The rollout of EMV, the global standard for credit and debit payment cards based on chip card technology, is accompanied by increased card not-present (CNP) fraud – but banks can reduce losses using voice biometrics in the call centre.
According to Steve Williams, vice president and global practice leader of identity analytics at Verint, CNP fraud has more than doubled in the UK and Canada following the EMV migration and spiked more than 200% in Australia.
He says the uptick is logical given that counterfeiters will always find another channel to display their fraud talents. “Banks are asking if they protect against the surge in CNP fraud. The answer is yes, given timely new findings in the call centre of all places. As online security has tightened, fraudsters are exploiting the call centre for easy access to information.”
Williams says companies are finding that online fraud (the bulk of CNP fraud) often includes a phone call by the fraudster. “Here’s how it happens. A professional fraudster buys stolen card and identity information on the black market. The goal is to make online purchases – this is often the bulk of CNP fraud. To maximize purchases, the fraudster wants to know the card’s available credit limit. This helps avoid overcharges, so the customer isn’t alerted to extreme use.
“Logging into the account online is too difficult. But it’s easy to ask the call centre questions since it has access to the card and personal information (for example, date of birth, social security number) to answer security questions. So they call the bank, pretend they’re the account holder, and learn the available credit. Armed with this data, the fraudster then ‘goes to town’ and starts making online purchases with the stolen card information,” says Williams.
In summary, fraudsters often call the bank or card issuer to check the available credit on stolen cards before making fraudulent purchases online. They may also request additional things like a credit increase or pre-clearance for a big purchase. These are considered “support” calls for CNP fraud.
“The good news is this discovery gives banks a new way to protect themselves. Forward-thinking banks are building a database of known fraudster “voiceprints” in the call centre with a new generation of voice biometrics. Passive voice biometrics can collect and examine a caller’s voiceprint in the background of a normal call (no passphrase required).
By screening live calls against the fraudster database, banks can detect fraudsters by voice, even on innocuous calls like available credit inquiry. When a known fraudster’s voice is detected, banks can flag the customer account as possibly compromised. This all happens in the background and is unknown to the fraudster. When the fraudster then attempts CNP online fraud, the account is on high alert and the bank can reject the transaction.
“Large banks and card issuers that have deployed a passive voice biometric solution have seen a reduction in fraud losses. Detecting fraudster calls by voice is an effective way to pre-emptively flag compromised accounts and deter fraud. Like the sport of martial arts, banks can turn their call centre from prey to predator to reduce CNP fraud.”
Williams says, overall, while EMV credit cards may be more secure for protecting “brick and mortar” credit card transactions, fraudsters are using the call centre as a way in and call centres have unwittingly become part of the online CNP fraud lifecycle.
“By using passive voice biometrics to recognize a fraudster’s voice during a support call, banks can stop CNP fraud, protecting their customers and their institution from theft. And, while CNP fraud may be a side effect of the EMV migration, we now know that banks have a way to stop it,” he adds.