Contact Center Solutions Featured Article

Call Center Fraudsters Are Becoming Practiced at Gathering Personal Information

November 04, 2013

Crimes of financial fraud are on the rise, and most businesses are aware of it to some degree, particularly banks. Our idea of bank robbers is rooted in movies from the 1940s and even Bugs Bunny cartoons: Those who steal money are shady individuals in pinstripe suits with guns in violin cases.

Increasingly, however, the average fraudster doesn’t even need to leave the house to commit financial crimes, largely thanks to the Internet. Crude attempts from the last decade – “phishing” schemes that send out e-mails purported to come from legitimate organizations but are actually an effort to gain log-in information – are being replaced by increasingly sophisticated attempts to gain access to bank accounts and credit cards. More and more, call centers are playing a big role in these fraudsters’ plans.

Call center crime has grown to look something like this: an individual contacts a bank or other type of call center and engages the agent, pretending to have forgotten a user name or password. All this individual has is a name (your name or my name). A series of clever guesses and charming of the agent follow (“I can never remember my passwords. I’d forget my head if it wasn’t attached.”). Once a fraudster either guesses a password – most of us don’t create robust enough passwords, and we repeat them from one account to another – he or she calls the contact center repeatedly, each time getting a different agent and gaining a little more information.

Shirley Inscoe, a senior analyst at Aite Group, recently told ABA Banking Journal that the contact center today, in a sense, has become a fraud enabler. She provides an example:

“Let’s say the bank asks questions to help authenticate a customer,” says Inscoe. “If they use the same questions each time, the fraudster will call in repetitively until they get the answers to those questions. ‘What was your first pet’s name?’ The person says, ‘Darn, was it Spot?’ No. ‘Was it this?’ ‘Was it that?’ Finally they say, ‘I just don’t remember,’ and the contact center person may or may not tell them the answer. They shouldn’t, but in some cases where they are service-driven, they might. Then when they can’t answer the next question, the center person realizes something is wrong and the person hangs up.”

The fraudster may not have succeeded on the first try, but they did gain one valuable piece of information: the answer to another challenge question.

Then, says Inscoe, they call back next time and get a different call center agent, and are able to answer one challenge question correctly, which reassures the agent that the call is legit. They repeat their process to get an answer to a second challenge question. Fairly soon, that person has full access to your banking information and can transfer money at will.

For this reason, the challenge questions and password or PIN approaches may not be the best, if companies are to stem the tide of call center fraud. Many companies today are starting to skip the knowledge-based questions method of authentication, said Inscoe, and are looking into more technology-based solutions such as voice recognition, behavioral analytics, pattern analysis and identification of information associated with particular communication devices (your registered phone number or IP address, for example).

It’s also critical that contact centers train their agents to recognize the tactics of call center fraud. Charming and personable individuals who are trying to guess challenge questions or cajole the agent into providing an answer should be looked on with suspicion and the transactions reported. A truly centralized, multimedia contact center can ensure that a customer’s account is flagged as a potential target for fraudsters, and agents and managers can ensure that the next time an unauthorized individual calls in, the pattern is identified. The call center can also use the customer’s contact information on record to encourage that customer to change passwords and challenge questions.

Edited by Blaise McNamee