Financial Institutions Face a New Contact Center Threat

Contact centers are an essential channel for banks and customers to communicate, but every channel has security risks to accompany its benefits. Traditional contact center fraud security emphasized two major threats. First, there was the worry that rare unscrupulous contact center agents would abuse the knowledge they gained in the course of work for nefarious ends. Second, there was the danger that scammers could “socially engineer1” and trick agents into disclosing information they should not. The first problem could be handled by appropriate interview screening and good on-site and remote protocols; the second problem was handled through training and education. Today, there’s a third vector for contact center fraud loss: IVR exploitation.

While the general public may imagine the typical contact center to be a vast cubicle farm, with customer service agents answering each and every query they receive, this vision is somewhat outdated. First, COVID has forced the vast majority of contact center agents into work-from-home setups; cubicles have been temporarily abandoned all over the country, and some firms may choose to retain remote working even after the pandemic subsides. Second, most institutions try to ensure that relatively few calls ever reach human operators. If you’ve placed a call to your bank, your health insurance provider, or even your pharmacy in the last decade, chances are you’ve encountered an Interactive Voice Response, or IVR, setup. An IVR can complete many basic functions without agent intervention; if a call must go to an agent, the IVR has usually gathered information, like customer name or customer account number, that will be provided to the agent to accelerate their work assisting the caller.

Now, it’s the rare and foolish financial institution that would leave sensitive transactions to an IVR — such highvalue interactions would usually happen through a website, through a personto-person call, over a mobile app, or even face-to-face at a teller’s window. It doesn’t follow, however, that an IVR is safe because it can’t be directly exploited. Bad actors will perform account reconnaissance (the most common type of IVR fraud) to slowly gather enough data that can be used to take over customer accounts, using phishing techniques, spoofed calls, and other methods. Furthermore, fraudsters scrape together information from social media, from already compromised accounts, from socially engineered and tricked agents, and from IVRs. In fact, recent research2 from Aite Group found that fraud often begins in the IVR and ends elsewhere.

The IVR threat to financial institutions and their clients isn’t theoretical. Aite Group discovered that 41% of financial institutions were aware of IVR fraud loss at their institutions. A further 33% didn’t know if they’d experienced IVR loss; it’s likely that some suffered losses that they were unable to identify. Just as disturbing, half of the institutions that identified IVR-originating fraud admitted that they were not, at present, monitoring their IVR installation. Because IVRs are automated and because the opportunities they offer criminals are poorly understood by some security professionals, there’s an unfortunate tendency to set up an IVR and assume that it can operate unsupervised. That’s an understandable mistake, but for businesses and customers alike, it’s a costly one.

If there’s insufficient IVR tracking and monitoring, recognizing the most sophisticated fraud becomes less likely. Thankfully, it appears that change is coming to financial institutions, with 62% reporting that they’ve either increased their security in the last few years or that they have plans to do so in the next 24 months. The experts are clear: Omnichannel fraud demands omnichannel security.

Incompetent scammers are relatively easy for trained contact center agents to unmask in a conversation. But how does an automated IVR monitoring system fare? It analyzes phone carrier metadata, recognizes unlikely call patterns (like multiple calls from the same number at odd hours), and confirms that caller IDs have not been spoofed. Because IVR and contact center attacks aren’t scammers’ endgame — these attacks are primarily focused on data mining and data gathering — new machine learning tools can warn institutions that a fraud attempt may be in progress. IVR monitoring can identify the accounts that fraudsters are slowly and methodically attempting to crack. All of this happens in the background, so there’s no deterioration of the caller experience, and would-be fraudsters won’t realize that the system has flagged and identified them.

Criminals are good at adjusting to changing circumstances: consumers have already reported nine figures’ worth3 of COVID fraud losses. Institutions must be just as attentive and equally adaptable. When the coronavirus recedes and offices fill back up, scammers will change their strategies again, but they won’t give up and they won’t disappear. As IVR and other automated systems grow ever more essential to financial institutions’ functioning, there will be fewer and fewer justifications for leaving these tools unattended. Fraud hurts your customers, hurts your reputation, and hurts your bottom line. Your institution should invest in today’s tools to stop tomorrow’s fraud. Mark Horne Chief Marketing Officer Pindrop

Whitney, L. (2020, November 05). How to defend your organization against social engineering attacks. Retrieved January 05, 2021, from https://www.techrepublic.com/article/how-to-defend-yourorganization-against-social-engineering-attacks/

ANALYST REPORT: Aite: Safe and Secure Transactions in the IVR. (n.d.). Retrieved January 05, 2021, from https://www.pindrop.com/ analyst-reports/aite-safe-and-secure-transactions-in-the-ivr/

Consumer complaints about COVID-19 fraud pass 200,000. (2020, September 21). Retrieved January 05, 2021, from https://uspirg.org/ news/usp/consumer-complaints-about-covid-19-fraud-pass-200000

In the wake of COVID-19, the financial services industry has had to rapidly change its methods of working in ways that could not have been dreamed of 12 months ago. But from this disruption has come a wave of innovation that has prompted banks across the world to rapidly progress their digital transformation plans.

To better understand the impact that this has had on the financial services industry and the compliance challenges it’s facing, Global Banking and Finance Review spoke with Brian Cramer, CEO of Smarsh, and Tim Estes, CEO of Digital Reasoning.

Brian Cramer: There's some obvious things that have happened since COVID-19 and the resulting work-fromhome arrangements that companies have been forced to adopt. As a result, we’ve seen the overall volume of digital communications increase by 40 to 50%. What you also see notably is the adoption of new tools to help employees manage remote working better. Tools like Microsoft Teams, Slack, Zoom, and mobile devices more generally have soared in popularity amongst businesses.

What is very interesting now is the complexity of these newer channels and collaboration tools. If you take Zoom or Microsoft Teams, for example, they're a bundle of many different communications in one platform. Previously email was email. And instant message was an instant message. But if you have interactions on Zoom or Teams to use the example, you have voice communications, you have several different types of chat, you have document sharing, white-boarding - many different types of communication in one bundle, and that introduces a lot of complexity for organizations from a regulatory perspective. Tim Estes: Picking up on that point, more communication means essentially more to review. The FCA (Financial Conduct Authority) has announced that they're going to start requiring the same level of surveillance and risk mitigation processes to be put into place for channels like Zoom, Teams, WebEx, and other remote-working tools, and we know right now that that doesn't exist in most of the financial services market. So, this has been the key challenge for regulated businesses this year: the combination of the volume expansion that Brian talked about combined with the level of surveillance needed to ensure that these new channels are not cesspools for risk.

Brian: All financial services businesses need be asking themselves: am I capturing everything and am I doing it reliably? Meaning, am I getting communications from Teams? Am I getting all emails? Am I getting text

messages between employees or between customers and employees? Am I also getting a voice conversation? That’s the first fundamental question. And, then the second question is: where is my data? Is it safe? Is it scalable with the rapidly increasing volume and variety of data? And, is it accessible to be able to extract intelligence from it?

Tim: Exactly. When you deal with human language communications, it's not enough that you store it. You need to understand it because you're being asked by regulators to understand the human context to those conversations.

Tim: AI's been a buzzword now for probably about five or six years. The problem that we are trying to solve with the use of AI is the level of false positives that legacy tools and fragmented data sources come up with when monitoring communications data. This means that banks have to make a huge amount of human investment to review those falsepositives and escalate potentially problematic communications.

The latest AI solutions are between 5 and 100 times better than the legacy solutions at identifying conduct issues across the areas that a bank is obligated to monitor. This means it’s quicker, more accurate and less resource-intensive to escalate issues so they can be addressed as soon as possible, and in the right way. This gives businesses the ability to see what's going on in a much more realtime fashion. By shortening the time between when events happen to the point when the appropriate function can act on those communications, businesses are far more agile and able to derive actual value from these compliance technologies. This is what we at Smarsh and Digital Reasoning call ‘communications intelligence’, which is a proposition I think is notably broader than just traditional compliance.

Brian: To put it simply, communications intelligence is a business enabler. The statistic that I learned a couple years ago that really shocked me was that about 10% to 15% of overall payroll in the financial services industry was focused on compliance. As the number of platforms being used continues to grow and the volume on each channel continues to grow, this cost burden is only going to increase. This has drastically limited the amount of innovation that banks were pushing for in recent years, because available compliance technology required them to add headcount whenever they adopted new and innovative communications tools, in order to scale their compliance, review, and surveillance functions. And they would get no return from it other than risk reduction.

Now, when you apply AI solutions to the equation, it allows businesses to adopt innovative new communications channels without having to increase their compliance headcount. Institutions can empower their remote workforce with the tools they need, adopt new channels to market to new customers, and use new channels to broadcast their own messages and build new financial products to grow their own business. All of this is possible with a solution that can easily scale alongside this pace of innovation and change.

Tim: Looking at the momentous changes to the communications landscape this year, we believe that voice is the next frontier. If you think about the number of different channels you can now have a voice conversation across, from the phone to video calls across Zoom, Teams and Slack… as Brian previously said, it doubles or triples compliance challenges, because you have multiple channels in the same platforms. Businesses will need solutions that can bring that all together and understand the human context to that language data. This is a huge challenge, but also poses a massive opportunity for the businesses that can get this right.

Brian: Exactly. For banks, it’s about developing the ability to be agile but safe, right? And I think that if you look at the industries that we serve, they've moved slowly and are now accelerating because of external forces like COVID-19.

But they are not quite agile enough to the point where they could establish a new business line with a new team and begin operating in weeks or months. It typically takes them years. I think communications intelligence allows them the ability to not only manage risk as they continue their existing business and expanding into new businesses, but it also can provide business value. I think we haven't even scratched the surface around the number of use cases for businesses that have the ability to capture all electronic communications and apply intelligence to them.

Tim Estes CEO Digital Reasoning

POTENZA assists banks to make a complete technology transformation, by automating and optimizing their operations, enabling them to achieve their goals and improve their bottom line. Their technology expertise, combined with their knowledgeable BFSI consultants, is what makes them stand out against their competitors. Wanda Rich, Editor, Global Banking & Finance Review spoke to Dhanusha Muthukumarana, Managing Director, Chief Executive Officer and Mithila Wegapitiya, Director, Chief Operating Officer at POTENZA about their skilful use of the latest technology to streamline banks’ business operations.

The main success factor I believe is that we intended to make POTENZA not just a typical IT Services or Systems integration company, but instead focus on core Digital Transformation through a balance of Technology and Business Perspectives. From the start at POTENZA we have looked at the challenges that a business may encounter during its operation, and then asked ourselves which were the most significant of these challenges. At the outset we divided our offering into 3 practices which cover the majority of these business problems, namely 1) Core Consulting, 2) Data Analytics and 3) Digital Productivity. Another main reason for our success is that at POTENZA we believe in three main factors that are paramount. These factors are people, process, and technology. All three of these attributes need to co-exist seamlessly in any of our engagements, to enable us to obtain the required results we aspire to.

RPA or Robotic Process Automation, is a game changer, and is the first few steps in our immergence into what could virtually be the 4th industrial revolution. The Basic concept is that we humans have become like robots, engaging in mundane, repetitive tasks from morning to evening at work. Hence the question “can we really stop being robots and be human again” has started to emerge within organizations. Our

RPA practice strives to solve this very problem, by introducing Digital workers, more commonly referred to as “Bots”, allocated to work side by side with human workers. These Bots work 24/7 around the year, with no tea breaks, no coffee breaks, no drama, and the best is, they actually enable humans to engage in truly human and cognitive tasks within the organization. From one perspective, the organization benefits through cost optimization, increased efficiency as well as being able venture towards a “Zero Error Culture”. From the other perspective, human workers’ job roles, as well as lives, are enriched, offering more fulfilling work in their organizations, as well as being able to better manage work/life balance.

For RPA we have partnered with the two world-leading RPA technology companies, Automation Anywhere and UiPath. Therefore, we now have certified consultants and engineers, who have completed multiple projects in the region, ready to undertake complex automation projects across the globe.

All our consultants and engineers are selected through a meticulous interview process, where we identify attitude over aptitude, which we consider is of primary focus for POTENZA. Secondly, we always tend to hire Consultants from strong business backgrounds, which in most cases is more important than their technical capability or technology exposure. By doing this, POTENZA’s approach of always placing business processes and best practices first, becomes a significant advantage. POTENZA also maintains an outstanding training program, which takes a fresh consultant through a series of well thought out and structured programs, where not only functional and technical aspects are identified, but also to discover if they have the correct POTENZA mind-set to help with individual success. Finally, POTENZA goes to great lengths to provide these consultants the finest working environment, together with the best available benefits. We do not use the word “employee’s” but “Family member” instead.

Dhanusha Muthukumarana Managing Director/Chief Executive Officer POTENZA

In a typical consultation we would always approach a customer with a blank canvas. We ensure we understand the customer properly, and have a twoway conversation rather than just a one-way pitch. We also do not present a pre-determined solution for a customer, but provide a truly workable plan tailored the customer’s needs.

I would say POTENZA has used the current Pandemic Situation in a positive way, as the organization is now operating remotely 100%. Through the recent health crisis, our teams have delivered complex projects completely remotely, and have adapted to this new normal rapidly. We believe, due to travel restrictions and stakeholders completely relying on online platforms to communicate, that we have created a new window of opportunity to start new conversations across the world to enhance the profile of POTENZA.

Our dream has always been to become the next Accenture or the next McKinsey Consulting. We have all the raw materials for this. The only thing we need in addition is global reach, which we are strongly focusing on. In another 5 years we envision our organization will consist of 250+ Consultants, covering most of the mature markets across the globe. With APAC and Australia now covered through our business efforts, we look towards the west now to take our valuable proposition to those markets.

Mithila Wegapitiya Director/ Chief Operating Officer POTENZA