Call center fraud is a widespread problem you probably haven’t even heard of. Chances are, agents working in contact centers probably aren’t even aware of a fraud call when it comes in. However, in 2016 alone, 1 in every 937 calls to a contact center were fraudulent in some way. Thanks to the 2017 Call Center Fraud Report by Pindrop, businesses can now understand the depth of the issue at hand — and as it turns out, it’s a pretty dramatic issue.

On one hand, call centers operate as the backbone for a business’ support. Despite the growing trends in contact centers (shaped by the idea of an omnichannel experience), call centers still handle the bulk of contact requests. Combine a popular channel that focuses on both quantity with quality, a lack of built-in security, and the standard of agent training, and call centers by nature almost offer a recipe for abuse.

 

 

What Is Call Center Fraud?

 

Growth in Global Fraud

Call center fraud is essentially “any interaction between a criminal and call center staff.”

Call center fraud is not just a criminal placing fraudulent orders with a stolen credit card from a financial institution — that only covers a small fraction of fraudulent calls. Fraudulent callers will place an average of five or so calls before they even attempt to complete a fraudulent transaction. Throughout this period of multiple calls, the “fraudsters” perform account takeover by changing passwords, mailing addresses, email or phone numbers associated with the account.

After enough time and control, the fraudulent caller can then freely place as many transactions or charges to the account as they wish without raising too much suspicion. To unwary eyes, this might just look like a customer moved or changed their personal information over time.

Even top call center software must be calibrated to prevent fraud. Too many actions in a short period places a flag or warning on an account. Well, fraudsters know about this and will abuse the system to their advantage.

Fraudsters rely on agents to remove flags and warnings, using emotion as their weapon. And, as it turns out, call centers are a lot easier to manipulate than you might think.

 

Call Center Fraud is Everywhere 

 

If there is one major statistic or piece of information uncovered in Pindrop’s call center fraud report, it’s mainly the fact that the fraud is only getting worse. Now, I think it’s worth noting that this report did focus itself on the United Kingdom specifically — but these results are indicative of a major issue — one that spreads around the world.

Outside Attacks Outweigh Domestic

The U.S. is no stranger to its share of call center fraud. The report even highlighted that the U.S. receives an influx of fraud calls — 83% of which don’t even originate from inside the nation. This is actually in part because of VoIP services specifically, but we’ll touch on that later.

The main focus point here is that call center fraud is going up, not down. That fact is illustrated by these key pieces of information:

  • A year-over-year increase of 113% in fraud calls was seen from 2015 to 2016
  • In 2015, call centers received 1 fraud call for every 2000 legitimate calls. In 2016, that number shrunk to 1 fraud call for every 937 calls in 2016
  • Call center fraud management reported losses flattened, yet it is estimated that each fraudulent call still costs a call center $0.58 of revenue lost, per call for both years
  • A call center is simply the “softest” target for fraud in almost every business. The nature of call centers can work to the benefit of fraudulent callers

The evidence is there: call center fraud is a growing issue. But what makes call centers so susceptible, and how can your call center take action to prevent so much fraud from slipping through the cracks? Well, first we need to understand why call centers are so susceptible to fraudulent calls. If you’ve ever heard the term “social engineering” before, then you already have a bit of an idea of what’s going on.

 

What Makes Call Centers So Vulnerable?

 

The combination of free and easily accessible tools help trick otherwise ill-prepared agents and call center solutions. Fraudulent callers can use different tools or techniques to simply break through any of the relatively simple barriers that call centers have in place.

The vulnerabilities of a call center come from the nature of how and why call centers operate as well as several different outside factors. On top of Pindrop’s report, Gartner had also released an updated 2017 report on contact center fraud that confirmed, supported, and expanded on Pindrop’s findings.

According to Pindrop, call center’s inherent weaknesses can be broken down into four categories:

 

Technical Vulnerabilities

Phone fraud can utilize numerous technologies to spoof their caller ID numbers, and the rising use and availability of free VoIP apps have allowed callers to mask their true location and identity. With solutions like Google Voice, anyone can register a number from anywhere in the country. At this point, that phone number is now no more reliable than an IP address. Beyond outside technology, fraudulent callers will also abuse the call center automations or other forms of the call center’s technology, most notably IVR systems.

Fraudulent activity will abuse an IVR to reset a victim’s PIN, or even find out more account information without having to speak to an agent. Building up a smart AI-powered IVR is necessary, but too much freedom weakens defenses. To make things even scarier, Gartner noted that software can be used to modify and change a caller’s voice just in case voice biometrics are used to help identify callers.

 

Human Vulnerabilities

Perhaps the weakest link inside your call center is also your strongest. Agents are trained to handle wild emotions from callers and a massive influx of calls on a daily basis. But overall, agent training focuses specifically on providing quality service. Call center employees are trained to respond to a caller’s emotion to help deescalate the situation and leave everyone happy.

This, unfortunately, creates a large weakness for your call center. Fraudulent callers know this, and will use emotion against agents. But more importantly, agents simply are not trained to handle or detect call center scams. And we cannot train all agents to interrogate all calls because that would simply diminish quality and quantity.

 

Organizational Vulnerabilities

Along with the human aspect of call centers, the overall organization of how a center functions and how calls are handled allows for abuse. As mentioned previously, call centers are designed to handle as many calls as possible while still providing complete and total service. Agents are not trained to interrogate or act as a fraud defense — they simple handle requests as they come in.

Agents are measured with how quickly and completely they solve an issue, which is counter-productive to the security sensitive concept of fraud detection. Overall, call center scammers rely on spoofing or phishign to “socially engineer” agents and abuse the organization of a system to break through its weak defenses. The generic question-based authentication keys are no longer enough as it’s incredibly easy for a fraudster to find out their victim’s mother’s maiden name, address, or phone number in real-time.

 

Outside Factors

Different industries have worked hard to strengthen their online and digital channels: websites will require two-factor authentication with an email address or phone number; encryption is built in from the ground up; and a lot of security effort is placed on keeping these channels closed off and safe. This is great, except it has lead to making online fraud extremely difficult, which has pushed fraudsters to focus on a much easier, older channel for scams — phone support.

On top of this, card issuers in the United States have begun rolling out EMV cards with chip authentication, replacing standard PIN numbers and other authentication methods. Beyond these systemic factors, fraudsters will go out of their way to compile massive amounts of information on victims to have the perfect answer for every question an agent would throw at them.

 

How to Defend a Call Center Against Fraud

 

Thankfully, for those concerned about the thread of call center fraud, we have Gartner on our side to help guide us in the right direction. In their very detailed report, “Don’t Let The Contact Center Be Your ‘Achilles Heel’ of Fraud Prevention,”  analysts Tricia Phillips and Jonathan Care highlighted several recommendations to help protect your business and strengthen your call center’s fraud defenses.

How to Build Up Call Center Defenses

Generally, the first step of any security measure is to identify the issue itself. But beyond simply knowing the problem exists, a few measures and protocols can go a long way. Add in some new technology to leverage big data and analytics, and your contact center can fight against data breaches with the tools the fraudsters are using.

 

Partner With Third-Parties

Partner with both contact center leadership as well as third-party providers to help implement a fraud-prevention-based phone printing technology. Essentially, this technology provides an entirely new method for authenticating callers instead of the basic knowledge-based questions. This is actually where blockchain technology might come in, providing a new way to authenticate callers immediately without agents asking questions. As a dual-pronged solution, this tech helps weed out fraud and reduce call times for legitimate customers. Recognizing a caller based on their “phone’s signature” could allow a center to divert the call to the best agent, whether that be a fraud specialist, or the last agent that caller worked with.

 

Implement Voice Recognition

Implement and leverage biometric voice recognition capabilities. Voice recognition technology will do just that — recognize the voices of callers. Similar to phone printing technology, the software will analyze callers’ voice and match it up to a known “voice,” generally one recorded on previous phone calls or interactions. On the flip side, a business could keep a database of known fraud voiceprints, and identify when the software is being used to change a voice.

 

Use Modern Verification Methods

Remove and replace the traditional knowledge verification process. Don’t just ask callers to identify themselves with their date of birth, mailing address or any other generic piece of information. Instead, replace these questions with those that relate specifically to the individual’s business with your call center. Use information only the caller and agent would know. You want to rely on knowledge specific to the account that is unavailable outside the organization.

 

Integrate CRM Tools

Integrate call center systems and CRM solutions with powerful fraud analytics tools to “enable channel-specific and cross-channel consumer behavior analytics.” This will allow your call center to detect high-risk activity that would fall under a specific “threshold of suspicion.”  Flagged accounts can then be transferred to fraud experts within the call center.

 

Hire Fraud Specialists

Designate specific fraud-trained individuals within your call center. These agents will take responsibility for high-risk calls, and can therefore be appropriately trained to handle these uniquely sensitive calls. As opposed to training all agents to attempt to identify fraud, muddying the customer experience for legitimate callers and impacting productivity, dedicating a specific task force to the problem is the best way to handle the sensitive nature of these calls.

 

Call Center Fraud Prevention Requires Training Everyone

 

Understanding and acknowledging the issue then allows your business to handle it properly and alert law enforcement.

Combine new protocols with some of the more intense technology listed above, like fraud analytics and voice biometrics, and your business can build up a proper defense to fraud. Just as digital and web channels have become more effort than it’s worth, the call center needs to follow suit. Now, the human nature of call centers might mean they are impossible to secure 100%, but that doesn’t mean we can’t stop the majority of fraud in its tracks.

While fraud has been increasing, Pindrop also reported that fraud quality has been declining — more copycats and amateurs are trying, and failing to social engineer agents. With the proper planning, protocols, and understanding of the issue, call center fraud can easily be defeated.