Financial institutions in the UK are losing more than £20 million each year to fraudsters targeting Call Centres. According to a new report produced by fraud protection and authentication company Pindrop, the UK suffered double the rate of attacks than occurred in the US last year, experiencing one in 700 fraudulent calls in 2015 compared to the one in 1,700 in the US recorded during the same period.
Using its patented Phoneprinting technology, Pindrop analysed over ten million calls to major enterprise Call Centres in the UK and the US to illustrate the true extent of fraud. The 2016 Call Centre Fraud Report compiles the findings of this analysis and indicates that Call Centre fraud is on the rise on both sides of the Atlantic.
Calculating the average cost of fraud, financial institutions in the UK are losing £0.51 to fraud on every call. For a large Call Centre receiving 40 million calls each year, this adds up to an average of £20 million in losses per annum.
Strong online and mobile security plus the abundance of breach data and the availability of Chip and PIN (EMV technology) means that cyber criminals are changing their tactics and exploiting the weakest link in the organisation: the Call Centre.
Matt Peachey, general manager for Pindrop in the EMEA region, commented: “We define Call Centre fraud as any interaction between a criminal and a Call Centre agent. Our report shows that a criminal will make up to five calls before completing a fraudulent transaction in order to gain as much information from agents as possible to then use at a later date across any channel.”
Peachey continued: “Call Centre agents are not fraud experts. They’re tasked to provide genuine customers with a great experience and, as such, are being targeted by criminals. In turn, this makes them the weakest line of defence in any attack. By equipping agents with solutions to better identify a suspicious call quickly, they can also prevent the pre-fraud data gathering activities that lead to increased fraud across the phone and other channels.”
Telephone fraud on the rise
Recent figures issued by the Office for National Statistics estimate that 5.1 million fraud cases took place in the UK during 2015, while statistics produced by organisations such as Financial Fraud UK highlight that telephone fraud rose by 92% in 2015.
Within its extensive report, Pindrop duly confirms that the true extent of Call Centre fraud is much higher than that which is currently known.
Mike Haley, deputy CEO at Cifas (the not-for-profit organisation working to protect businesses, charities, public bodies and individuals from financial crime) explained: “Fraud continues to be a growing issue in the UK, but establishing the true scale of the problem is far from simple. However, the more information that’s available, the more we can start to build an accurate picture of the fraud landscape. This report from Pindrop shows that the Call Centre environment continues to be exploited by fraudsters. We’re always keen to encourage organisations to look at new and innovative ways of staying one step ahead and protecting themselves and their customers from fraud.”
Other key findings from the report reveal that the majority of fraudsters attacking UK financial institutions are calling from within the UK, with domestic calls making up 72% of fraudulent calls recorded. The report also identifies that mobile phones are the most popular device used to launch fraud attacks. This has been encouraged by the availability of tools and apps that allow fraudsters to easily spoof their telephone number or distort their voice.
Pindrop warns that UK financial institutions face a rapid increase in Call Centre fraud, and also highlights that, while good at identifying genuine customers, current strategies for fraud prevention such as voice biometrics cannot identify fraud.
Matt Peachey added: “A siloed strategy for fraud prevention has proven ineffective. Instead, a multi-layered approach must be implemented to quickly and accurately identify the risk factors that can better track fraud attempts across multiple channels and flag accounts that have suspicious activity.”
For this report, Pindrop dissected the details of attacker techniques and behaviours. According to Pindrop, the Phoneprint method is highly resilient, detecting voice distortion, caller ID spoofing, gateway hijacking and other obfuscation techniques.
In addition, Phoneprinting helps to identify multiple callers associated with the same Phoneprint, in turn allowing enterprises to detect and track fraud rings.