Over the past few years, banks have homed in on the problem of online fraud. But now the focus is starting to shift to call-center fraud.
“There’s been a lot of investment and a lot of time put into how we create more barriers for criminals transacting through the online-banking channel,” says Ben Knieff, director of financial crime product marketing at NICE Actimize, a provider of financial crime, risk, and compliance solutions. “And what that’s done is made the contact center a more attractive target.”
The wide availability of personal information in the public sphere plays a role in this shift. Many leave digital footprints through social media, and fraudsters are using this information as a starting point. Through a process commonly referred to as “nibbling,” fraudsters take data they’ve gleaned and use social engineering to manipulate a call-center agent into giving them more information. They continue to gather details until they have enough to actually perpetrate a fraud, which could be opening a new debit card or transferring funds.
Banks have long combated this type of fraud by training call-center employees to spot signs like nonmonetary transactions (address and pin changes) that precede actual monetary transactions.
Helping to take that training to the next level through his company’s internal penetration audits is Mike Thomas, partner in Crowe Horwath’s Financial Institutions Risk Consulting Practice. “One of the things we’ve been doing lately has been targeting call-center employees, trying to get bits of information out of them that we’re not supposed to be able to get if they follow all of their protocols,” he says. The results are used to alert employees on ways they can be manipulated.
Call-center agents also have begun to verify customer identities with lesser-known data like a father’s middle name or a high-school mascot. But, this information has to be captured at account opening and can still be undermined by fraudsters.
James Alessi, director of Fraud Policy at $196 billion-assets HSBC Bank, recognized the holes in this solution and came up with questions based, instead, on each customer’s relationship with the bank. For example, when a criminal calls to open a new debit card, call-center agents will verify the customer’s identity by asking about their home-equity line. Most fraudsters won’t know how to answer, because they don’t have a full picture of a customer’s relationship and transactions with the bank. “That’s one of our control points—we ask questions that may be red herrings,” says Alessi.
Typically, a multi-layered approach that uses a variety of solutions works best. HSBC uses a combination of studying fraud activity; training employees; referring suspicious calls to the fraud team; and using technology to monitor activity.
Programs that use voice biometrics to pinpoint and recognize fraudulent callers are available. NICE Actimize recently launched a solution that employs voice biometrics; caller ID; speech and transactional analytics; and real-time prompts that tell an agent what to do when a fraudulent caller is detected. The solution can push a message, in real time, to the agent based on the procedures that a bank wants to follow, says Knieff.
“You cannot fight fraud in a silo anymore,” says Alessi. “Anybody who thinks you can is fooling themselves.”