One Step Ahead

One Step Ahead

It is not unusual for fraudsters to mix and match techniques

Contact center fraud is increasing at an alarming rate, and with no end in sight. According to Aite Group, a research and advisory firm, losses incurred by account takeovers at contact centers are expected to reach $775 million in 2020, nearly double the amount from just five years ago. And, while organizations that do not have a contact center are also susceptible to data breaches, contact centers are unique because they potentially expose their customer data through an additional channel, the telephone.

This data can be accessed in several different ways, including voice interaction with an agent, voice interaction with an Interactive Voice Response (IVR) system, and DTMF interaction with an IVR system. Traditional fraud prevention methods that contact centers use to safeguard customer data—such as the validation of passwords, personal information, and originating phone numbers—are proving to be not as effective today as once hoped.

It is not unusual for fraudsters to mix and match their techniques. They may attempt to digitally breach a database server, try to guess account passwords, or access a secure network. But if the targeted organization has a contact center, as many institutions in healthcare and finance do, the savvy fraudster is likely to make use of it. By exploiting a contact center agent’s desire to provide good customer service, a scammer may obtain partial access to an account of interest. Through each subsequent phone interaction, he or she may be able to collect yet another piece of Personally Identifiable Information (PII)—such as a birth date or a social security number. If a fraudster cannot obtain enough PII data to breach an organization’s security measures, he or she can supplement it with data stolen in past data breaches.

Not only do they have multiple channels at their disposal, but potential fraudsters also benefit from the very nature of contact centers. The larger the targeted organization, the more agents are likely to be needed to staff its contact center. This virtually ensures that a fraudster’s every phone call is handled by a different person, leaving the full scope of an attack unknown. Furthermore, Caller ID spoofing technology, which hides the true originating location of a phone call, makes it possible to thwart attempts to consolidate calls originating from the same phone number.

Just as criminals are using more advanced techniques, contact centers too must up their game and employ new approaches to security. One that is particularly gaining momentum is biometrics—verifying someone based on his/her unique observable traits rather than knowledge of personal information. Juniper Research predicts that the number of mobile users authenticated via biometrics, such as face or voice recognition, will jump from about 429 million this year to more than 1.5 billion in 2023.

Using Biometrics to Prevent Fraud

Voice biometrics can address current contact center security challenges in two main ways, depending on whether the caller is a first-time offender or a known perpetrator. A first-time offense is more likely to be flagged if the active authentication phase of a contact center call analyzes not just the caller’s knowledge of a password or a PII element for an account, but also the caller’s voice. A caller whose voice does not match that on file can be stopped before the authentication phase is over, and not be allowed to access the account.

Voice biometrics can also analyze a call beyond its authentication phase, with passive (as opposed to active) verification. Passive verification doesn’t require the caller to do or say anything in particular since voice analysis occurs in the background during the caller’s natural conversation. It leads to the accumulation of a “voiceprint”—a set of uniquely identifying characteristics of the human voice—which can be compared at any time to the account’s voiceprint on file. This enables potential first-time fraudsters to be identified regardless of what they are saying, leading to real-time denial of account access.

In these ways, voice biometrics in both active and passive modes can help to flag potential first-time fraudsters. Of course, not every voiceprint mismatch is a harbinger of an attack: there may be cases in which one family member legitimately accesses the account of another. But given that fraudulent calls will ultimately need to be reviewed via costly human listening by security personnel, voice biometrics can dramatically reduce the amount of audio that needs to be listened to, as well as eliminate the need for random spot-listening. The listening effort can be directed to focus on those calls whose risk of fraud has been estimated as high.

Such risk estimation need not rely on voice biometrics alone. Automatic call transcription, followed by Natural Language Processing (NLP) to identify commonly used words, phrases, and sub-dialogues, can be effectively combined with voice biometrics to provide a stronger, multi-faceted approach to the estimation of risk of first-time fraud in contact centers.

Needless to say, all of the above methods can help to spot not only first-time offenders but also repeat offenders, without modification. However, voice biometrics can provide even more protection against repeat offenders. Provided that a contact center is willing to curate a database of fraudsters’ voiceprints, or retains access to a third-party database, the voiceprint constructed and then compared for authentication can at the same time also be compared to each stored fraudster voiceprint. In this way, voice biometrics can simultaneously answer the questions, “Does the current voice match the account-holder’s voice?” and “Does the current voice match a known fraudster’s voice?”—increasing the chances of deflecting an attack from a repeat offender.

Finally, voice biometrics also provides a potential customer service benefit for legitimate callers. While some contact centers may only choose to augment the authentication phase of their calls with active voiceprint authentication, others may choose to instead shorten it and to rely on passive voiceprint authentication over the duration of the entire call. Because passive authentication is transparent to the caller, this provides a faster and easier customer experience. This is important because legitimate callers are reportedly becoming increasingly frustrated by the additional information they are asked to provide for security purposes, such as answering multiple questions and memorizing multiple passwords.

Multi-Level Security to Combat Multi-Channel Vulnerability

Forward-thinking organizations are using voice biometrics as part of a larger strategic security approach to gain greater protection. A best practice is to implement multiple levels of security to impede scammers. Device identification, knowledge-based authentication, cross channel behavior analysis and voice biometric recognition are part of an effective security practice, according to Gartner Research, an advisory firm. Implementing analytics across channels to identify red flags is necessary since fraudsters are exploiting any and all channels to penetrate customer accounts.

As the saying goes, the best defense is a good offense. Proactively integrating voice biometrics into a multi-layered security approach can go a long way to preventing security attacks before they happen. Not only can it help organizations safeguard the privacy of their customers, but it can also improve customer experience along the way.

This article originally appeared in the May/June 2019 issue of Security Today.


  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity


New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3