Clari5

Insulating IVR Systems from Fraud

Interactive Voice Response systems have been around for a while now. From banking, surveys, office call routing, order transactions for food to air tickets to hotel bookings and more, IVR has evolved to now become ubiquitous. But does its omnipresence mean that IVRS is completely insulated from fraud despite advanced technologies powering them?

Also, Aite reveals that one out of every 2,500 calls to a call center is fraudulent. Asking for an address change, new PIN or other requests including maybe a new credit card are some of the tactics by fraudsters. And how do they do it? By contacting a bank and engaging with an IVRS.

With customer patience shrinking by the day and fraud becoming more sophisticated, solution providers are now combining AI and NLP, to significantly shift the needle on customer support efficiency and reduce resolution time. With advancements in AI and ML, IVR systems can be made to deliver a richer, more secure customer-centric experience.

Intelligent IVRs enable insightful interactions

AI/ML-based IVR systems can –

  • guide customers to the right destination, much faster and more accurately.
  • enable personalization, even propose agent responses and prompt potential cross-sell opportunities.
  • increase speed of resolution, operational efficiencies and shrink agent call time.
  • capture and analyze data.

AI with Machine Learning capability enables the IVR system to ‘learn’ patterns in large volumes of continuously streaming data. The ‘learning’ is strengthened over time and several transactions that enhance the accuracy of pin-pointing fraudulent transactions, while significantly reducing false positives.

Interestingly, there’s also an assumption that AI will automatically guarantee the security of systems (because it is intelligent after all).

Plugging vulnerabilities
It is a common practice now for customers to be asked to validate their PIN on the IVR, or the CVV code of their existing credit card, or have customers repeat the code sent via email or text using 2FA (two-factor authentication).

Advanced authentication technologies can validate the phone number and physical location of caller and biometrics can help detect altered voices or even compare a caller’s voice to other voices from an existing database of caller voices.

But fraudsters continuously study new IVR tech to outsmart them. They test and mine for account numbers, reset PIN numbers, request new cards, and phish for customer information.

Stats reveal that 33% of live agent fraud calls could have been detected at the IVR stage and for 79% of calls that would never have left the IVR to reach an agent and 70% were fraudulent calls.

Cross-channel fraud prevention ties in initial activity for a person logged in online, mobile app, or IVR. An already authenticated customer moves seamlessly and both the customer and the agent know everything is alright.

A suspect customer from failed logins displays on the call source (e.g., spoofed number), or incidents of repeated attempts to access the IVR can trigger workflows customized to the risk level.

Intelligent routing sends the suspect ones to specially trained agents who then (with help from technology) help navigate them through the proper steps. These scenarios use network information, account access history, length of IVR sessions, and more to make the process smarter.

Also, analytics help strengthen databases of risk factors, and biometrics can be further boosted by passive enrollment from customer conversations. Alerting and notification tied to analysis of activity can inform customers or risk teams.

Some examples of how real-time, cross-channel intelligence can help detect IVR fraud:

  • The call is red flagged when a customer has multiple verification failures using one phone.
  • Alert notification to fraud management team when a customer attempts authenticating call using different phones but failing to authenticate.
  • Multiple attempts to generate a Telephone PIN unsuccessfully using different CLI/phones.
  • Attempting to change ATM PIN immediately after the balance inquiry alerts the fraud management team.
  • Call received from blacklisted phone number sends an automatic alert notification to fraud investigators.

These, along with some additional precautions, can help further strengthen IVR system security:

  • Validate phone numbers against customer data.
  • Check if caller’s physical location at the time of call matches any of the ‘frequent places’ associated with the caller.
  • Analyze behavioral biometrics and set up alerts in case of fraudulent login using stolen credentials.
  • Use security software that can scan all application code for vulnerabilities and identify any possible exposures or threats.
  • Encrypt all data and ensure role-based access to sensitive data.
  • Change IVRS passwords when an employee leaves the organization.

IVR fraud rates have become almost equal to live agent phone fraud, with crime syndicates targeting call center IVRs and agents using both social engineering and sheer force to validate, augment, and monetize breach data.

AI/ML-based cross-channel, real-time solutions help shield contact centers, in both live agent calls and IVR activity, to reduce fraud and operational costs while improving customer experience. These solutions can study and learn from transaction elements to quickly build new rules for flagging anything suspicious.

Analyzing multilayer caller information and risk scoring reputation, caller behavior, network signal, and call statistics further enhance anti-fraud measures. It makes sense to have added layers of protection, for both banks and customers, before fraudsters can access customer data and wreak havoc.

References:

 

Like this article? Share it!

LinkedIn
Twitter
Facebook
WhatsApp
Email

About the author

Naresh Kurup

Chief Brand Officer
Naresh drives marketing and brand communication for the category-leading banking fraud management product company Clari5.
naresh.kurup@clari5.com