Everything has a process. It’s what we like to call a means to an end. Much like any authentication solution has to process data to identify customers, criminals also have a process for gathering as much information as possible from call center agents before launching their attacks.
In the article, “Call centre fraud: Why financial institutions need to defend themselves,” a recent report found that fraudsters make up to five separate calls to contact centers before completing a fraudulent transaction. These calls help crooks get as much information as they can on a bank’s customers. Once they have enough details, they can start to open or take over accounts across other channels.
To stop this data mining process, financial institutions need a way to identify these calls before criminals get the data they need. This requires the ability to validate the risk of inbound calls as early in the authentication process as possible.
Leaving this up to your call center agents is not the answer. Today’s sophisticated social engineering schemes are difficult to detect because impostors are very good at tricking telephone reps into believing they are legitimate customers. Caller ID spoofing tools and other technologies are the weapons fraudsters use to get unsuspecting agents, who are not trained fraud experts, into divulging sensitive customer data.
What financial institutions need is a way to automatically identify if the device being used to place the call poses a risk. The TRUSTID® Physical Caller Authentication instantly validates the exact physical location of the calling device with pinpoint accuracy to help banks make real-time decisions on calls while the phone is still ringing.
Using TRUSTID’s patented telephone network forensics to identify every incoming call upstream allows financial institutions to take action on risky calls before they can reach an agent. As a result, banks can remove bad calls from the telephone system so crooks cannot gather the data they need to socially engineer or defraud them. In other words, their data-gathering process is stopped before it’s even started.
Plus, verified good calls can automatically be routed to appropriate operators, who can immediately begin helping them without having to interrogate them with a bunch of knowledge-based security questions.
When it comes to authentication, nothing is left to the agent to decide. And that’s a good thing because humans are the weakest link when it comes to identifying customers over the telephone channel. Instead, they can carry on with doing what they are trained to do — provide exceptional customer service that’s above and beyond what their competitors are doing.