Fraud and the contact centre: What you need to know

Since the start of the pandemic, fraud attacks have become a common problem for banks across all customer channels, from telephone to internet banking. But for contact centres, the issue is particularly pertinent, with a recent study finding that 57 per cent of contact centre decision makers found contact centre fraud to be on the rise. 

So, how are fraudsters using contact centres to target customers? And what’s the solution for banks looking to keep customer data safe? 

The role of the contact centre

In the last few years, banks have massively strengthened fraud defences to respond to this threat with a particular focus on app and website channels. It’s become much harder to commit fraud solely through these channels, so fraudsters have had to find another alternative: the contact centre. 

Fraudsters often use the contact centre as a way to gain information that allows them to commit fraud through mobile and web channels, something which would otherwise be much more difficult to penetrate. Often, this starts with the criminals acquiring personal customer information on the dark web or researching it on social media. They then call the contact centre, posing as the customer in order to check whether the information is correct, usually using a low-risk request such as a balance check to avoid attracting suspicion. 

Fraudsters may also try using the contact centre to gain more information, asking questions such as “what email address do you have on file for me at the moment?”. Alternatively, they have been known to use more aggressive or using more aggressive behavioural manipulation techniques, such as playing the sound of a crying baby in the background to stress the agent into accidentally releasing sensitive information. This way, they might be able to succeed in  successfully passing authentication through the website or app without arousing suspicion.

How the fraudsters do it

There are several tactics fraudsters use to manipulate banks. But when using the contact centre to validate information, the process generally looks something like this: 

• Harvesting: Fraudsters gain information on the target, often from phishing attacks, purchasing leaked information from the dark web or simply by browsing social media. 
• Reconnaissance: Fraudsters then pose as the customer through the contact centre to validate and gather information to pass knowledge-based authentication (KBA) questions.
• Preparation: To prepare for the attack, the fraudster will complete several activities, such as changing PINs addresses and login details, or requesting new cards or payees.
• Legitimisation: The fraudster will then use a variety of money laundering techniques, such as paying money into foreign accounts or moving the funds elsewhere. 
• Capitalisation: The fraudster can then capitalise on the funds they’ve illegally obtained. 

Crucially, by the time the fraudster cashes in, the damage is already done – the fraud has been committed and money is lost. Through the early stages of this process, the fraudster is carefully laying the groundwork so that when the funds are transferred, the transaction looks perfectly legitimate at the point of execution.

Smartnumbers' recent eBook: Dealing with fraud in contact centres Is available now.