The Next Fraud Frontier: Call Centers
Fraud attempts at call centers jumped more than six-fold in 2015 and the activity was fueled by a predicted post-EMV outbreak of card-not-present fraud, according to Atlanta-based identity technology firm IDology.
The survey, conducted in September, polled executives of clients in a variety of sectors, though 59% were at credit unions or other financial services firms, the company told CU Times. For the third year in a row, the survey said, the amount of survey respondents reporting an increase in all types of suspected fraud attempts rose; it’s now 46% versus 36% in 2013.
That was especially the case for a key component of many credit union operations.
“One interesting development in this year’s results is the rise in organizations reporting suspected call center fraud attempts — from 2% in 2014 to 13% in 2015,” the report said.
The most common type of call center fraud was recon and social engineering, which uses public information to get call center agents to disclose or change sensitive information that criminals can use to steal money out of accounts.
“This can be done using information learned about an account holder as a result of a data breach or compromised personal identifiable information available online, or it can be accomplished by a fraudster misleading a customer service representative with stories of hardship in order to gain information and access,” the survey said.
Tricking the call center’s automatic number identification was another popular method, followed by voice disguise or distortion. Fraudsters know call centers train workers to please the customer, the company added.
Fraudsters appeared to be getting bolder, too, according to the report. In 2013 and 2014, about two-thirds of suspected fraud attempts involved less than $3,000. In 2015, it was less than half (48%).
Fraud attempts of $5,000 or more, on the other hand, almost doubled this year. They were 40% of the total, up from 21% in 2014; about one in six criminals tried to steal at least $35,000, according to the survey.
Respondents reporting their websites were the most prevalent places for fraud attempts fell from 86% in 2014 to 71% in 2015.
Coping with fraud is anxiety-inducing work, but dealing with fraudsters’ shifting tactics may be even more worrisome — 61% of the respondents said it was their top fraud-prevention challenge this year, though that number was down from 73% in 2014.
In some ways, that made the mission less about prevention and more about faster detection. In turn, call centers need to improve their identity-verification and fraud-prevention programs in order to quickly and accurately identify callers, the report said. Biometrics may be one way, as well as phone printing, which can determine whether a caller is actually thousands of miles away from where easily disguised caller IDs say the call originated.
The Oct. 1 EMV liability shift has prompted much of the rise in attempted fraud at call centers, IDology said.
EMV's long-standing pledge has been that it thwarts the use of fake credit cards at the point of sale. For other countries that have migrated to EMV, that kind of fraud declined. However, much of those declines were countered by corresponding increases in card-not-present fraud, and experts have predicted the same will happen in the United States.
Call centers aren’t the only source of concern, however, according to the report. It said the volume of activity coming through mobile devices was up over the last year for most respondents, and the number of organizations reporting mobile fraud attempts nearly tripled from 2014 to 2015, rising from 3% to 8%.