How to Detect Call Center Fraud

Today’s omnichannel business environments are ripe with opportunities for fraud. Fortunately, many companies are taking potential fraud and security breaches seriously and are leveraging every opportunity to protect themselves and their customers. However, one area that’s easily overlooked is how scammers can attack through call centers. 

Call center fraud increased 113% between 2016 and 2017, going from 1 in 2,000 calls to 1 in roughly 937 calls. And even though many companies adjust their fraud detection strategies as new methods of attack are discovered, fraudsters never fail to find new ways around those measures. 

Combating fraud is a never-ending game of volleyball, and understanding how call center fraud occurs and what you can do to mitigate it can help you keep the ball in your court.

Why Call Centers are Targets of Choice for Scammers

Call centers are often considered “soft” resources for scammers to post as a legitimate customer and learn personal details that can be used to commit additional acts of fraud elsewhere. 

One reason that call centers are a vehicle for fraud is that it’s difficult to trace back acts of fraud to the call center. Many call centers fail to correlate data from call centers with activities that occur on other channels. As a result, many institutions often overlook patterns that could indicate fraudulent activity — and prevent fraud from occurring in the first place. 

Regardless of the channels scammers use to conduct fraud, the call center plays an important role at some point. Call center agents are often exploited by the scammer to deliver sensitive customer details that can later be used in account takeovers or other illicit activities. And in some cases, fraudsters will leverage a financial institution’s call center to commit application fraud on the spot.

Without the right customer identification tools and processes in place, as well as a way to detect high-level patterns and prevent activities before they happen, call center fraud will continue to create challenges for companies and their customers.

What Does Call Center Fraud Look Like?

Fraudsters are using call centers to commit three main types of fraud:

Account Takeovers

Fraudsters can contact bank call centers and convince them they’re the authorized user of an account. Once they gain access to it, they can take over the account and change critical details that lock out the real user. Before conducting this type of fraud, it’s common for scammers to use social media or Google to look up key details on the account owner, such as their mother’s maiden name, birthday, pet’s name, or any other personal information.

Identity Theft

When critical personal details are achieved through phony call center interactions, identify theft becomes a serious problem. Fraudsters can gain the information they need through call center agents, then use this information elsewhere to create credit applications, make purchases, and conduct other illicit activities. Criminals often get enough information they need via stolen devices or infiltrating unsecured network connections, then contact a person’s financial institution to retrieve other personal details.

Card Not Present (CNP) Fraud

It’s not uncommon nowadays for transactions to be completed online or over the phone. Cards that are not present (i.e. not swiped through a machine) are being used by scammers to make purchases, and items are often processed and shipped before the legitimate cardholder knows their card has been used. Call centers play a role in processing transactions made over the phone.

Regardless of the fraud type or intention, scammers’ first objective is to convince a call center agent that they are a real customer. Once the agent believes the caller is who they say they are and gain account access, they can do a number of things at the expense of the individual they’re impersonating.

For example, with financial call center fraud, scammers can request to change passwords to bank accounts or request new credit or debit cards be sent to a new address while canceling any valid cards tied to an account. They might use emotional appeal saying they’ve lost everything in a house fire and need a new card sent to their hotel right away. Or they might say they lost their credit card while traveling and need a new one sent to a different address than what’s on file. 

We’ve also seen instances where the fraudster will have themselves added as a secondary user a customer’s account. This allows them to build good credit over time and result in bust-out fraud schemes, a type of fraud common in crime rings that costs financial institutions millions of dollars each year.

Current Efforts to Reduce Call Center Fraud Aren’t Enough

Many call centers have already implemented security procedures to protect sensitive user data. Knowledge-based authentication (KBA) is commonly used to verify user identity and allow agents to access the account. KBA questions usually involve personally identifiable information (PII), such as address or birthday.

However, these pieces of information are also easily obtained by fraudsters. Data breaches may reveal critical pieces of PII and make them available on the dark web. It’s becoming more common for fraudsters to access user accounts through call centers based on KBA.

How to Prevent Call Center Fraud with DataVisor

Call center scams are a growing threat that’s expected to cost financial institutions as much as $775 million in losses by the end of 2020. Even with widely-used verification methods like KBA and PII, the increase in call center scams proves that fighting these acts of fraud at the account level isn’t sufficient. What’s more, many are not isolated attacks, but rather well-coordinated schemes that require high-level pattern detection to discover. Sophisticated solutions like DataVisor’s AI-powered fraud platform allow organizations to leverage omnichannel data including digital fingerprints and call center logs to quickly respond to situations before scammers can follow through with their attacks. DataVisor leverages its proprietary unsupervised machine learning and AI to identify and mitigate call center scams with fewer false positives. This allows companies to respond to threats of fraud while enabling legitimate customers to carry on with business.