Fraud mitigation in the contact center

15 December 2022

Telephone fraud, operational and reputational risk for the contact center

If there is anything that has changed during the COVID pandemic is the way customers interact with businesses. During the last couple of years contact centers have experienced a huge growth around everything related with customer experience. Chatbots, Whatsapp, email are becoming more prominent ways of reaching out to companies. But, if there is a channel that is still king in terms of customer preferences is the voice channel.

Voice channel is the most used and preferred channel by customers. This makes it a critical part of the contact center. Which translates in being a primary objective of cybercriminals. That is why security and reliability are two key elements to consider in order to bring great customer experiences

The thousand faces of fraud

  • Telephony denial of service (TDoS): these are the kind of attack on which criminals send a huge amount of petitions to the network with the goal of taking it down. It is an attack that tries to disrupt the service. The result of this sort of attack is the inability for the contact center to receive and respond legitimate calls. This creates a poor user experience and customer churn.
  • Hacking/ Hijacking: these attacks try exploit some sort of security hole in the enterprise network. The objective of the criminals is to get control of communication elements such as the PBX. The common result of these attacks is a direct economic loss. For example fraudsters can place calls to premium numbers on which they get some sort of income.
  • Toll Fraud: directly connected with the previous case, it consist on using contact center resources to call premium numbers on which the criminal can obtain economic gains. Sometimes it is the result of the hacking and hijacking as mentioned previously. But this is not always the case, missconfigured IVRs and call transfer procedures can also result in this sort of fraud. Also, there has been cases on which employees were using their employer network to obtain economic gains.
  • Phishing & Vishing: on these attacks a criminal is trying to impersonate a legitimate user with the goal of obtaining an economic benefit. In the best of cases this sort of fraud is a waste of time of the agents as they have to handle the call. Worst case scenario is an economic loss for the end users and potential legal consequences for the contact center

Security policy, the first line of protection.

Prevention is the best protection. That is why having a security policy that deals with the problems before they happen is primordial.
A lot of these measures are widely known but they are not implemented diligently enough. We can differentiate security measures according to its scope in two big groups:

  • Internal security policies, these are measures that have the goal of mitigating risks in the “internal” operative of the contact center. Examples of this sort of measures are: access control measures, agent privileges regarding sensitive data access, call recording, access registry, allowed software whitelist, periodical security updates, network monitoring, legal compliance, data encryption, etc
  • External security policies, are those that look into reducing risks in the activity of the contact center. This means in the interaction between agents and end users. These measures are mainly based in the verification of the legitimacy of the end user. We can also add here agent training to spot “social hacking” situations, the use of knowledge based authentication, biometric tools for customer verification, multiple factor authentication…

Monitoring, the essential tool for early action.

It is clear the the previously mentioned measures are needed. Nevertheless, when speaking about voice channel, there is common denominator on which attacks happen, the telephony network. That is why deep monitoring of incoming and outgoing calls not only offers protection, but also is key in identifying and allocating the problem in case of security breach.
One of the most interesting characteristics of this approach is how transversal it is. It is totally transparent for the users, it allows for enforcing call policies but most of all, it happens ex-ante.
Operationally the benefit is clear: reducing the amount of fraudulent calls that end up in the contact center and that are being attended by agents helps driving efficiency.

Artificial intelligence, the cornerstone to anticipation.

They key resides in the SIP signaling. Through the analysis of each call signaling, using AI/ML tools it is possible to fetch data from historical data and also external databases. With this information it is possible to rank the risk associated with the call. The end goal is to enforce policies such as call block or call redirection the suspicious calls.

It is also possible to monitor outgoing calls. This gives IT and system administrators  the capability to spot and solve any anomaly in the contact center activity.

If you would like to explore ways to make your communications safer and protect your telephony network reach out to us. We can work together to see if there is any way we can help you improve your operations.

Next article

SIPREC for call recording, what is it?

SIPREC the most used call recording protocolSIPREC is currently the most widely used call recording protocol. It is based o[...]