Do you remember the olden days when cameras were stand-alone devices that you had to lug around just in case you needed it? Well, since today is National Camera Day, we thought it was appropriate to remind you how far we have come with cameras. These days, it is easy to capture a picture — just pull out your smartphone! Smartphones make everything easy, even actual phone calls. When a customer calls a financial institution (FI), they typically go through a phone tree and an interactive voice response (IVR) system. FIs have spent time and effort making IVRs more user-friendly for customers. But making IVRs more customer-friendly and feature-rich can also make them more vulnerable to fraud. An estimated 60% of online fraud starts with or includes a call to the IVR. In another survey, 37% of bank executives said they had seen evidence of fraud coming through their IVR system. Why scammers love IVRs
The characteristic of IVRs that FIs find so appealing is the ability to handle large volumes of calls, any time of day or night. But that is exactly what makes IVRs so susceptible to abuse. Scammers can make hundreds of calls to an institution’s IVR, looking for a way to navigate into an account. They employ bots and robocalling to probe IVRs, testing thousands of PIN numbers until they find one that works. In other words, they try repeatedly to find a hook that allows them to impersonate a real customer. Oftentimes, they move from the automated responses to a live agent and try to trick the agent into revealing sensitive information – such as a security word like a dog’s name. All it takes is one slip and a scammer has the key to unlock an account they can loot. A break-in can also lead to more serious damage, if the cybercrook can get into other parts of an institution’s system.Strategies for community financial institutions (CFIs) to protect themselves
The characteristic of IVRs that FIs find so appealing is the ability to handle large volumes of calls, any time of day or night. But that is exactly what makes IVRs so susceptible to abuse. Scammers can make hundreds of calls to an institution’s IVR, looking for a way to navigate into an account. They employ bots and robocalling to probe IVRs, testing thousands of PIN numbers until they find one that works. In other words, they try repeatedly to find a hook that allows them to impersonate a real customer. Oftentimes, they move from the automated responses to a live agent and try to trick the agent into revealing sensitive information – such as a security word like a dog’s name. All it takes is one slip and a scammer has the key to unlock an account they can loot. A break-in can also lead to more serious damage, if the cybercrook can get into other parts of an institution’s system.Strategies for community financial institutions (CFIs) to protect themselves
- Improve monitoring of the IVR. You may be monitoring your IVR system, but with the growing fraudulent activity, you will need to step it up. Constant monitoring of IVR for signs of fraudulent activity like repeated calls from the same number or calls from a number that can’t be authenticated as real, can help a CFI spot a fraudster before he gets very far.
- Use security solutions that are designed to spot fraud in IVR. These solutions should provide an umbrella of protection by identifying accounts being targeted by possible scammers and callers who may be mining for data, instead of seeking customer service. These should also analyze data in real-time and issue alerts about suspicious activity.
- Ensure agents who receive calls through IVR are trained in spotting suspicious calls and can respond. Fraudsters often enter through IVR and use bits and pieces of information to try to impersonate real account holders. Then they try to trick the agent into revealing more information about the account. Agents need to be educated so they don’t mistakenly fall for this.
- Make sure your institution’s IT security team is trained to act quickly in dealing with these security alerts. Specific protocols should be in place and tested, as with all others.
IVRs can be valuable tools in a CFI’s ability to provide 24-7 customer service. But their durability in responding to customer calls can also present a security risk. Balancing customer ease of use with tight security is the key to an effective IVR.