Card-not-present (CNP) fraud and account takeover typically refer to online crimes, but an increasing number of criminals are targeting call centers to perpetrate crimes that are normally associated with the Internet.
With financial institutions pouring so much effort and investment in online security strategies, banks really need to consider the same when protecting their call centers. Without effective authentication tools that can verify telephone locations, bank contact centers remain vulnerable to various types of fraud over the phone channel.
The way criminals scam bank phone representatives typically comes in the form of social engineering. For example, after placing a call to a bank’s contact center, the criminal impersonates a real customer in the attempt to trick a bank agent into revealing various pieces of financial information. Once they’ve acquired the person’s financial details, they call right back and talk to another representative to change the username and password on the account. When the information has been changed, they’ve hijacked the account. At this point, the legitimate account holder is unable to access their own account.
When this happens, quite often the victim does not have the immediate knowledge that their account has been taken over. As a result, the criminal has enough time to conduct a myriad of crimes including fraudulent purchases and transfers that can clean out an entire account before any wrongdoing is discovered.
In an age of highly sophisticated criminal tactics, sometimes it can be the simplest methods that catch banks off guard. This is why it is so important for financial institutions to make sure all customer channels have effective authentication solutions in place to mitigate their risk of fraudulent transactions.
Today’s banks need to arm their call centers with authentication solutions that provide true multi-factor protection against risky inbound calls. While many banking institutions still depend on knowledge-based authentication (KBA) security questions to identify customers over the telephone, these methods can be defeated by sophisticated criminal tactics.
A complementary fraud prevention tool like the TrustID® network-based Physical Caller Authentication can provide an extra layer of protection to proactively identify risky calls before they are answered. By automatically validating the actual physical location of the landline or mobile phone calling into a contact center, financial institutions can automatically identify in real-time when a Caller ID or ANI has been spoofed to better protect their phone channel and make sure their customer information and confidential data does not get in the wrong hands.