How to Detect and Mitigate Call Center Fraud

Today’s omnichannel business environments are ripe with opportunities for fraud — including the call center (also called the contact center or customer experience center). Fortunately, many companies are taking potential fraud and security breaches seriously and are leveraging every opportunity to protect themselves and their customers with better fraud prevention strategies.

That’s because scammers are getting busier. In 2024, call center fraud experienced a significant surge, with account takeover attacks increasing by 32% over the past two years, and at least 33% of all fraud attacks now originating in call centers. And even though many companies adjust their fraud detection strategies as new methods of attack are discovered, fraudsters never fail to find new ways around those security measures. 

Combating fraud is a never-ending game of volleyball, and understanding how call center fraud occurs and what you can do to detect suspicious activity and mitigate it can help you keep the ball in your court.

Why Call Centers are Targets of Choice for Scammers

Call centers are often considered “soft” resources for scammers to post as a legitimate customer and learn personal details that can be used to commit additional acts of fraud elsewhere. 

One reason that call centers have vulnerabilities. It’s difficult to trace back acts of fraud to the call center. Many call centers fail to correlate data from call centers with activities that occur on other channels. As a result, many institutions often overlook patterns that could indicate fraudulent activity — and prevent fraud from occurring in the first place. 

Regardless of the channels scammers use to conduct fraud, the call center plays an important role at some point. Call center agents are often exploited by the scammer to deliver sensitive customer data that can later be used in account takeovers or other illicit activities. And in some cases, fraudsters will leverage a financial institution’s call center to commit application fraud on the spot using the sensitive information they steal.

Without the right customer identification tools and processes in place, as well as a way to detect high-level patterns and prevent activities before they happen, call center fraud will continue to create challenges for financial services companies and their customers.

What Does Call Center Fraud Look Like?

Fraudsters are using call centers to commit three main types of fraud:

Account Takeovers

Fraudsters can contact bank call centers and convince them they’re the authorized user of an account — using the real customer’s phone number, healthcare info or even voice biometrics. Once they gain access to the account, they can take it over and change critical details and customer information to lock out the real user. 

Before conducting this type of fraud, it’s common for scammers to use social media or Google to look up key details on the account owner, such as their mother’s maiden name, birthday, pet’s name, or any other sensitive information. They may use tactics such as spoofing or phishing, or even deepfake emails from people the user knows. These advanced technologies are hard to spot, but are increasingly common in fraud attempts.

Identity Theft

When critical personal details are achieved through phony call center interactions, identify theft becomes a serious problem. Fraudsters can gain the information they need through call center agents, then use this information elsewhere to create credit applications, make purchases, and conduct other illicit activities, resulting in significant financial losses for the victim.

Criminals often get enough information they need via stolen devices or infiltrating unsecured network connections, then make fraudulent calls to contact a victim’s financial institution to retrieve other personal data.

Card Not Present (CNP) Fraud

It’s not uncommon nowadays for transactions to be completed online or over the phone calls. Cards that are not present (i.e. not swiped through a machine) are being used by scammers to make purchases, and items are often processed and shipped before the legitimate cardholder knows their card has been used. 

Regardless of the fraud type or intention, the scammer’s first objective is to convince a call center or customer support agent that they are a real customer. Once the agent asks security questions and performs identity verification, access is granted, and the scammer can do a number of things at the expense of the individual they’re impersonating.

For example, with financial call center fraud, scammers can request to change passwords to bank accounts or request new credit or debit cards be sent to a new address while canceling any valid cards tied to an account. They might use emotional appeal saying they’ve lost everything in a house fire and need a new card sent to their hotel right away, thereby tricking the call center agent into bypassing the authentication process and other security protocols. Or they might say they lost their credit card while traveling and need a new one sent to a different address than what’s on file. 

Other fraud tactics are used, as well. We’ve also seen instances where the fraudster will have themselves added as a secondary user a customer’s account. This allows them to build good credit over time and result in bust-out fraud schemes, a type of fraud common in crime rings that costs financial institutions millions of dollars each year.

Call centers play a role in processing transactions made over the phone and should be aware of the red flags — such as suspicious behavior and and attemps to avoid or outsmart verification processes.

Current Efforts to Reduce Call Center Fraud Aren’t Enough

Many call center providers have already implemented security protocols to protect sensitive data. Knowledge-based authentication (KBA) is commonly used to verify user identity and allow agents to access the account during customer interactions. KBA questions usually involve personally identifiable information (PII), such as address or birthday.

However, these pieces of information are also easily obtained by fraudsters. Data breaches may reveal critical pieces of PII and make them available on the dark web. It’s becoming more common for fraudsters to access user accounts through call centers based on KBA, so advanced employee training should be employed to help call center staff recognize fraud risks.

How to Prevent Call Center Fraud with DataVisor

Call center scams are a growing threat that’s expected to cost financial institutions as much as $775 million in losses by the end of 2020. Even with widely-used verification methods like KBA and PII, the increase in call center scams proves that fighting these acts of fraud at the account level isn’t sufficient. What’s more, many are not isolated attacks, but rather well-coordinated schemes that require high-level pattern detection to discover. Sophisticated solutions like DataVisor’s AI-powered fraud platform allow organizations to leverage omnichannel data including digital fingerprints and call center logs to quickly respond to situations before scammers can follow through with their attacks. DataVisor leverages its proprietary unsupervised machine learning and AI to identify and mitigate call center scams with fewer false positives. This allows companies to respond to threats of fraud while enabling legitimate customers to carry on with business.