Over the years, companies have invested heavily in technologies to fight the fraud that occurs over digital channels, fine-tuning capabilities and protection for the web, mobile, and chat.
Meanwhile, contact centers and their live agents - although they can be manipulated more easily due to the human factor - have been left to work with outdated or obsolete technologies. Therefore, it’s no surprise that contact centers have become the weakest link, with over 70% of account takeovers today involving a live agent at the contact center, as fraudsters continue to strike there again and again, but remain undetected.
Why is that? According to AITE’s recent report, much of the fraud enabled at the contact center then circles around to result in cross-channel fraud. Fraud loss is typically allocated to where the final act was performed, so the contact center loss is understated, and investment goes into other channels… bringing us right back to where we started. It is the ultimate Catch-22.
Businesses are becoming aware of this gap and realize they need to solve the problem. Let’s look closer at the fraudster’s journey to better understand it.
The Fraudster’s Journey
An account takeover is a delicate operation. First, the fraudster must obtain sufficient personal identifiable information, or PII. They may use social media or the Dark Web to obtain the required information to pass authentication. They may even phish information using emails manipulations to colleagues and friends. When they have the PIIs, often they will validate them with a live agent or through the IVR – which is relatively low-risk action that doesn't result in account take-over yet.
Once validated, the fraudster will then make a high-risk move, for example, changing the account’s home address, email, or phone number. After such changes are in place, the fraudster can take over the account completely and undetected, paying for products or services, transferring funds, and more.
Now the significance of that interaction with the live agent is clear: It is a golden opportunity to manipulate the agent, using them as a tool on the inside to change account information and essentially transfer control. It allows the account takeover to be finalized, sending fraudulent activities into motion.
A Trail of Clues
Unwittingly along the way, fraudsters leave crumbs of evidence, links to their identity: Their voices include behavioral and physiological characteristics. Call metadata provides the phone number and location of where the calls were made. Call frequency, the number of accounts they’ve tried to take over, their methods for authenticating, and the actions they try to take on the accounts - all can be crucial.
Yet the fraud solutions on the market today are limited in working with these clues in three critical ways:
Current technologies are limited to identification on a specific call or account. But each individual point, on its own, is not very significant. A single trace, a single account, a single call - each will only lead to limited results, perhaps merely flagging a suspicious interaction, or an account that may be at risk. The right technology needs to bring all these points together from various sources, to sketch out the relevant pattern, connecting the dots in a meaningful way.
An Unmanageable Workload
Current technologies may solve some parts of the problem, but can also create overload. In their attempt to let the good guys in and keep the bad guys out, most solutions use a system of “authentication.” Some even use multiple methods of authentication. Yet these result in a scattered muddle of information, an untenable amount of calls to analyze, and no clear indication of whom the fraudsters actually are.
For example, at a typical contact center today, their authentication solution might flag as much as 2.5% of the interactions as moderate or high risk. If the contact center gets half a million calls per week, that leaves the fraud team with 12.5K suspected calls to analyze. Making sense of such numbers on a weekly basis is unfeasible – and it’s unlikely that a fraud team will be able to take various suspicious interactions or even a particular account being targeted and turn that into actually finding and stopping a real, live fraudster. A more advanced technology is needed to funnel the vast amount of information.
The Big Blind Spot
Finally, current fraud solutions focus on identifying fraudsters that fail authentication for various reasons. But what about the fraudsters who pass authentication? For every one fraudster that fails authentication there are plenty of others who succeed. Those that remain undetected are the hardest to trace and are the most dangerous to organizations. They will keep calling the contact center undetected and will continue to perform account takeovers because they have cracked the system.
The successful fraud solution will use the right tools and analysis to connect the dots: looking at clues from multiple calls, delivering manageable data that fraud teams can realistically investigate, and shoring up any blind-spots.
Introducing: The NICE Fraud Prevention Suite
Processing the Traces
NICE proactively applies advanced analytics and AI to process trace information. Single call analysis is supplemented with another layer – continuously collecting from millions of calls all the traces including behavior, voice biometrics scores, business data, call metadata, and phone and device information. These traces are connected through voice biometrics, link analysis, and behavioral analytics, and then prioritized.
Empowering the Fraud Team
NICE optimizes the fraud team’s effort by focusing them on the most probable fraudsters. A daily prioritized list of probable fraudsters is provided with full visibility of the fraudster's activity across accounts and time. This enables the fraud team to easily investigate each case, review and listen to the suspected fraudsters, and take action to prevent immediate fraud loss by simply adding the fraudster to the watch list.
Eliminating the Blind Spot
Continuously collecting and connecting all the traces - including the authenticated calls - allows companies to expose the criminals and significantly save on fraud loss. Even fraudsters who have succeeded in passing authentication are identified.