May 22, 2020
Consumer experience and biometrics are at a crossroad as consumers…
In the past two years, call center fraud has grown at an alarming rate. Attackers target call centers to gain access to funds, as well as gathering, testing and augmenting personal data to use in future fraud attacks or to sell on the black market. To learn more about these attacks, the research team at Pindrop Labs has analyzed more than 10 million calls to major enterprise call centers between 2011-2016. These researchers believe the rise in the number of attacks can be traced to a migration of fraudsters to the phone channel, which is the weakest link into an organization. Factors influencing this migration include the US rollout of chip credit card technology, the global increase in data breaches, and stronger online and mobile security.
Call centers have many vulnerabilities that make them an attractive target for fraud:
The Human Element Is Unreliable – Call centers that rely on live agents to look for suspicious callers are at high risk for social engineering attacks. They also risk customer experience, by forcing agents to enforce policy before helping the customer.
The IVR Is A Blind Spot – Most companies do not have sufficient insights into customer IVR activity. Pindrop researchers analyzing IVR calls found repeated PIN resets, account mining, extremely long calls, and other suspicious activity that indicates IVR fraud at a rate close to that seen in live agent fraud.
Caller ID Can’t Be Trusted –Call metadata like Caller ID numbers, Automatic Number Identification (ANI), or Calling Line Identification (CLI ), is completely unreliable today. Fraudsters have cheap and easy solutions to spoof this information.
Knowledge Based Authentication Doesn’t Work – Gartner estimates that 10 to 30 percent of legitimate callers fail KBA, while criminals are sometimes able to answer successfully. The abundance of customer information available on the black market mean fraudsters can easily find the correct answers.