One of the most pressing issues facing banking institutions is account takeover prevention. In today’s digital landscape, where access to information is at an all-time high, it is no surprise that fraudsters are finding new ways to gain entry into financial accounts. Call centers are a prime target and a common channel for fraud attempts. What strategies and technologies work to prevent account takeovers in banking call centers?
Understanding the Account Takeover Problem in Banking
Account takeovers occur when unauthorized individuals gain access to a financial account, often exploiting vulnerabilities within the customer service process. This is a multi-pronged issue involving social engineering, data breaches, and outdated security protocols.
Call centers, which serve as critical touch points, are particularly susceptible. The personal interaction inherent in a call can sometimes create an opening for attackers to fool and manipulate agents and defeat common security measures.
The Role of Social Engineering in Account Takeovers
Social engineering is the art of manipulating individuals into divulging confidential information. Identity thieves often use this technique on social media to gain access to private information about individuals that can then be used for fraudulent purposes. In the context of banking, this is one way that fraudsters can find out the answers that help them pass the security Q&A process.
When calling into a contact center, fraudsters often impersonate customers or members, employing emotional manipulation or urgent scenarios to gain access to accounts. To combat this, call center agents must undergo thorough training in recognizing and responding to such tactics while also following strict security protocols. Implementing multi-step verification processes for high-risk actions can provide an additional layer of security. In fact, replacing security Q&A altogether is the best way to keep fraudsters from using hacked, stolen, purchased, or socially engineered information to take over accounts.
Robust Authentication and Verification Reduces the Risk of Account Takeovers
Implementing robust authentication processes is a cornerstone of account takeover prevention. For too long, banking call centers have relied on security questions alone to authenticate caller identity.
There are three main ways to verify identity in a call center interaction:
- What you know: Knowledge Based Authentication (KBA) such as a password or the answer to a security question)
- What you have: Such as a one-time passcode (OTP) sent to a device that is assumed to be in your physical possession
- What you are: For instance, an inherent biometric trait such as a fingerprint or voiceprint (Note: this last method of verification (what you are) is the most difficult to circumvent).
Multi-factor Authentication for Account Takeover Prevention
Many banking contact centers are adopting multi-factor authentication (MFA) which combines verification methods to create an additional layer of protection. This ensures that even if an attacker manages to defeat one verification method, they won’t have the complete puzzle needed to gain control of an account.
However, having multiple barriers in place for fraud prevention also creates friction for legitimate account holders. For this reason, passive biometrics stands out as the most effective method for everyday authentication. It delivers a highly secure verification process and a seamless caller experience. Additional verification factors may be layered on for high-risk transactions such as transfers of large sums of money or if there is a red flag due to unusual behavior.
More about Biometric Technology for Account Takeover Prevention
Biometric voice authentication works by storing a voiceprint or AudioPrint™ of a caller’s unique vocal characteristics. This biometric data is securely stored and used for future verifications. With passive voice verification, authentication happens in the background of a normal conversation without a caller being required to repeat a specific passphrase. This technology not only enhances security but also streamlines the verification process for genuine customers and members.
Additional Areas for Exploration in Fraud Prevention
Here are some additional areas of technology and process improvement that banks and credit unions can explore to improve account security in the call center.
Continual monitoring of call center interactions can help financial institutions promptly detect and respond to any irregularities. Employing AI-powered tools can assist in real-time analysis, allowing for immediate intervention in case of unusual activity.
Advanced behavioral analytics can help detect anomalies and patterns that signal fraudulent activity. By analyzing caller behavior, including interaction history, call centers can identify deviations from typical patterns, flagging potentially suspicious interactions for closer scrutiny.
Secure Data Handling:
Securing customer and member data is paramount. Implementing strict data handling and access protocols, along with encryption, ensures that even if attackers breach a call center’s defenses, they’ll find little usable data. Secure options are available for both on-premise and cloud-based telephony and call center management systems.
Empowering members and customers with knowledge is a proactive approach to preventing account takeovers. Banking institutions should regularly educate their clients about common phishing tactics, social engineering methods, and best practices for protecting sensitive information.
Where to Start with Improving Account Security
Account takeover prevention in banking call centers is a collective effort that involves technology and training. By deploying biometric technology banking institutions can build a robust defense against the evolving threats of account takeovers. Today, voice authentication is within reach even for financial institutions with smaller call centers, limited budgets, and few IT resources.
To learn more about the Illuma Shield™ voice verification solution for credit unions and community banks, contact us.