UK financial institutions reported to be losing an average £20 million per annum in Call Centres

Financial institutions in the UK are losing more than £20 million each year to fraudsters targeting Call Centres. According to a new report produced by fraud protection and authentication company Pindrop, the UK suffered double the rate of attacks than occurred in the US last year, experiencing one in 700 fraudulent calls in 2015 compared to the one in 1,700 in the US recorded during the same period.

Using its patented Phoneprinting technology, Pindrop analysed over ten million calls to major enterprise Call Centres in the UK and the US to illustrate the true extent of fraud. The 2016 Call Centre Fraud Report compiles the findings of this analysis and indicates that Call Centre fraud is on the rise on both sides of the Atlantic.

Calculating the average cost of fraud, financial institutions in the UK are losing £0.51 to fraud on every call. For a large Call Centre receiving 40 million calls each year, this adds up to an average of £20 million in losses per annum.

Strong online and mobile security plus the abundance of breach data and the availability of Chip and PIN (EMV technology) means that cyber criminals are changing their tactics and exploiting the weakest link in the organisation: the Call Centre.

Matt Peachey, general manager for Pindrop in the EMEA region, commented: “We define Call Centre fraud as any interaction between a criminal and a Call Centre agent. Our report shows that a criminal will make up to five calls before completing a fraudulent transaction in order to gain as much information from agents as possible to then use at a later date across any channel.”

Peachey continued: “Call Centre agents are not fraud experts. They’re tasked to provide genuine customers with a great experience and, as such, are being targeted by criminals. In turn, this makes them the weakest line of defence in any attack. By equipping agents with solutions to better identify a suspicious call quickly, they can also prevent the pre-fraud data gathering activities that lead to increased fraud across the phone and other channels.”

Telephone fraud on the rise

Recent figures issued by the Office for National Statistics estimate that 5.1 million fraud cases took place in the UK during 2015, while statistics produced by organisations such as Financial Fraud UK highlight that telephone fraud rose by 92% in 2015.

Within its extensive report, Pindrop duly confirms that the true extent of Call Centre fraud is much higher than that which is currently known.

Mike Haley, deputy CEO at Cifas (the not-for-profit organisation working to protect businesses, charities, public bodies and individuals from financial crime) explained: “Fraud continues to be a growing issue in the UK, but establishing the true scale of the problem is far from simple. However, the more information that’s available, the more we can start to build an accurate picture of the fraud landscape. This report from Pindrop shows that the Call Centre environment continues to be exploited by fraudsters. We’re always keen to encourage organisations to look at new and innovative ways of staying one step ahead and protecting themselves and their customers from fraud.”

Other key findings from the report reveal that the majority of fraudsters attacking UK financial institutions are calling from within the UK, with domestic calls making up 72% of fraudulent calls recorded. The report also identifies that mobile phones are the most popular device used to launch fraud attacks. This has been encouraged by the availability of tools and apps that allow fraudsters to easily spoof their telephone number or distort their voice.

Pindrop warns that UK financial institutions face a rapid increase in Call Centre fraud, and also highlights that, while good at identifying genuine customers, current strategies for fraud prevention such as voice biometrics cannot identify fraud.

Matt Peachey added: “A siloed strategy for fraud prevention has proven ineffective. Instead, a multi-layered approach must be implemented to quickly and accurately identify the risk factors that can better track fraud attempts across multiple channels and flag accounts that have suspicious activity.”

For this report, Pindrop dissected the details of attacker techniques and behaviours. According to Pindrop, the Phoneprint method is highly resilient, detecting voice distortion, caller ID spoofing, gateway hijacking and other obfuscation techniques.

In addition, Phoneprinting helps to identify multiple callers associated with the same Phoneprint, in turn allowing enterprises to detect and track fraud rings.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts