The rollout of EMV is accompanied by increased card not present fraud, but banks can reduce losses using voice biometrics in the call center.
CNP fraud has more than doubled in the U.K. and Canada following the EMV migration, spiked more than 200% in Australia. The uptick is logical given that counterfeiters will always find another channel to display their fraud talents. Banks are asking—can they protect against the surge in CNP fraud? The answer is yes, given timely new findings in the call center of all places.
As online security has tightened, fraudsters are exploiting the call center for easy access to information. Companies are finding that online fraud (the bulk of CNP fraud) often includes a phone call by the fraudster.
Here’s how it happens. A professional fraudster buys stolen card and identity information on the black market. The goal is to make online purchases—this is often the bulk of CNP fraud. To maximize purchases, the fraudster wants to know the card’s available credit limit. This helps avoid overcharges, so the customer isn’t alerted to extreme use.
Logging into the account online is too difficult. But it’s easy to ask the call center questions since it has access to the card and personal information (e.g., date of birth, social security number) to answer security questions. So they call the bank, pretend they’re the account holder, and learn the available credit. Armed with this data, the fraudster then “goes to town” and starts making online purchases with the stolen card information.
In summary, fraudsters often call the bank or card issuer to check the available credit on stolen cards before making fraudulent purchases online. They may also request additional things like a credit increase or pre-clearance for a big purchase. These are considered “support” calls for CNP fraud.
The good news is this discovery gives banks a new way to protect themselves. Forward-thinking banks are building a database of known fraudster “voiceprints” in the call center with a new generation of voice biometrics. Passive voice biometrics can collect and examine a caller’s voiceprint in the background of a normal call (no passphrase required). By screening live calls against the fraudster database, banks can detect fraudsters by voice, even on innocuous calls like available credit inquiry. When a known fraudster’s voice is detected, banks can flag the customer account as possibly compromised. This all happens in the background and is unknown to the fraudster. When the fraudster then attempts CNP online fraud, the account is on high alert and the bank can reject the transaction.
Large banks and card issuers that have deployed a passive voice biometric solution have seen a reduction in fraud losses. Detecting fraudster calls by voice is an effective way to preemptively flag compromised accounts and deter fraud. Like the sport of martial arts, banks can turn their call center from prey to predator to reduce CNP fraud.
Overall, while EMV credit cards may be more secure for protecting “brick and mortar” credit card transactions, fraudsters are using the call center as a way in—through the call center, which has unwittingly become part of the online CNP fraud lifecycle. By using passive voice biometrics to recognize a fraudster’s voice during a support call, banks can stop CNP fraud, protecting their customers and their institution from theft. And, while CNP fraud may be a side effect of the EMV migration, we now know that banks have a way to stop it.
Steve Williams is vice president and global practice leader of identity analytics at Verint.