Where telephone blacklists fall short

Posted on: May 21st, 2015 by Art Barger

Some banks organically build or share blacklists to block suspicious or high-risk telephone numbers that have been used for fraud in the past. While the intent is to stop criminal activity before it happens, relying on blacklists to protect your telephone channel has its drawbacks, and the shortcomings may exist in the data itself.

Using blacklists to curb fraud and help streamline your telephone authentication process not only puts your customer accounts at risk, but it can impact your overall customer experience and profitable bank-customer relationships.

Here are a few ways call center blacklists can impact your business:

  • Outdated list: It’s true that blacklists have been used successfully in online environments, but the truth of the matter is a blacklist is only as good as the moment it is created or updated. Much like a new car that de-appreciates the moment it is driven off the lot, by the time a blacklist is updated, shared or deployed, more crimes have already taken place on phone numbers that aren’t on any blacklist. Since these numbers aren’t included on the most recent blacklist, high-risk calls can make it into your telephone system without being detected.
  • Good numbers added to blacklist: When criminals perpetrate fraud over the telephone, they’re doing everything they can to hide their true identity. The last thing they’re doing it using a unique phone number to identify who they really are. Before attempting to socially engineer a call center, bad actors have already done their homework. They’ve bought personal details or gathered information on the actual customer they’re impersonating. Equipped with another person’s phone number and personal information to answer security questions, thieves prepared to trick unsuspecting call center agents into divulging sensitive customer data and take over customer accounts. Again, since these numbers may not show up on the latest blacklist, criminals can successfully bypass knowledge-based authentication (KBA) solutions that rely solely on personal information to validate callers.
  • False-positives: In my opinion, one of the biggest problems with blacklists is the danger of creating false-positives within your customer identification process. When a criminal uses a legitimate customer’s phone number to commit a crime, and fraud is detected, that phone number is added to a blacklist that blocks future inbound calls. The next time the true owner of the number calls their bank’s contact center, they’re blocked from getting help or performing the services they need. As a result, false-positives can negatively impact their banking experience, and damage your bank’s brand reputation and profitable bank-customer relationships.
  • Blacklists are reactive, not proactive: While call center blacklists are built to proactively stop fraud before it happens, the numbers that appear on the lists were previously used to perpetrate fraud or other types of criminal activity. This makes call center blacklists a reactive, anti-fraud solution. In today’s real-time customer environment, using reactive solutions to prevent bank fraud or other unwanted behavior in the telephone channel is not an effective way to stop fraud because it allows crooks to stay one step ahead of customer-identifying processes.

The way I see it, relying on blacklists to curb telephone fraud and streamline your authentication process can create more problems with your good customers. Using blacklists or KBA tools are not enough to adequately protect your customers’ accounts and private business information. A second layer of caller authentication is needed to quickly and effectively validate calls and help streamline customer identification.

With roughly 80 percent or more of your inbound calls coming from legitimate callers, deploying blacklists to keep social engineers out of your telephone system only looks at a small portion of the bigger picture. Call centers must authenticate every call coming into your contact center, and do it in real time. Anything short of proactively validating each inbound call using at least two factors of authentication will impact your ability to prevent fraud, as well as provide exceptional customer service in your telephone channel.