Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/16/2021
10:00 AM
Umesh Sachdev
Umesh Sachdev
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Combating Call Center Fraud in the Age of COVID

With many agents now working from home, call centers require new technology, new processes, and a new way of thinking about security.

Call centers are a fraudster's dream. Millions of pieces of personally identifiable information (PII) are transmitted from customers to service agents every day. Anyone able to infiltrate these systems — either physically or digitally — can turn around and make a small fortune selling all sorts of valuable information on the Dark Web. In fact, according to Aite Group, 61% of fraud originates in the call center.

During normal operations, security is extremely tight. Agents are authenticated with an ID badge, their arrivals and departures are tracked, and they are not even allowed to have a pen or pencil when taking calls. But these are not normal times. COVID-19 has shifted more than 1 million agents from locked-down call centers to work-from-home systems — weakening physical security strategies meant to prevent rogue actors from exfiltrating information for personal or financial gain.

Now, more than ever, it is critical that organizations with large call center operations take advantage of new, innovative technology to secure the conversation

Related Content:

Secure Laptops & the Enterprise of the Future

Special Report: How IT Security Organizations Are Attacking the Cybersecurity Problem

New From The Edge: Cybercrime 'Help Wanted': Job Hunting on the Dark Web

Preventing Work-From-Home Security Risks
Agents working from home can't be monitored and tracked while on the job to the extent they are in the call center. For example, they can't they be prevented from recording calls or writing down credit card numbers and other financial information. Organizations can't even authenticate users who log in to their call center platforms with photo IDs — meaning that a family member, a roommate, or even a stranger could impersonate the agent and harvest valuable PII.

Here are three tips that organizations can use to secure the conversation:

1. Prove Agents Are Who They Say They Are
Speech recognition and voice biometric technology in the call center are nothing new. Organizations often use these technologies to authenticate customers that call in and to evaluate intent. But speech recognition and voice biometrics can be used on the agent side as well. Agents can be verified when they first log in and then periodically throughout the entire shift. This prevents an unauthorized person from using stolen credentials or sneaking into the system when the agent is on a break. If there is an inconsistent or false match, a supervisor is notified immediately and can address the situation.

2. Automate and Encrypt PII Collection
Rogue agents and unauthorized users can't steal information they don't know. Instead of relaying PII verbally over the phone, customers can submit information digitally without any agent exposure. This can be done over text or encrypted SMS that pings a server on the back end and sends the agent a confirmation to continue the engagement once the data is accepted. An added benefit is the ability to automatically populate redundant fields across applications. Previously, an agent might have had to manually enter information multiple times across screens. Automating data collection can reduce call times by half and eliminate human error.

3. Detect Anomalies With AI
All call center calls are recorded for quality of service and security but, with thousands of calls conducted every day, not all can be monitored. Artificial intelligence (AI) and machine learning (ML) can close that gap by parsing through conversations to identify abnormal behavior at scale. These solutions can search for changes in tone, long pauses, and other indications that something unexpected has occurred. It can even learn to remove bias from fraud detection — such as forgiving specific speech patterns from agents that have a speech impediment or accent. By leveraging AI, systems are able to constantly learn and adapt models to improve accuracy.

We expect to see millions of agents handling customer service calls from the comfort of home rather than a highly secure, highly controlled call center. Securing the conversation will require organizations to investigate new technologies that can identify and prevent fraud in these situations — from speech biometrics to audio encryption to AI. Fraudsters are now on notice.

Umesh Sachdev, Co-Founder and CEO of Uniphore, is a modern-day entrepreneur with a passion for technologies that have massive societal impact. Umesh co-founded Uniphore with Ravi Saraogi to bridge the communication gap between man and machine using voice and speech.Umesh was ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35519
PUBLISHED: 2021-05-06
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel i...
CVE-2021-20204
PUBLISHED: 2021-05-06
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbi...
CVE-2021-30473
PUBLISHED: 2021-05-06
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.
CVE-2021-32030
PUBLISHED: 2021-05-06
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_chec...
CVE-2021-22209
PUBLISHED: 2021-05-06
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed.