Spot phone fraud without using compromised data

Posted on: January 25th, 2017 by Art Barger

The financial industry has relied on personal information to identify customers over the telephone channel for far too long.

For a time, this was the only way banks could get enough unique pieces of data to verify callers. But today, relying on someone’s personal details is far too risky, and can even put your customers’ sensitive information at risk. 

Industry experts have laid out the dangers of relying on knowledge-based data for customer identification because they know how stolen identities, data breaches and the mishandling of private information all compromised the integrity of personal details for customer identification.

According to the article, “Is The Phone Number The New SSN?” there’s a gap between information that relying parties have to verify to identify customers and what is needed to authenticate them with certainty. One of the looming challenges is the digital behavior of millennials. Because they are waiting longer to get credit cards and make major life purchases, the only thing banks have to work with is personal data like their phone number, date of birth and Social Security number. But as we all know, caller ID spoofing tools and major data breaches continue to compromise traditional forms of information, making them nonpredictive for identifying customers over the phone.

As consumer behavior changes, Johnny Ayers of Socure said the market will need to work with new attributes to help detect fraud and identify customers over different customer channels. This would include the contact center.

“This is the conundrum. If I can, as a fraudster, go buy a consumer’s SSN online fairly easily or purchase hundreds of thousands of them, is that any different than looking at a phone book for a phone number?”

To stay ahead of changing fraud tactics and maintain an efficient workflow, Ayers said enterprises will need to utilize data from different sources to accurately identify customers.

“That’s where I think the future is going, to where you have this kind of dynamic decisioning. You want to use models to be as predictive as possible to get as many of the good people through programmatically as possible.”

Instead of relying on attributes like someone’s phone number, Social Security number or their mother’s maiden name — all of which can be purchased in the underground economy — we need to automatically verify calls through credentials like the physical location of the calling device. Knowing where a call is coming from says a lot about the risk of the call.

To provide a safer, more secure customer environment, contact centers need to get a jump on social engineering scams that leverage someone’s personal information to fool telephone agents.

The TRUSTID® Physical Caller Authentication tool doesn’t waste time or resources identifying callers post-call. Instead, it proactively verifies callers as the phone is still ringing to let call centers know if the call poses a risk to a business. If the caller’s location checks out, banks can have the call automatically routed to an operator in real time, without the need to ask a bunch of security questions that costs money and use up valuable time and resources. Once there, they are taken care of by friendly call center agents ready to address whatever problem the customer called about.

If the inbound call is recognized as spoofed or high-risk, the bank or business can choose to simply remove the call from the system in real time without the fraudster ever reaching a live person.

While consumer behavior and valuable attributes will continue to change over time, TRUSTID proves that there are still ways that financial institutions can stay ahead of changing fraud tactics with behind-the-scenes authentication solutions that don’t rely on personal information to spot and stop bad guys dead in their tracks.