Detecting the various forms of account takeover

Posted on: December 21st, 2017 by Art Barger

Not all account takeovers are the same. 

Some criminals go in and immediately begin purchasing products directly from the account. Unfortunately, victims typically don’t find out that their account has been compromised until they discover the charges on their monthly bank statements. Other crooks clean out an account by transferring funds to another account as fast as they can.

Then, there are those that take their time. 

Instead of making unauthorized transactions, they wait and gather information. This is harder to spot as crooks can go undetected for weeks, months or years before they are discovered. Once they have the personal or financial data they need, social engineers can use the information to commit a number of different activities across multiple customer channels.

This information can be very dangerous for bank contact centers that still use knowledge-based authentication (KBA) methods to validate their customers over the telephone. By deceiving call center agents by answering standard challenge questions, social engineers can change passwords and the phone number identified with the account. These types of changes can lock real customers out of their accounts while criminals go about their dirty business.

This also exposes the real danger of relying on what the caller knows to identify customers over the telephone channel. Personal and financial details stolen from social media platforms or data breaches that are used to trick banking processes – whether online or over the phone – pose significant risk to your customer accounts and your bank’s proprietary information.

To effectively and confidently secure your contact center and protect your customers, banks need to remove conventional knowledge-based challenge questions that are easily defeated by today’s fraudsters. Protecting your customer environment calls for a stronger, multifactor authentication process that validates customers pre-call. Automated identification solutions like the TRUSTID® Pre-Answer Caller Authentication instantly spot spoofed Caller IDs and ANIs to give banks real-time information they can act on for every call.

Based on established fraud and risk thresholds, banking institutions can take proactive action on calls that pose a high or low risk to their customer environment. Known spoofed calls can be instantly removed from the telephone system, stopping the social engineers from even talking to a call center agent. Or, banks can choose to route a call to an appropriate operator, who can then take additional steps to verify the customer.

Either way, banks using automated authentication tools like TRUSTID have the intelligence to make quicker, educated security decisions on every call before the phone is picked up. Identifying risks earlier in the authentication process is how banks can better detect and stop identity thieves armed with personal information to take over customer accounts.