In a recent survey was observed that cyberattack in contact centers has increased by 40% & it is in increasing trend worldwide. Legacy contact center technology normally does not have any intelligence & analytic capabilities. Also, knowledge-based authentication
process can be easily crack & vulnerable to cyberattacks. Hence, it is important for the Banks to invest to incorporate strong control such as voice Biometric along with Analytic & AI capabilities, which can help banks to mitigate risks associated with frauds
and financial losses. With the latest SAAS offerings in market, it is now possible to understand customer behavior in real time & with historical data to predict potential fraud and can automatically notify to relevant stake owners. This white paper demonstrates
typical frauds in contact centers in BFSI segment and how this can be prevented with the help of specific purpose driven solutions & approach.
Overall, it aims to bring Business benefits & reason for change along with the recommendation & industry laid best practices.
Contact Center & Associated Risks.
Contact centers are the core components for Banks & Insurance Industry. It acts as the central Hub for customers to connect with company executives for any specific requirement or queries. In the past, banks invested heavily in digital adoption to offer
personalized service & flexibility for customers to reach via channels of their choice from anywhere & anytime. According to recent surveys, there is possibilities of around 80% of customers may switch to a competitor with just one bad digital experience,
about 40% increase in fraudulent activity compared with 2021 or 1 in 857 calls were identified as fraudulent. Hence, it is critical for the Banks to adopt the right fraud protection measures to avoid financial loss.
Typical fraud in contact center:
- For any assistance, a customer usually calls banks on their published toll free or DID Telephone numbers, which in turn connect to IVR. Customer authentication in IVR is driven by specific knowledge based records, which uses a list of predefined questions
for the verification before allow access to their account. It does not have intelligence to detect fraudulent activities and allow cybercriminals to call IVR multiple times until it gets access to the victim’s account.
- Knowledge based Authentication Process (KBA) based on a series of predefined questions to seek customer records such as DOB, PIN, Email address, & Residence address use for the verification. However, such information is static in nature and can be easily
stolen from Mobile phones, exposed through data breach or can willingly share by customer itself. It also adds high Average Handling time may be beyond 7-8 minutes.
- A study showed that 77% of account takeovers (ATO) involve live agents. Fraudsters pretend to be e a legitimate customer and try to convince contact center agents to modify customer records such as Address, Pin, DOB, or other details to avail monetary benefits.
Cybercriminals are experts and conduct research & obtain customer details before they attempt for account takeover.
- Credit card fraud is becoming more prominent and estimate the financial loss in tune of Millions/Billions of Dollars every year worldwide. Cybercriminals get access to customer data for stolen credit cards, buy things over phone and subscribe to different
Most common examples of fraudsters wish to achieve:
- Change of customer records such as Phone Number, DOB, Email Address, Residence Address, SSN etc.
- Request to issue debit/credit card.
- Request to reset online credentials (username / password)
- Request to remove fraud restrictions.
- Approval of financial transaction or money transfer
Steps to mitigate fraud in contact center:
Above mentioned vulnerabilities in contact center led to monetary risk to customers & banks. Also, additional control for authentication may result in bad customer experience. To achieve balance between the customer experience and need for security, banks
should adopt voice biometric along with analytic & AI capabilities to proactively detect fraudulent calls in contact centers.
When a customer calls remotely to contact center over phone, it captures metadata such as phone device, carrier, Geo-locations, call routing along with customer unique voice to create phone printing, as shown in figure 1 below. Phone Print is unique for
customer identification and the platforms are designed to identify Voice Morphing, Recorded, Simulated, Synthesized voice & background noises.
Call Center matches caller current phone print with previous real time whether it is legitimate customer or suspicious. Based on data capture for ongoing customer call, the system calculates risk score between 0 to 100 scale and flash it on Agent screen
real time, so agent will be aware to act for ongoing caller based on risk score displayed on the screen. With current offerings, platform is capable to Detect fraudulent activities, expose it, Notify & Block in real time.
With current technology advancement, it is possible to stop potential fraud during customer calls in IVR self-serve menus with the help of risk-based intelligence. It is feasible to detect “at-risk” accounts and allow limited access to customer account data
in real time. This helps to minimize the negative impact on legitimate customers.
It was observed that fraudsters are attacking multiple channels and perform repeat attempts until they success to hack customer accounts. The system is capable of monitoring credit/debit card transactions, with built in intelligence to detect and expose
the fraudulent activities for an account under attack on the phone channel.
Contact Center Agents/CSR, due to lack awareness on how to handle fraudulent activities and same need to be addressed. Agents need to be well-trained in the various security procedures and policies to stay vigilant. Also, the bank should conduct customer
awareness sessions to know about adoption of new changes and their benefits to secure customer data.
Occasionally although banks have adopted automation & anti-fraud measures, fraudsters will still find ways over defense barriers. There is a possibility that fraudsters can get access to customer data with social engineering tactics. An average of 300 million
victims have impacted by data breaches since 2020.Hence, it is important for the security team should review bad & riskiest calls for potential fraud occurred and steps to be taken to mitigate any potential loss. It is possible for the system to flag specific
bad calls out of total daily or historical call volume data. So, the security team can check a few specific calls to understand for fraudulent activities (fraud happened or potential one) and proactively notify customers and act.
Business Benefits & reason why Banks should invest?
Ø It offers stringent control to prevent losses due to frauds and help to improve Banks brand value.
Ø Reduction of Average Handling Time (AHT) by 60-120 seconds, which helps to reduce operation cost, in turn convert into better return of investment.
Ø Enhances customer experience by converting fast & frictionless experience.
Ø It is SAAS based microservice architecture with out of box resilience & with enhanced securities. It offers high availability, flexibility & scalability to Business need.
Ø If offers high flexibility to connect multiple Business Applications & tools to bring value add to the Business.Ø Customers get the option to select Voice or face or both Biometric modes depending upon the situation and channels. It offers authentication
across multiple channels such as Web, Chat, IVR, Mobile App, standalone devices. Adding, face along with voice biometric will improve verification process and lead to robust and dynamic risk-based authentication.
Next Step & recommendation
Study indicate increase in fraud, and it is more prevalent with digital adoption in Banks. It is now imperative for banks to leverage advance features encompassing both authentication & fraud prevention spanning across Digital channel along with Voice.