Looking for a needle in the haystack?

Posted on: February 09th, 2017 by Art Barger

The goal of any social engineer is to avoid detection. Plain and simple. To essentially become a needle in a haystack for any telephone authentication or fraud monitoring system to detect.

For bank contact centers that receive thousands of inbound customer calls per day, spotting suspicious or high-risk calls is no small task. Social engineers don’t make it easy because they’ve become masters of disguises at every level. 

As identity thieves that create customer profiles, fraudsters start with the phone number. Using today’s advanced telephone spoofing technologies, a crook’s entry into identity fraud begins with spoofing their Caller ID. This is the point of entry that’s meant to fool a phone system that uses the caller’s number as an identification credential before routing the call to a bank operator. 

The problem with relying on a caller’s phone number to validate customers is it creates a false trust between the bank and caller. A spoofed Caller ID or ANI is designed to match a customer’s personal information, thereby tricking telephone reps into trusting the number that appears on the phone display.

The end to the means for a spoofed Caller ID is to have a bank agent answer the phone. Once they’ve got a live person on the line, the social engineer knows the drill, most likely because they’ve already scouted the bank’s authentication processes before calling back. Armed with a customer’s personal data, answering a number of predictable security questions such as the person’s address and Social Security number is what the impostor has trained for.

Once a predictable method for identifying customers over the telephone channel, relying on  knowledge-based authentication (KBA) challenge questions in today’s banking environment can leave financial institutions vulnerable to social engineering and other fraud tactics. Answering questions that require personal data have become one of the easiest ways impostors can beat call center defenses.

To spot risky calls and validate good customers faster, contact centers need a way to validate calls earlier in the process. Relying on agents to catch impostors in a lie through time-consuming and costly telephone interrogations is  both nonpredictive and frustrating to your valid customers.

Banking institutions need tools that don’t rely on a customer’s personal information to identify them. They need authentication solutions that can automatically identify a caller’s credentials to determine if they present a risk, or are a valid customer. The TRUSTID® Physical Caller Authentication uses advanced telephone network forensics to identify the physical location of the calling device while the phone is still ringing. This can help determine the risk of the call, which contact centers can use to make real-time decisions on each inbound call before it is picked up.

Instead of using up valuable time and resources with KBA methods that create a false trust and leave your telephone environment and customer accounts susceptible to social engineering attacks, automatic authentication solutions like TRUSTID can help contact centers spot the needle in the haystack long before high-risk calls reach your bank agents.

you may also enjoy