Today, bad actors are pivoting to exploit call centers, finding opportunities to attack them using innovation like Generative AI (GenAI). 60% of financial industry respondents report that most account takeover (ATO) starts in the call center.
How Are Fraudsters Attacking?
1. BY COMPROMISING EXISTING SECURITY PROCESSES
Even the most modern financial services companies may be reliant on legacy security practices.Outdated verification approaches can be seen in knowledge-based question and answers (KBA) and one-time authentication codes (OTAC), which are vulnerable to social engineering and data mining. Even the great hope of using voice biometrics to eliminate call center fraud is rendered ineffective by GenAI.
2. APPEALING TO AN AGENT’S HUMANITY
Never overestimate the human component! Call center agents are expected to service calls efficiently and effectively—and scammers prey on that vulnerability. Fraudsters will use plausible excuses, use trial-anderror to understand what info they need to acquire, or even act distracted with children or annoyed by the process to access sensitive information.
3. USING “MAN-IN-THEMIDDLE” TACTICS
One of the most difficult frauds to detect is that of a fraudster calling your customer (pretending
to be your brand), while also simultaneously calling your call center (pretending to be the customer). In this scenario, they simply relay all the authentication requests to the real customer, and then pass the answers back to your call center.
4. BY DIGGING THROUGH THE DARK WEB AND SOCIAL MEDIA
When getting their hands dirty, fraudsters are more than willing to search the internet and social
media accounts for your customers’ information, especially if they are able to identify what KBA
information your organization requires. Many bad actors even go so far as to buy your customers’
information off the dark web and use it to impersonate them.
5. VIA LOW-RISK, TEST-AND LEARN APPROACHES
Lastly, fraudsters aren’t afraid to put time in. They will often engage in simple activities to see what security gates they need to pass through in order to access each subsequent layer of an account.
They may start with a low-risk task like checking the balance on an account, then graduate to more devious activities when they know what security information is requested.
