Contact centers are a weak link in the enterprise and are often “neglected” and forgotten when it comes to enterprise security investments, analysts claim.
The contact center used to be the main channel for customers to connect to businesses. As email, social media, and live chat systems have expanded, there are more options for communication — however, picking up the phone and speaking to an agent can still be the quickest and preferred method.
Despite the importance of contact centers, research firm Gartner says that they have become a “weak link” in the enterprise chain and not enough importance is placed on detecting and preventing fraudulent calls and attacks.
Keeping the contact center free from fraud can be a challenge, especially as sophisticated campaigns now combine social engineering with audio attacks to gather and steal information to take over accounts, rinse bank accounts, and conduct identity theft.
Call centers’ voice-based services are often separate from security solutions implemented by the enterprise to protect web domains, mobile apps, and major corporate network architecture, which also means they run the risk of being neglected.
In addition, contact center systems can be expensive, time-consuming and disruptive.
However, according to Gartner analysts Tricia Phillips and Jonathan Care, by 2020, 75 percent of omnichannel organizations will “sustain a targeted, cross-channel fraud attack with the contact center as the primary point of compromise.”
The agency estimates that by the same year, only 30 percent of enterprise firms will have invested in and implemented behavior analytics tools and fraud prevent systems for their call centers.
“Security and risk management leaders should invest now in fraud prevention technology and strategies to protect their enterprises from increasingly sophisticated attacks,” the researchers say.
A new Gartner report co-authored by the analysts, “Caller ID Is Dead: Don’t Trust That Number Without Phoneprinting“, suggests that “phoneprinting” could be used to reduce the success of contact center fraud.
Pindrop, for example, offers phoneprinting as an anti-fraud solution which takes an audio call and breaks it down into 147 features to create distinctive identifiers for each caller — and whether or not they are legitimate.
One feature is whether or not the call has been made from a voice-over-IP (VoIP) service, as Pindrop says 53 percent of fraudulent calls are made using a VoIP line, in comparison to 7.2 percent of legitimate calls. Other characteristics analyzed include background noise repetition and signs of spoofing.
“If a customer typically performs all activities via online banking and calls the call center only a few times a year, but suddenly there are three calls to the call center associated with that customer’s account number, and then three more calls speaking to an agent, this can indicate an attack,” Gartner says. “If this activity is associated with a new phoneprint, and a subsequent web-initiated change of billing address or email address, it becomes clearer that a high-risk activity is taking place.”
Phoneprinting also makes use of voice biometrics to identify known fraudsters and sends fraud data to a central analytics tool which keeps a record of fake exchanges and build up a database of fraudulent call cases.
“For years we have been tracking the increase in fraud call rates and have seen fraud exposure costs skyrocket during this time,” said Vijay Balasubramaniyan, CEO of Pindrop. “Last year we analyzed more than 500 million calls and witnessed more than a 100 percent increase in fraudulent activity.”
“The contact center is under attack and our solutions are currently helping some of the biggest banks, insurance, and retail companies reduce fraud exposure and provided a better authentication experience for their valued customers,” the executive added.
Gartner recommends that companies begin investing now in contact center fraud detection technologies, whether by developing their own systems or working with third-parties. However, the research agency also warns that call center employees should not be trained to become the “fraud police,” but rather than negatively impact customer experience, a select few should take on high-risk and suspect calls.
It is not just fraudulent calls coming into contact centers that are a problem — the general public also has to deal with fraudulent calls, many of which include operators pretending to be from well-known technology companies and banks.
The Microsoft Windows support scam is a popular scheme in which operators claim there are viruses or bugs on a potential victim’s computer, before trying to entice the recipient of the cold call to hand over their account details or financial information.
In February, programmer Roger Anderson from the Jolly Roger Telephone Company created an army of bots to hit back at these kinds of scammers by automatically jamming up the phone lines of call centers dedicated to the cause and waste as much of their time as possible.
Google’s 2016 web security report: 32 percent more websites were hacked: