Social Engineering Rising, KBAs Fading for Call Centers: TRUSTID Fraud Predictions

The social engineering part of cybercrimes will become more rampant and the final countdown for knowledge based authentication begins in TRUSTID’s, top five fraud and customer authentication predictions for 2019.

The Portland, Ore.-based provider of caller authentication and fraud prevention systems for contact centers, wrote, “In 2018, it seemed hardly a day went by without a report of another major data breach. According to the Identity Theft Resource Center, the first half of 2018 saw 668 confirmed data breaches representing 22.41 million records exposed.”

In its predictions TRUSTID maintained for organizations dealing with customers’ sensitive personal information – such as credit unions and other financial institutions, e-commerce companies, healthcare organizations and government agencies – defending critical systems and data sometimes feels like playing a game of whack-a-mole. Once one channel has been secured, another fraud attack pops up somewhere else.” Cybersecurity expert Patrick Cox, CEO of TRUSTID, said, “Social engineering (criminals posing as actual customers using stolen information) will rise in 2019 as hackers get more creative in their access methods.”

What will the customer authentication and fraud prevention landscape look like in 2019? Following is an overview of TRUSTID’S predictions:

1. The social engineering aspect of cybercrime will become increasingly prevalent.  Organizations in every industry are suffering data breaches, including social media providers. “The large amounts of personal information flooding the dark web as a result of these breaches are extremely useful for social engineering and account takeover attempts.”
2. Fraud efforts will continue to move to the phone channel. Because security chips have made credit card fraud much more difficult, criminals are turning to account takeovers. “Most fraudsters actually start in the call center, where they use social engineering to manipulate agents and reset online account passwords.” TRUSTID said call centers are vulnerable to attacks because most rely on KBA, personal information fraudsters can easily purchase, or glean from social media.
3. The window for accurate verification on financial transactions will continue to close. As real-time payments become more widely adopted, there will no longer be a built-in lag in the payment process to provide extra time for fraud defenses and verification. Financial institutions, such as credit unions, will need to quickly adopt real-time authentication solutions across all channels to combat fraud.
4. Expect an increase in health care organization hacks. TRUSTID noted the Journal of the American Medical Association recently reported more than 175 million patient records have been exposed in more than 2,000 data breaches since 2010. “A health care record can sell for more than a credit card number on the dark web, due to the much richer information, which can be used not only for financial fraud but also to illegally acquire medical supplies and services.”
5. 2019 starts the final countdown for KBA. It will be gone in 5 years. “Business executives, security experts and customer contact center operators all recognize the KBA’s weaknesses. Visa predicted passwords, a key KBA stalwart, will be fully eliminated in about five years. TRUSTID predicts that identity interrogation in the call center will meet the same fate by 2024. “Smart businesses are moving rapidly to implement multi-factor authentication, for example, using voice-biometric and ownership-factor authentication solutions for the phone channel. “

TRUSTID recommended organizations should be moving to replace KBA as quickly as possible and deploying emerging technologies that automate caller authentication, either before the call is answered or alongside other customer identity tools during the call. “This creates a stronger, multilayered defense to help fight fraud in the phone channel.”