New data shows that outbound vishing attacks aren’t letting up. In fact, over the first five months of 2014 UK banks reported that vishing — when criminals impersonate a bank or enterprise to trick customers into revealing personal information — has accounted for more than £21 million in fraud losses.
Vishing is nothing new. It’s a common method where criminals spoof their caller ID so the phone display looks like a real business or bank is calling a customer to innocently verify some personal or account information. Their intent, however, is to maliciously collect sensitive customer data they can use to commit identity fraud.
While financial institutions have focused their authentication initiatives on solutions to protect their online channels, they cannot afford to overlook the ongoing risk of the telephone channel. Financial Fraud UK says that nearly a quarter (23%) of people in the UK have receive a cold call asking for personal or financial information that can put them at risk of fraud.
Collecting data through outbound calls may be the first step to defraud customers, but once a criminal has what they need to circumvent an enterprise’s identity-interrogation protocol the second step is to make an inbound call to socially engineer call centers and take over legitimate accounts or make fraudulent transactions.
Banks that rely on questioning inbound callers fall right in the hands of telephone thieves. You see, the sensitive customer data they now possess is used to successfully defeat phone interrogation processes. By correctly answering security questions they can fool call center agents in plain sight. This is why traditional knowledge-based authentication (KBA) methods are no longer effective in today’s business environments.
While KBA still doesn’t authenticate your good customers with 100 percent certainty, identity-interrogation protocols also interrupts your good customer experience. This can impact your profitable business-customer relationships. By having customers answer a bunch of personal questions before talking to a telephone agent about the issue they initially called about can frustrate customers, creating distrust with them.
To mitigate identity fraud and create stronger customer relationships, call center authentication needs to be an automatic, non-intrusive process. The TRUSTID® Physical Caller Authentication solution proactively validates inbound calls using telephone network forensics to instantly identify the exact location of the telephony device, all before the call is answered. By automating the authentication process pre-call, banks and companies can provide faster, non-disruptive customer service while preventing outbound vishing scams from becoming harmful and costly inbound identity fraud.