Cyberattacks Increasingly Targeting IVRs, Contact Centers
By Roy Urrico
With a renewed emphasis on improving the consumer experience through automation and self-service tools, financial institutions have invested in producing more sophisticated and engaging interactive voice response (IVR) experiences. However, fraudsters have increasingly targeted IVRs to perform account takeovers (ATO) across channels, according to a new report.
The study, “Beating the Bad Guys: Safe and Secure Transactions,” from Boston-based tech consulting company Aite Group and Atlanta-based antifraud/authentication firm Pindrop, examined the state of contact center and Interactive voice response fraud within financial institutions.
“Contact centers are often the least-protected delivery channel in (financial institutions) and are frequently the source of cross-channel fraud; typically, the fraud manifests as account takeovers,” the report stated. It also revealed, “Many fraud executives lack good insight into contact center activity and often have even less insight into IVR activity.”
Aite Group conducted the research using an online survey from September to October 2020 to better understand contact center fraud loss trends as well as gain insight into IVR suspicious activity and technology investment plans. The data reflects input from 47 financial fraud executives from 30 financial services firms.
The report further explained fraudsters exploit data harvested from data breaches and other sources (including reconnaissance IVR work) to successfully impersonate customers, leading to ATOs. Making things even more troubling is that contact-center-enabled fraud is often most difficult to quantify. In many cases, the amount of the loss does not reach the dollar threshold each financial institution establishes to perform root-cause analysis of the loss.
This study also found the fraud losses associated with contact centers may only include unauthorized transfers performed in that channel. “Because contact center fraud frequently manifests as cross-channel fraud, the loss is often associated with the channel the loss occurred in rather than the contact center that enabled it.” For example, if an imposter successfully resets an account’s online credentials, then transfers funds from that account, the loss often becomes classified as online or mobile fraud.
Administrators also realize that criminals seek the weakest link in an institution to exploit. Also understand that as other FIs implement solutions to protect their contact centers, unprotected contact centers are more likely fraud targets.
Although contact center losses often go understated, 36% of financial institution executives recognize they are growing; and 64% of FIs are likely to invest in contact center fraud prevention technology in the next two years.
Some other key takeaways from the study include:
· Forty-one percent of FIs have seen evidence of fraudulent activity occurring in IVRs, while 33% do not have visibility into the issue.
· Among the FIs that have seen evidence of fraudulent activity in the IVR, less than half are monitoring activity in the IVR.
· One third of FIs have linked fraud cases to their IVRs; 45% have not made such linkages, and 22% do not know whether any fraud cases link to the IVR.
· Thirty-six percent of FIs have seen contact center fraud losses rise in 2020 compared to two years prior. The same percentage FIs plan to invest in monitoring IVR activity in the next two years.
The report concluded that identity verification/application fraud, contact center identity authentication, and digital identity authentication controls are the top three areas getting technology funding. In addition, improving operational efficiency and the customer experience are the top two business case drivers for contact center fraud technology investments.
“Adopting a technology solution that can detect suspicious activity in incoming calls going to agents can help prevent account takeover fraud; extending the protection to the IVR enables the FI to better protect impacted accounts and further reduce fraud losses,” the report noted. Taking advantage of these fraud reduction benefits, in addition to reducing the average handle time of calls and improving the customer experience, results in a huge win-win.
Pindrop Protect is a multifactor, real-time, fraud prevention solution that analyzes calls into the contact center for voice, device and behavior. According to Pindrop, the technology finds up to 80% of phone channel fraud, predicts future fraud 60 days in advanced, provides a complete cross-channel view of fraud, reduce costs and review rates and hardens the company against attacks.