Keeping Call Center Fraud Low, Member Experience Levels High

“Well, who are you? I really wanna know. Tell me, who are you?” Sometimes call center agents sound like crime scene investigators, making members feel like criminals, and that’s a problem.

Cybercriminals’ increasing sophistication and inventory of stolen personally identifiable information is challenging many credit unions to improve contact center authentication solutions without affecting member experiences.

“As you call into a call center, you’re treated like a criminal until they believe you’re not one,” Pindrop Vice President of Enterprise Product David Dewey held.

From the financial institution’s perspective, there’s a good reason to make callers feel that way. Pindrop’s latest annual Call Center Fraud Report revealed a significant increase in the fraud rate, a jump of 113% year-over-year. For financial institutions, the rates were one in every 895 calls. Pindrop noted a big objective of scammers is account takeover, and its report highlighted three key weaknesses:

• Fraudsters spoof caller IDs and abuse interactive voice recognition systems to try to reset victims’ PINs, test account numbers or extract more information.
• With so many more legitimate calls for every bad call, reps must focus on resolving customer issues efficiently. The risk of falling prey to a fraudster is high, and so is the potential harm if an agent mistakes a legitimate customer for a fraudster.
• Huge volumes of activity compel agents to resolve requests quickly because of performance measurements.

Dewey explained fraudsters are well-informed about their victims these days. “They’re going to know the answers to things like knowledge-based authentication questions.”

Sherri Davidoff, founder/CEO of LMG Security, pointed out, “So many data breaches have occurred that we probably need to assume address history, purchase history, and credit report and other personal data are all effectively public information,” adding, “While knowledge-based authentication is on its way out, new advances in technology have produced alternatives that are more effective and easier for your members. After all, they never liked answering security questions, anyway.”

Davidoff said voice biometrics, phoneprinting and similar technologies are the way of the future.

Pindrop is pushing forward with its phoneprint technology and deep voice biometric data engine that allows for the verification of callers based on their voice, device and/or behavior, Dewey said. With these tools, authentication happens passively in the background.

Rini Fredette, SVP of contact center operations at PSCU, said, “Our best practices for caller verification revolve around providing an unparalleled member experience while balancing fraud mitigation efforts. It is important to not only ensure the person on the other side of the line is who they claim to be, but to also be empathetic and respectful of the caller and their needs.”

Fredette noted security is all about layers and implementing multiple solutions to reduce the risk of fraud at various touchpoints. Using a risk-based decision model to avoid a negative impact on the member experience keeps the majority of call center staff time and energy focused on higher risk activities and callers, Fredette maintained.

The CUSO partnered with Pindrop in early 2017 to enable PSCU’s call centers to better combat fraud with phoneprint technology that analyzes calls to identify malicious behavior and verifies legitimate members.

Rebecca Herold, president of SIMBUS and CEO of The Privacy Professor, said not all callers request the same type of information. “Establishing a type of risk level triage for callers as they call into the credit union will help to determine the appropriate type of procedure to follow for identity verification.”

Herold advised, “Depending solely upon knowledge-based questions is quickly going from being the preferred method of identity verification to becoming inadequate on its own.” She said the best practice uses a combination of three components:

1. What the member has (such as a mobile phone, smart card, security token, etc.);

2. What the member is (the sound of the caller’s voice, or voice prints or other types of biometrics); and

3. What the member knows (an answer to a security question, account number, passphrase, etc.).

Robyn Andersen, vice president of CO-OP Financial Services’ contact center products, advised current best practices include a combination of methods beginning with automated authentication. “This should be coupled with software tools that can identify things, such as the likelihood of the phone number being spoofed.”

Andersen cautioned if the caller fails verification in the IVR or is completing a higher-risk transaction, such as a balance transfer, the agent will perform further knowledge-based authentication. She added a cost-effective next line of defense – speech analytics – combats fraud by identifying key phrases or patterns within the call that may be suspicious.

CULedger is developing MyCUID to provide a universal digital credential. “MyCUID tries to solve the problem of every interaction beginning with identifying the member,” Julie Esser, chief engagement officer for CULedger, said. Esser added it’s becoming more of an issue because fraudsters are not only targeting call centers, they’re also calling members in an attempt to social engineer personal information for malicious use.

MyCUID uses a person-to-person network of distributed, private agents working in parallel with the distributed ledger to give credit union members a lifetime, portable digital identity. Esser added, “The self-sovereign identity – this is where the world is going. It is so exciting for credit unions to be on the forefront of this new technology.”

Fiserv’s Sentry Performance Solutions offer various call center and security options. “Our direction is to do the security without pulling down member service or inconveniencing the member themselves,” Frank Wetty, manager of professional services at Fiserv, said.

Many of Fiserv’s credit union clients use the automated IVR process, Wetty explained. “All the member information is held in the Fiserv enterprise solution, which is ConvergeIT, in memory.” Wetty said as soon as the caller hangs up, the system deletes anything known about that member. “That is a security feature in our design.”

Another practice Fiserv offers is multiple factor authentication, which can include the phone number of record plus additional security. “They can place it wherever they want in the call flow that suits them best.” Fiserv is also working with some credit unions for additional biometrics and security measures including the utilization of voice-print technology and keystroke dynamics, which measures the way users hit the phone keypad, Wetty said.

Interactive and intelligent self-service solutions company ENACOMM offers a reporting and analytics package called Via for call centers, featuring real-time IVR, computer telephony integration and reporting, monitoring and sending alerts with detailed information about every call.

ENACOMM COO David Jackson said it is shocking how many companies cannot pass along caller information already entered in the CTI system. “It is also amazing how many times organizations can’t identify the caller by things the caller knows. Two methods that we would recommend is identifying by phone number and using voice biometrics.”

Herold recommended credit unions also consider the legal requirements they must comply with for identity verification. This includes government regulations and the EU General Data Protection Regulation rules.

Russ Vetrano, director of business development at Voci Technologies, which provides 100% speech-to-text transcription so financial institutions can perform enterprise research and deep analytics, noted: “A goal in transcribing these conversations is to enable better conversations with the agents or help them extract information they may have missed in the call.”

Transcription also allows the financial institution to review the security and compliance procedures along with the caller experience. “The experience is sometimes disjointed. By analyzing caller transcriptions, we can better see how that process is going and how we can improve it,” Vetrano said.

Andersen added, “The key to maintaining the positive member experience is agents who are knowledgeable and able to think critically while remaining calm under fire and demonstrating empathy; all while thwarting fraud early in the process.”