You can use the search function to find a range of UK Finance material, from consultation responses to thought leadership to blogs, or to find content on a range of topics from Capital Markets & Wholesale to Payments & Innovation.
While customers are increasingly choosing digital channels to consume banking services, the phone remains a prominent method to resolve critical or complex queries. The contact centre interactive voice response (IVR) system is the front door for customers using the phone and enables them to complete self-service transactions at their convenience, but fraudsters can target the IVR to harvest information to scam customers.
As part of an organised attack, the fraudster will probe the IVR to acquire or validate data that will enable them to cash out the victim's account or gather additional information to enable authorised push payment (APP) fraud.
The scale of IVR fraud is often hidden so we examined the calls through the smartnumbers platform - by analysing more than a billion calls that passed through the platform, we identified the make-up of organised fraud attacks:
There has always been a balance between protecting the contact centre while maintaining customer experience. While there is a plethora of anti-fraud technology that strengthens contact centre security and streamlines authentication, there are vulnerabilities in the IVR that fraudsters are exploiting.
Fraudsters use IVR as a tool to validate or gather data
Fraudsters prepare their attack by gathering data about victims using several means, such as social media research or acquiring data harvested through data breaches and the dark web. They then probe the IVR to validate the acquired data, complete missing information, or check the account balance to identify the best time to attack.
Understanding the scale of IVR attacks
While IVR systems provide capabilities to measure the volume and flow of calls through the IVR, it is not possible to distinguish if the caller checking their balance is a genuine customer or not. Fraudsters mask their identity by spoofing their phone number to appear to be a genuine customer or simply withhold their number which makes detection difficult using existing technology.
Flaws in current fraud defences
Typical contact centre fraud defences rely on analysing the audio of the call to identify the person either as a fraudster or a genuine caller. Therefore, to prevent an attack, the call needs to be answered by an agent or have voice prompts in the IVR. Banks have to make a difficult balancing judgement - on the one hand, stopping fraudsters from completing risky transactions in the IVR; on the other hand, minimising the frustration of genuine customers caused by false flags.
From our work helping banks deal with this issue we have seen an increase in the use of new technological solutions to help strike this balance. By using technology to flag repeat calls from a withheld or spoofed number, banks can then identify high-risk callers for special treatment without the majority of lower-risk callers being impacted by the additional scrutiny and delay.
Economic Crime Congress, 12 February
Tickets now on sale for UK Finance Economic Crime Congress. Key streams include: Fraud Prevention, Anti-Money Laundering, Financial Sanctions, and Bribery and Corruption. An unparalleled event for FS and security sector delegates to debate and network. Learn more
Abhinav Anand, Chief Product Officer, Smartnumbers
Tickets now on sale for UK Finance Economic Crime Congress. Key streams include: Fraud Prevention, Anti-Money Laundering, Financial Sanctions, and Bribery and Corruption. An unparalleled event for FS and security sector delegates to debate and network.