Is call center security getting left behind?

Posted on: July 06th, 2016 by Art Barger

Contact center authentication is designed to identify the risk of incoming calls so a bank can take appropriate action on whether to accept or deny the call based on its business thresholds. While there are various methods of how banks can screen calls, some experts believe there is still room to grow when it comes to verifying calls to protect their customers from telephone fraud.

Instead of curbing the problem, recent findings show that phone banking fraud is on the rise. According to Fraud Action UK, cases of reported phone banking fraud doubled last year — from 5,778 in 2014 to 11,380 in 2015. And, related fraud costs to banks and victims also jumped from £16.8 million to £32.3 million.

So, if authentication tools are getting better at identifying callers, why is phone fraud going up? The simple answer is more fraudsters are targeting call centers because they find it easier to socially engineer telephone agents than online banking systems.

With financial institutions investing more in security tools to protect customer accounts from online hacks, telephone security has taken a back seat to protecting online channels. Of course, consumer demand is driving the need for banks to focus on providing efficient and secure digital services, but it’s also the reason why criminals are turning to the phone channel.

Basic security questions create weakness in identification process

One of the reasons phone fraud has become more prevalent is the methods at which banks use to identify customers over the phone. Asking the most basic security questions like the last four digits of a person’s Social Security number or their mother’s maiden name is the minimal amount of effort needed to identify a customer. Yet, for some banks this remains the level of security to identify customers over the phone.

Requiring just two or more forms of knowledge-based identification seems futile in this day and age, but it still exists. If that’s all is takes to defeat a bank’s authentication process, it’s no wonder we’re seeing jumps in phone banking fraud. It wouldn’t take much for a crook to gather or purchase those types of personal details before calling up a bank to pose as a customer.

Contact centers need to deploy authentication tools that don’t create vulnerabilities within their own telephone systems. To make sure their customer accounts and proprietary banking information doesn’t fall in to the wrong hands, banks need to steer away from relying on sensitive customer data to verify callers over the phone.

Today, the mishandling of personal information has become too widespread to blindly trust someone on the other end of the line. To identify the increasing number of spoofed or high-risk calls, contact centers must deploy automatic authentication solutions that provide instant risk credentials that banks and businesses can act on in real time. Doing so allows them to make quicker, better informed decisions on all calls, without giving social engineers the opportunity to defeat basic security questions.