Social Engineering: How to beat the psychology and technology powering fraud in the call centre

By Simon Marchand, CFE – Chief Fraud Detection Officer, Nuance Communications

Credit: ID 26796786 © Daniel Villeneuve | Dreamstime.com

Australia’s Communications Minister recently announced telecommunications companies will be required to adhere to tighter regulations around identity verification for those porting mobile numbers from one provider to another. The aim is to fight back against the record high numbers of fraudsters hijacking mobile phone numbers and then accessing linked accounts such as bank accounts.

While this is a step in the right direction, multi-factor authentication as proposed here isn’t a long-term solution, and there are more vulnerabilities that fraudsters are exploiting in the telecommunications industry that need to be addressed.

Many of these vulnerabilities, as with the number porting scam, culminate in the call centre. Gartner predicts that by 2020, 75% of omni-channel customer-facing organisations will be the victim of a targeted, multi-channel fraud attack with the contact centre as the key point of compromise.

Social engineering has long been a threat to contact centres. However, advancements in technology require a more sophisticated response from organisations to social engineering threats if they wish to protect and therefore retain their customers.

What does social engineering look like in the call centre?

In the context of security, social engineering refers to the use of deception or manipulation to get a person to disclose confidential or personal information for the purpose of committing fraud. As call centres allow fraudsters to interact directly with a support agent, they are easily able to tap into human vulnerability and error.  

Traditionally, social engineering has been psychology-driven. Playing the sound of a crying baby in the background for sympathy or distraction, lying about an illness in the family or expenses from an unfortunate accident, or intimidating with threats of reporting them or having them fired: these are all common ways fraudsters manipulate agents into letting their guard down and granting access to accounts or personal details.

While seemingly simple, these social engineering tactics work, and will continue to do so if contact agents aren’t provided with the right training or tools to combat them.

Customer service representatives need to fulfil a security function

Call centre agents primarily fulfil a customer service function, not a security function.This has to change if we have a hope of widescale fraud prevention in the call centre environment.

Capturing a broader organisational mindset that fraud isn’t just a cost of doing business, and embedding this into the culture of the call centre, will likely reduce the success of social engineering tactics.

Considering over half of Aussies would likely change service providers if they fell victim to fraudsters through their services, communicating the importance of security to customer service professionals seems obviously relevant.

But training agents is incredibly resource-consuming given the huge churn within call centers. In addition to that, asking an agent to solve problems while acting as a “fraud expert” at the same time creates stress, impacting customer experience, and turnover.

Therefore, as long as identity authentication remains the responsibility of the live agent, there is always a risk of human error. The solution is to provide a transparent authentication solution to support them with that task.

Voice recognition is a growing option, letting the system recognise if customers are actually who they pretend to be, and allowing call center agents to focus on the customer.

Why a customer’s voice is the most powerful fraud prevention tool

Voice biometric authentication uses an individual’s voiceprint to verify their identity, which includes more than 1000 unique physical and behavioural characteristics of a person including the length of the vocal tract and nasal passage, pitch, cadence, accent and so forth. A voice is as unique as a fingerprint, preventing impersonators, synthetic voices or deep fakes from bypassing the security system.

This eliminates the need for security questions which are often compromised at the live agent level or forgotten by the legitimate customer, both of which have a huge impact on the customer experience.

The same way voice prints can be made of customers, voice biometric technology could also create voice prints from suspected and confirmed phone interactions with fraudsters. If the likes of telecommunications companies or financial institutions were to feed into a shared and interoperable database of fraudsters’ voiceprints, the impact of fraud on a national scale could be dramatically reduced.

Simple yet effective, social engineering has long wreaked havoc in the call centres, with fraudsters showing no sign of changing tact in targeting the human vulnerabilities of live agents. Organisations need to ensure that call centre agents understand the importance of their role as the gatekeeper of personal information.

But putting that responsibility on their shoulders without any kind of support, technological or other, is a risky choice to take, for them, their businesses, but most importantly consumers.

Show Comments