Fraud has always been a massive risk for contact centres, given that any customer-servicing team will be privy to PII, and contact centre agents handle payment transactions as well. Just between 2016 and 2017, the number of fraudulent calls increased by a staggering 113%. It is important to recognise the various types of fraud your contact centre could be potentially facing, and how to counter that.
Key Fraud Types faced by Contact Centres
Contact centre fraud is any instance when a caller tries to spoof the identity of a legitimate customer and obtain sensitive data. Fraudsters can also try to process a high-value transaction on behalf of the customer, routing the funds or product to a different account/address. This can take place in three ways:
- CNP scams– In a card not present scam, a fraudster gets hold of a customer’s credit card information and initiates a transaction. The contact centre unwittingly approves the transaction and processes the order before the customer realises what has happened
- Identity theft– The fraudster obtains sensitive PII, which enables them to mimic the customer’s identity with a very believable degree of authenticity. They are privy to passwords, answers to secret questions, and even SMS OTPs through SIM spoofing. Therefore, they can represent themselves as a customer and request a high-value transaction – e.g., a refund for a previous purchase or cashing in on the customer’s investments
- ATO attacks– In an account takeover attack, a fraudster hijacks a customer’s account, often with unwitting help from the contact centre. They pose as just another customer who has forgotten the password and deceive agents into believing their identity, thereby initiating an account reset with new details
Steps for Mitigating Fraud Risk in Your Contact Centre
- Leverage voice biometrics to securely authenticate customer identity
- Embed background checks and security questions into your call scripts
- Restrict agent access to minimise the risk of insider threat and data breach
- Avoid telephonic payments and urge customers to follow MFA procedures
- Secure your website so that it is near-impossible to get hold of customer data
- Enforce security by design with regular password resets, alternate contact info, etc.
- Confirm the source of incoming calls to flag suspicious numbers
- Maintain a blacklist of numbers, so agents can avoid potentially fraudulent calls
- Audit your contact centre locations regularly, to ensure that protocol is being followed
- Provide adequate security training so that agents know the red flags to watch for
State of Contact Centre Security Today
Fortunately, contact centre fraud has come under the spotlight in recent years, with enterprises taking concrete measures to combat scamsters and fraudulent entities.
77% have adopted pre-answer phone call analysis to authenticate conversations, while 82% follow knowledge-based authentication (e.g., secret questions). While these are positive signs, contact fraud prevention still needs to be a top priority given that 57% of organisations have seen a spike in fraudulent calls since the start of COVID-19. Multi-factor authentication, voice biometrics, and website security must be adopted alongside traditional knowledge-based authentication if contact centres are to effectively combat fraud.
