2016 UK Call Centre Fraud Report

Brought to you by Pindrop Labs

Request a Download

Call Centre Fraud has Grown 45% Since 2013

At UK financial institutions, call centre fraud has reached an alarming rate. Attackers target call centres to gain access to funds and take over accounts. They also use the call centre to gather, test and augment personal data to use in future fraud attacks or to sell on the black market. Pindrop researchers believe this rise in the number of attacks can be traced to a migration of fraudsters to the phone channel, which is the weakest link into an organisation. Factors influencing this migration include the global increase in data breaches and stronger online, mobile, and especially physical security.

Key Findings

Why the Call Centre is the Weakest Link

Call centres have many vulnerabilities that make them an attractive target for fraud:

reputation-blueThe Human Element Is Unreliable – Call centres that rely on live agents to look for suspicious callers are at high risk for social engineering attacks. They also risk customer experience, by forcing agents to enforce policy before helping the customer.


keypress-blueThe IVR Is A Blind Spot – Most companies do not have sufficient insights into customer IVR activity. Pindrop researchers analysing IVR calls found repeated PIN resets, account mining, extremely long calls, and other suspicious activity that indicates IVR fraud at a rate close to that seen in live agent fraud.


statistics-blueCaller ID Can’t Be Trusted –Call metadata like Caller ID numbers, Automatic Number Identification (ANI), or Calling Line Identification (CLI ), is completely unreliable today. Fraudsters have cheap and easy solutions to spoof this information.


statistics-blueKnowledge Based Authentication Doesn’t Work – Gartner estimates that 10 to 30 percent of legitimate callers fail KBA, while criminals are sometimes able to answer successfully. The abundance of customer information available on the black market mean fraudsters can easily find the correct answers.

Loading posts...