With just two calls to a contact center, Brandon Price, of Pittsburgh, stole the identity of Microsoft cofounder Paul Allen.
Price impersonated Allen on the phone almost two years ago and managed to convince an agent at a Citibank call center to change the address and phone number on Allen's account to his own. He then called back a few days later to report that the debit card associated with that account had been lost and convinced another agent to send a replacement card to his address. Police caught up with him when he tried to use that card to make several purchases and carry out other financial transactions. He pled guilty to the crimes in June and now faces up to 30 years in prison.
While Price was caught, this example reveals how disturbingly easy it is to steal someone's identity.
Although financial institutions, such as Citibank, have strengthened their online security controls, not enough attention has been paid to securing contact centers. As a result, these facilities have become the channel of least resistance for fraudsters, who are increasingly turning to agents to unwittingly help them carry out their illicit activities. These crafty criminals prey on the agents' sympathetic and helpful natures. They use a variety of social engineering tactics to get agents to reveal information that can be used to carry out fraudulent transactions.
And they're having considerable success. Javelin Strategy & Research reports that in 2012, identity fraud affected 12.6 million Americans—an increase of more than 1 million people over 2011—and fraudsters stole more than $21 billion, the highest amount since 2009. Most of these crimes involved using misappropriated credit, debit, or ATM cards; making fraudulent purchases; taking control of existing accounts; and opening new accounts.
The value of these crimes is often unknown or understated, according to research from the Aite Group, an independent research and advisory firm for the financial services industry. Most of the individual crimes fall below the dollar thresholds at which the financial firms launch formal investigations. Furthermore, most organizations only attribute losses to the contact center when there is a specific policy or procedural violation, the research revealed.
To understand why this is happening, organizations must first understand what they're up against. Seasoned fraudsters often rely on phishing schemes and computer hacking prior to the call to garner enough information about the intended victims so the criminals can convincingly trick call center agents into giving them what they want.
Another common tactic is to launch distributed denial-of-service attacks, when fraudsters flood the call center with calls in the hopes that the agents will be so overwhelmed that they will take shortcuts or make errors that they might not under normal circumstances.
Plus, not only are these criminals very skilled at what they do, but they also seldom act alone. In fact, according to the Aite Group study, 74 percent of financial institutions stated that organized attacks by sophisticated criminal syndicates are responsible for the majority of contact center fraud.
It doesn't help that most contact center workers are not adequately prepared to deal with these threats. Security is not their focus; their main responsibility is to take care of the customers' needs and to get them off the phone as quickly as possible. And even when they are trained to recognize some of these schemes, in the end, all agents are human. As such, they can be manipulated by the well-crafted sad stories that fraudsters skillfully present.
A Better Solution
Fortunately, there is a solution. Automated voice biometrics technology can verify the identity of callers and interact with them. An additional advantage is that such technology cannot be emotionally manipulated. However, organizations have been slow to adopt it.
Financial services firms obviously have the most at stake, so it's not surprising that they have been the largest commercial adopters of voice biometrics technology to date. Biometrics Research Group estimates that at least $200 million was spent on voice biometrics by the banking sector alone in 2012 and projects at least $750 million will be spent on voice biometrics in banking by 2015.
But even in that industry, adoption of voice biometrics has been limited.
"Voice biometrics has been around for a long time, but adoption in the contact center is just starting to take off," says Dan Miller, senior analyst at Opus Research.
Miller estimates that only about 20 percent of the world's call centers currently use voice biometrics to some degree to verify the identity of callers. In 80 percent of the calls, other means are used, including passwords, PINs, or security questions.
Worldwide, it is estimated that only 20 million to 30 million voiceprints are stored in databases somewhere, and government and law enforcement agencies have collected most of them to track known criminals. The largest government deployments of this kind so far have taken place in Mexico and Ecuador and involve technologies from Speech Technology Center, a Russian firm specializing in voice security applications.
In financial services, as in other industries, contact center operators have shied away from voice biometrics in the past because the technology was expensive, time-consuming, and ineffective. Using voice biometrics was simply too much of an ordeal for both the caller and the company.
Breaking Down Barriers
Those barriers no longer exist. Technological advancements in voice biometrics are making the speaker verification process today almost entirely seamless for callers and placing voice biometrics within the reach of companies of all sizes.
"Every time the corporate world has tried to add a layer of security, it has added inconvenience to the customer. Now, we're adding security and [improving] the customer experience," says Alexey Khitrov, president of SpeechPro, the U.S. business unit of Speech Technology Center.
"There's so much today that you can do with voice biometrics in the call center environment," he adds.
That's significant, given that 83 percent of calls to contact centers today require some sort of caller identification or verification, according to a recent report from Opus Research.
One of the first things newer biometrics systems have going for them is that the long process of initially creating a voiceprint has largely been eliminated. "Now, it's all done in the background with passive enrollments," Miller says. "As we look at the wide expanse of the contact center, there is a lot of recording that's going on now. There's a lot of recorded material that can be used to generate a voiceprint.
"The beautiful thing is that what used to take a while now can be done almost in real time," Miller adds.
Khitrov claims that with SpeechPro's latest VoiceKey release, the entire process takes 2.5 seconds for its text-dependent option and six seconds for its text-independent option. "From an end-user perspective, it's really such an easy process now."
This applies to both the initial enrollment and subsequent verifications, Khitrov adds.
Nuance Communications' FreeSpeech voice biometrics engine uses natural language processing to speed up the enrollment and verification process. This eliminates the time wasted as callers are led through the process of saying and repeating random numbers, phrases, or sentences for enrollment and verification.
Barclays Wealth & Investment Management, a London-based global financial services organization entrusted with $2.4 trillion in client assets, started using FreeSpeech several months ago. When customers call in to Barclays to access their accounts, they engage in 20 to 30 seconds of natural conversation with the customer service agents. During that time, Nuance FreeSpeech runs in the background, comparing their voices to their unique voiceprints on file and silently signaling to the agents when their identities have been confirmed.
Since its introduction, more than 84 percent of Barclays' customers have stored their voiceprints in the system, with 95 percent of those customers successfully verified on their first use of the system. Customer feedback has been positive, with 93 percent of customers rating Barclays at least nine out of 10 for the speed, ease of use, and security of the new authentication system.
Voice biometrics solutions are also more feasible today because of advances in the mobile phones most people carry around every day. Newer smartphones and tablets have become sophisticated enough to do the voice authentication processing "on-device." This differs greatly from the previous "in-call" approach, where an interactive voice response system prompted the caller to say and repeat a series of numbers, words, or phrases. Another system recorded the utterance and handed it off to yet another system that compared it to samples of the voice saved in a complex database of voiceprints and related information.