As citizens of the Digital Age, it’s hard to ignore the pervasion of the internet and wireless technologies in everyday life. The web and mobile – go-to interaction channels for consumers – are of central focus for banks, credit unions and credit card companies: they’re key to creating a positive consumer experience, yet they are also vulnerable to cyber attacks by fraudsters. While the web and mobile channels should stay on financial institutions’ priority lists, these organizations must be sure to not overlook another primary contact channel that is a target for fraudsters: the telephone Interactive Voice Response (IVR) channel.
The phone channel still dominates customer service interactions. According to Microsoft’s 2016 “Global State of Multichannel Customer Service Report,” telephone (81%) is the top customer service channel that US customers use on a regular basis. However, most companies have focused their security efforts on the newer channels in the multimodal mix – web and/or mobile – and haven’t employed the level(s) of security that they should with their IVR. This gap allows fraudsters to exploit the IVR, unfettered by the same constraints they would face using web banking or working with a mobile app or browser.
Sophisticated fraudsters recognize this vulnerability. Using a telephone – or, with the prevalence of VoIP telephony, a computer – as their weapon, they launder money, steal funds from cards not their own, and pilfer personal information.
Luckily, banks and credit unions now have a reliable defense against fraudsters targeting their phone customer service systems. Applying advanced analytics to call data is one of the best ways to detect and stop fraud in its tracks. Fraud control functions that continually analyze all IVR call records for fraudulent behavior and automatically apply fraud prevention rules to the caller can systematically prevent criminals’ wrong financial gain. Common indicators of fraudulent activity include PIN set or PIN change velocity, money transfer velocity, an excessive number of cards linked to an individual over a given time period, and excessive authentication failures. An effective IVR fraud prevention tool will analyze all of these patterns plus many others, including behaviors unique to each acquirer.
When a caller trips a certain fraud rule, specific entities within the organization can be automatically notified so they can review the incident(s). In response to suspicious caller activity, an IVR fraud control system can be programmed to: hang up; play custom messages; send an email to flag an organization’s fraud group; limit the caller’s IVR functionality, such as automatically removing the card-to-card transfer option from the alleged fraudster’s IVR menu; transfer the caller to a specific number or group of numbers; or even automatically notify the telephone network to block future calls at the network level so they never reach the IVR. For example, if a probable fraudster was to attempt to activate a new card, he could hear a custom, “friendly” message to keep him on the line while he is automatically routed to an organization’s risk management department.
Advanced analytics enable organizations to make decisions about how to handle each suspected or confirmed fraudster based on detailed records. Additionally, default behavior can be set for how the IVR handles a suspected or confirmed fraudster the next time he or she calls into the system.
For many years, criminals have sought to infiltrate financial institutions and credit card companies, leading to significant losses.Today, modern technology is available to help protect financial organizations by thwarting these fraudsters’ attacks. While online and mobile interactions are rapidly growing, customer self and assisted-service by phone is still holding strong and can’t be ignored in a world plagued by white collar crime. Banks and credit unions should seek out a fraud control module anchored by advanced analytics to eliminate call center system susceptibilities.
When it comes to financial fraud, prevention is much more desirable than restoration once the damage is done.
David Jackson serves as the chief operating officer of Enacomm, a leading provider of intelligent customer interactions solutions and security technology for financial institutions and credit card companies.