Stop social engineers before they can speak

Posted on: April 23rd, 2015 by Art Barger

Traditionally referred to as a con, social engineering is the new name of a scam that’s as old as time. It requires no special technology because it’s driven by information that’s used to manipulate a particular situation in favor of the perpetrator.

It’s safe to say that relying on information-based security technology to identify someone over the telephone or through the web is working on blind faith, which can even create more threats, or repeat fraud, against an organization.

For example, when crooks know an enterprise is using knowledge-based authentication (KBA) to validate their customers, they’re likely to return as fraud teams to target vulnerable business channels because they know how to beat the system.

In the digital age, social engineering has exploded like never before. With criminals gaining access to more data and sensitive customer information online, today’s sophisticated social engineering techniques continue to outpace authentication methods to successfully identify and stop it in time.

In the recent article, “Social engineering techniques are becoming harder to stop, experts say,” this age-old con is making a resurgence. And it doesn’t stop at the digital level. Call centers, one of the most frequently used banking channel for customers, continue to see an upswing in spoofed calls and other social engineering schemes.

With credit unions and banks spending more dollars to protect their online platforms against malware threats, Gartner analyst, Avivah Litan, says criminals are zeroing in on call centers. She anticipates assaults on financial institution call centers to increase.

With KBA solutions vulnerable to social engineering attacks, banks need to find a way to thwart impostors from getting on the phone with call center agents in the first place. Since today’s security technology is having a tough time identifying social engineers through the verification process that includes costly challenges questions, validating calls earlier in the process can play a key role in determining if a call is good or poses a risk.

The TRUSTID® Physical Caller Authentication tool is one way financial institutions can verify customers even before the call is answered. Using advanced telephone network forensics to automatically validate the exact physical location of the calling device, banks know in seconds whether the call is spoofed or is coming from a real customer.

Because the entire process is invisible to criminals and completely non-disruptive to good customers, crooks can be removed from the telephone system in real-time, without getting the opportunity to speak to a telephone agents. Legitimate callers, on the other hand, get automatically routed to the appropriate operator or IVR system without having to go through a lengthy interrogation process, which increases the cost of each call and drives up annual call center expenses.

By removing the vulnerabilities traditional KBA methods have in detecting advanced social engineering scams, banks can better protect their call center environments against fraud and provide a faster, more satisfying customer experience while saving on unnecessary costs related to cumbersome and non-predictive authentication processes.