That’s an impressive figure for just about any company’s annual revenue. But when it’s the annual volume of cybercrime (even higher than the drug trade) it’s frightening. And with many physical and online information security procedures growing stronger and more sophisticated, more and more of that cybercrime is aimed at the one area that has received the least attention – call centers.
And that lack of attention has had a marked result. In 2017, 1 in 638 calls were fraudulent, an increase from the prior year of 47%. From 2013 to 2017, the rate of increase was more than 350%. Here are some of the reasons why this is happening.
Lots of things that were unheard of a few years ago are now main stream. That includes data breaches.
Stories of major data breaches, even examples of 10 million records being hacked, often don’t even make the front pages anymore. But they do make fraudsters jobs easier, as they put that data to work. These increasingly sophisticated criminals methodically assess organizations’ weak points and exploit them. More often than not, they exploit the phone channel using a multichannel strategy to commit and make the most of data breaches.
As you’ve gone omnichannel, so have fraudsters.
As fraudsters grow more sophisticated, they often start their attack in one channel and commit the actual fraudulent transaction in another. And that makes detection that much more difficult.
Many cross-channel steps can appear perfectly legitimate. But to cite just one voice channel as an example, 60% of calls confirmed to be fraudulent were information gathering efforts by criminals intending to commit the actual attacks in online channels.
Here’s how it might work. A criminal might socially engineer a call center rep to gather information, take over an account, or access a victim’s email. No money is taken then, but the stolen information or account takeover can be used to steal funds elsewhere, such as a bank.
Fraudsters know more than you think.
The answers to KBA (Knowledge-Based Authentication) questions used to be reasonably private and secure. Not anymore. Thanks to the dark web, the probability that your answers are there for the taking is extremely high. And while many organizations remain committed to KBA questions out of habit, fraudsters have come up with ever more sophisticated ways to convince call center agents to ask only the questions for which they have the answers.
You do a lot. Your attackers do more.
A business takes on a new technology. A fraudster takes it on, and then some. Indeed, they always seem to be one step ahead. When, for example, an organization implements voice biometric security, fraudsters might employ:
- Imitation. Here they impersonate the legitimate caller or disguise themselves to avoid detection.
- Replay attack. They get on the phone with the unsuspecting target and record the victim’s voice. Or they find a video online.
- Voice modification software. This converts the fraudster’s voice to match the victim’s.
- Voice syntheses software. This increasingly sophisticated software makes it easy to create near-identical voice matches.
Artificial Intelligence represents a Real Threat.
AI opens up a world of possibilities for businesses – and cyber criminals. Among other things, it helps facilitate automating attacks, improving victim targeting, better impersonations, creating and targeting fake news, better use of resources for distributed denial of service, and developing more effective malware and viruses.
Improved AI also means more capable chatbots. And because so many of them are unmonitored, they’re ripe for abuse – including KBA and IVR (Interactive Voice Response) attacks.
See what you can do to protect your call center.
Watch our special webinar on how to save your call center from cyber-attacks and lose your customers. The cost of not taking action is far more expensive.