Fraud occurs every day and impacts the enterprise and the consumer. In fact, it’s so prevalent I can’t remember a time – certainly not in this decade – when fraud wasn’t a top-of-mind issue in our lives. But what happens when fraud impacts business on your watch, and you were certain you took every conceivable precaution to ensure it wouldn’t and couldn’t happen? There’s a missing link in fraud prevention, and it just may surprise you.
Consider a Day in the Life of Your Customer
- Your customer may call your customer care line to check a balance, make a payment, get support on a product or issue, or more.
- He or she has done all they can to previously establish passwords and pins with you, and now they rely on you to ensure their personal information and their account is safe in your hands when they initiate their call.
- Your customer first reaches the IVR to authenticate and manage their needs on their own – in fact they (certainly I) prefer self-service to expedite the interaction unless there is a more complex reason to speak with an agent.
- The customer validates properly, completes their transaction, and goes about their day.
Now…Imagine a Suspicious Call into Your Contact Center
- A man with a heavy foreign accent on a poor-quality VoIP call claims to be a 73-year-old retired teacher from Dubuque named Myrtle Henderson.
- As part of your authentication screening, “Myrtle” fails a step and is sent to an agent for further authentication. Poor dear, fake “Myrtle” explains, “I’m sorry, but I’ve forgotten the name of my first childhood pet. Silly me. Can you help?”
Now consider how that call can go. There are two kinds of contact center agents: the sharp ones, who will smell a fish, and the naïve ones, who will assume that Mrs. Henderson simply has a bad cold and a failing memory when it comes to dear, departed Fluffy. Which kind of agents do you employ? Do you pay them enough to care?
In the previous post, we discussed how criminals are redirecting fraud efforts away from highly protected channels like networks in favor of more lightly guarded doors such as the contact center. While some agents are capable of picking up on suspicious calls, others may be too busy or too poorly trained to do so. Remedial training for agents can help cut down on fraud attempts through live voice calls, but it won’t do anything to keep criminals from probing automated channels.
Handling Fraud Downstream Is Like Locking the Doors after the Burglar Has Already Taken the Flat Screen
While larger companies today focus their efforts on online user authentication and verification for critical transactions like electronic funds transfers, they pay little attention to authentication and verification in the contact center beyond the contact center agent. While passive voice biometrics during an agent interaction and other tools are extremely valuable deterrents, they should not be used alone.
- - - - - - - - - - - - - - - -
In a report published late last year, Gartner emphasized that every single identity-proofing measure can be beaten individually by determined fraudsters, which is why security needs to be in the form of successive layers of protection.
- - - - - - - - - - - - - - - -
If a fraudster makes it through one or two layers, the remaining layers and measures can help backstop the others and prevent an attack from succeeding. If the correct measures are taken to protect the customer upstream, then customer support organizations can avoid the damaging fallout that takes place downstream, after the fraud has occurred.
We’ve all received that notification in the mail: a credit card company or retailer has experienced a data breach, and the institution must then offer a year or two of credit monitoring to ensure that their customers don’t become victims. Credit monitoring is put in place to prevent fraud downstream: criminals using customers’ personal details to take out new credit cards, transfer money out of accounts, purchase retail gift cards, or even file fraudulent tax returns.
Fraud is Personal
Believe me, I know firsthand as I’ve been hit with most of these attacks repeatedly over the past few years. Even the new chip in our credit and debit cards can’t fully protect us if a fraudster has successfully gotten access to our accounts through criminal use of our information. Downstream fraud is extremely expensive, both for the customer (there are horrors stories of customers working hard for years to regain their financial identity) and the institution that was hacked.
The problem is that many of these credit monitoring services are both expensive to the breached organization and low quality for customers, according to John Ulzheimer, president of consumer education at CreditSesame.com. Most services monitor credit reports from only one of the three major credit bureaus.
“It’s like locking one of three doors to your house,” Ulzheimer told MarketWatch. “There’s no guarantee you’re going to be protected.”
Here’s the Kicker
In the contact center, traditional fraud detection tools (if they’re present at all) are put into action downstream to deny transactions at the last moment to avoid a loss, or identify losses after they have occurred for future prevention—including transaction processing solutions that flag suspicious purchases, cyber security issues to prevent digital interaction and data compromise, and network or data center security to block breaches.
Stop Fraud Upstream in the IVR Before a Loss Occurs
By concentrating fraud prevention efforts upstream, before a criminal can complete an account takeover or other fraud, organizations can prevent the costly fallout and loss of customer goodwill that can result from breaches.
Since the interactive voice response (IVR) is where a lot of contact center fraud begins today, it makes sense for companies to put an IVR in place that can spot fraud attempts before they can cause damage, and stop them.
Upstream protection in an IVR requires a solution that can do a number of things at once:
- Monitor caller behavior
- Provide heightened authentication
- Detect and stop probing activity in the IVR
- Reduce fraud losses and prevent account takeover
- Deliver convenient self-service that saves time and effort
Essentially, it involves a change in strategy, pivoting from reaction to prevention. Using adaptive fraud prevention technology, contact centers can detect and prevent fraud upstream in the IVR before loss occurs.
So, why aren’t more enterprises doing so?
An IVR that Fights Fraud - a New and Effective Technology
To be truly effective, the solution must:
- Require the collection of data at every interaction point in real time.
- Demand that the data analysis be immediate and ongoing – to quickly and effectively identify fraudulent activities that are actively occurring and take action as fast as possible.
- Provide a multi-layered approach that fits the needs of the organization, transaction types, and customer base served.
- Deliver immediate action – best determined by the client needs – with the ability to take different preventative steps appropriate to the circumstances.
- Ensure client insight and decisioning capabilities that align with other existing fraud management activities.
- Continue to learn and apply protection over time as changing behavioral, reputation, and knowledge data are collected and applied.
Wolf in Sheep’s Clothing
A word to the wise: don’t settle for fraud prevention solutions that limit your ability to protect your customers and your enterprise. Some examples we’ve seen include:
- Add-on IVR solutions that require months of historical data analysis, and when finally implemented, offer only a minimal patchwork of protection. Why settle for less?
- Solutions that ignore behavioral data – this information is way too valuable and insightful to be left underutilized.
- Band-Aid solutions that aren’t proven and haven’t shown results: prevention, savings, CX protection.
Download the infographic >