Dialing Into Call Center Fraud

Hold the phone. Hold on. Recognize that phone number? It’s yours. But it’s not you. And someone’s using that number to do some bad stuff.

Welcome to the world of call center fraud, where numbers gain data and data gains dollars and other ill-gotten gains for … well, ill-getters.

In the latest installment of Data Drivers, Matthew Williams, vice president of Engineering at Next Caller, walked PYMNTS’ Karen Webster through some data points illuminating the 21st-century version of “Dialing for Dollars.”

Data Point Number One: 113 Percent.

This data point represents the percentage increase in call center fraud in 2016, and in part of that data point lies the unsettling statistic that one in every 2,500 calls to a bank call center is fraudulent.

Yikes.

Along with that big increase and big number, said Matthew Williams, the jump in fraud can be traced to improvements in technology in other channels that are being used to fight fraud.

In other words, the bad guys are turning back to the phone channels. This is where they can gather information both through interactive voice responses (IVRs) without interacting with humans but also through social engineering. So, with the introduction of methods to tamp down on online and in-store fraud, said Williams, has come a wave of call center fraud as a side bet.

The idea of social engineering as a fraud conduit here may raise some eyebrows, but, as Williams explained, someone gathering information may call a bank, not as the first call, but one made after the fraudster has called a telecom firm or a utilities company, “essentially building a profile around particular identity.”

In fact, many of the calls that are made into financial institutions do not end with a fraudulent transaction taking place. Rather, the IVR or agent is tricked into releasing some piece of information that is used to build a profile, and then the scammers go in and attack unsuspecting firms and individuals once the profile is complete.

Data Point Number Two: 94 Percent.

This is the number of call center scams that leverage caller ID spoofing, which, as Webster noted, seems to be a successful tactic, given its heavy weighting in fraudulent activity. The underlying aim in the spoof, said Williams, is to hide one’s identity and make it harder for financial institutions to track down the scammers. (There are tools in place such as biometrics that can help here, or Next Caller’s own software that places a score on caller ID and the level to which that can be trusted). “We use a variety of techniques and a variety of data points that essentially fingerprint a call,” said Williams.

The firm’s technology can be used in two areas: To streamline authentication, or trust in the user ID, while leaving the financial institution confident that they are serving the correct person. Conversely, a high score, denoting risk, can force a caller to speak with an agent as an additional round of defense.

Data Point Number Three: $14 Billion.

This is how much Next Caller estimates companies spend each year to find out just who is on the other end of a phone call. Mobile devices and internet-based (or Voice over Internet Protocol, aka VOIP) calling are aids to fraud attempts, at least in some respects, as Williams noted that there are limitations for call centers to know who is calling. In essence, as Webster illustrated, legitimate technology and information is being co-opted by bad actors.

After all, it’s the number that is being scammed, and not the name — and, as the executive stated, phone numbers can be injected over VOIP without any verification. Thus, it becomes difficult for any carrier that accepts VOIP traffic to validate that the owner of that originating number has authorized its use. In Next Caller’s case, Williams said, once the company has ascertained that a number is not being spoofed, then valuable data related to that person can be collected up front, at the beginning of a call, and used during the interaction.

Queried by Webster about the technology his own firm is examining in a bid to make call centers a bit more spoof-proof, Williams pointed to a “broad range” of technologies, including biometrics, with a nod toward risks that include voice print cloning.

Getting the right combination of tools in place can reduce fraud, of course, but that effort also has the additional benefits of reducing caller friction and even operating costs of the centers themselves. One extra benefit: “A more pleasant experience when [people] are calling into call centers,” said Williams.