Fraudsters are adaptable people. They're smart and aware of changing trends in the payments industry. Because of this, it's crucial that credit union managers stay current on the latest developments in fraud trends and make changes to their institutions as needed.
According to the IDology 2015 Fraud Report, one type of fraud that's quickly picking up speed is card-not-present fraud taken place through call centers. In 2014, just 2 percent of survey respondents said they suspected fraud attempts in call centers. In 2015, that number grew to 13 percent.
There are a number of different ways fraudsters can spoof unsuspecting call center representatives. According to IDology's report, social engineering is the most prevalent. Social engineering is when someone uses information, stories or other tactics to manipulate another person to give out sensitive data.
Some examples of using social engineering in call center fraud include using personal information found online to pass a weak authentication test, or crafting an emotional story about why their account needs to be unlocked. In either case, it often works so that the fraudster is granted access to the victim's account.
While some criminals might stop once they've siphoned cash from an account into their own, Avivah Litan, a vice president and analyst for Gartner, Inc., wrote in a Forbes article that about 30 percent of fraud that involves customer accounts is cross-channel. This means that, once given access to an account or disclosed information to get to the account, the fraudster can continue to scam the victim online or through other platforms.
Beefing up security
Fraudsters who use social engineering to get what they want are tricky to detect, but there are some ways credit unions can increase security in their call centers to ensure only the right people receive sensitive information.
Phone printing is one technology that can prove to be useful on this front. This technology serves as a sort of fingerprint for the phone on which the call is being placed. It will gather as much information as possible from the phone call including:
- Whether the call is placed on a cellphone, landline or voice over IP.
- Where the call is being placed.
If the caller's story doesn't line up with the information and is identified as a fraudster, the phone number is blacklisted. Litan noted that blacklisting phone numbers known to be criminals is good practice, since about 70 percent of call center fraud attempts are committed by the same people.
Most smartphone users have had the pleasure of using their own fingerprint to unlock their phone. It adds a layer of security that's hard to compromise since everyone's fingerprints are unique. Voice recognition is another form of biometrics available to businesses of all kinds to help enhance security in their call centers.
Call center representative training
Educating your call center representatives about what to look out for when speaking with callers can go a long way. Litan pointed out that many fraudsters actively seek out the most gullible or easily won-over representatives and target them. By giving your staff information about how to detect fraudulent behavior, you can protect your members' information and your credit union.
There are some hints and key phrases that should set off red flags to your staff, Smart Customer Service pointed out. For example, most American adults can recite their social security number fairly easily when prompted. If this is a part of your authentication process and the caller pauses, asks your representative to wait or claims that he or she forgot it, these are all indications that something isn't quite right.
Don't forget about infrastructure
Remember, there are many points of entry into your credit union. There are the obvious ones, like your front door or your website; but these aren't the only ways a criminal can enter a business and cause financial harm.
"There [are] people who are on the internet all day long who are looking for phone systems that they can exploit," Matt Lautz, president and CIO at CorvisaCloud, said, according to Smart Customer Service. "There [are] millions of calls a day from people who are trying to gain access to some of these phone systems and business lines, and businesses end up with very expensive phone bills, which they're liable for. If your infrastructure isn't secured properly, it's a matter of time before this happens."
Be sure all entryways into your credit union and to your members' information is locked tight. Update old security systems and software to ensure you have the latest protections.
Tell your members
While it's up to you to secure most points of entry to your members' data, there is one that's largely out of your control: your members.
Unless your members are knowledgeable about banking and shopping online and with their mobile devices, they could pose a threat to their own financial security. Be sure you regularly communicate with your members about how best to conduct themselves online to ensure they're taking every possible measure to keep their information safe, PaymentsLeader suggested.
In addition to keeping them up to date on the latest online security protocols, it's also a good idea to keep them in the know about how you're actively trying to protect their identity. When you make major changes to your security, let them know:
- What you changed.
- Why you changed it.
- How it will benefit them.
The world of payments is in a state of flux right now, and fraudsters are taking every advantage that they can find. Be sure to keep your credit union completely secure so your members' information won't be put at risk.