Using location to combat phone fraud

Posted on: December 21st, 2016 by Art Barger

A majority of fraudulent calls do not originate in the country where the attack occurs. While this may not come as a surprise to most people, it does emphasize how important the location credential is for identifying incoming calls.

With private personal and financial details in hand, social engineers continue to take advantage of advanced spoofing technologies to impersonate banking customers in an effort to illegally access legitimate accounts and create new accounts in other people’s names.

To combat telephone fraud, understanding the location of where the calling device is at any given time can help determine the level of risk a call poses to a financial institution. But for call centers that still rely on sensitive customer data like a mother’s maiden name and Social Security number to authenticate callers, they may actually be increasing the risk to their business and customers without even knowing it.

No longer a trusted source

A customer’s personal information, once the go-to standard for identifying customers over the telephone, is no longer a trusted source for customer identification. It’s this same data that’s stolen, sold and bought by criminals every day to socially engineer call center agents using knowledge-based authentication (KBA) tools.

Each month, banks and businesses receive thousands of spoofed calls targeting customer accounts and other confidential information. Spoofing the Caller ID and ANI is the first step to bypassing KBA methods, which still answer unvalidated calls. Once the call is picked up, impostors can trick phone representatives by correctly answering personal questions during telephone interrogations. Crooks gain access to information through security breaches like the recent Yahoo hack, where it is believed that data on 500 million accounts was compromised and sold. That’s a lot of personal details that may land in the wrong hands and used for malicious purposes.

A recipe for phone fraud

Using KBA to identify callers is no longer valid in today’s call center environment. Armed with spoofing services and personal data, a criminal’s recipe for fraud is one step ahead of conventional knowledge-based solutions. However, a tool like the TRUSTID® Physical Caller Authentication doesn’t rely on personal data to identify customers. Instead, it automatically pinpoints the exactly physical location of the calling device — whether it’s a landline or mobile phone — to let the bank know the risk of the inbound call. And it does so before the call is answered.

Using the device’s location can instantly provide your team with real-time risk analysis while the phone is still ringing. Proactively blocking high-risk calls stops the bad guys from getting to the one place they want — on the phone with call center agents. In the end, it’s our ability to identify callers early in the authentication process that allows banks to accept good calls faster and deny bad ones, creating a more secure and customer friendly call center experience.