RiskTech Forum

CustomerXPs: Insulating IVR Systems From Fraud

Posted: 28 January 2019  |  Author: Naresh Kurup  |  Source: CustomerXPs


Interactive Voice Response systems have been around for a while now. From banking, surveys, office call routing, order transactions for food to air tickets to hotel bookings and more, IVR has evolved to now become ubiquitous. But does its omnipresence mean that IVRS is completely insulated from fraud despite advanced technologies powering them?

Also, Aite reveals that one out of every 2,500 calls to a call center is fraudulent. Asking for an address change, new PIN or other requests including maybe a new credit card are some of the tactics by fraudsters. And how do they do it? By contacting a bank and engaging with an IVRS.

With customer patience shrinking by the day and fraud becoming more sophisticated, solution providers are now combining AI and NLP, to significantly shift the needle on customer support efficiency and reduce resolution time. With advancements in AI and ML, IVR systems can be made to deliver a richer, more secure customer-centric experience.

Intelligent IVRs enable insightful interactions

AI/ML-based IVR systems can -

AI with Machine Learning capability enables the IVR system to ‘learn’ patterns in large volumes of continuously streaming data. The ‘learning’ is strengthened over time and several transactions that enhance the accuracy of pin-pointing fraudulent transactions, while significantly reducing false positives.

Interestingly, there’s also an assumption that AI will automatically guarantee the security of systems (because it is intelligent after all).

Plugging vulnerabilities

It is a common practice now for customers to be asked to validate their PIN on the IVR, or the CVV code of their existing credit card, or have customers repeat the code sent via email or text using 2FA (two-factor authentication).

Advanced authentication technologies can validate the phone number and physical location of caller and biometrics can help detect altered voices or even compare a caller’s voice to other voices from an existing database of caller voices.

But fraudsters continuously study new IVR tech to outsmart them. They test and mine for account numbers, reset PIN numbers, request new cards, and phish for customer information.

Stats reveal that 33% of live agent fraud calls could have been detected at the IVR stage and for 79% of calls that would never have left the IVR to reach an agent and 70% were fraudulent calls.

Cross-channel fraud prevention ties in initial activity for a person logged in online, mobile app, or IVR. An already authenticated customer moves seamlessly and both the customer and the agent know everything is alright.

A suspect customer from failed logins displays on the call source (e.g., spoofed number), or incidents of repeated attempts to access the IVR can trigger workflows customized to the risk level.

Intelligent routing sends the suspect ones to specially trained agents who then (with help from technology) help navigate them through the proper steps. These scenarios use network information, account access history, length of IVR sessions, and more to make the process smarter.

Also, analytics help strengthen databases of risk factors, and biometrics can be further boosted by passive enrollment from customer conversations. Alerting and notification tied to analysis of activity can inform customers or risk teams.

Some examples of how real-time, cross-channel intelligence can help detect IVR fraud:

These, along with some additional precautions, can help further strengthen IVR system security:

IVR fraud rates have become almost equal to live agent phone fraud, with crime syndicates targeting call center IVRs and agents using both social engineering and sheer force to validate, augment, and monetize breach data.

AI/ML-based cross-channel, real-time solutions help shield contact centers, in both live agent calls and IVR activity, to reduce fraud and operational costs while improving customer experience. These solutions can study and learn from transaction elements to quickly build new rules for flagging anything suspicious.

Analyzing multilayer caller information and risk scoring reputation, caller behavior, network signal, and call statistics further enhance anti-fraud measures. It makes sense to have added layers of protection, for both banks and customers, before fraudsters can access customer data and wreak havoc.

References: