Three safety lessons from a year of crisis
Crime thrives in times of crisis, and the coronavirus has been the greatest collective emergency the world has faced in decades. While there are more heroes than villains in the story of the coronavirus – think about all the sacrifices doctors, nurses and other essential workers have made and continue to make – there were also a few bad actors.
When Pindrop interviewed security and fraud professionals in vital industries including banking and healthcare, we discovered hundreds of teams who had made heroic efforts to keep operating despite enormous obstacles. We were also reminded of the many ways fraud threatens businesses and individuals facing turmoil.
Spikes in call volumes have left contact center agents overwhelmed while lockdown protocols have forced reorganizations and remote working; well-intentioned and generally beneficial programs like PPP loans have opened up new avenues for fraud; and fraud attempts have moved to new places, such as the prepaid card divisions of banks.
More time on the line
At the start of the pandemic, when lockdowns and restrictions across the United States were at their peak, contact centers and customer service teams saw huge spikes in call volumes. Bank phones picked up with questions about Paycheck Protection Plan account numbers and loans, unemployment benefits and mortgage suspensions.
Business relationships that could once be done face-to-face with a branch cashier are now over the phone. Contact agents not considered âessentialâ have turned to homework; new systems had to be designed, implemented and tested almost overnight. The result? More calls, longer wait times, and longer agent conversations. Of course, not all fraudulent use of a contact center requires speaking with another human being: unscrupulous users can âexploitâ interactive voice response systems for their personal data.
In some industries, the second quarter of 2020 saw an 800% increase in call volume year over year. Figures this high were not sustainable, and there was some decline in call duration and volume, but in the last quarter of 2020, call durations were still up 14% from pre-levels. -COVID, and typical waits were 11 minutes longer than they were before the pandemic. That’s bad enough for customer satisfaction, but the most worrying news is that 57% of fraud detection and prevention decision makers surveyed determined that attempted contact center fraud was on the rise so far. ‘in at least October 2020.
Means and opportunity
It is said that a crime requires means, a motive and an opportunity. While a few scammers may have turned to deception due to economic pressures, the coronavirus generally had little to do with the motivations of scammers. In contrast, the pandemic has provided many means and countless opportunities for illicit transactions.
Means: With overwhelmed contact agents and honest customers in distress, the fraudsters developed new schemes (for example, saying they were trying to access the bank account of a loved one who is now in hospital and in pain. severe infection).
Opportunity: In order to avoid an economic catastrophe, the US government quickly rolled out aid programs like Paycheck Protection Program Loans. While these tools were and are a lifeline for thousands of businesses and millions of livelihoods, fraudsters have taken advantage of the provisions of the CARES Act and PPPs. Some fraudsters have already been charged; more will definitely be caught.
When you assess your systems and procedures, think like a fraudster. Have you provided a gap of means and opportunities that a bad motivated actor can exploit?
New places for old crimes
Some of our findings were encouraging. For example, contact center agents had proportionately fewer calls with social engineering scammers than in 2019. Apparently, long wait times will deter some malicious callers!
The scammers hadn’t changed their motivation, but they realized that their opportunity might lie elsewhere. The billions of PPP dollars to be clawed back were too tempting to be left out, and the government approved new, innovative and lean fintech companies to administer the loans. Some of these companies may have been too thin because they were lax in verifying the veracity of the applications.
Three in four loan applications the Justice Department deemed fraudulent came from a fintech company. Although fintech companies are innovative, their owners should remember that today’s scammers are also dynamic and innovative. Proactive due diligence can now save money, embarrassment and pain down the line.
The rescue scams aren’t limited to the United States either; fraud has long been an international game. In the UK, criminals almost got away with a billion pounds in profit. Elsewhere, honest people never received the help they were promised because fraudsters had already exploited their data and had fled with their funds. In Massachusetts, for example, thousands of people eligible for additional unemployment benefits discovered that crooks were using past data breaches to file false claims.
Across the Atlantic, fraudsters have devised a way to get paid twice by the US government: first, file someone else’s unemployment claim, to be issued via a prepaid card. Then once it arrives pretend it was lost and get another one!
The experience of a bank dealing with these prepaid card scams shows how wary institutions should be about changes in criminal behavior. Over three months in 2020, calls to the institution’s prepaid card division were more likely (an astonishing factor of 1,000!) To be fraudulent than calls to other divisions. About 1 in 75 calls were marked as âhigh riskâ. Two out of three high-risk calls were found to be attempted fraud. Clearly, the changes in the corona era had caused fraudsters to flock to prepaid cards.
A Washington state official spoke of the need to make “continuous improvements” to data security and reliability in light of the attacks discovered. Hopefully, your organization doesn’t need a nine-digit alarm clock to get you out of complacency. While shocks like the coronavirus can occur once in every hundred years, gradual changes in global financial and economic systems occur every day, and seemingly innocuous developments can spur these ever-inventive fraudsters to devise a new pattern.
The tools to reduce and mitigate fraud, for you and your customers, are there. Do your contact agents have up-to-date training? Have you updated the security of your interactive voice response systems? And have you considered any ways in which new developments in the world or in your industry could compromise data integrity?
Good security is an ongoing process, not a one-off event, but the experience of the pandemic has already proven how agile businesses can be. Stay alert, invest in experts and the best tools, and make sure everyone from your customer service agents and customers to your IT and back office team knows what to look for. Fraudsters can have means and motives, but you can stop them dead.