Consumers are falling prey to the growing risk of phone fraud. A new study warns that criminals can use information found on social media profiles to answer weak security questions, posed by banks, to gain access to accounts. This highlights the security flaws that exist within contact centres, and the need to improve security on the phone channel, a channel that has long been neglected.
Responses to an independent survey of 3000 consumers in the UK, France and Germany indicate a similar trend across each country – nearly two thirds of consumers have shared answers to security questions on their social media channels. Respondents also proved to be frustrated with current authentication methods especially in the phone channel. In the UK, 43% regularly contact service providers at least once a month by phone. Over half (57%) admit forgetting the answers to security questions when they call their bank or utility company. While 50% believe that too many companies ask the same questions to authenticate.
“It would appear that fraudsters are taking advantage of consumers unassuming nature of sharing personal details on their social media profiles, Matt Peachey, Vice President of International at Pindrop, a voice security and authentication company. “These consumers are exposing themselves to significant risk, as fraudsters can use these details to successfully pass security questions over the phone. In fact, financial institutions report that 61% of their fraud cases touch the phone channel. The issue is much more extreme amongst 18-24 year olds where 80% confirmed that they have at least one piece of information on social profiles that is used for personal verification, including date or place of birth. “The lines of defence across online and offline security must be connected; both by consumers and by banks and utilities companies.”
The study found that consumers seriously underestimate the potential for fraudsters to use the phone channel to take over their accounts. While 64% of respondents feared their accounts being hacked online, only 55% were afraid of fraudsters being able to gain access to their accounts over the phone. In addition, consumers did not understand how fraudsters are leveraging personal data.
Just 8% of consumers agreed that they had a high level of knowledge about where and how their personal data is used. Compared to 12 months ago, one in four consumers feels less confident that their personal information is being suitably protected.
WANT TO BUILD A FINANCIAL EMPIRE?
Subscribe to the Global Banking & Finance Review Newsletter for FREE Get Access to Exclusive Reports to Save Time & Money
By using this form you agree with the storage and handling of your data by this website. We Will Not Spam, Rent, or Sell Your Information.
“The survey found that 57% of all respondents called their bank within the last month so the challenge these organisations face, is how to continue to offer exceptional customer service over the phone without neglecting security,” said Peachey.
One solution that many organisations may consider is voice biometrics. These technologies often claim to eliminate the need for consumers to remember passwords, a benefit that 42% of respondents preferred. In the UK, while 60% of consumers would likely sign up to the option to use voice as a password if offered, only just 10% of consumers across each of the regions express high levels of confidence that this is a secure approach.
Following recent news that voice biometrics can be easily hacked it’s clear that using just your voice as your password is not enough. said Peachey. “To better tackle fraud attacks on the phone channel, organisations require a multilayered form of defence. The solution must analyse voice as well as the audio and network characteristics of the call itself.
This can be accomplished using Phoneprinting™ technology, available from Pindrop, which analyses 147 unique characteristics of the background audio of a call. This analysis provides the true geographical location of the caller, the device being used and whether the device has been used to contact the company before, to build a far more reliable verification of a call and a more resilient form of defence than using voice biometrics alone.