How to Thwart Call Center Fraud Without Affecting Member Experience
“As you call into a call center, you're treated like a criminal until they believe that you're not one, right?"
“Well, who are you/? I really wanna know. Tell me, who are you?” If call center agents sound like crime scene investigators, members might feel like criminals. Hence the problem.
Cybercriminals’ increasing sophistication and inventory of stolen personally identifiable information tests many credit unions to improve contact center authentication solutions without affecting member experiences.
“As you call into a call center, you’re treated like a criminal until they believe that you’re not one, right,” Pindrop’s VP of Enterprise Product David Dewey held.
From the financial institution’s perspective there is good reason to feel that way. Pindrop’s latest annual Call Center Fraud Report revealed a significant increase in the fraud rate, a jump of 113% year-over-year. For financial institutions, the rates were 1 in every 895 calls. Pindrop suggested a big objective of scammers is account takeover.
The Pindrop report highlighted three key weaknesses:
- Fraudsters spoof caller IDs and abuse interactive voice recognition systems to try to reset victims’ PINs, test account numbers, or extract more information.
- With so much more legitimates calls for every bad call, reps must focus on resolving customer issues efficiently. The risk of falling prey to a fraudster is high, and so is the potential downside if an agent mistakes a legitimate customer for a fraudster.
- Huge volumes of activity compel agents to resolve requests quickly because of performance measurements.
Dewey explained fraudsters are well-informed about their victims nowadays. “They’re going to know the answers to things like knowledge-based authentication questions.”
Pindrop is pushing forward with its phoneprint technology and deep voice biometric data engine that allows for the verification of callers based on their voice, device and/or behavior, Dewey said. Here the authentications happen passively in the background.
Rebecca Herold, president of SIMBUS and CEO of The Privacy Professor, suggested the best practices is using a combination of three components:
- What the member has (such as a mobile phone, a smart card, a security token, etc.).
- What the member is (the sound of the caller’s voice, or voice prints, or other types of biometrics).
- What the member knows (an answer to a security question, account number, passphrase, etc.).
Robyn Andersen, VP of CO-OP Financial Services’ contact center products, advised current best practices include a combination of methods beginning with automated authentication. “This should be coupled with software tools that can identify things, such as the likelihood of the phone number being spoofed.
CULedger is developing MyCUID to provide a universal digital credential. “MyCUID tries to solve the problem of every interaction beginning with identifying the member,” Julie Esser, chief engagement officer for CULedger, said.
Read the full article in the August 29 issues of CU Times.