Before Pindrop® Solutions

Account takeovers were on the rise for this credit union. For example, potential fraudsters were repeatedly calling in using spoofed numbers. As a first step, the credit union wanted to understand if a repeat caller was targeting them, and second, they wanted to detect fraud when it was happening. The credit union’s Assistant VP of Digital Services shared, “We had one fraudster who called in requesting a line of credit for $30,000. They did this by moving the money out of a member account and into a shell account using the member’s information. Bad loans were also rampant because members easily bypassed the Knowledge-Based Authentication questions (KBAs). And, this was just the fraud that we knew about.”

Although fraud was rising, the credit union was determined to find the right solution and justify the cost. However, they knew that call center agents were uneasy, acting as the front line for fraud, and they were losing agents. 

The credit union was aware of the evolving fraud landscape, where the human ear can no longer be relied on to detect a synthetic voice. With the proliferation of generative AI, easy accessibility to AI voice engines (+800% increase from ‘23 to ‘21)1, and low cost to use, the way we see and hear content has irrevocably changed. Today, the ability to manipulate audio is easy, and humans are unable to tell the difference. For example, in a study by the International Security Program, human detection of AI generated audio was labeled ‘as good as a coin toss’ , detecting fake audio with just 54.5% accuracy (compared to 62% accuracy for fake images). Traditional methods used by organizations like KBAs and one-time passwords (OTPs) are also vulnerable to synthetic audio attacks.

What ROA did Pindrop® Solutions deliver?

“Once we implemented the Pindrop Passport and Pindrop Protect solutions, things took off.” 

Since deploying Pindrop’s fully integrated authentication and fraud detection solution, the credit union has significantly reduced the success rate of fraud within its phone channel, seeing a 50% reduction in the number of fraud incidents overall.

Launched in September, 2023
Once implementation was complete, the credit union was surprised to see how many fraud attempts were happening; it was considerably more than they initially thought. 

When Pindrop® Protect and Pindrop® Passport were turned on, credit union members were initially apprehensive; they no longer had significant hurdles, such as answering lengthy questions,  to clear when getting through to the credit union. For example, within the first two months, the credit union went from an average of 54 seconds to identify/ validate a member, down to 18 seconds on average. Member satisfaction improved significantly, and average handle time was reduced, which meant average wait time also decreased. In fact, the credit union observed a 67% decrease (36 seconds) in time to authenticate members.

Additionally, the credit union’s agent experience improved dramatically, reducing overall agent attrition in just 90 days. For example, after launching Pindrop  Protect and Pindrop Passport in September, the credit union’s employee turnover was the lowest they had ever seen in December, just one quarter after implementation.

Since the deployment of Pindrop Protect, the credit union has experienced an 88% reduction in fraud incidents occurring within their call center channel. In one month alone, Pindrop Protect detected nine fraudulent calls against an alert rate of 0.68% and a review ratio 241:1. 

Since the deployment of Pindrop Passport, the credit union authenticated 23,188 calls, and low-risk authenticated an additional 11,132 calls. In one month, Pindrop Passport demonstrated an increase of 1.54% in enrollment penetration (0:6min), which measures the percentage of calls tied to previously enrolled identity claim vs the call population with an identity claim.

Not Just ‘Another Vendor’ 

Don’t take our word for it, the Credit Union shared their experience with the Pindrop implementation as well as their experience  with our team: 

“The ongoing support from the Pindrop team has been outstanding- they are extremely easy to work with, and they always deliver on their word. The service provided is white glove and turnkey. They are by far one of the most flexible and understanding vendors that we have worked with. Their team took the time to ensure that all stakeholders were armed with the information necessary to ensure that we could hit the ground running. Throughout the entire process, they answered our questions thoroughly.”

“In fact, Pindrop makes us aware of additional features that we might not be taking advantage of that are included based on the contract we have, like Custom Attributes. That is not something that you would expect from a vendor. This kind of service is what truly sets Pindrop apart from others.”  

– Assistant VP, Digital Services at Credit Union

Sources Cited

1. Open source projects on Hugging Face leveraging an AI voice tool (from 38 in ‘21 to 352 in ‘23)

Telco A:

  • Personalize customer service(both in the IVR and when calls are transferred to agents)
  • Authenticate customers in the IVR reliably
  • Use a cost-effective solution

Telco B:

  • Detect ANI spoofing to prevent fraud
  • Increase IVR containment
  • Improve the customer experience while improving security

Telco A

  • 3X Return on Investment
  • 2 Months Full Implementation

Telco B:

  • 2% Increase in IVR Containment
  • 70% Verification “Green” Rate
  • Increase CSAT Scores

Telco A

Background/History

Telco A, participating in this research, is a telecommunications Fortune 50 firm. Almost 100% of incoming calls to contact centers go through the IVR initially; roughly 50% are eventually transferred to an agent.

Telco A strongly desired to improve the customer experience in its contact centers. Management’s vision was to personalize service, streamline authentication, and transfer information from the IVR to an agent when calls had to be transferred so customers could be greeted by name and meet their needs faster. To accomplish this, the firm realized it had to know definitively who agents were dealing with on each call as quickly as possible. The tipping point came when ANI spoofing escalated significantly, and executives realized it was time to take action. There was a strong desire to address the spoofing issues as fast as possible, so a solution that could be implemented swiftly was a strong consideration in the vendor selection process.

Outcomes

Implementing VeriCall® Technology was a resounding success. Using VeriCall® Technology,
three potential results are possible for every incoming call—green, gray, or red. In the IVR, all calls VeriCall® Technology denotes as green are considered authenticated by Telco A. As a result, they are fast-tracked; customers are greeted by name, and no further authentication is performed. If the customer’s needs cannot be met in the IVR, the caller is transferred to an agent who also greets him or her by name and acts to address the customer’s request. Telco A estimates that all green calls transferred to an agent have a reduction of two to four minutes average handle time; this is time that was previously required for authentication, primarily using KBA questions and OTPs. The reduction in authentication time resulted in an operational expense reduction in the millions of dollars annually. About 75% of incoming calls are green. Calls coded gray by VeriCall® Technology follow the process that was in place at Telco A prior to implementing VeriCall® Technology. Since the customer has not yet been successfully authenticated, calls that are labeled red by VeriCall® Technology (less than 2% of incoming calls) are treated as highly suspicious by Telco A; most honest customers do not spoof a telephone number, so the majority of these calls are normally determined to be fraudulent.

During the implementation phase, a few minor issues arose but were addressed and resolved quickly. This executive stated Next Caller is a small, extremely responsive and works to maintain a strong partnership with this client. Telco A has achieved three times the return on investment after implementing the VeriCall® Technology.

Lessons Learned

Choosing VeriCall® Technology from Next Caller had buy-in from all internal stakeholders. They have found the company to be responsive and a good strategic business partner, and the solution to be cost-effective. Compared to other solutions they considered, VeriCall® Technology is significantly less expensive to Telco A.

Telco B

Background/History

Telco B is a telecommunications Fortune 250 business. Over 98% of incoming calls to contact centers initially go through the IVR in this company.

The Telco B began experiencing an uptick in fraud in its contact centers and wanted to take action to mitigate fraud and better protect its customers’ accounts. Its biggest challenge was ANI spoofing, so it wanted to harden the IVR to prevent account takeover fraud. Telco B was using a web tool that was supposed to help identify incoming telephone numbers that were likely fraudulent, but fraud rates were rising. It examined various technology solutions available in the market that could help detect incoming calls from spoofed numbers.

Approach

In looking at competing solutions in the market, the firm’s executives saw many strong capabilities but were given pause by the price tags. Management decided that at that point in time, they didn’t really need a lot of the functionality offered by more expensive competitors; they just required reliable spoofing detection. Because the rate of fraud incidents was increasing, they also needed a solution they could implement quickly to better protect customer accounts.

As Telco B’s executives looked at Next Caller, they felt it had a very competitive solution and that the company would be a good business partner. While improving the customer experience wasn’t the primary reason they were looking for a solution, management was excited about the prospect as a side benefit of addressing their fraud challenge.

Outcomes

Prior to implementing VeriCall® Technology, Telco B was matching the incoming telephone number to an existing customer account, looking to see if there were any fraud alerts on the account, and requiring the customer to input an account PIN (personal identification number). After implementing VeriCall® Technology, for all calls determined to be green (about 70%), no PIN is required by Telco B. This frictionless verification was embraced by customers and company management alike. In addition, the use of the web tool that provided information about numbers that were likely to be fraudulent was discontinued without detriment after implementing VeriCall® Technology.

Perhaps the biggest challenge during the implementation was that there were unanticipated system integration requirements with the system Telco B uses in front of and behind the IVR.

Next Caller partnered with Telco B to address all of the issues quickly, but it delayed the overall implementation of VeriCall® Technology from two months to three months. Lessons Learned VeriCall® Technology requires minimal upkeep according to Telco B, and it requires two fewer data inputs than the system used previously. Telco B management is hopeful that Next Caller’s machine learning models will continue to improve the product’s percentage of green calls over time. Like Telco A, Telco B is very complimentary about Next Caller’s support.

Voice over Internet Protocol (VoIP) calls can be very difficult to authenticate. While such calls are sometimes riskier, the mere use of a VoIP line does not mean the call is fraudulent. The executive with Telco B states that VeriCall® Technology does a very good job with incoming calls from mobile devices and landlines, and that Next Caller is working to improve results on VoIP calls.

Similar to Telco A, Telco B has achieved a decrease in the time a caller takes to be authenticated when speaking with an agent. If authenticated in the IVR (green call), there is a reduction of over a minute of handling time, which results in significant cost reduction in the contact center. In addition, Telco B has achieved an additional 2% IVR containment rate, and management is excited that as the solution’s machine learning models continue to learn, this percentage may rise further.

Last, Telco B’s customer satisfaction ratings (measured by an independent firm) have improved over the past two years—something management takes very seriously and is proud of. A portion of that improvement is attributed to the customer experience improvement in contact centers.

Lessons Learned

VeriCall® Technology requires minimal upkeep according to Telco B, and it requires two fewer data inputs than the system used previously. Telco B management is hopeful that Next Caller’s machine learning models will continue to improve the product’s percentage of green calls over time. Like Telco A, Telco B is very complimentary about Next Caller’s support.

What’s next

The uptick in fraud in contact centers crosses over many industries; the challenges described in this case study and the benefits achieved by Telco A and B are likely relevant for any contact center in which fraudsters can derive value by taking over a customer account.

Here are some key takeaways for consideration:

Proves that happy employees are the key to happy customers

The Challenge

Before Pindrop, UCBI used traditional customer verification methods, including knowledge-based authentication, asking seven to ten questions. Pindrop’s data shows that fraudsters tend to pass such questions with success more than half of the time, whereas the actual person forgets the correct answers 20- 40% of the time.

The Solution

After reviewing the market of the phone channel authentication products, UCBI chose to further discussions with Pindrop based on two factors:

Higher Call Efficiency

The increase in agent efficiency led to a 14% increase in calls handled.

Customer Satisfaction

The post-call customer satisfaction score improved by more than 5%.

Improved Call Handling

UCBI improved its efficiency with the average number of calls handled per agent increasing by almost 50% for the time period observed.

Positive Team Feedback

UCBI started receiving great feedback from its call center team members, with almost three quarters of those expressing high satisfaction.

Happy, distinct voices in harmony

It was clear that happy call center agents were a big factor in the customer experience improvement — as reflected in two distinct voice categories:

It was clear that call center agents were a significant factor in improving the customer experience. One agent voiced the ease of the product not adding more security measures, while also noting the time it saved them in not having to do a 7-step verification process. Another said it allowed them to efficiently serve more customers and improve upon hold times, leading to happier customers. Customers are more comfortable answering questions, and the number of fraudsters getting past the verification process has decreased.

By facilitating agents’ productivity and ease in their work, customers, in turn, expressed gratitude for the change in the process. Not only was the team able to answer phone calls faster, but not having to put customers through too many hoops of questions to answer was also a relief.

What’s next for UCBI?

UCBI plans to stay alert and active within the Pindrop Quarterly Client Forum calls—sharing up-to-date, real-time information on the arms race of innovation of phone fraud and social engineering techniques threatening the security and positive customer experience that all banking customers should expect. UCBI will also continue treating its customers with the utmost respect and the precise attention they deserve.

Michigan State University Federal Credit Union (MSUFCU), a forward thinking, member-first and technology oriented organization, wanted to modernize their member authentication process as part of a broader organizational transformation to focus on member experience. Additionally, they wanted to stay ahead of the fraud trends by adopting an industry-leading fraud and deepfake detection solution. Our Pindrop® Passport solution helped MSUFCU improve customer satisfaction and NPS scores, as well as improve agent productivity by reducing member authentication time by +50% (from an average of 90 seconds to 45 seconds in the first three months of implementation). For +40% of the calls with a full profile match of callers, MSUFCU was able to reduce authentication time by 78 seconds, down to an efficient 12 seconds. Pindrop® Protect provided MSUFCU an efficient way to manage fraud alerts, and to increase case management efficiency by providing data and insights on fraud cases. 

Challenges

Member Experience 
As MSUFCU was in the early stages of their implementation with Five9, they quickly identified member experience as an opportunity for improvement. Members, as well as employees, felt that there was an opportunity to make the authentication process run more smoothly. For example, Members felt that they were being asked too many questions to prove their identity, while the employees (agents) felt that this high friction process adversely impacted their relationship with Members, making it difficult to offer them new products and services. Beyond this friction, contact center employees felt that they were being asked to identify red flags and risks in those member interactions – a task for which they were not fully equipped. 

  1. Improve member experience via frictionless, real-time authentication
  2. Reduce voice and cross-channel fraud without adding friction to member experience and burdening employees with additional work
  3. Reduce costs by increasing operational efficiencies

With these goals in mind, MSUFCU wanted to prepare for a state of fraud detection and member authentication that helped them evolve for the future; proactively detecting and mitigating fraud activity vs reacting to events on a passive, case-by-case basis, and ensuring that their fraud defense was ready for future threats like deepfakes.  They also sought a solution that enabled expanded self service options for members in the future.

Before Pindrop® Solutions

MSUFCU started modernizing their technology infrastructure by migrating to the Five9 Cloud Contact Center. As part of this migration, an important question was how to modernize the member authentication experience alongside this transformation. 

In the current process, agents verified members by asking common security questions like the members’ name or account number, or asked them to repeat security phrases. The agents also had the flexibility to ask members about recent transactions or “out of wallet” questions, which are questions outside of the usual identification points like account numbers or SSNs that are meant to be known only to the intended users.  However, agents struggled to ask good questions that gave confidence in the member’s identity, and the members themselves were unhappy about being asked so many questions. The current authentication process was not only hurting member satisfaction, but also affecting agent productivity. With a declining tenure of the average call center staff, there was a growing cost to train new staff. Every additional minute spent by the agents on the phone due to longer authentication time was further adding to this cost. 

Call Duration Increased by 40%
The total average call duration at the credit union had increased to 8:30 minutes,up from 6 minutes four years ago. Of that, 90 seconds was typically spent on member authentication. The lack of visibility in the Interactive Voice Response (IVR) and Intelligent Virtual Assistant (IVA) was also costing MSUFCU the opportunity to increase self-service and reduce agent handled calls.  

Fraud Risk Continued to Grow
Despite increasing handle times, the security team was concerned about the growing risk of fraud, both in the contact center and at the organizational level. For example, MSUFCU teams had observed instances of fraudsters performing reconnaissance in the self-service channels, like asking general questions about the credit union’s processes. The team found that fraudsters had gathered considerable information about the fraud department team, as well as how the credit union functioned. 

Deepfakes were also top of mind for MSUFCU as they prepared for a future, ‘fraud-ready’ state. According to Pindrop customer data , +200k synthetic calls out of 21M agent handled calls analyzed were found in just 30 days of tracking, which demonstrated a growing problem. Not to mention, with the rise of generative artificial intelligence and advanced text-to-speech systems, synthetic audio has become more realistic, cost effective, and scalable1. 

Such a high level of synthetic call activity poses a significant risk of fraud to contact centers and teams. MSUFCU wanted a solution at the forefront of combatting the threat of deepfakes.

Why Pindrop

Pindrop is leading the charge on deepfake fraud
MSUFCU chose Pindrop because of its single platform for both fraud detection and authentication, as well as its leadership in deepfake detection. “Pindrop just seemed to be more forward-thinking than the other vendors we looked at. For example, their work surrounding deepfakes was considerable, and it seemed like they were leading the charge more so than the competition”. – Colleen Pitmon, VP of Call Center, MSUFCU 

Passive, Multi-Factor Authentication
Another factor that helped seal the deal for MSUFCU was Pindrop’s passive, multi-factor authentication solution, Passport. During their cloud transformation, MSUFCU wanted to adopt and leverage voice analysis to improve their authentication process without having to require their members to enroll or authenticate by saying “my voice is my password.”  After evaluating other vendors, MSUFCU chose Pindrop for its frictionless, passive authentication system, which aligned to their forward-looking fraud strategy. 

The credit union also found Pindrop’s seamless implementation, advisory, and project management expertise to be a strong differentiator. For example, MSUFCU wanted a partner who could fit into their agent desktop user interface (UI) experience, and Pindrop’s agent desktop integration with the credit union’s cloud provider was exactly what they were looking for. According to the MSUFCU, Pindrop was incredibly knowledgeable in shaping and building the workflows they needed.  “We really appreciated the knowledge, expertise and guidance that the [Pindrop] team brought to every interaction. Their team was phenomenal in meeting every deadline.” – Colleen Pitmon, VP of Call Center, MSUFCU

The Right Partner to Help Reduce Expensive, Manual Authentication 
MSUFCU found Pindrop to be the right partner to help with the evolution of their member authentication processes. After streamlining the agent-led authentication process, the credit union plans to encourage members to utilize more self-service options through their Five9 IVA. MSUFCU sees a lot of potential in conversational AI technologies to drive an increase in member self-service, and they plan to use Pindrop authentication to confidently service more transactions in the IVA.

What ROA did Pindrop® Solutions deliver?

“On the very first day, one of our agents shared that the calls ‘felt so much better.” 
– Colleen Pitmon, VP of Call Center, MSUFCU

Since deploying Pindrop’s fully integrated authentication and fraud detection solution, the credit union has significantly reduced the average handle time, provided a better platform for fraud call handling and investigation and helped improve the member experience and satisfaction scores.

Launched in August, 2024

After deploying Pindrop® Protect and Pindrop® Passport, MSUFCU experienced significant benefits in member authentication, service satisfaction and fraud detection. MSUFCU’s members are no longer required to answer lengthy questions. Pindrop solutions reduced the average member authentication time by 50%, from 90 seconds to 45 seconds. For 40% of the calls that had a full profile match of the callers, Pindrop helped reduce  authentication time from 90 seconds to 12 seconds (an 86.67% reduction). Even without a profile match, MSUFCU was able to reduce Average Handle Time (AHT) by 38 seconds using risk based authentication from Pindrop. This reduction helped contribute to a surge in member satisfaction, Net Promoter Scores and Effort (How easy members find it to accomplish what they need) scores. The overall satisfaction rating grew from 4.47 to 4.56 (from August 2024 to September 2024, two months after implementing the Pindrop solution), the NPS rose from 55 to 63 during the same period and the effort score grew from 4.13 to 4.26. These scores have been sustained in the following months also with NPS reaching to 65. The improved authentication has not only helped MSUFCU improve member satisfaction, but has also contributed to reducing an estimated $561,600 in annualized operational costs by lowering average call handle time. 

Additionally, the credit union’s agent experience improved. By leveraging low-risk signals from Pindrop solutions, the credit union was able to remove 20 seconds in average handle time from the authentication process within 4 hours of going live, which helped open up time for agents to focus on their core activity of helping members. “An agent said on the very first day that the calls felt so much better and then that helped them to offer more products and services to members, which is a huge thing, both for what our members need and for the organization”. – Collen Pitmon, VP of Call Center, MSUFCU

Since the deployment of Pindrop Protect, the credit union has experienced improved visibility in fraud activity, and a superior workflow in managing their fraud investigations. With the help of Protect, MSUFCU discovered the fraud rate in their contact center was 1 in 1,900 calls (vs industry average of 1 in 976 calls). Previously the credit union received fraud alerts from the call center, but they had limited access to data to understand the nuances of the fraud, which hindered their investigation efficiency. The Pindrop fraud detection platform provided a great user experience -with configuration flexibility and drop down menus – for the fraud investigation team to manage cases and navigate a fraud call. “The data is all right there. Overall, the biggest win for us is just the efficiency gains in terms of navigating our investigations.” – Jamie Smathers, VP of Fraud Prevention, MSUFCU

With the deployment of Pindrop Passport, MSUFCU authenticated 49,907 calls in October, 2024, of which 19,129 calls were authenticated with a full profile match rate of 88.41% and 30,778 calls were authenticated with Low Risk Policies, for an overall authentication rate of 92.99%. Within just a one week period, Pindrop Protect alerted MSUFCU on inbound fraud calls, protecting accounts with over $500k in total funds at risk.

Saving 8.5 Million minutes in handle time and cutting ATO losses by account in half

The Challenge

Before Pindrop, FNBO had nothing in place to detect phone fraud through the IVR (interactive voice response) or even into the call. Their approach was reactive rather than proactive. They used traditional authentication, including “out-of-wallet” questions. Pindrop’s data shows that fraudsters tend to pass such questions with success more than half of the time, whereas the actual person forgets the correct answers 20-40% of the time.

FNBO relied heavily on one-time passwords (OTPs), even with genuine customers. The OTPs were hurting the customer experience and adding two minutes to the average handle time (AHT) while still getting beaten by fraudsters.

The Solution

Within the first year of the Pindrop relationship, FNBO experienced significant results: 4,000- 5,000 fraudulent calls a month bypass the call center agents and go directly to the fraud team. That relieved significant pressure on the Agents as they no longer needed to be fraud experts.


The OTP usage decreased by 75%, and overall, AHT decreased by 30 seconds. Considering their annual volume of 17 Million calls, that meant a reduction of 8.5 Million Minutes in total handle time.


Even though FNBO did not consider having an ATO problem before working with Pindrop, their ATO recognition rate increased by 59%. Their total ATO losses decreased by 16%, and the average ATO loss by account decreased by 47%.

IVR Adapted Technologies

Identify fraudsters in 
real-time

Passive multi-factor authentication

Flawless IVR Call Risk Model

IVR adapted technologies identify fraudsters in real-time

For the IVR, Pindrop Protect uses multifactor analytics developed specifically for the IVR environment and runs in every call background. Protect combines 5 technology engines into one platform, which analyzes risk across time and accounts to determine if an incoming caller exhibits anomalies that indicate high-risk or suspicious behavior, activities, fraud or fraudulent reconnaissance.

Passive, multi-factor authentication

Pindrop Passport eliminates or significantly reduces traditional authentication methods and the unwanted customer friction they bring, replacing them with a multi-factor authentication solution. Passport improves overall customer experience and hardens the call center to attacks.

Authentication happens in the background, reducing call handle times, saving operational costs, and increasing agent efficiency.

What’s next

FNBO plans to improve account monitoring by leveraging Pindrop as a central investigation tool verifying suspected ATO and fraudulent applications through any other systems leveraging account risk.

As FNBO expands its business lines, it intends to use Pindrop for call risk and account risk intelligence on phone lines in addition to their toll-free numbers.

About FNBO

First National Bank Omaha (FNBO) is a subsidiary of First National of Nebraska. It is the largest privately held bank subsidiary in the United States. First National of Nebraska has grown to nearly 5,000 employees with locations in seven states and $24 billion in assets. First National Bank of Omaha has been ranked “Highest in Customer Satisfaction with Retail Banking in the Midwest” by J.D. Power, named a MONEY Best Bank in the Midwest, and rated one of Forbes Best Banks in America.

The Solution

  • CommunityAmerica Credit Union prevented over $570,000 in fraud exposure within months – without sacrificing CES or adding further friction into the process.
  • 115 seconds got removed from total call times.
  • KBAs were reduced to 2 and when all KBAs, 4 in total, were removed for callers.
  • CommunityAmerica Credit Union saw reductions in average hold time across 98% of its calls, greatly reducing operations costs associated with the additional time that was once used for asking questions and extending members’ experiences unnecessarily.

What’s next

This expansion of anti-fraud capabilities into the IVR will enable CommunityAmerica Credit Union to predict what accounts will be “at-risk” 60 days before a fraudster attempts to make a withdrawal.

By automating APIs, CommunityAmerica Credit Union can focus on making sure 80% of incoming calls have identity claims.

CommunityAmerica Credit Union will soon be able to leverage the analysis of relationships between activities, accounts, and calls across time.

After this bank, which manages more than $73 billion in assets, leveraged Pindrop for authentication, the next phase of its customer service delivered deeper fraud prevention.

The Challenge

This bank wanted to understand more about the risky authentication attempts that were targeting its contact center. The bank also wanted to quantify the various types of fraud bad actors were applying.

The Solution

This bank wanted to understand more about the risky authentication attempts that were targeting its contact center. The bank also wanted to quantify the various types of fraud bad actors were applying.

Fraud Prevention

Risk is alerted quickly

Insightful Intelligence

Rapid response foils attacks

Quantify Attack Types

Understand and prevent the risk

Better Together

Results are amplified with two solutions

Curiosity spawns new way to deliver business impact

Customers are at the center of every conversation at this bank. In fact, customer-centricity is the top company value. This has been the case for over 170 years and that focus on customers and why this bank chose Pindrop’s authentication solution for its contact center.  With Pindrop Passport in place, this bank became more curious about the calls that had a higher risk value.  The contact center leadership was very curious to define exactly how much fraud was occurring in the phone channel.  This bank already provides a significant amount of anti-fraud education to its consumers and commercial clients, yet the bank was inspired to pursue even more ways to protect assets and deliver new means of value by enabling Pindrop Protect®.

Pindrop Protect quickly surfaced fraud patterns and volumes that were highly actionable. The user interface is so easy to use, the bank’s fraud analysts can see the details about each call and what factor was influencing the highest risk scores. With the insights from the phone channel that Pindrop Protect provides, the analyst can immediately block transactions and requests from occurring in other channels such as in-app and wire transfers as well as IVR services. In less than one year, the bank measured its ability to prevent fraud attacks on over $56M in assets with Pindrop.

Safeguarding never stops

Due to the post-pandemic rise in fraudulent activity, it is typical for a bad actor to attack multiple times and with a variety of methods. With Pindrop Protect, approximately one in five calls into the contact center are flagged for risk. The forms of fraud run the gamut from counterfeit checks, unauthorized transfers, fraudulent check orders, new debit card requests, web banking attacks, and online account transfer fraud.

Thanks to Pindrop’s Advisory Services consulting, the bank’s fraud prevention team is always at the forefront of the latest insights. Together, Pindrop and the bank are constantly innovating and adapting to stay well ahead of fraudsters.

What’s next

The bank and Pindrop will continue to evolve both the authentication and anti-fraud programs to lead the way with the latest best practices to drive even higher business results. By having both Pindrop® Passport and Pindrop® Protect in place, the two solutions amplify the effect of one another.  As for the next horizon, the bank will synthesize more of its internal and Pindrop data intelligence to deliver new ways to support the ease of experience for its genuine callers and detect risk across its portfolios. 

Reducing:

  • Hold times
  • Time for authentication
  • Voice and cross-channel fraud
  • Agent stress
  • Costs

Improving:

  • Member experience
  • Agent experience
  • Abandon rates dropped from 25-30% to just 5-10%
  • Average hold times improved by 80%
  • Average handle times reduced by 13% or approximately 45 seconds
  • No need to replace 3 FTE (lost due to natural attrition)
  • Members reported increase in prompt service satisfaction
  • Agent stress levels improved – they can finally breathe in between calls!
82%
authentication rate

45
seconds reduction in average handle time

20%
drop in abandon rates

80%
improved average hold times

Hold times decreased, and member base went up with a better experience

The biggest improvement from the Pindrop relationship came in the area they cared about the most: Member experience. Within just 3 months, about 56% of their member base was already enrolled, allowing for a more frictionless identity and authentication process.

Using low risk and profile match authentication, they have achieved an 82% authentication rate on total agent calls; The average hold times improved by 80%, decreasing to less than 1 minute; The abandon rates dropped from 25-30% to only 5-10%. They also experienced a 45 second reduction in average handle time (AHT) year over year since implementing Pindrop Caller Authentication.

As a result of Affinity Plus increasing their efficiency, agent workdays are far less hectic and less stressful, they can finally breathe! Agents are given more time to focus on their career development plus other member communication channels can be supported, such as the chat and texting channels. Affinity Plus utilizes Net Promoter Score (NPS) to measure their member satisfaction. As a result of the Pindrop relationship, that score was bolstered. Specifically, the “prompt service” component showed the biggest improvement.

Continuous Growth

The next step for Affinity Plus is frontloading their phone system with a conversational bot. They feel very comfortable doing so because with Pindrop, they have reliable authentication technology in place. They are also planning to expand self-service in their interactive voice response (IVR) system, allowing the conversational bot to enable payments, transfer funds, provide balances, etc. on behalf of the securely authenticated member.

About Affinity Plus

Affinity Plus Federal Credit Union is a non-for-profit member-owned cooperative that puts people first above profits. For Affinity Plus, “people” includes both members and employees. They strive to improve the lives of their members through meaningful banking, exceptional experiences, and trusted relationships. Affinity Plus is also one of the largest credit unions in Minnesota, with 30 locations, 240,000 members and nearly $4B in assets.

The Federal Trade Commission (FTC) reported that in 2023, consumers lost more than $10 billion to fraud. Additionally, a YouGov survey revealed that more than a quarter of American adults have been victims of bank or credit account fraud

As daunting as these numbers are, we expect them to keep growing as we enter the digital age of banking. Financial institutions need to be prepared to handle the ever-changing fraud attacks while maintaining a seamless customer experience. The question is: How can you provide excellent customer service and improve security?

Learn how banking fraud investigation, detection, and prevention work below.

What exactly is banking fraud detection?

Banking fraud detection refers to a comprehensive set of techniques and technologies designed to help protect a bank’s most critical assets: customer information, financial resources, and secure systems. At its core, fraud detection aims to identify suspicious activities and potential fraud attempts in real-time, ensuring that any threat is promptly flagged for investigation. 

This process involves analyzing vast amounts of transaction data, monitoring for unusual patterns, and leveraging advanced tools like artificial intelligence and machine learning to outsmart increasingly sophisticated bad actors. Fraud detection works with prevention strategies, forming a robust defense to help protect financial institutions from devastating breaches that would impact their customers.

Types of banking fraud

Banking fraud can be categorized into two main areas: account takeover methods and general banking fraud. Understanding both is essential for effectively detecting and helping prevent fraudulent activities in financial institutions.

Account takeover methods

Account takeover (ATO) refers to a fraudster gaining unauthorized access to a customer’s account, often by exploiting weak points in security systems. These methods include:

  • Phishing attacks: Fraudsters send deceptive emails, texts, or calls pretending to be from legitimate sources, tricking customers into revealing sensitive information like passwords or account numbers.
  • Credential stuffing: Cybercriminals use stolen login credentials from data breaches to gain access to multiple accounts where users have reused passwords.
  • Session hijacking: Attackers intercept active banking sessions by stealing session tokens, allowing them to take over the user’s account while bypassing login processes.
  • Social engineering: Fraudsters manipulate victims into providing sensitive information or performing actions that compromise account security, such as clicking on malicious links or transferring funds.
  • Password spraying: Fraudsters attempt to access multiple accounts by trying commonly used passwords across a broad set of usernames, attempting to avoid detection by keeping the number of attempts per account low.

General banking fraud

While account takeover methods focus on compromising user accounts, general banking fraud involves broader tactics to exploit weaknesses in banking processes or systems. Some of the most prevalent types include:

  • Fraudulent documents: Criminals use falsified documents, such as fake IDs or altered financial records, to open bank accounts, apply for loans, or execute unauthorized transactions.
  • Check fraud: This type of fraud includes altering, forging, or counterfeiting checks to withdraw money from a victim’s account illicitly.
  • Money laundering: Fraudsters attempt to “clean” illegally obtained funds by passing them through legitimate financial systems to disguise their origin, often using unwitting banks to facilitate the process.
  • Authorized push payments: In this type of scam, fraudsters trick victims into willingly authorizing payments to fraudulent accounts, often through fake business requests or impersonating trusted contacts.
  • Real-time payment fraud: Fraudsters exploit instant payment systems, making it difficult for banks to detect or reverse transactions before the funds are transferred and withdrawn.
  • Wire fraud: Criminals use fraudulent information to convince individuals or businesses to wire money to fraudulent accounts, often by impersonating trusted contacts or institutions.
  • Bill discounting fraud: Companies submit fake or inflated invoices to banks to receive financing, deceiving financial institutions into providing credit based on fraudulent claims.

By understanding both account takeover methods and general banking fraud, financial institutions can implement comprehensive strategies to combat these evolving threats. 

What typically happens when a bank receives a fraudulent claim?

Banks often take several steps to resolve the issue when a customer reports fraudulent activity. First, they attempt to verify whether the transaction is legitimate by checking details like location, time, and spending patterns. The bank then investigates, typically resolving the claim within 10 business days, and may notify federal authorities if large-scale fraud is detected. Suspicious Activity Reports (SARs) are typically filed for more complex money laundering or organized crime cases.

How do banks detect fraud?

Banks typically use a range of tools and technologies to detect fraud. These methods include:

  1. Rule-based systems: Earlier fraud detection systems relied on fixed rules, such as transaction limits or location mismatches, but these can be easily bypassed by sophisticated fraudsters.
  2. Machine learning: Modern banks use machine learning to analyze vast amounts of data and recognize unusual patterns. This system can learn and adapt over time, often improving its ability to detect financial crimes.
  3. Telecommunications monitoring: Tools like multifactor authentication (MFA) and secure messaging help alert both banks and customers to suspicious activity.
  4. Predictive analytics: Banks can preemptively flag transactions that don’t fit typical customer behavior by predicting behavior patterns.

Together, these tools help equip banks with the ability to stay one step ahead of fraudsters, helping identify threats in real-time and minimize the impact of fraudulent activity on their customers.

What are the biggest challenges of banking fraud detection and prevention?

Though these challenges vary, they can be broken down into four main categories:

Money laundering

Stolen money needs to be “cleaned” through money laundering. This process occurs when bad actors pass the currency through legitimate channels to have it verified by trusted sources.

Laundered funds are often broken into smaller amounts or routed through multiple accounts to avoid detection, making it difficult for banks to track. Criminals might also exploit offshore accounts or digital currencies to further obscure the money’s origin. This makes money laundering a tough problem for financial institutions, as they must continually adapt their detection methods to stay ahead of increasingly sophisticated tactics.

Account protection

Bad actors can steal login information, card information, or the card itself of a customer, resulting in an account takeover (ATO). The fraudster then uses the account as their own, which can include card-not-present (CNP) fraud, lost/stolen fraud, counterfeit fraud, and digital funds transfers. 

The Identity Theft Resource Center tracked 2,116 data compromises in the first three quarters of 2023, which broke the all-time high of 1,862 total compromises in 2021. Customer information is usually stolen by phishing or hacking. Multifactor authentication can help financial institutions defend against this.

Customer onboarding

Information can be lost, misunderstood (or, even worse), stolen during customer onboarding at banks. There are regulations in place to try and help with security, like KYC (Know Your Customer) or AML (Anti-Money Laundering) that are designed to ensure customer identity is properly confirmed.

Financial institutions have found millions of fake accounts in the past. This can be especially prevalent for institutions that offer potential customers a cash incentive to sign up.

Credential theft

It’s important for banks to identify suspicious activity when it occurs on customer accounts. Banks will review currency, amounts spent, categories, or merchant names to try and prevent fraudulent credit card activity.

Tips to detect banking fraud

Follow the tips below to help prevent bad actors from accessing digital banking information:

Brush up on your AI

Considering the volume of transactions flowing through banks today, it’s important to leverage artificial intelligence to monitor and flag concerning activities.

Invest in the best AI solutions you can afford to help catch fraud before it spirals out of control. This is particularly important in combating identity theft and bank fraud detection.

Keep an eye on internal fraud

Did you know that according to Clari5, a staggering 65% to 70% of fraud in the banking industry stems from internal sources? 

Cultivating a culture of integrity and honesty within your organization is essential. 

Review transactions regularly

Stay on top of your customers’ online account activities. For high-risk customers, conduct reviews at least weekly; for lower-risk customers, a monthly check may do the trick. This practice can help you catch suspicious transactions early.

Remember, AI can play a pivotal role in identifying patterns that might otherwise go unnoticed, helping to reduce financial losses and criminal activity. 

Educate your customers

One of the best ways to prevent account takeovers is customer education. Tell customers what risks they’re facing, what they should be looking out for, and how to interact safely with their online banking system.

Make them aware of what kinds of phishing emails they may encounter. Alert them to what information a bank should or should not ask for over text message, and from whom the message should be sent. Another great tip is to instruct customers that, when in doubt, call your bank directly to clarify.

Invest in comprehensive security tools

How are you supposed to fight fraud rings who make this their full time job if you don’t have the best toolset? Are you contacting your customers with secure financial messaging services?

Consider using third-party tools to strengthen security. Technology has evolved beyond 2FA with tools. Device fingerprinting, voice authentication, multifactor analysis, and biometric security are becoming increasingly commonplace. Just ask NIST, the leading voice in security best practices

[maxbutton id=”3″ url=”https://www.pindrop.com/request-a-demo” text=”Schedule your Demo” ]

Arm your customers with a fraud prevention checklist

Equipping your customers with the knowledge and tools to detect fraud is a proactive way to reduce risks. Use this checklist to help guide them:

Step 1: Update customer contact information often

Remind your customers of the importance of keeping their contact information up-to-date. Encourage them to review and update their phone numbers, email addresses, and mailing addresses at least once a year or whenever they change their information. Let them know that accurate contact details help ensure they receive important alerts regarding their accounts, especially in case of suspicious activity. Offer easy online forms or in-app features so they can make updates quickly.

Step 2: Make sure your customers always use strong passwords

Customers should make unique versions of their passwords that they haven’t used in the past. Advise them against replacing “O”s with “0”s or “I”s with “1”s or other common substitutions. Tell them to make the password longer when possible, too, as this makes it more difficult for hackers to bypass. Finally, consider recommending a password manager to keep security locked down.

Make sure customers know that hackers can access their accounts faster if they use the same password or similar variations.

Step 3: Encourage mobile alerts

Advise your customers to opt into mobile alerts for transactions. Explain that these alerts can notify them immediately of any account activity, allowing them to quickly recognize unauthorized transactions. Suggest that they set up alerts for large transactions, changes to account settings, and new device logins. Encourage them to respond promptly to any alerts they receive to mitigate potential fraud.

Step 4: Remind customers to update their devices

Stress the importance of keeping devices secure. Remind customers to use strong passwords or biometric security features to lock their devices. Encourage them to regularly update their operating systems and applications, as these updates often include important security patches. Additionally, suggest they install reputable antivirus software to help protect against malware and viruses that can compromise their banking information.

Step 5: Familiarize customers with red flags

Customers should never click on suspicious links from unknown email addresses. Confirm the email address isn’t a slight variation of someone they know or an institution they trust.

Help your customers become more vigilant by educating them about common signs of fraud. Encourage them to be cautious of unsolicited emails, texts, or phone calls requesting personal information. 

Advise them to double-check the sender’s email address and look for any discrepancies. Emphasize the importance of never clicking on suspicious links or downloading attachments from unknown sources. Remind them that they should never share personal information, such as passwords or account numbers.

Step 6: Advise customers on knowing what third-party accounts have their login information

Instruct your customers to regularly review which third-party apps and services have access to their banking information. They should be aware of what data these apps can access and understand the potential risks involved. Advise them to revoke access to any applications they no longer use or that seem untrustworthy. Remind them that sharing banking login information can increase their risk of falling victim to fraud, so they should be discerning about what information they share and with whom.

Banking fraud in the future

How will bad actors update their tactics in the coming years? The future of banking fraud is evolving rapidly. Here are a few bank fraud trends to watch out for:

AI-driven fraud: Fraudsters use AI to automate attacks and bypass security measures. Banks will need to counter this with even more advanced machine-learning algorithms.

Synthetic IDs + deepfakes: Fraudsters are getting better at creating realistic synthetic identities. Deepfake technology adds another layer of risk for identity verification.

Fraud-as-a-service: Bad actors are now available for service on the dark web. Criminals now offer fraud techniques for sale on the dark web, including step-by-step tutorials on executing complex fraud schemes.

Improved social engineering: CEO fraud and other advanced social engineering attacks are becoming more frequent. Fraudsters impersonate executives or trusted entities to extract sensitive information.

To stay ahead, banks must constantly upgrade their defenses with cutting-edge fraud detection tools and strong partnerships with security-focused companies, including trusted telecommunications partners who prioritize security and offer advanced solutions like voice authentication.

Better protect your bank with fraud detection and multifactor authentication

In today’s fast-moving digital landscape, fraud detection tools are essential for any financial institution. Pindrop offers an industry-leading fraud detection solution for banks and financial institutions, using multifactor analysis and voice authentication to better protect your contact center and customer interactions. By leveraging Pindrop’s advanced technology, your bank can better reduce fraud losses, improve customer trust, and outsmart fraudsters. 

[maxbutton id=”1″ url=”https://www.pindrop.com/request-a-demo” text=”Request a Demo” ]

“Advanced” call center authentication methods have been around for over a decade, with some early leaders in voice biometrics launching offerings 20 years ago. And yet, at a time when $17.7B is spent on authentication per year, 93% is spent on legacy tools like knowledge-based authentication (KBAs) and one-time passwords (OTPs). While many call centers have implemented stronger options like voice biometrics and deepfake detection, requirements for high-net speech make those methods available on only a fraction of your calls, and most calls still fall back to outdated authentication methods. Some of these legacy security leaders are now winding down sales of their outdated solutions. That’s why a truly modern authentication strategy is needed–one that uses multiple authentication methods to build confidence in your caller’s identity, providing coverage that won’t require falling back to dated options for validating callers.

Want to hear from speakers at M&T and Pindrop about the letdown of legacy authentication solutions? Watch the webinar today.

Why legacy authentication methods are dangerous to your call center

Legacy authentication methods like KBAs and OTPs are second nature today, making them an easy sell to callers who appreciate the tangible, familiar “security” of this high friction process. Callers often understand these legacy authentication methods because they put the security process in plain sight, despite the effort it takes to complete them. However, it’s important to remember that these were originally designed as supplementary authentication techniques, not primary techniques. They were meant to be one part of a multi-factor authentication system that includes something you know, something you have, and something you are. Despite this, KBAs and OTPs have become overused in call centers, often serving as a main form of authentication. They’re frequently used as a fallback when stronger authentication methods aren’t available, affecting more callers than expected. What many consumers don’t realize–and what call center managers should be aware of–is that both methods carry significant security risks when used as the primary means of verifying a caller’s identity.

The problem with KBAs

The simple pin to knock down is KBAs. With a 78% YoY increase in data breaches in 2023, we can safely assume that most personal information is accessible to fraudsters. In a controlled study featured in our 2023 Voice Intelligence and Security Report, Pindrop and a national contact center found that over a thirty-day period fraudsters passed KBAs 80% of the time, while genuine customers only passed KBA’s 46% of the time3.

The problem with OTPs

OTPs maintain a veneer of legitimacy, but are increasingly a target for fraudulent activity. In fact, aspiring fraudsters can now purchase tools to harvest* OTPs via advertisements on Telegram for as little as $100.4 Fraudsters are using this information to provide correct responses to OTP. When a human is actively involved in the authentication process, there is risk for fraudulent activity.

Now is the time to remove KBAs and OTPs once and for all from the call center, which will require reconsidering your end-to-end authentication process.

How a Pindrop customer approached modernizing their contact center

M&T Bank (M&T), a Pindrop customer, was an early mover to the modern cloud-based contact center environment. Strong self-service options and modern contact center functionality have been a priority for M&T. When thinking about how to keep their contact center authentication and fraud detection ahead of the latest fraud trends, they switched from their existing authentication solution to Pindrop Technologies. 

Recently, SVP, Director Enterprise Fraud Policy and Governance at M&T Bank, Aaron Steinitz shared the drivers behind this decision during a webinar with Pindrop:

  • Empowering call center agents: Provide agents with advanced technology and real-time analytics to make informed decisions without forcing them to be fraud experts
  • Deepfake threat preparedness: Recognize the imminent threat of deepfakes and invest in future-proofing solutions to combat emerging scams
  • Holistic authentication approach: Balance customer trust with actual security measures, educate customers on new processes, and make risk-based decisions using data from voice channels to strengthen overall security

Building a future-proof authentication strategy

Contact center leaders may be inclined or pressured to react to the latest threats, like deepfakes, without laying a proper foundation of strong authentication practices. While we are supportive of deepfake detection in authentication (as demonstrated by our Pindrop® Pulse™ technology and Pindrop® Pulse™ Inspect solution), there is greater risk associated with leaving legacy methods like KBAs and OTPs for any portion of your calls.

For example, our customer M&T considered the following when considering modern authentication practices in their call center:

  1. Implement true device authentication: OTPs posture as device authentication, but with the rate of fraudster interception, they no longer provide a strong indication of device ownership. Look for passive, strong device authentication, like our Phoneprinting® Technology capability, which uses signals coming from the device itself, helping to ensure you’re getting the right device match.
  2. Fortify voice authentication: Voice is well-known, and despite threats from increasingly prevalent deepfake technologies, is still one of the strongest methods for authenticating an individual. Voice vulnerabilities can be reduced when it’s paired with liveness detection and made part of a multi-factor authentication approach.
  3. Integrate passive authentication factors: Fraudsters are well-trained in social engineering, so any active caller involvement is a risk, even when it’s done by the right person. Passive authentication factors (those that require no specific action to be done) take the human out of the loop entirely, and provide stronger authentication on a larger percentage of calls, reducing the need for fall-back methods.

Ready to learn how you can eliminate KBAs and OTPs for good? Listen to our recent webinar: The Legacy Letdown: Why Industry Leaders Are Moving to Pindrop.

*harvest: a technique that involves intercepting OTPs to gain access to sensitive accounts and data.


1Contact Center Babel, The 2024 US Contact Center Decision-Makers’ Guide

2Federal Trade Commission, Consumer Sentinel Network Databook, 2024

3Pindrop Voice Intelligence and Security Report, Let the Right One In, 2022

4 Example advertisement on Telegram channel “Spoof SS7″ with over 1,250 subscribers

According to BAI Banking Outlook: 2024 Trends, banks’ top priorities in 2024 include growing deposits, acquiring new customers, and enhancing customers’ digital experience. BAI is a nonprofit organization in the United States that provides research, training, and thought leadership events for the financial services industry. 

However, one of the biggest challenges to improving the customer digital experience is the risk of fraud. Isio Nelson, BAI’s managing director of research, writes, “Fraudsters are directing various scams against banks and their customers.”

The report further explains that 6 in 10 Gen Zers said they would switch financial services organizations in favor of a bank that offered a better app and other digital capabilities. But it’s a delicate balance. With digital capabilities comes an increased risk for fraud. 

Here’s how we expect the landscape to change in the coming years. Keep reading to be well-informed and prepared for the potential risks and challenges.

The current state of banking fraud

The top kinds of fraud in financial institutions are account takeovers, new account fraud, and familiar fraud (i.e., repeat offenders), all of which require good technology to combat. In 2024, Deloitte predicts that the impact of generative AI, industry convergence, embedded finance, open data, money digitization, decarbonization, digital identity, and fraud will grow. 

Common types of bank fraud

According to the survey by BAI, phishing and check fraud remain the most common types of third-party fraud reported by customers of the institutions surveyed (73% and 72%, respectively). That’s followed by debit card fraud (69%), electronic banking fraud (52%), account takeover (47%), impersonation of official scams such as Social Security and other government programs (37%), malware (25%), provider scams (19%), charity scams (13%), and economic relief scams (13%).

[Chart taken from BAI Banking Strategies Executive Report 2024 Banking Outlook, Page 10]

Synthetic fraud is also on the rise. Fraudsters make up a name based on fictitious information to create enough of a backstory to develop accounts. There is also a rise in cryptocurrency scams.

Six anticipated security trends in banking fraud for 2024

Banks must instill the proper protocol and checks and balances to mitigate and prevent fraud. Here are six changes banks can anticipate as we move to an increasingly digital banking landscape.

1. Real-time payment rails 

Real-time payment rails refer to the infrastructure and systems that enable instantaneous fund transfers between bank accounts or financial institutions. These systems facilitate transactions that are processed and settled in real-time, providing near-instantaneous access to transferred funds. Due to their efficiency, speed, and convenience, real-time payment rails have become increasingly prevalent in the global financial landscape.

2. Tech to prevent deepfake-driven scams 

Deepfake-driven scams refer to fraudulent schemes in which deepfake technology creates convincing audio or video content to deceive individuals or organizations for malicious purposes. Deepfake technology utilizes artificial intelligence (AI) and machine learning algorithms to manipulate audio, images, or videos to make them appear authentic, often by superimposing one person’s likeness onto another’s. Good technology can help avoid such scams from infiltrating banking and allowing fraudsters to gain access to accounts.

3. Tech to spot AI-driven fraud-as-a-service

AI-driven Fraud-as-a-Service (FaaS) refers to the provision of fraud-related tools, resources, and expertise through cloud-based platforms or services powered by artificial intelligence (AI) and machine learning (ML) algorithms. In FaaS models, cybercriminals can access sophisticated fraud techniques, tools, and datasets on a subscription or pay-per-use basis. This enables them to orchestrate various fraudulent activities with minimal technical expertise. Technology, however, contains a fraud consortium to spot trends and prevent repeat offenders.

4. Technology that limits scam fatigue and distrust 

Scam fatigue refers to the weariness and diminished trust experienced by individuals or customers due to being repeatedly targeted or exposed to various scams or fraudulent activities. When individuals are bombarded with fraudulent emails, phone calls, or messages regularly, they may become desensitized to warning signs and less vigilant in identifying potential scams. This can lead to a loss of trust in institutions, businesses, or online platforms and a reluctance to engage in online transactions or share personal information.

5. Large language models 

Large language models (LLMs) can be exploited in various types of scams due to their ability to generate human-like text and responses. While these models are developed with safeguards and ethical guidelines, there are still concerns about their misuse in fraudulent activities.

6. Check fraud persistence 

Despite advancements in digital payment and detection technology, check fraud remains a significant concern in the banking and financial industry. Check fraud involves the unauthorized use, alteration, or creation of checks to steal funds or deceive individuals or businesses.

How technology is reshaping fraud prevention

Technology is crucial in reshaping banking fraud detection and empowering organizations to detect, mitigate, and prevent fraud more effectively. Here’s how technology is driving advancements in fraud prevention.

AI-driven fraud detection systems

Bank leaders want AI to be the answer. Seven in 10 banking executives say AI will be the most critical technology over the next decade. Technology is moving quickly, and it takes good AI to combat and detect future false and fraudulent AI usage.

Biometric verification

An Experian report found that 85% of consumers report physical biometrics as the most trusted and secure authentication method. However, less than a third (32%) of businesses use biometrics to detect and protect against fraud. This is a big disconnect that may impact where customers choose to secure their funds in the future. 

Behavioral analytics

Behavioral analytics involves analyzing patterns, trends, and anomalies in human behavior to gain insights into individual or collective actions, preferences, and decision-making processes. Technology with liveness detection includes a layer of behavioral analysis and is a crucial component in biometric systems. Its goal is to determine if a sample being captured is from a live person rather than a spoof or fake.  

Data analytics and machine learning for anomaly detection

Data analytics and machine learning techniques are widely used for anomaly detection across various domains, including cybersecurity, finance, healthcare, and manufacturing. Anomaly detection involves identifying patterns or instances that deviate significantly from normal behavior or expected outcomes.

Best practices for mitigating banking fraud

As fraud behaviors shift, banking fraud detection platforms must keep up at the same pace. Updated software that can detect synthetic identities is also needed as the number of platforms that create realistic replicas of voice and speech increases.

Eight of the top 10 US banks and credit unions trust Pindrop® to provide voice authentication and fraud detection. The overarching goals remain to increase data security and fraud protection, consider the customer experience, reduce authentication, and improve self-service costs. By implementing these practices, financial institutions can enhance their security posture and effectively combat emerging threats in the evolving landscape of banking fraud.

Secure banking operations with Pindrop® security solutions

The contact center is often the weakest point for fraudsters to enter many companies. Pindrop® technology offers a solution-driven approach to secure banking operations and provides a comprehensive and advanced security framework for the evolving banking landscape. Pindrop’s voice fraud detection signals in the voice channel and the IVR to gain a clearer view of fraud impact. The goal is cutting-edge voice biometrics, machine learning for fraud detection, and enhanced brand and customer reputation. 

To learn more, see how Pindrop® safeguarded $56M in assets while maintaining customer-centricity for a top commercial bank.

While the financial fallout from COVID-19 may have sent the US economy into a pandemic-induced hibernation in 2020, Americans woke this Spring to low interest rates, lower unemployment, new stimulus checks, and eventually more widely-accessible vaccinations. This may explain why consumer confidence, borrowing, and spending are trending up. Meanwhile, gains in the stock market are encouraging many Americans to invest (some for the first time), while others are taking the opportunity to relocate, renovate, or refinance. In short, signs suggest that we are ‘back in business.’

For the contact center, the implications should be an encouraging sign for a financially healthy 2021. But, after over a year of volatility and uncertainty, it should also be a forewarning to thoughtfully and adequately prepare for what may lie ahead. To help organizations identify the trends and shifts to be accounted for, Next Caller commissioned a study conducted by Beantown Media Ventures in June 2021 that asked 1,000 consumers over the age of 18 and living across the United States about how their banking behaviors and expectations evolved, and about the importance that the customer experience had in choosing their bank. Here’s what was uncovered:

Analyzing the Surge in Bank Activity

Nearly 60% of consumers surveyed reported that they are more interested in saving, investing, or getting a loan today than they were just one year ago. Interestingly, that number jumped even higher for younger generations, with 74% of Gen Z and Millennials surveyed reporting the same.

rising demand for banking services
These results demonstrate that regional banks and credit unions have an opportunity to increase business with current customers, but also a chance to win business from a younger demographic that has been traditionally difficult to capture. However, with the proper understanding of the needs and expectations that this cohort holds, credit unions and regional banks can position themselves as both an attractive alternative or supplement for the elusive cohort, while continuing to foster relationships across the rest of the generational spectrum.

Despite some encouraging trends, not everyone is benefiting from the recent economic conditions and many are actually in a worse financial situation than before the crisis. When combined with those calling to capitalize on exciting new opportunities, callers that are looking for help managing their circumstances may also be contributing to the overall rise in call traffic to contact centers. Spikes in call traffic can challenge contact center teams and the processes and systems in place to keep the balance between a good call experience and operational security.

Meeting Digital Demands

Quick and easy online or mobile banking experiences have almost become table stakes to delivering on customer service expectations. However, there can be a digital divide between the digital experiences of regional banks and credit unions and their more resourced national competitors. This innovation lag may contribute to the difficulty that regional banks and credit unions might face in trying to capture the younger generation who prioritize digital-friendly interactions.

influential factors in choosing a bank

Younger generations (millennials and Gen Z) are attuned to what “good” and “bad” digital customer experiences look and feel like, often because they have a lifetime of experience with them. As such, these individuals appreciate, and likely place a premium on, a digital-friendly approach when it comes to banking. Millennials surveyed were almost twice as likely (41%) than Gen X (23%) and Baby Boomers (24%) surveyed to say that “a better digital/mobile experience” was influential in them choosing their banks. The time is now for regional banks and credit unions to embrace digital-friendly experiences in order to attract and keep the interest of younger customers

Of course, it’s not just our younger generations that care about Customer Experience. 40% of consumers surveyed said that customer experience was an influential factor in choosing their bank. Few areas in life can bring as much stress, anxiety, or even excitement as finances. And given the volatile backdrop of the past year, it is reasonable to assume that the urgency around financial matters across the age spectrum is likely to have grown. In short, now may be the perfect time to make for a good impression. But, making a good impression can be challenging if your business cannot authenticate customers when they call. The extent to which a contact center can streamline authentication by making it passive, and predictive could be the determining factor in whether the caller stays a long-term customer.

Balancing Service & Security in the Call Center

A combined 61% of consumers surveyed who bank with a regional bank or credit union said that when they call they prefer to “talk to a human being for most things” (44%) or that they “want to talk to a human no matter what” (17%). This places the onus on contact centers and their teams to deliver consistent, and consistently good service, even when stretched thin.

This is a challenge under any circumstance, but in an environment where there is less room for error, it can be an even more daunting prospect. Over 30% of consumers we surveyed reported that they would switch banks after 1-2 poor customer service experiences.

Further illustrating the importance of service for bank customers today, is the fact that nearly 40% of those surveyed switched banks due to a bad customer service experience. To reduce any churn, call centers need to handle customers’ needs with empathy and without friction. With 48% of consumers surveyed saying their experiences when calling their bank is “just OK” or “slow and frustrating,” there is room to improve–or differentiate from those that don’t.

But where does this friction come from? While there are many things that can go awry during a customer service interaction, the cause of frustration can come down to traditional methods of authentication, such as knowledge-based questions and one-time passcodes. These methods were created to stop criminals, but they can end up exasperating customers.

Additionally, fraudsters who have had ample opportunity to secure personal information over the past year can be better than customers at answering KBA questions. Over time, these methods have lost effectiveness as a primary tool in keeping customers safe.

Achieving the right balance between service and helping protect a business from fraud in the call center falls to seamlessly integrated digital tools such as ANI Validation, paired with ANI Matching capabilities that can quickly link callers to their accounts. Many customers may now expect customer service reps to know their purchase history and contact information as soon as they start speaking to one another. With these passive tools, contact center teams can increase the number of customers who experience a more seamless authentication process, without rolling the red carpet out to impersonators. The resulting efficiencies can also help reduce agent caseload and cost per call by saving handle time.

Perhaps eager to make up for lost time, consumers might also be actively shopping for the financial institutions that can best enable their plans. And with so many choices, they may not be likely to compromise. Thus, an opportunity is forming for community banks and local credit unions to stand out in an otherwise crowded field. Earning business can hinge on delivering a personalized, frictionless experience–and every phone call is a new first impression.

The financial services industry has undergone many changes, not only in the past four months but also for the past several years. Consider this, from 2010 to 2019, the number of full-service bank branches fell by 12%, dropping from 95,000 to around 83,000. With fewer people visiting offices now, due to the pandemic, branch closures will likely continue or even accelerate.

The closures do not come as a surprise. It’s more expensive to complete a transaction at a branch than online, and cutting costs is the top priority for many financial institutions. Meanwhile, bank closures have pushed more customers to turn to online banking out of necessity.

With fewer people going into branches, many contact center agents now find themselves in the role of customer tech support — assisting new mobile app users to solve various issues while also handling their typical call load. Many agents remain in a remote-work environment, due to the health crisis, further complicating operations and impacting productivity often negatively when technology, such as an additional monitor, is not available to them at home. The individual agent’s time is becoming more valuable, and therefore more expensive to the contact center.

Due to limited branch access, closures, and other coronavirus concerns, the number of calls at bank contact centers has risen by 15 to 25% since the pandemic started. Increased call volume leads to more extended call handle and hold times, and the potential for customer service disruption. 

The new normal for bank contact centers is a significant increase in call volume, which makes decreasing handle times more crucial than ever. So how can you make sure that your contact center’s workforce is optimized?

One immediately actionable step is to implement process automation to directly combat the influx of new calls while maintaining excellent customer service.

1. Process Automation as a Path Forward

Process automation is essentially the use of technology to streamline complex business processes. Process automation within the contact center can be implemented to authenticate callers quickly and accurately, which can significantly reduce AHT and enable better personalization and customer service.

Process automation can replace inefficient, outdated authentication options such as knowledge-based authentication questions (KBAs). Asking callers a series of personal questions (the answers to which fraudsters can easily access) can frustrate both customers and agents, and provides minimal security within a digital landscape of highly sophisticated scam artists.  
KBAs cost contact centers money by driving up AHT and reducing agent efficiency. Process automation promises a more sustainable trajectory.

2. Legitimate Callers Quickly and Accurately

KBAs have become inefficient and counterproductive to the growing demands facing bank contact centers. Consider that fraudsters pass KBAs at an alarming rate (20%-40%), while legitimate callers fail to answer KBAs correctly 47% of the time.

The right process automation solution allows you to leverage the latest technology to generate inbound credentials for every caller, and supply the IVR or agent with the data necessary to do their job. 

Legitimate callers can be passively authenticated based on voice, device, and behavior. They won’t experience the frustration of having to remember the location of their first job or the color of their first car when they call in about a pressing matter.

For example, Pindrop’s Passport passively authenticates legitimate callers with less hassle and frustration for both customer and agent. Passport provides your customers with a streamlined service experience that will delight and not agitate. 

3. Take Control of Hold Times & AHT

Reducing AHT can improve efficiency and slash costs significantly. While some solutions advertise a handle-time reduction by about three seconds, an integrated solution offers far more meaningful savings. Removing a single step out of the CSR workflow ultimately only delays the inevitable need to address new processes more comprehensively.

Consider multi-factor authentication solutions, driven by the latest technologies, that reduce AHT up to 30 to 60 seconds per call, and increase IVR containment by 3 to 5%. This is the kind of game-changing solution that not only helps bank contact centers tackle increased call volume, but contributes to significant cost savings, higher overall productivity, and increased customer satisfaction.

4. Maintain High Levels of Customer Service with Higher Call Volume

Customer service is becoming a key driver for business success. According to Pindrop Labs, some 90% of consumers report that three or fewer “bad experiences” with the contact center will cause them to “churn,” meaning search for or switch to a new provider. Customers have come to expect streamlined service, personalized attention, and more self-service options. 

In a crowded marketplace, banks compete on customer service. And as face-to-face interactions at the branch become less frequent, maintaining excellent customer experience falls on the contact center. Banks have an opportunity to empower their customers with the ability to access the information they need quickly and easily, in less time with less frustration.

Automating authentication makes this possible while avoiding the operational and capital expenditures required to purchase and deploy extensive on-premise hardware solutions. Automating authentication can help banks deliver a customer experience that competitors can’t match, with more self-service options, shorter call times, personalized service, and a painless authentication process that runs in the background.

Pindrop’s multi-factor, passive authentication solutions empower both customers and the financial institutions that serve them. The integrated platform increases satisfaction through expedited service, enhanced features, and protection from fraud.

Learn more about how Pindrop can help your contact center provide a superior customer service experience that’s custom-built for the banking world’s new normal.

There is a growing crop of mobile malware that is designed to overlay a user’s phone screen and harvest banking and other credentials, and the attackers behind these tools have thoughtfully created a range of options, from low-end to premium priced.

Researchers at IBM’s X-Force team have been tracking a variety of mobile malware samples in underground forums recently, most of which are offshoots or close cousins of the venerable GM Bot. The GM Bot malware has been around for more than 18 months now, and it has been used by cybercrime gangs to infect mobile devices and steal users’ banking data through the use of overlay screens. The malware detects when a victim is using a mobile banking app on an infected device and produces an overlay screen that mimics the banking app’s login screen.

The malware will then capture the victim’s banking credentials and send them to the attacker. GM Bot has been employing this technique for some time, and after the source code for that malware leaked online in February, other malware authors have adapted the technique for their own offerings. Like most mobile malware, these applications target Android devices, and while GM Bot can cost as much as $15,000, some of the others are much less expensive.

“Three alternative offerings actively being sold in underground boards include Bilal Bot, Cron Bot and KNL Bot. These malicious codes are being peddled by their authors for prices ranging from $3,000 to $6,000. While they may not possess the same feature variety as GM Bot, all three claim to have the overlay screen capabilities and data theft ability, according to their vendors,” Limor Kessem of IBM wrote in a post about the malware offerings.

KNL Bot has a wide range of capabilities besides stealing banking credentials. The malware can intercept incoming texts and send outgoing texts, a function that often is found in banking malware as a method for bypassing two-step verification. Banks will send verification codes via SMS to users for new logins or transactions, and malware that can intercept those messages is especially dangerous. KNL Bot also has a function that will lock the phone while the malware continues to run in the background.

The Bilal Bot malware is selling for about $3,000, Kessem said, and has some sophisticated overlay capabilities.
“Although this malware is supposedly still in testing mode, Bilal Bot promises to focus on fraud-enabling capabilities, namely overlay screens, SMS hijacking, call forwarding and customized overlay packages. It also will reportedly enable the botmaster to edit and enable overlay screens from the control panel, then send them to the infected bots (see below for its control panel, showing phishing overlay screen edit option). Those functions are yet to be seen in the wild,” Kessem said.

Cron Bot, by contrast, is designed more in the mold of desktop malware, giving attackers a variety of capabilities, such as SMS interception, cross-platform support, and a modular architecture. The bot is sold in several different pieces, including the executable and the Android package, and customers also can rent encryption services from the authors.

“The rising supply of different offerings, including low-cost alternatives, may be in response to the rising demand for fraud-facilitating wares at a time when full-fledged banking Trojans have become the domain of organized crime groups. Overlay Android malware is fueled by cybercriminal buyers who see this capability as a panacea to the fraud endeavors they cannot carry out without a banking Trojan operation,” Kessem said.

The kind of features that once were reserved solely for top-shelf malware is becoming standard equipment for mobile malware. The latest must-have feature is the ability to bypass two-factor authentication and it is showing up in more and more malicious apps, especially those that impersonate banking apps.
A couple months ago a new version of the Bankosy Trojan was discovered that had the ability to intercept SMS messages from banks on infected devices and then forward them to the attacker. Some banks use texts as an out-of-band method of 2FA, sending short codes to users, who then enter them in the app or online. Attackers have been developing methods to circumvent this authentication scheme, and the most effective has turned out to be a combination of stealing texts and overlaying banking app login screens.
Many phishing campaigns and normal desktop versions of malware have relied on authentic-looking bank login sites to fool users into entering their credentials. But on the mobile platform, users employ dedicated mobile apps that are far more difficult to impersonate or replace with malicious versions. So attackers have begun employing a tactic in which malware will display an overlay screen whenever a targeted mobile banking app is opened. That screen mimics the actual app’s login screen and allows the attacker to steal the victim’s credentials.
Researchers at Eset have come across another mobile Trojan using this tactic, as well. The malware affects Android devices and masquerades as Adobe Flash.

“The malware manifests itself as an overlay, appearing over the launched banking application: this phishing activity behaves like a lock screen, which can’t be terminated without the user entering their login credentials. The malware does not verify the credibility of the data entered, instead sending them to a remote server, at which point the malicious overlay closes. The malware does not focus only on mobile banking apps, but also tries to obtain Google account credentials as well,” Lukas Stefanko of Eset wrote in an analysis of the malware, which is known as Android/Spy.Agent.SI.

This malware also can intercept SMS messages from banks and right now is targeting customers of numerous banks in New Zealand, Turkey, and Australia.

The FDIC has released a cybersecurity framework for banks that describes a long list of threats to financial institutions and includes recommendations for how they can defend against those threats.
The framework doesn’t contain any surprises or novel threats, but provides a broad outline of the problems banks and other financial institutions face, such as phishing, malware, DDoS attacks, and others.
“During the past decade, cybersecurity has become one of the most critical challenges facing the financial services sector due to the frequency and increasing sophistication of cyber attacks. In response, financial institutions and their service providers are continually challenged to assess and strengthen information security programs and refocus efforts and resources to address cybersecu – rity risks,” the introduction to the framework by Doreen Eberley, director of the division of risk management supervision at the FDIC, says.
Financial institutions have been at the top of the target list for just about every kind of attacker since the dawn of the Internet, and banks invest as much in information security as any other organization. But attackers have had more than their fair share of successes against banks in recent years, both with direct attacks and with phone fraud schemes that convince consumers or businesses to transfer money directly to the criminals.
The attack surface for a typical bank is broad and deep, comprising the internal network, the customer base, mobile apps, payment networks, and many other components. Defending that surface against increasingly professional and persistent attackers is a complicated and difficult proposition. Even institutions with mature information security programs can have weak spots that attackers can exploit for profit.
“In today’s banking environment, business functions and technologies are increasingly inter – connected, requiring financial institu – tions to secure a greater number of access points. Innovation has resulted in greater use of automated core processing, document imaging, distributed computing, automated teller machines, networking technologies, electronic payments, online banking, mobile banking, and other emerging technologies. At the same time, physical data assets have been auto – mated and a bank’s sensitive customer information stored on computers has become as valuable as currency— a different kind of asset that needs safeguarding,” the framework says.
Among the recommendations the FDIC includes in the framework are that banks take advantage of available threat intelligence assets, such as information from the FS-ISAC and US-CERT. The group also recommends that banks implement comprehensive patch-manegement programs and security awareness training for employees.
Image from Flickr stream of Pascal.

The venerable phishing scam has been trying on some new clothes as of late, and quite often those outfits are costing victims dearly. The latest and perhaps most expensive of these is the version of the executive email scheme that hit a Belgian bank recently and cost the firm more than $75 million.
This particular scheme, which also is known as business email compromise, often is used against smaller businesses and can take a wide variety of forms. It can be an email that looks like it comes from a trusted partner such as a recruiter or accounting firm, or a message supposedly from a supplier demanding payment for some past due invoice. But the most pernicious and apparently effective version is the email that purports to come from the CEO, CFO, or other top executive at a given company.

These messages often will be marked urgent and will go to someone in the target company who has financial authority, say a top finance manager or an accountant. The email will usually have the correct sender’s address and possibly the same signature block the executive actually uses. It will direct the recipient to transfer money immediately to a specific account for an upcoming transaction, such as an acquisition.

This is what hit Crelan Bank in Belgium last week, and the company said that the scheme cost it upwards of $75 million. That figure makes it one of the larger instances of this kind of fraud to emerge at this point.

“The underlying profitability of the bank remains intact,” Crelan CEO Luc Versele said in a statement. 

The details of the incident remain scarce at this point, but Belgian newspaper De Standaard said that Crelan has contacted law enforcement about the scam.

Voice security is
not a luxury—it’s
a necessity

Take the first step toward a safer, more secure future
for your business.