Dr.Nikolay Gaubitch, Director of Research at Pindrop
How severe is the threat of financial fraud right now?
Losses from financial fraud have been increasing in recent years. A report from UK Finance estimates that more than £750m of bank customers’ funds were lost to fraud in the first half of 2021. This represents a steep increase of more than 20 percent from the same period in 2020.
Fraud has always been a serious challenge for finance, and the industry has spent years investing in mechanisms to detect and block attempts to defraud customers. But digitalisation has created an increasingly complex financial ecosystem, and organised criminal gangs have proven adept at finding and exploiting weak points.
The telephony channel has emerged as one such target, as voice has always been less secure than online platforms. Fraudsters are exploiting financial voice services as a means of bypassing other security measures and accessing customer accounts.
How are fraudsters exploiting the voice channel to target the financial industry?
One of the key factors that makes the voice channel a popular target for fraudsters is that it affords a high degree of anonymity. Most call handlers will support dozens of callers a day and will not know their customers on a personal level. Meanwhile, verification is usually managed by automated knowledge-based authentication (KBA) questions for which fraudsters need comparatively little information to pass and successfully impersonate a legitimate caller.
This also means voice fraud has a relatively low technical skill ceiling compared to attempting to hack online systems, so telephony is regarded as an easier path to taking over a financial account.
Pindrop’s recent Voice Intelligence and Security Report found approximately one in 1175 calls to the banking and finance sector were fraudulent last year. Fraudsters will usually make multiple calls in an effort to take over an account, seeking to harvest or verify more information each time until they can pass verification tests. Automated IVR systems are frequently exploited for this purpose, and fraudsters will often use other call services to cross reference data. For example, on average, one in every 228 calls to services was found to be fraudulent as criminals gathered more intel.
We also found that the insurance sector suffered comparatively much fewer attempts, with just one in 7390 calls found to be fraudulent, on average. However, here fraudsters will usually be trying to access and cash out home and life insurance policies, resulting in a much greater financial loss for each case of fraud.
Why isn’t legacy authentication over voice working?
KBA processes have long been the default verification process for voice because the technical constraints of telephony limits other options. The multifactor authentication (MFA) approach that has become commonplace online is too cumbersome and frustrating during a live call, for example.
However, the manual approach of KBA is a bad fit for today’s digital world. An endless series of data breaches across all industries means there is a huge volume of personal data available on the dark web. In one investigation by Pindrop, we quickly found a complete set of financial login data and personal records available to purchase for less than £50.
Fraudsters can either purchase direct access and strike before account details are changed, or acquire enough information to harvest the rest and pass KBAs. With no secondary layer of authentication, a few personal details are often all it takes.
Ironically, while bypassing KBAs has never been easier for criminals, legitimate callers often have a tough time with lost and forgotten passwords and PINs. A controlled study in Pindrop’s 2022 Voice Intelligence Report found that criminals passed KBAs as much as 92% of the time – compared to just 42 percent for real customers.
How can financial firms protect their customers’ accounts from fraudsters over voice?
Passwords and PINs have always been vulnerable to being lost or stolen, even before the digital age made it so easy for criminals to acquire them. Authentication via voice has been unfeasible in previous years due to the technical limits of the average telephony channel. Reliably identifying a caller means analysing a large amount of data, and this must be completed rapidly as customers will quickly become alienated by delays.
Today, rapid and frictionless authentication is finally possible thanks to advancements in AI technology. AI-powered analytics can rapidly analyse the caller’s voice, as well as other data points such as their device and call metadata, to determine the likelihood that they are who they say they are.
Legitimate customers experience a smooth and seamless identification process, while even the most experienced fraudsters can be caught out.
What else can the financial industry achieve with voice technology?
Reducing financial fraud is the most obvious application for AI driven voice technology, but it can also deliver some powerful operational benefits.
First National Bank of Omaha (FNBO) for example was able to improve handling around forgotten passwords. One-time passwords (OTP) used to re-verify forgotten credentials dropped by 75 percent. In another use case, a mobile financial application has so far enrolled 17 million users for a voice-led call back system geared around using voice verification to unlock accounts. What’s more, they have the potential to use the technology for things like authenticating a user for high-risk transactions should they wish to do so in the future.
Creating a more seamless process for authenticating callers also saves time, positively impacting call centre efficiency as handlers can support more callers. United Community Bank (UCB) improved its call handling volume by 14 percent through reducing authentication times, and this efficiency also reduced the average time spent on hold by one minute and 11 seconds. The reduced friction saw post-call satisfaction surveys record a five percent increase in customer satisfaction, and the number of abandoned calls also dropped by seven percent.
Finally, the technology can also aid in engaging with customers over such an anonymous channel. AI can be used to provide valuable caller demographic insights such as predicted age range and spoken language. This data can be used to drive more effective authentication and fraud detection, and aid with call routing and informing strategic decisions.