Fraudsters bypassing call center agents to trick payments processors

Posted on: July 09th, 2015 by Art Barger

Criminals are constantly looking for new gaps and vulnerabilities within banking systems. For financial institution’s contact centers, crooks exploit the lack of security measures or method of authentication to launch attacks, mainly in the form of social engineering.

An emerging fraud strategy shows that instead of calling a bank’s customer service line, fraudsters are avoiding call center agents that are trained in caller authentication.

In the recent article, “Call Center Fraud Targets Processors,” fraudsters are now targeting payments processors, who are trained to approve processing payments, not authenticate callers. Lately, these bad actors are attempting to trick payments processors into accepting fraudulent transactions over the phone before they’re sent to the card issuer. This way, they’re bypassing other fraud-detection systems.

According to Al Pascual, Javelin’s director of fraud and security, this emerging trend doesn’t come as a surprise. He says it’s common for processors to approve a customer’s financial transaction.

“Processors may handle transactions for hundreds or even thousands of institutions, making them prime targets for criminals who identify vulnerabilities in how access is authenticated via the phone channel. Given what I have heard anecdotally from financial institutions about their specific in-house challenges, I am surprised that suspected losses are that low.”

Given that payments processors may not be trained or as skilled at spotting the latest phone fraud techniques than call center agents, the need to bring them, as well as all other telephone reps, up to speed is a must for all levels of today’s contact center environments.

And much like customer service phone reps, relying on telephone interrogations is not enough to quickly and accurately validate every inbound call. To do so, banks also need to deploy an automated authentication solution that provides a second layer of authentication if they truly want to improve operational efficiency and reduce fraud losses.

The TRUSTID® Physical Caller Authentication tool provides that extra layer of protection needed in today’s fast-paced call center environment. By instantly validating the level of risk of each call as the phone is still ringing, banking institutions can act on real-time telephone network intelligence to accept good calls faster and block spoofed calls from getting through to live operators.

By eliminating the opportunity to socially engineers phone agents across an enterprise, banks are better prepared to handle more good calls and reduce bad ones, no matter what level criminals choose to exploit.