New Threats Mandate Better Protection

Not surprisingly, fraud is constantly on the rise. Seems like fraudsters are like weeds: they’ll find the easiest way to latch into something that can help them grow.  Up until now the most common scams were email scams, also known as Phishing. As email security methods become more sophisticated, they allow automatic and effective  identification of fraudsters.  Therefore, we see that fraudsters are choosing the path of least resistance, which is targeting contact center agents to reveal confidential account information and credentials, in what can be referred to as voice phishing, or Vishing.

It may seem somewhat harmless. But when you consider that for most of us, our phone numbers are linked to the bank, email, and social media accounts, you quickly begin to see how easy it can be for a fraudster with access to your phone number to take control of your credentials and private information and compromise your entire identity.

Take SIM swapping fraud for example. SIM swap occurs when a fraudster contacts a wireless carrier and is able to convince the contact center agent that he is, in fact, you, and have him switch the SIM card linked to your phone number with a SIM card in his possession. Once your phone number is assigned to the new SIM card all data will be routed to the new SIM card owned by the fraudster. This includes two factor authentication codes and other confidential data. This allows hackers to log in to your bank account and access other confidential information.

Statistically, 1 out of 1000 calls is a fraud attempt. Fraudsters obtain private information (or PII – Personal Identifiable Information)  through data breaches, social media and hacks, or buy it in the dark web. Once they have the private information, they call the contact center and use social engineering techniques to manipulate agents into changing passwords/email accounts or SIM card numbers as mentioned above. In fact, As much as 60% of account takeovers go are through contact centers.

This is because the authentication methods used by contact centers are not secure enough. Methods like security questions or passwords are knowledge based. And knowledge based authentication is extremely vulnerable.

How, do we then counter vishing attacks?

With new sophisticated technologies like voice biometrics, a person can be authenticated based their unique vocal attributes in real time. This biometric layer of security is difficult to compromise, since every person’s voice print is unique and impossible to forge. Fraudsters tend to take the easiest path, rather than taking the hardest.

Voice biometric authentication can accurately authenticate customers, eliminating knowledge-based questions, such as “what is your mothers maiden name” etc. This also makes the customer experience much better and seamless. Agents can focus on servicing the customer, rather than checking for fraud.

Fraudsters can also be identified in real time, just as a voiceprint uniquely identifies a customer. When fraudsters are caught, so is their recorded voice. These voiceprints can then be used to detect any future attempt by the same criminal and block it in real time.

Moreover, the combination of technologies like voice biometrics with machine learning and advanced analytics, allows o proactively expose unknown fraudsters that weren’t caught yet. Voice biometrics can  automatically scan millions of calls and detect fraudulent behavior, like the same voice appearing in several accounts. Advanced analytic capabilities help analyze the nature of the activity in these calls to help detect typical fraudulent behavior (like password change /email change). This way new fraud can be prevented before it happens.

Lucky for us, all these capabilities are included in NICE’s RTA (Real Time Authentication and Fraud prevention) solution. Knowing this, I can sleep a little better.

The next time you call your bank / service provider/ insurance company or basically any contact center, ask yourself – are they doing enough to protect me?