Don’t let social engineering spread fraud across your enterprise

Posted on: March 19th, 2015 by Art Barger

Each day, banks are challenged with identifying and stopping cross-channel fraud. With some financial institutions acknowledging that up to 30 percent of cross-channel fraud they experience originates in the call center, this illustrates the widespread damage criminals can create across an enterprise after they’ve socially engineered a telephone agent.

This means that while fraud may start in the contact center, the information that criminals obtain through social engineering and spoofed calls can cross over to fraud in other customer channels. This can put your customers’ private information and account details at risk.

As one of the most widely used bank channels today, the call center is where customers go to quickly resolve bank issues and perform any number of activities such as changing the password to their online account. The ability to protect your customers’ confidential data is only as strong as your call center defenses.

In an era of mishandled personal information, relying on telephone representatives to determine the risk of inbound calls is the last method banks should be turning to. The ability for thieves to fool call center agents over the phone using spoofed Caller IDs and answering security questions like a customers‘ Social Security number, date of birth and mother’s maiden name, has never been easier.

The telephone fraud process is fairly standard. First, an impostor calls up a bank using a fake Caller ID. If the bank is not using a proactive authentication solution that can automatically validate the call as good or risky before it’s answered, the caller already has one step in the door. This means they’ll likely be routed to a live telephone agent, putting the call center at an immediate disadvantage.

Armed with answers to pre-arranged security questions, well-prepared crooks can pass knowledge-based telephone interrogations with flying colors. And once an agent believes a caller is who they say they are, the caller can request any number of account changes that can lock out real customers from their online accounts. At that point, thieves can transfer money and clean out an account quite quickly.

With the TRUSTID® Physical Caller Authentication solution, callers can’t reach an operator without first being validated. Using telephone network forensics, TRUSTID verifies the authenticity of the call while it is still ringing. By automatically identifying the physical location of the inbound calling device, financial institutions know in real time if the call can or cannot be trusted. From there, they can choose where to route the call or stop it from entering the system altogether, removing the need for non-predictive and costly telephone interrogations.

While criminals have the technology and information to easily defeat traditional knowledge-based authentication (KBA) methods, TRUSTID curbs those attempts by instantly and invisibly identifying callers before the phone is picked up.