For anyone who needs convincing that fraud in the contact center is a problem, I suggest watching this short two minute video that showcases how easy it is to socially engineer a customer care agent. In the video we see Kevin Roose, Fusion’s news editor, have Jessica Clark take over his mobile phone account with nothing more than a soundtrack of a crying baby and a few pleas for help. Within seconds she has the customer care agent wrapped around her finger.
A critical mind may counter that Jessica is very talented in persuasion. Most mere mortals like you and I would fail at the same attack. One can further argue that a telco is an easy target. If the same attack was perpetrated on a bank, surely more stringent security procedures would have prevented it from succeeding. Finally, one could point out that Jessica used something called ANI-spoofing, (meaning she was able to make it appear that she was dialing from a different number), which gave her an additional tool above and beyond social engineering to be successful. Maybe without this crutch she would have failed.
Unfortunately, all of these suppositions, although entirely reasonable, are incorrect. Research shows that even amateurs can have a very high success rate at social engineering. The same research shows that banks are just as susceptible to this attack as any other organization. In a study conducted by Global Reviews, the success rate of performing a bank account takeover with simple social engineering is about 67%. No need for fancy ANI spoofing. No need for any training in the art of persuasion. All you need, according to the study, is a sob story. A cry for help that the customer care agent is all too willing to fall for.
It would be unfair to blame the customer care agents. As reported in Computer Weekly earlier this year, social engineering is the most prevalent security threat, regardless of channel. We are just as likely to fall for a social engineering attack as a customer care agent – and the data shows that we fall for these attacks at an alarming rate. Why would a fraudster waste his time trying to hack your password when he can just ask you for it?
Customer care agents, after all, are not fraud investigators. They are not hired for their sleuthing skills. Their job is to help us, consumers, in our times of need. Customer care agents are there to help us troubleshoot that wireless router we just bought, or answer questions about our insurance policy or help us get a new banking card when we accidently misplace our wallets.
No, the problem is not the agent, but rather the method that many organizations still use to secure calls into their contact centers. Relying on knowledge questions – those security questions we must answer when we dial in to our bank, insurance company or telco – is a failed security process. With fraud losses originating in the contact center having reached $7 billion a year in the financial sector alone and growing at a steady pace, the failure seems to be epic to put it politely.
Fortunately, there is an easy solution to contact center fraud. It’s called voice biometrics. As we shared in a blog post published last year, voice biometrics can address 90% of fraud that occurs in the contact center. At a conference that I attended recently in London, a top three UK financial institution shared how they dramatically reduced fraud through the use of voice biometrics. What I found most illuminating was what happened after a fraudster spoke to an agent and was successfully exposed. The financial organization then proceeded to share fraudster voiceprints with law enforcement. The consequence of doing so was the arrest, successful prosecution, and incarceration of several prolific fraudsters!
This showcases the transformational nature of voice biometrics on fraud operations. With other technologies and processes, fraud attempts can be stopped, and at best fraudsters can be displaced to another channel or another organization. As was described to me by a director of fraud prevention at a prominent financial institution, without voice biometrics, fraud is like water. If you block it in one place, it will simply flow somewhere else. The best outcome is to displace it to your competitors. Voice biometrics is the first fraud prevention technology that actually reduces fraud by identifying the humans that are perpetrating the fraud and allowing law enforcement to take action and cure our society from this plague that for too long we’ve accepted as inevitable.
Beyond being an effective way of combating fraud, voice biometrics can also be used to authenticate legitimate customers in a contact center. By eliminating the interrogation process at the beginning of each call, customer care agents can focus on delivering quality service, leading to lower operating costs and happier customers. Learn about these additional benefits in this past blog post.
Next week, we’ll be joining a number of customers in London at the Opus Intelligent Authentication conference to learn more about how voice biometrics is helping combat fraud and improve the customer experience.