Call Centers Become Prime Target for Identity Fraud

Retail call centers are the front line of consumer queries and the favorite new target for identity fraud.

Daniel Flowe, head of identity strategy at Refinitiv, told PYMNTS that while the majority of consumers still want — and like — to speak to a human, that preference is being regularly abused and targeted by fraudsters and con artists.

“There’s tremendous pressure to get [call centers] staffed, to get people hired, get them trained quickly, and get them on the phone so that they can satisfy that customer demand,” Flowe said, noting the confluence of shorter job tenure and reduced training periods has combined to make call and contact centers more vulnerable to fraudsters.

In addition to annual staff turnover rates that can reach 100%, he said consumers’ predisposition to reach out and touch someone only exacerbates the imbalance, and the need to fortify defenses.

Armed With PII

At a high level, armed with enough personally identifiable information (PII) to potentially bypass identity controls, bad actors have proven adept at manipulating agents (usually by calls, sometime through text-based chats) to reset passwords, change account details or enable an account takeover — and drain accounts, take loans against 401(k) accounts and other means of wreaking financial havoc.

And in terms of bypassing traditional fraud controls — including one-time passwords sent to phones — the fraudsters are often able to convince agents that they’ve “lost” phones, so they cannot respond to those passcodes.

“Then they’ll change the phone number on my account, go away for a few weeks, call back in again, and attempt to change the email address on my account. Then they’ll go away for a few weeks, call back in and attempt to make another change using the fraudulent email address and phone number they’ve provided to validate that they are, in fact me,” Flowe explained. “And at that point, they’ve largely taken over my account.”

A State of Tension

All of the above issues set up contact call centers to operate in a state of tension. They’ve got to focus on the customer experience, of course. They also need to make sure that resources are being used optimally, where average “handle” time as agents interact with consumers is kept to a minimum. And, of course, firms need to track fraud losses to a minimum to ensure their security “posture” is as robust as possible. Often those three endeavors conflict with one another, and organizations might have to choose two out of three, Flowe said.

“But the tenet that the companies won’t budge on,” Flowe said, “is their security posture.” The tradeoff, then, comes down between an excellent customer experience and longer average “handle” times.

Among the best ways to keep security as tight as possible and maximize the customer experience is to implement fraud prevention tools that use artificial intelligence (AI) and biometrics to “sit silently in the background” and monitor phone calls, making sure that caller IDs presented on the call match the caller, and that voice biometrics match.

He pointed to GIACT’s real-time identity and search verification tool, gIDENTIFY® Consumer Standard With ID Lookup. The offering helps identify various data points and confirm that data in real time, moving toward multi-factor authentication (MFA) checks as needed. The approach is a multi-layered one, he said, and asks that consumers verify a few pieces of PII, in addition to non-knowledge-based authentication protocols.

“This makes it much more challenging for fraudsters to impersonate legitimate callers,” said Flowe, “and we do it quickly and simply through a single user interface.”

Looking ahead, he said, despite the great digital shift, the contact center will remain a mainstay of consumer interaction — and as such, will need more robust defenses against fraudsters.

As Flowe told PYMNTS, “in challenging and emotionally charged situations, you are always going to want to interact with another human.”