With every new layer of security, fraudsters look for their next way in. As the government implements a variety of controls in digital channels for identity and device proofing, fraudsters seek new openings, often pivoting to alternative tactics like targeting the inbound phone channel.
The phone channel remains essential in government agency-constituent relations and is commonly used by constituents when they have intricate questions about their government assistance accounts or application statuses. Criminals know this too. Calling support centers gives fraudsters a new entry point into public and private agencies, such as tax and revenue or healthcare agencies, where they can then use social engineering tactics to target customer service representatives. By exploiting a customer service representative’s desire to help, bad actors can defy security measures to do things like access personal information about a government benefits account they’re not entitled to or fraudulently intercept a tax refund check.
Unfortunately, many call centers are unaware of these threats.
When it comes to phone channels, now is not the time to let down our guard. At the same time, we can’t treat all callers like criminals just because fraudsters are targeting call centers. To counter this escalating threat, call centers in the public and private sectors alike must take proactive measures, utilizing available technology to pursue a better solution.
Prioritize the Threat of Inbound Caller Fraud
Criminals are already defrauding call centers. In the private sector, as much as half of financial services firms surveyed identified call centers as a vector — and starting point — for account takeover fraud. Though more takeover attempts may ultimately be executed in digital channels, bad actors can use the phone channel to gather the information necessary to commit their crimes.
One reason organizations may be hesitant to prioritize this threat is the challenge of automating the security of the inbound phone channel. The standard approach to authenticating inbound callers is often manual: A live agent may ask the caller to identify themselves with sensitive information like a Social Security number or knowledge-based authentication (KBA) question. This can leave consumers on the other end of the phone feeling as though they’re being interrogated. Organizations may not know an always-on, automated verification product can run behind the scenes, helping mitigate fraud before it starts while simultaneously improving the customer experience. While this requires a technological integration within the organization’s phone system, it can make massive strides in combatting sophisticated inbound call fraud.
Look for Better Solutions
A solution to the inbound caller fraud targeting the public sector needs to cut criminals off early — or risk a potentially irreversible loss of trust with constituents. For example, following the formal end of the COVID-19 public health emergency, the assessment of eligibility for Medicaid recipients is being transitioned back to state agencies. State departments are now asked to conduct eligibility determinations for 91 million Americans — a massive undertaking that already instigated a flurry of scammers to target Medicaid recipients. For the criminals who choose to target government agencies, providing fraudulent identity or eligibility information to requalify as a beneficiary may have to happen over the phone. Situations like these are where inbound verification can help.
Look for fraud mitigation tools that improve operational efficiency and constituent experience at the same time. Call centers often rely on manual reviews of inbound calls, such as asking knowledge-based authentication questions that can increase call time. While this can vary, we’ve found call time can be reduced by 20 to 70 seconds through changes to call review procedures. This time adds up. Per call, eliminating KBA challenge questions, according to our data, can reduce costs by 45 to 90 cents. An authentication solution that automates this process allows call centers to mitigate fraud faster and provide more efficient customer service.
Raise the Bar and Reap the Benefits
When call center representatives can spend more time helping callers and less time verifying identities, it’s a win-win: Agents can do their jobs more effectively and callers receive a better experience.
With inbound authentication technology, the phone itself becomes an authentication token. When a call is initiated to a call center, the system gathers available data — the carrier, type of device and caller who owns the device. Based on a match between this information and the information the calling organization has about the caller, agents can be confident the legitimate constituent is calling. This process happens in seconds without the constituent even realizing it.
By the time the customer service agent picks up the phone, they’ve already authenticated the call is coming from where it should be.
When a call does not authenticate, it can be routed appropriately for manual review. This can happen for a legitimate reason, such as a caretaker calling on behalf of a beneficiary, or it may be a virtual call where it’s impossible to link the phone number to a device. All calls are not created equally, so not every caller should receive the same treatment.
With inbound authentication, call centers can help protect themselves from fraud — without alienating their customers — even helping them improve their customer service. Consider well-known brands in the private sector. I’ve had experiences calling an organization where I’m greeted by name and immediately asked how I can be helped. As this kind of personalized treatment becomes increasingly available, more consumers are beginning to expect it; anything less can leave them with an unsatisfying experience.
Criminals and fraudsters are already finding ways to exploit the phone channel and its vulnerabilities. Call centers susceptible to this infiltration need to take action to stay protected. By prioritizing the threat of inbound caller fraud, integrating verification technology where appropriate and seeking better solutions, call centers can protect themselves against fraud while improving operational efficiency and the customer experience. Robust inbound caller authentication can not only help safeguard call centers against fraud but also help them set a higher standard for customer service in an increasingly digital world.
Uncommon Knowledge
Newsweek is committed to challenging conventional wisdom and finding connections in the search for common ground.
Newsweek is committed to challenging conventional wisdom and finding connections in the search for common ground.