Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Top Stories > Financial Institutions Face a New Contact Center Threat

Financial Institutions Face a New Contact Center Threat

Published by linker 5

Posted on December 16, 2020

5 min read

Last updated: January 21, 2026

theme (22)

By Mark Horne, Chief Marketing Officer, Pindrop

Contact centers are an essential channel for banks and customers to communicate, but every channel has security risks to accompany its benefits. Traditional contact center fraud security emphasized two major threats. First, there was the worry that rare unscrupulous contact center agents would abuse the knowledge they gained in the course of work for nefarious ends. Second, there was the danger that scammers could “socially engineer” and trick agents into disclosing information they should not. The first problem could be handled by appropriate interview screening and good on-site and remote protocols; the second problem was handled through training and education. Today, there’s a third vector for contact center fraud loss: IVR exploitation.

New Tech for a New Era

Mark Horne

Mark Horne

While the general public may imagine the typical contact center to be a vast cubicle farm, with customer service agents answering each and every query they receive, this vision is somewhat outdated. First, COVID has forced the vast majority of contact center agents into work-from-home setups; cubicles have been temporarily abandoned all over the country, and some firms may choose to retain remote working even after the pandemic subsides. Second, most institutions try to ensure that relatively few calls ever reach human operators. If you’ve placed a call to your bank, your health insurance provider, or even your pharmacy in the last decade, chances are you’ve encountered an Interactive Voice Response, or IVR, setup. An IVR can complete many basic functions without agent intervention; if a call must go to an agent, the IVR has usually gathered information, like customer name or customer account number, that will be provided to the agent to accelerate their work assisting the caller.

Now, it’s the rare and foolish financial institution that would leave sensitive transactions to an IVR — such high-value interactions would usually happen through a website, through a person-to-person call, over a mobile app, or even face-to-face at a teller’s window. It doesn’t follow, however, that an IVR is safe because it can’t be directly exploited. Bad actors will perform account reconnaissance (the most common type of IVR fraud) to slowly gather enough data that can be used to take over customer accounts, using phishing techniques, spoofed calls, and other methods. Furthermore, fraudsters scrape together information from social media, from already compromised accounts, from socially engineered and tricked agents, and from IVRs. In fact, recent research from Aite Group found that fraud often begins in the IVR and ends elsewhere.

Real Firms, Real Losses

The IVR threat to financial institutions and their clients isn’t theoretical. Aite Group discovered that 41% of financial institutions were aware of IVR fraud loss at their institutions. A further 33% didn’t know if they’d experienced IVR loss; it’s likely that some suffered losses that they were unable to identify. Just as disturbing, half of the institutions that identified IVR-originating fraud admitted that they were not, at present, monitoring their IVR installation. Because IVRs are automated and because the opportunities they offer criminals are poorly understood by some security professionals, there’s an unfortunate tendency to set up an IVR and assume that it can operate unsupervised. That’s an understandable mistake, but for businesses and customers alike, it’s a costly one.

If there’s insufficient IVR tracking and monitoring, recognizing the most sophisticated fraud becomes less likely. Thankfully, it appears that change is coming to financial institutions, with 62% reporting that they’ve either increased their security in the last few years or that they have plans to do so in the next 24 months. The experts are clear: Omnichannel fraud demands omnichannel security.

How the Technology Works

Incompetent scammers are relatively easy for trained contact center agents to unmask in a conversation. But how does an automated IVR monitoring system fare? It analyzes phone carrier metadata, recognizes unlikely call patterns (like multiple calls from the same number at odd hours), and confirms that caller IDs have not been spoofed. Because IVR and contact center attacks aren’t scammers’ endgame — these attacks are primarily focused on data mining and data gathering — new machine learning tools can warn institutions that a fraud attempt may be in progress. IVR monitoring can identify the accounts that fraudsters are slowly and methodically attempting to crack. All of this happens in the background, so there’s no deterioration of the caller experience, and would-be fraudsters won’t realize that the system has flagged and identified them.

Looking to the Future

Criminals are good at adjusting to changing circumstances: consumers have already reported nine figures’ worth of COVID fraud losses. Institutions must be just as attentive and equally adaptable. When the coronavirus recedes and offices fill back up, scammers will change their strategies again, but they won’t give up and they won’t disappear. As IVR and other automated systems grow ever more essential to financial institutions’ functioning, there will be fewer and fewer justifications for leaving these tools unattended. Fraud hurts your customers, hurts your reputation, and hurts your bottom line. Your institution should invest in today’s tools to stop tomorrow’s fraud.