes to take their debit cards in person, stating that their new one will be coming in the mail.
The Telegraph: New phone scam leaves victims with ₤300 bills for calls they never made – Ofcom has launched an investigation into mobile customers being targeted for a new scam which can leave them with a bill for hundreds of pounds for phone calls customers never made. Some victims have been hit with bills of more than ₤300.
Los Angeles Times: China is dialing 911 over Taiwanese phone scammers – Over a decade ago, Taiwan’s central police agency set out to crush telephone fraud. Although they were successful on the island, Taiwanese fraudsters have moved overseas to swindle victims from at least 2 dozen countries.
Gulf News Crime: 21 phone scam suspects arrested in Sharjah – 21 men have been arrested for running a phone scam in which they convince victims to transfer money in exchange for prizes. The fraudsters were using multiple mobile phones and SIM cards to remain under the radar.
The Daytona Beach News Journal: FBI investigates Palm Coast ‘swatting’ incidents that led to standoff – After a stand off between a Florida county SWAT team and an innocent man, the FBI has teamed up with local forces to find the caller of this swatting incident. The FBI considers swatting to be a public safety issue.
Venture Beat: Watch me control my Tesla with Amazon Echo – Over the weekend, Jason Goecke of Tropo hacked his Tesla using a drone, Goland, an Amazon Echo, and AWS Lambda. The result was the ability to ask Alexa to ask “KITT” to pull in or out of Goecke’s garage.
This week the NPR shared a Pindrop researcher’s undercover IRS phone scam conversation with a real fraudster. More than 5,000 victims have been duped out $26.5 million since 2013.
BBC reported this week that last year in the UK, fraud losses totaled ₤755m. Pindrop’s Matt Peachey sat down with BBC to discuss the need for multi-layered security, including monitoring behavior.
The Guardian: The terror of swatting: how the law is tracking down high-tech prank callers – In 2014, a swatting attack was launched on an Atlanta suburb police station that led to a year-long investigation in the US and Canada. This hoax was implemented by a 16-year-old who initiated nearly 40 attacks on homes, schools, and businesses.
The Boston Globe: Why police are having a tough time finding culprits in school robocalls – Dozens of Massachusetts schools are being plagued with a series of hoax robocalls including threats of bombs and roaming shooters. Why can’t authorities trace the calls? Using VoIP, these callers are able to hide their identities.
Ars Technica: “This is the IRS regarding your tax filings” says trio of overseas robocallers – While the FTC searches for a technology to combat robocalling, scammers have now started posing as agents of the IRS using robocalls. Pindrop has found that the wave of IRS scammers can be traced back to 3 distinct groups operating outside the US.
CreditCards.com: Credit card companies may be analyzing your voice – While credit card companies often record phone calls from cardholders, it’s not always for the purpose of quality assurance. Many banks are now analyzing calls and using advanced voice biometrics to root out criminals in the fight against call center fraud.
This is Money: You’re on your own if a conman raids your bank account – This week, This is Money and Money Mail have reported that just 2 out of 1,000 cases in identity theft are investigated and that 70% of customers affected by scams never get a penny back.
ITProPortal: Nationwide develops behavioral authentication prototype – Nationwide’s Innovation Lab, BehavioSec and Unisys are developing an authentication system that uses a customer’s behavior to allow access rather than requiring an additional password to access their banks account from their mobile device.
The threats in the phone channel evolve rapidly. Scammers move quickly from scheme to scheme, playing on victims’ fears and vulnerabilities to separate them from their money. Whether the target is an international bank or an individual consumer, the threats are just as sophisticated and effective. It can be difficult to keep up. Pindrop is leading the voice security technology fight against phone fraud and related threats, helping Fortune 500 companies defend themselves with innovative technology and research.
Scammers tend to stay one step ahead and are already starting to find new opportunities with voice activated devices such as Amazon Echo, Siri, with the emergence of Internet of Things, and even in out interactions with our cars. This technological shift presents challenges in terms of authentication, identity, and security. As our devices begin collecting data about us and our activities, attackers will focus on intercepting and compromising that data, raising a new set of problems.
Today, Pindrop is announcing the launch of On the Wire, an editorially independent news and analysis site dedicated to educating the public about authentication, phone fraud, and identity threats. The editorial direction of On the Wire is set by Dennis Fisher, a veteran journalist who has been covering security and privacy for more than 15 years. On the Wire will be the resource for news, features, and analytical pieces on the threats in the phone channel, as well as privacy and security concerns for any and all devices that contain a microphone and utilize voice.
This is the ground that On the Wire will cover, both through articles and weekly podcasts with researchers, experts, policymakers, and executives. Pindrop has always been dedicated to leading the way in fraud detection and prevention. We’re proud to offer On the Wire as a new resource for our customers and the broader Internet community.
The first step in protecting against phone scams is understanding how they work. That’s why in this series, we’re breaking down some of the newest and most popular phone scams circulating among businesses and consumers.
It’s a chilly January day. You’ve been busy hitting the ground running on your New Years resolutions, getting back into the daily grind at work, or stocking your pantry for impending snow storms. One day in the midsts of all the hustle and bustle, you receive this call:
“You may already know effective January 1st of this year, federal law mandates that all Americans have health insurance. If you missed open enrollment, you can still avoid tax penalties and get covered during the special enrollment period, often at little or no cost to you.”
Oh no! Open enrollment has ended and you haven’t signed up for health insurance. You don’t want to be penalized on your taxes so you quickly press one for more information. Soon after you have selected the healthcare plan right for you, paid with your credit card, and avoided all penalties… or so you thought.
What Really Happened
Scammers used a fake robocall to gain your personal information including social security number, your bank account, and your address. With this information, these fraudsters racked up purchases on your credit card and opened new accounts. Because the insurance you thought they offered you was made up, you also are penalized for being uninsured come tax time. Attackers have successfully stolen your identity using the following tactics.
- Robocalling – Scammers use robocalls to attack a multitude of people quickly while also being able to conceal their identity and location
- Confusion – You’ve heard something about Obamacare and tax deadlines, but you haven’t paid much attention to the details. Fraudsters take advantage of your confusion.
- Cross-channel Fraud – Fraudsters use many different channels to extort sensitive information. In the case of the Healthcare Scam, fraudsters use the phone channel to collect personal information, and use that information in other channels, like online or in the call center.
Healthcare Scam Examples
5 Obamacare Scams and How to Avoid Them – In addition to offering healthcare, scammers will also tell victims they can get lowered insurance rates, pretend to be government agents, or even offer nonexistent “Obamacare cards”.
Expert Warns about Healthcare Scammers – Brownsville, TX – fraudulent robocallers warn residents about $695 penalty for not enrolling in heathcare.
State Warns of Multiple Scams and Fraudulent Practices in Oregon – Phone scammers are preying upon the financial troubles of Moda Health, calling and intimidating those using Moda as their primary insurance carrier.
On Thursday, Pindrop announced a $75 million Series C funding round led by Google Capital with participation from GV, Andreessen Horowitz, IVP, Citi Ventures, and Felicis Ventures. “As voice commands become the standard across intelligent assistants, cars, and the Internet of Things, Pindrop is creating the leading authentication and security solution for this exploding market,” said Gene Frantz, partner at Google capital.
Voice technology could soon move beyond asking Siri for directions. It could be the password to your home, car, and banking information. CNBC spoke to Pindrop CEO, Vijay Balasubramaniyan about the future of voice fraud and authentication.
On The Wire: On the Wire Podcast: Vijay Balasubramaniyan – Dennis Fisher talks with Vijay Balasubramaniyan, CEO of Pindrop, about the company’s $75 million funding announcement with investments from Google Capital and Google Ventures, the future direction of the company, and the role that voice authentication.
Pindrop Blog: Miles to Go – The world is moving toward a future where voice will become the de facto interface, with a whole slew of new voice enabled IoT devices. Smart homes, connected cars and personal assistants are all becoming voice enabled and require feature rich user interfaces.
Finance Magnates: Top 5 Fraud Risks for Financial Institutions in 2016 – Hacking attempts and prevention expenses are likely to increase with the rise in mobile banking applications, vulnerabilities of financial call centers, and the increased sophistication of social engineering attacks.
CNBC: Be prepared: It’s tax-return fraud season – Scammers have whipped consumers into more of a panic, renewing efforts to steal data and cash by masquerading as IRS officials. Some scams play off the risk of fraudulent returns. Others threaten audits, fines, arrests and all manner of other dire consequences.
Pindrop: Pindrop Raises $75 Million Led by Google Capital to Stop Voice Fraud and Identity Theft – Pindrop, the pioneer in voice-fraud prevention and authentication, today raised a $75 million Series C funding round led by Google Capital, bringing the total funding to $122 million to date. Pindrop currently protects the phone calls of three of the four largest banks.
CNBC: Is voice fraud in Siri’s future? – Gene Frantz, Partner, Google Capital, and Vijay Balasubramaniyan, Pindrop Security, discuss how technology may be able to secure voice recognition in the future.
Krebs on Security: FTC: Tax Fraud Behind 47% Spike in ID Theft – The U.S. Federal Trade Commission (FTC) today said it tracked a nearly 50 percent increase in identity theft complaints in 2015, and that by far the biggest contributor to that spike was tax refund fraud Those numbers roughly coincide with data released by the IRS.
Consumer Affairs: Survey: 11% of adults lost money to a phone scam last year – Running a scam by calling victims on the phone seems so old school. In the digital world, you would think scammers would focus on Internet schemes instead. But apparently, scammers hold to the adage “if it ain’t broke, don’t fix it.”
CSO: Telephonic DoS a smokescreen for cyberattack on Ukrainian utility – The late December telephonic denial-of-service attack against a Ukrainian power company was a smokescreen to cover up a cyber attack, experts say. Telephonic DoS works by overwhelming the victim’s call center so that legitimate calls can’t get through.
CSO: How to recognize the many phish in the cyber sea – Of all the major breaches that made the headlines in 2015, many of them are believed to have started with some sort of phishing scam. From Anthem to Sony, human error is often to blame for the majority of security incidents that enterprises experience.
Fortune: A Woman Is Suing Kohl’s For Robocalling Her For More Than Two Years – The lawsuit argues that Kohl’s violated the Telephone Consumer Protection Act, since Cook says she never consented to receiving calls from the retailer. If Kohl’s is found guilty, it could owe as much as $1,500 per call placed to Cook.
NBC: Dozens of Officers, Inmates Charged in Georgia Prison Cellphone Scams – Dozens of former and current corrections officers and inmates at a Georgia prison have been charged in a scheme that used smuggled cellphones to shake down civilians who believed they were in trouble for not reporting to jury duty.