Avoid Sacrificing Customer Experience for Fraud Mitigation During Peak Periods
Call volume at customer contact centers can balloon as much as 10 times the normal level during busy holiday or promotional event periods, says consultancy Gartner. Such surges can strain staff and systems as both work overtime to route customers quickly and provide a consistent and satisfactory experience throughout. While most callers are initiating contact with legitimate requests or concerns, others have more nefarious goals – in fact, 60% of call center fraud originates in the contact center. Fraudsters are always seeking openings to strike, and high-volume times for businesses create an ideal opportunity, especially for those intent on committing account takeover (ATO) fraud. But, it doesn’t need to be that way.
Know costs and impacts of ATO fraud
ATO fraud occurs when a third-party gains access to an online account — such as a bank, retail, email or social media account — to engage in unauthorized activity or transactions. Security.org estimates that it happens to 22% to 25% of adults, and the costs run an average of nearly $12,000 per victim. From 2019 to 2020 alone, the incidence of ATO increased 250% and was only expected to rise. For 63% of victims, Security.org reports that security questions, two-factor/multifactor authentication or both had been activated on the compromised accounts.
Cybercriminals appear to take to heart the adage of when one door closes, another opens. As businesses have introduced security precautions like knowledge-based authentication (KBA), one-time passwords (OTP) for multifactor authentication (MFA) and additional measures to protect legitimate clients and their information, bad actors have responded by finding and exploiting any vulnerabilities. They may assemble responses to common KBA questions via social engineering, compromise consumers’ phones through SIM card swaps and smishing, or intercept OTPs via bots or other methods to capture the final piece of an authentication puzzle.
Pursue enhanced security in the phone channel
Once a criminal is in control of an account, it would appear contact center agents, who are trained to prioritize customer service over fraud mitigation, have little recourse to stop bad actors in their tracks — particularly during intense, high-volume call periods. With the right authentication planning and resources in place, however, contact centers can continue to serve their valuable customers with increased confidence while creating friction for those fraudsters who actively seek to avoid it.
SMS and OTP authentication fraud risk are already on the radar of businesses, with various workaround strategies being implemented. In a Forrester Consulting survey of North American fraud prevention decision-makers, approximately half used strategies that involved the call center, either employing chat functionality to route customers to the call center (52%) or asking customers to call in (45%). More — nearly six in 10 — were obtaining contextual information around user phone numbers to identify those that are high risk. However, these practices haven’t been enough to protect the customer experience and the bottom line.
Consider implementing caller authentication solutions
Whether a company is sending an OTP to a customer phone number or answering a call, it is critical to have confidence in the phone number itself. As noted, customer phones are vulnerable to compromise from a variety of attack vectors, but some security service providers can analyze the data behind phones and implement decisioning that can flag uncertain or risky calls.
Security providers are leveraging real-team phone intelligence data to determine a phone’s risk level, drawing on relationships with networks to constantly corroborate signals and flag anomalies that often indicate a number has been compromised, whether through a SIM swap, call forwarding or number reassignment. One of the most effective automated solutions conduct real-time forensic analysis before a call is even answered. Solutions should work to identify any accounts associated with a number, assess risk, and determine that a device is unique, physical, authenticated and behaving as expected.
Should a phone number raise red flags, an organization can then apply step-up authentication procedures, introducing additional friction to the contact process. If the organization is accessing reliable phone intelligence, then the chances of slowing a legitimate customer’s journey are relatively small.
Take an omnichannel approach to security
Fraudsters can amass and leverage a range of personal details, beyond phone numbers, to execute ATO or other fraud. Protecting the phone channel may be critical, but organizations with multiple customer touchpoints need to ensure that each is secured as much as possible. Many organizations are siloed, with the online customer experience managed separately from call centers, for instance. Adopted authentication solutions should address any vulnerability and share red flags so that bad actors are stopped at any entry point, whether it’s the phone or online.
Put solutions in place well before a surge
While call center volumes may not always be predictable, in most cases businesses have an idea of seasonality or cyclicality and already plan ahead to help ensure staffing resources are available. Having an authentication system that is up to the challenge should be no different. If this is an area under consideration, organizations should begin implementing a scalable solution as soon as possible and well before any anticipated surge. Such timing should better allow the enterprise to test the system, develop an understanding of impacts to legitimate customers, generate a baseline of high-risk callers, and help enable operators to grow comfortable with the new normal.
Consumers have grown to expect friction-right experiences across multiple channels. Introducing unnecessary speed bumps in the authentication process for legitimate customers increases the danger of damaging relationships, reputation and, ultimately, business results. Implementing automated, behind-the-scenes authentication solutions – that can scale quickly to meet volume demands – gives call centers increased confidence in a caller’s legitimacy, better preserving the customer experience while reducing negative exchanges for customers and valuable employees alike.