Training for service representatives focuses on helping customers, not authenticating them, and that's why the core of fraud in the call center is still good old-fashioned social engineering, he said.

Recently, an Apple Pay sign-up flaw led to unusually high rates of fraud from thieves using stolen credit card numbers. In these instances, fraudsters loaded iPhones with stolen, card-not-present card information and essentially turned that data into physical cards via Apple Pay.

Cherian Abraham, a Richmond, Va.-based payments and fraud consultant, put the Apple Pay fraud rate at 6%, much higher than the microscopic, traditional credit card fraud rate of 0.001%. Abraham wrote in a blog post that fraud through Apple Pay “is growing like a weed, and the bank is unable to tell friend from foe. No one is bold enough to call the emperor naked.”

The weakness in Apple Pay lies in the way it accepts new credit cards into its system. Because Apple wanted its system to be as simple as possible, the company required consumers to submit little beyond their basic credit card information. Further, Apple does not provide much additional information to financial institutions, such as phone numbers and addresses, to help detect fraud.

When customer care centers saw that accounts were flagged, they responded by helping fraudsters, who disguised themselves as customers, use their cards, leading to more fraudulent cards being approved for Apple Pay use.

“Call centers are a poor approach for two reasons,” Abraham wrote. “One, fraudsters are better at social engineering than call center reps are at sniffing out fraud.”

The advantage for credit unions is that they might know their members better. However, hoping a service representative recognizes a member's voice is not a defense strategy in itself, and as call center fraud continues to affect institutions, they can respond with innovative defenses and fresh technology, such as biometrics, experts said.

For example, Authentify recently launched the AuthentifyxFA SecureCallCenter, an application that pre-identifies and pre-authenticates mobile users wanting to speak to a call center representative using voice biometrics.

To utilize SecureCallCenter, users log into their institution's mobile app, then tap a call center button, which triggers AuthentifyxFA's biometric authentication sequence. Concurrently, a voice channel opens to the call center. Once the user is successfully authenticated, the SecureCallCenter app connects the end user's call and passes the contact and account information to a module at the call center's console.

This prevents the service representative from having to spend time verifying the member's address or asking challenge questions, and because the app sits on the end-user's smartphone, there's no need for the financial institution to invest in biometric technology itself. Zurawski explained that typically, inbound biometrics technology is installed on-site as part of a call center's technology, and financial institutions pay by the seat, which can get expensive.

One advantage of mobile technology is that it does offer automatic, mutual authentication, which has always been a Holy Grail of validation, Zurawski said. He maintained that at some point, the voice channel telephone number that accompanies smartphones may become as important of an identifier as a Social Security number.

If the experts are correct, credit unions may need all the help they can get when it comes to call center fraud. In a recent blog, Avivah Litan, an analyst for Stamford, Conn.-based IT research firm Gartner, said financial institutions can anticipate assaults on call centers to increase, adding that since credit unions and banks have amplified investments to protect their online banking platforms, fraudsters have zeroed in on the call center.