Stopping recon and social engineering threats in their tracks

Posted on: February 10th, 2016 by Art Barger

While Call Detail Record (CDR) analysis can help contact centers understand trends in customer behavior, automatically identifying spoofed Caller IDs and ANIs in real time is more predictive, less disruptive, and can save banks significant time and money on research and analysis.

Two of the preferred methods for defrauding financial institutions over the telephone channel are social engineering and recon (or reconnaissance) calls.

Intelligence gathering through recon calls starts with a crook exploiting a bank’s interactive voice response (IVR) system. Once routed to the IVR system, they can attempt to extract information such as account balances and other valuable credentials. They can also test stolen sensitive customer information like Social Security numbers and other personal data to find out what’s valid, and what’s not.

Once thieves have collected enough data to socially engineer a contact center agent, the next step is getting on the phone with a bank representative. This is when identity theft becomes identity fraud. When talking to an agent, crooks can change passwords to take over accounts and request money transfers to their own fraudulent accounts to clean out a victim’s bank account in a matter of minutes.

There are many caller authentication tools that can help predict when criminals will call based on behavioral trends, as well as analytical tools that can determine fraud after the fact, but the TRUSTID® Physical Caller Authentication solution is unique in that it proactively validates customers while the inbound call is still ringing. Using patent-pending telephone firewall, we verify the physical location of where the calling devices, whether mobile or landline, is calling from. This authentication credential gives banks a head start on fighting fraud and improving their customer experience.

A passive caller authentication tool that’s never detected by good or bad callers, TRUSTID delivers valuable intelligence to financial institutions within seconds. And the result is two-fold. Good callers can be instantly routed to the appropriate operation without any interruption, unlike knowledge-based authentication (KBA) solutions, which require a minute’s worth or more of security questions to identify callers. Spoofed calls are removed from the system before the phone is picked up. This prevents fraudsters from collecting information from the IVR system or reaching a telephone agent.

Today’s financial institutions need a way to secure their telephone channel without being overwhelmed with increasing operating costs that cut into their business profits. As part of a two-factor authentication solution, TRUSTID helps with both. Whether criminals are attempting to data-mine your accounts or socially engineer your call center agents, we provide an automated, real-time credential that allow contact centers to instantly act on to stop crooks in their tracks, and ensure good customers’ experiences are not delayed or interrupted by unnecessary intrusive and costly telephone interrogations.