There are many ways today’s criminals can mask their true identities over the telephone. In fact, some would argue the countless number of Caller ID spoofing tools now available give crooks an advantage over call center agents.
In the article, “Report: Phone fraud plagues call centers at Financial Institutions,” information gathering lies at the heart of one of the most prevalent telephone-based social engineering scams. With the ability to spoof their Caller ID, crooks call bank contact centers impersonating actual customers who have forgotten a piece of their account information. Convincing telephone representatives to provide them with the lost information, they immediately turn around and call the bank right back for different information. They repeat this process until they’ve collected enough data to open new accounts in the other person’s name.
According to Shirley Inscoe, a researcher at the Aite Group, the reason this type of phone fraud often goes unreported is because banks define fraud only as something that violates policy, and in many of these cases, agents are just doing their job by providing the caller information after a criminal correctly answers security questions.
“But in many cases, these call center reps are just doing their jobs and no policies are broken. These attacks are so sophisticated that the caller often has just enough information to make the rep believe he is an actual customer. At that point, the rep has really no choice but to try and help him.”
The problem comes down to relying on methods like security questions to catch phone fraud. Today, knowledge-based authentication (KBA) solutions are too easily beatable by criminals who are more prepared than ever when calling a contact center. This is not a proactive solution if the crook is already on the line. What financial institutions and other businesses need is an authentication tool that gives them visibility into the call before it occurs.
Unlike most anti-fraud tools, the TRUSTID® Physical Caller Authentication solution does this by validating the physical location of the calling device — whether it’s a landline or mobile phone — before the call is answered. Using real-time telephone network forensics, TRUSTID gives call centers a unique look into the device to determine within seconds if the call is authentic or identified as spoofed before a social engineers can go to work on unsuspecting telephone bank agents. The end result is a more reliable, efficient way to authenticate callers and reduce contact center fraud rates at the same time.
Tags: call center fraud, caller authentication, Caller ID Spoofing, KBA, knowledge-based authentication, phone fraud, Physical Caller Authentication, social engineering, TrustID