Call Center News 3/16/12

How to Stop Call Center Fraud

Socially Engineered Schemes Target the ‘Helpful’ Channel

While many banks and credit unions have invested in technology to thwart phishing attacks and online fraud, some have ignored the call center. As a result, fraudsters have redirected their aim.

To address the threat posed by these socially engineered attacks, security experts advise financial institutions to ramp up employee education as well as adopt critical practices, such as enhanced user authentication and out-of-band verification of transactions initiated via the call center.

In recent weeks, U.S. banks have reported upticks in call-center schemes that rely on social-engineering tricks. The attack: Convince customer service representatives to share or change account details.

The problem is not a new one. Late last year, Gartner fraud analyst Avivah Litantalked about phone-based scams that continually hit banks and credit unions.

“The misfortune here for the banks is that they can have the best fraud-detection systems out there that flag suspect transactions, but it all breaks down when they call the ‘hacker’ to verify the transaction as OK,” Litan said, referencing the Ice IX Zeus variant, which earlier this year caught the attention of security experts because it targeted telephone numbers. [See Banking Malware Finds New Weakness.]

Litan also wrote a report that touched on call-center risks. Her report notes that while most U.S. banking institutions devote great deals of attention to online user authentication and verification for electronic funds transfers, they pay little, if any, attention to authentication and verification at the call center.

“The call centers typically validate customers by asking basic information – all easily stolen – such as account number, phone number, address, DOB [date of birth] and the last four digits of their Social Security number or tax ID,” Litan says.

Read More