Criminal wearing leather gloves carrying out phone fraud

Fraud IQ for the New Normal

The average person might assume that long hold times are the biggest challenge that contact centers face in 2021. Because of COVID-19, business that would normally be conducted in person was handled over the phone, leaving agents and contact center supervisors — many of them working from home — stretched to the limit. Customers spent more time on hold and listening to Muzak: according to Pindrop’s recent 2021 Voice Intelligence & Security Report, average call duration increased 14% between January and December of last year. As the world inches toward a New Normal, call times will likely go down, but some problems won’t just disappear. One such challenge is identity fraud. During the coronavirus pandemic, fraudsters have proven regrettably adaptable. Contact center agents, security teams, and even consumers themselves must strengthen their defences and understand their liabilities. The higher our collective “Fraud IQ” grows, the happier and safer honest people will be.

The past year has demonstrated society’s resilience and flexibility; less happily, fraudsters have also been able to innovate, improvise, and adapt. In 2020, one bank discovered that its prepaid card division was suffering higher-than-usual losses. Why? American coronavirus relief packages included provisions for issuing prepaid cards to unbanked individuals, and fraudsters realized they could exploit the urgency of the situation. At one point, one in every 75 calls to the IVR were flagged as high-risk; most of these calls proved to be fraudulent. The fraudsters had been quick learners: Within hours or days of coronavirus relief passing, they’d already devised ways to steal from it. In a survey, 66% of security professionals reported encountering new forms of fraud during the coronavirus pandemic.

Contact center agents are trained to identify suspicious behavior, but there’s no guarantee that a fraudulent call will ever reach a human being. Interactive Voice Response systems are convenient for customers and keep agents from rote work, but they’re also targets for fraud. In fact, much of the grunt work of an account takeover may take place entirely machine-to-machine: Fraudsters can auto-dial, and their algorithms can crack vital information — like date of birth, final four digits of social security number, account balance, and PIN codes — in just a few hours. While security professionals know such fraud is happening, relatively few believe they have it under control. 76% of fraud detection and prevention analysts report IVR mining and reconnaissance attempts, but just 36% believe that their organizations have a firm grasp of their contact centers’ vulnerabilities.

Over the past decade, IVR systems have grown ever more complex, powerful, and user-friendly. However, while IVRs have grown more sophisticated, the consequences of a breach have grown much worse. Today’s systems access unprecedented amounts of data and relay it to callers. Sharing this information via IVR is convenient for institutions and honest callers alike, but it introduces a new security concern. Bad actors naturally flock to the IVR. Fraudster algorithms are impressive, but the more dishonest calls an IVR receives, the more powerful anti-fraud machine learning tools become.

Individual consumers, of course, have no control over the IVRs their banks, medical providers, or financial institutions employ. That does not, however, mean that they are powerless to protect themselves. For example, “Man in the Call” attacks take advantage of customer gullibility and open IVRs. If a customer’s “Fraud IQ” is high enough to recognize the signs of a fraud attempt, they can end the call and perhaps even report the scammer.

When the coronavirus shut down much of the world and its economy, it opened up new avenues for fraud and exploitation; the U.S. government recently charged 474 individuals who attempted to steal more than half a billion dollars in benefits. When the relief bills run out and call volumes decline, fraudsters will once again change their tactics to suit the new situation. The groundwork that we lay now by educating contact center agents, informing consumers, and increasing security will ensure a brighter future — for everyone but the fraudsters.