Many of our clients have customer call centers to help customers with varied questions or concerns. Those who work in customer service, and in call centers tend to patient and helpful. But sometimes being too helpful can land the company in the middle of a fraud scheme.
We are seeing primarily foreign individuals use traditional methods of technology, like the telephone to successfully perpetrate a fraud, including money transfers, opening up accounts and depleting accounts of all funds.
Organizations are struggling with assisting their customers over the phone, while combating sophisticated phone fraud schemes. These schemes usually occur when the fraudster calls the call center pretending to be the customer. Because many call center employees have not been educated about these fraud schemes, occasionally, the call center employee will literally walk the fraudster through a series of “security” questions to try to confirm that the fraudster is the real customers. Unfortunately, many companies continue to use a social security number, date of birth, home address, email address or employment as these security questions. The reason why this is unfortunate is that all of this information on most U.S. adults is accessible through publicly available means, through social media or is for sale on the dark web.
These “security” questions can no longer be trusted and based upon the incidents we are seeing, more sophisticated security measures may wish to be considered by companies as a result of the increased successful fraud schemes. It is a difficult balance to be accommodating and helpful to customers, while protecting them at the same time. But customers need to understand that call center employees are subject to these elaborate fraud schemes, and are trying to help the customer.
One of the biggest ways to combat these schemes is to complete a detailed education session for call center employees so they can be a company’s first line of defense. There are some clear ways to identify a fraudster when they call. Here are some obvious ones that we have seen in the past year:
- Use of fax numbers—most people don’t use faxes anymore, but criminals are using them to get forms from companies for the transfer of money. Be wary if a customer asks to fax a form that is accessible online
- Use of gmail accounts—gmail accounts are easy to open, and may look like the real email account. It is sound practice to confirm the email address that the organization has on file and to email only that account if a customer asks for forms or information to be emailed. Replying to the email account sent by the fraudster only feeds into the fraudster’s scheme. Verify the customer’s email account and only send information to the verified email account.
- Confirm the customer’s telephone number on file, and only call the customer at their confirmed telephone number.
- Have processes in place regarding the amount and processes in place to confirm transfers through other means than through the call center, email or fax.
- Use other methods to confirm the identity of customers other than the traditional personal information, all of which is accessible to fraudsters.
More and more clients are holding special educational sessions for their call center and other customer relations personnel so they can be the first line of defense and spot a fraudster when they see or hear them. We find that when employees are provided with the stories around real schemes and fraud, they learn from those incidents, and become empowered to make sure it doesn’t happen to them. Arming them with ways to prevent fraud makes them more aware, suspicious and alert. This simple tactic can really pay off.