A customer service representative (CSR) for a large, US-based bank received a seemingly routine call. The caller said that his daughter was going to school in Europe. He needed to send her tuition money via electronic funds transfer. To ensure his daughter got registered, the caller told the CSR he had to send the money immediately.
Sounding stressed, the caller said that he tried and failed to handle it online Now he needed help from someone who knew the process. The CSR asked him three security questions to authenticate his identity. The caller quickly provided the answers to each question, as well as the right account number and address.
Wanting to help this long-time customer, the CSR scheduled the funds transfer for the next morning. The caller thanked her profusely and hung up. What the CSR didn’t know was that she’d just unwittingly helped a criminal steal thousands of dollars from a real customer’s account. It wasn’t the CSR’s fault. She had no way to recognize that the caller was a scammer who had purchased a legitimate customer’s stolen identifying information off the dark web.
Though it’s fictitious, this story is hardly unusual. Call center fraud is a serious issue, particularly in the financial sector. The Aite Group claims that 61% of all fraud cases can be traced back to a call center. Fraudsters use call centers for data mining and account takeovers – for example, by changing a password.
The vast quantity of personal data stolen through data breaches and posted on the dark web makes it easy for criminals to pass through a call center’s authentication process.
Why Fraudulent Behavior is Difficult to Spot in Call Centers
A criminal might make several calls to “prime the pump” for his eventual fraud attack. He may call on Monday to reset his account password and call again on Thursday to provide a new mailing address. Those activities alone don’t typically raise a red flag, especially when different CSRs handle the calls. However, viewed holistically with other transactions, these actions could paint a pattern of high-risk behavior. A CSR would not see this pattern due to his limited view of a single call ticket.
Another trick that fraudsters use is to spoof the phone number shown through Caller ID using software easily available on the Internet. The imposter can appear to be calling from the victim’s geographic region or actual phone number. This makes phone numbers and call locations poor data sources for authentication.
In any call center, CSRs are focused on solving problems for customers. They are not focused on screening for fraud. That’s as it should be. Instead, technology can be used to find indications of fraudulent behavior and bring it to light for assessment and mitigation. This can be done with incredible accuracy so that CSRs can focus on providing great service.
Identify Risky Call Center Transactions with Gurucul Fraud Analytics
Enterprise fraud management platforms have been around for years. But many legacy solutions cannot make critical data associations and identify anomalous behaviors. However, recent advancements in a range of technologies from Big Data to machine learning have come together in Gurucul Fraud Analytics, a new kind of advanced fraud analytics platform.
Gurucul Fraud Analytics uses machine learning to analyze millions of datapoints from a variety of siloed, cross-channel sources, such as ticketing systems, phone systems, core banking systems (CBS), and even public databases. By ingesting and linking vast amounts of data from these disparate systems, Gurucul Fraud Analytics can identify anomalous behavior quickly. That allows the security team to mitigate the problem before financial loss occurs.
How would Gurucul Fraud Analytics handle the situation of the caller who wanted to send money to his daughter? Data from the ticketing system could show that someone changed the password on this account just days earlier. Records from the CBS could show that the foreign account the money was going to was recently added. Information from the phone system could show inconsistencies in the time of the call compared to previous calls associated with this account. And data from public records could show that the account holder has no children.
Individually, these pieces of data might be curious – but not suspicious. Aggregated and associated with each other though, they raise a bright red flag of risk. Gurucul Fraud Analytics would have produced a high-risk score for this incident. That would trigger an automated response, like canceling the scheduled payment transfer until it could be investigated.
Want to learn more about how Gurucul can detect call center fraud? Download the whitepaper Key Fraud Analytics Use Cases.
*** This is a Security Bloggers Network syndicated blog from Blog – Gurucul authored by Kevin Franks. Read the original post at: https://gurucul.com/blog/detect-call-center-fraud-with-security-analytics