As individuals and businesses, we are all aware of the horde of fraudsters out there, scheming and plotting to rip us off. But there’s a new threat that businesses need to be aware of: IVR phone fraud.
A recent study of millions of interactive voice response (IVR) services found that one in 360 (1/360) calls are fraudulent, with a staggering 25 percent success rate.i Another study showed that global call center fraud has increased by more than 45 percent in the past three years.ii Recognizing that IVR phone fraud is a serious and growing problem, organizations need to be proactive. So what fraud prevention measures are available to aid in keeping their customers’ information secure?
1) Voice biometrics. A customer’s voice characteristics such as pitch and rhythm are captured to create a unique “voiceprint.” Once a voiceprint is created, the IVR requires a small speech sample to identify a person, usually provided by a normal greeting dialogue. While highly accurate and effective at weeding out would-be fraudsters, it is very expensive.
2) Identity challenge questions: Companies access public records to challenge callers with historical questions to prove identity, such as what was an address the customer lived at decades ago, or what company was a customer’s mortgage originator. This can be an effective tool for decreasing fraud, but it too has its drawbacks. The records go so far into the past that even legitimate customers may have trouble remembering the identity-confirming data they’re being asked to provide. In addition, this method is only as good as the database information: it is not unusual for customers to have challenge questions inaccurately contain data about family members, or even ex-spouses.
3) One-time passwords: A company can confirm a caller’s identity by sending a one-time password through a known email or mobile phone number which the customer may then provide when prompted. While effective, this method is not foolproof: in cases of full identity compromise, it is possible that the fraudster has access to the legitimate customer’s email account and will be able to obtain the password.
4) Private Identification Number (PIN): Using a PIN is a lower-cost technology that requires a database and the ability to allow customers to change the PIN on demand. For this method, customers are required to pick a secure PIN and also to update the numbers chosen at set intervals. This method of caller identification is probably the least secure due to its reliance upon customers choosing a secure PIN, and keeping the PIN safe from those who would misuse it.
Fraud and fraud prevention are constantly evolving, with each side engaged in a never ending arms race. Security teams must continue to adjust fraud detection and prevention methods. When one door is closed, the fraudsters will find another. However, by researching what other companies and countries are doing to prevent fraud, sharing information and training contact center agents to a higher standard, the impact and frequency of fraud can be significantly mitigated.
iMcCurry, Tim. “Outsmarting Fraudsters with Adaptive Fraud Prevention>’ Contact Solutions, a Verint Company, 2015.
iiBouvier, Roger. “The Importance of Call Center Authentication.” Experian.com, June 2016.