By Nick Gaubitch Head of Research, EMEA, Pindrop
The rise in fraudulent calls made to the UK by international criminal gangs has almost doubled in the last 12 months. This drives home independent comment put forward in a recent Gartner report that states: ‘security and risk management leaders should invest now in fraud prevention technology and strategies to protect their enterprises from increasingly sophisticated attacks.’
The term ‘Fraud’ traditionally brings about the notion of somebody breaking into your online bank account. However, in recent years has heavily targeted the phone channel, an area far less well defended. With new research having shown that the loss per fraud call in the UK has jumped from £0.51 to £0.86 since 2016, the situation appears to be getting worse. Financial institutions must therefore use every avenue available to them to stay one step ahead of the fraudster.
Alongside the obvious consequences of failing to tackle this growing threat, businesses must also take into account the hidden cost of phone fraud, customer loyalty. With 59% of consumers having stated they are willing to switch banks if one is more secure than others, financial institutions must adapt quickly, or risk falling behind their competition.
Below we take a look at the ways fraudsters are taking advantage of current security practices and provide tips on how financial institutions can counter this growing threat.
Social engineering, when fraudsters become actors
It’s no secret that there has been a heavy focus on cyber security over the past few years. As online attacks have grown, and become more sophisticated, hard hitting headlines have forced businesses across the globe to take note and improve their online defences. The consequence of this? Fraudsters have increasingly been driven to alternative channels when attempting to commit fraud.
One area which has become a particular area of target is the phone channel. Less publicised than its cyber neighbour, the phone channel has proven to be a soft target. The goal of the call centre agent is to provide an excellent service customer experience and enable users to gain access to their solutions. Fraudsters, who are typically good at manipulation, have recognised this vulnerability in call centre agents who are more geared towards satisfaction rather than navigating fraudulent techniques, allowing the fraudster to socially engineer their way past outdated security practices.
One such example of this, released in Pindrop’s annual State of Fraud Report, comes in the form of a real fraudster nicknamed ‘Distorted Please’ (DP). DP uses voice distortion software to manipulate his voice by lowering or increasing the pitch. Not only does this software unsettle the call centre agent, but it’s also useful in allowing DP to present himself as either a male or female customer, doubling his success rate. Despite the audibly poor attempt at voice disguise, DP has attacked a large number of accounts and has successfully transferred balance. This is a great example of basic technology being utilised by a fraudster to navigate his way through outdated security practices.
Outdated KBAs vs clever fraudsters.
In an attempt to help counter examples like this, call centres do provide their reps with a number of personal questions (known as knowledge-based authentication or KBA) to help figure out if a caller is fraudulent. The main problem with this however is that it is a limited approach and one that fraudsters can easily bypass.
With sources such as the dark web or social media providing personal details in abundance, individuals and organisations are continuously exposed to fraudsters targeting their agents armed with a host of valuable information. On average a fraudster rings up a call centre five times before committing a fraudulent act. This shows just how unreliable current security systems are in detecting illegitimate callers.
Multi-layered defence to improve security
With fraudsters having such clever tactics to bypass traditional forms of defence, it is of little surprise that one layer of phone security is not enough to protect financial institutions against fraudulent attacks. The solution to this? Financial institutions must implement technology such as Phoneprinting™ which provides a multi-pronged form of defence.
Phoneprinting™, can identify specific components about each call from the call location or the device, to whether the phone has been used to call the company before. Combined, these tools can all aid in detecting fraudulent activity before it becomes an issue.
Financial institutions must ensure that this proactive action happens sooner rather than later, as without the right fraud authentication in place, banks will fall behind their competitors and quickly lose consumer loyalty. In this era, where the fight against the fraudster is ever-developing and where GDPR compliance looms on the horizon, businesses must do their upmost to improve defences or face hefty fines and reduced customer numbers.