Criminals now have access to a wealth of personal information that is being exposed through data breaches - including, but not limited to names, dates of birth, email addresses, social security numbers, card numbers and home addresses. This information, paired with the implementation of EMV and the inevitable increased difficulty in committing card present fraud has led criminals to a new target - call centers. Armed with seemingly everything they need to know about a person, it often only takes one or two calls and a couple of good, educated guesses to get access to someone’s account.
How Bad is the Problem?
In IDology’s 2015 Fraud Report, 13% of organizations surveyed reported suspected call center fraud attempts, up from 2% in 2014. Another more recent industry report on call center fraud by Pindrop found that the rate of fraud calls has grown 45% since 2013, which has equated to one in every 2000 calls today being fraudulent.
Over the same three-year span, losses attributed to call center fraud rose 14%, which means that organizations lost an average of $0.65 to fraud per call. But, it’s important to note that the losses Pindrop is measuring are only those that actually take place through the call center. Many times, criminals use call centers to gather more information, reset passwords, or get access to other information that helps them carry through with fraud later on.
Why Isn’t This Being Caught?
There are several risk factors that call centers look out for to try and flag potentially fraudulent calls, including device type and location, but the criminals are quick to cover up their paths and methods to make their calls look legitimate. Popular methods are either VoIP (voice over IP) phones, accounting for 42% of fraudulent calls this past year, or mobile phones, which account for another 35%. Both of these methods provide an easy way for fraudsters to spoof caller IDs (choosing which number their call appears to be coming from) - either through VoIP direct, or through free tools like SpoofTel. Voice distortion tools are also widely available, making it incredibly difficult to detect illegitimate callers.
Who Is Suffering the Most?
Unsurprisingly, fraud rates at financial institutions top the list because they offer a clear path to profit for the criminals. Retail banks typically see fraud rates of one in every 1,400 calls, while credit unions have a slightly lower rate at one out of every 2,000 calls being fraudulent. Card issuing banks and credit unions however, see nearly double the rates of those FIs who don’t issue cards, with one in every 800 calls being fraudulent.
What Can We Expect in the Future?
Pindrop’s report took a look at call center fraud in the UK, as a likely foreshadowing of what to expect in the U.S., and the results are grim. U.S. financial institution call centers on average, see fraud rates of one in every 1,700 calls. Financial institutions in the UK see more than double the fraud rates, and these types of attacks grew 79% in the years following EMV implementation (2005-2008).
Increased call center fraud isn’t the only type of fraud that’s expected to increase in the wake of EMV. Card not present (CNP) fraud is expected to grow from $3.2 Billion today to over $7 Billion by 2020. Rippleshot Sonar is device, portfolio and fraud-type agnostic, allowing you to catch all types and sizes of card compromises quicker than ever. Learn more below: