Digital fraud has increased significantly since the COVID-19 outbreak, especially when it comes to account takeover.
Account takeover is when a legitimate customer’s account is accessed through illicit means for the purpose of committing fraud, and, in the midst of a global pandemic, is on the rise for two primary reasons:
- Increase in volume. Consumers have been forced to turn to digital channels for just about everything, making it much easier for fraudsters to hide amidst the uptick in volume.
- More chaotic environment. Fraudsters are taking advantage of the chaos and turmoil, and using fear and uncertainty to victimize consumers.
TransUnion data has confirmed these spikes in digital consumption since the outbreak. For example, we saw a 23% increase in e-commerce traffic the week after the World Health Organization (WHO) declared COVID-19 as a pandemic — and between March 11 and April 27, we’ve identified more than tens of millions of risky transactions for our customers across all industries.
These developments have been occurring in the midst of businesses trying to shore up work-from-home operations, secure their sites and apps, and deal with increases in volume to their digital channels as well as their call centers.
Call centers experiencing major upticks in both consumer volume and fraud
Increases in call center traffic as a result of COVID-19 have been seen across several, if not most, major industries. The Aite Group estimates that banks have seen spikes in call center volume in the 40% range, and telecommunications providers have shared that their call center traffic has spiked upwards of 25%.
With attack methods like social engineering being used more heavily to perpetuate account takeover across the customer lifecycle, call center agents are also dealing with more fraud than usual. Social engineering can take a few different forms, such as gathering publicly available information about a consumer that could be used to answer KBA questions. It’s been shown that fraudsters make an average of five calls to a call center before taking over an account, in order to build rapport with the call center agents or to try out high pressure tactics to gain access to the account. In today’s tense environment where call centers are dealing with higher volumes and likely more volatile customers, these kinds of attacks may prove more effective than ever.
Preventing ATO and social engineering before they reach the call center
In a recent survey by Transunion, we polled 3,015 Americans aged 18 and older on how they have been impacted by COVID-19. 28% of respondents indicated that they had been targeted by digital fraud related to COVID-19, up from 23% the previous week. That’s a 5% increase in one week, indicating that this trend is likely to accelerate. This has led to a new deluge of breached credentials and personal data that fuels account takeover attacks and identity related fraud.
Combating account takeover can be tricky due to the many attack methods and multiple points of risk, but it can be done quickly and effectively with the right approach — and ultimately, a reduction in ATO leads to a reduction in call center fraud. With call centers overwhelmed by requests from good consumers as well as potential fraud, what can your organization do to prevent fraudsters from using up valuable employee resources, time and money?
There are a number of measures businesses can take to combat account takeover and ultimately relieve call center volumes. Let’s start by breaking down the two key points of risk, which occur at login and account management:
- Login: It’s important to go beyond username and password to properly secure accounts. There are a number of options that are easy to layer into existing authentication solutions, such as one-time password (OTP) and multifactor authentication. At TransUnion, we have found that device-based authentication is the most effective way to catch fraud early. By pairing the consumer device to the account, consumers don’t have to be reliant on passwords or personal data that may have been compromised. Even if a fraudster was to access the login credentials, you could identify that they were not a good returning consumer. Plus, you can gain risk insights that typically aren’t available via other authentication methods, such as unusual velocities, geolocation mismatches, or the use of anonymizing proxies.
- Account management:Once fraudsters have gained access to an account, they typically attempt to change account details such as email or shipping address. Adding verification checks at account management is very effective for combating ATO. For instance, if an attempt is made to change the email address associated with an account, you can run an email verification check to ensure that the new email address is valid. If a higher level of assurance is needed, you can deploy push authentication, which allows you to push authentication requests directly to the consumer’s device for any requested account changes. Best of all, this can be done no matter the channel: web, app, or call center.
With the proper solutions, you can expose and combat fraud like ATO, social engineering and ID theft even before they make it to the call center.
Differentiating between good consumers and bad actors
Depending on the fraud controls you have in place, it’s possible that you will still encounter some fraud at the call center stage. The ability to swiftly identify trustworthy consumers is therefore an important piece of the puzzle, in order to allocate resources appropriately and get them the help they need. Fortunately, there are several solutions for identifying good consumers as a means of mitigating call center fraud.
Verifying consumer-provided information should be done using diverse and comprehensive data sources, giving you confidence that your consumers are who they say they are. Whether relying on email and phone verification to identify risky characteristics, or using alerts to flag high-risk data within consumer-provided information, the ability to ID good consumers enables you to give them the friction-right experience they deserve while appropriately focusing your fraud prevention tactics elsewhere.
Reducing risk across all support channels
Not wanting to deal with longer call center wait times, many consumers are looking for alternative channels to get the help they need, such as online chat or in-app support. Plus, pushing consumers to these digital channels can help effectively reduce call center queues. Fraud prevention and ID verification methods help to reduce risk across these various channels, such as the use of device-based recognition for preventing fraud via online chat support.
Enabling multifactor authentication for in-app support allows you to optimize the customer journey through your mobile app, further enabling you to reduce volume and overall costs to your call center. By identifying the functions that can be automated through your app, as well as those that can be streamlined to save time, you can ultimately free up call center agents to help more consumers, quicker.
Authentication methods such as OTP and KBA are also effective for prioritizing the call center queue, so that trustworthy consumers can quickly get helped.
For call centers dealing with the current COVID-19-fueled fraud pandemic, there are solutions that can help. To find out how esure cut its call center fraud by 40% using TransUnion solutions, read the case study here.
For insights and resources specific to protecting your business and consumers during COVID-19, visit our COVID-19 hub.