With call-center fraud rising, your voiceprint will authenticate you as a customer
Shriley Inscoe, senior analyst at market research firm Aite Group, says while the technology is still in its infancy, “most larger financial institutions” are now using voice biometrics in their anti-fraud campaigns.
According to Pindrop Security, one in every 900 calls to a credit card company is fraudulent, and financial institutions have seen a 30 percent rise in phone fraud since 2013.
Pindrop director of research David Dewey says call center fraud is on the rise because companies have invested significantly in securing their websites. As a result, he says, criminals shifted to easier targets such as call-in centers.
Armed with just a couple pieces of information, cunning fraudsters can pose as an accountholder and gain access to account information. From there, they can log into a cardholder’s account online to obtain a new card or make purchases. “It’s a lot easier to do than trying to write a virus or lines of code. It’s simple and frequently works,” he says.
Dewey says Pindrop is being used by three of the four largest banks in the United States and has so far analyzed 360 million calls with its Phoneprinting technology. The system creates a unique “phoneprint” of a call by analyzing 147 different characteristics such as frequencies, the type of phone being used and where the call is coming from.
Erica Thomson, a sales specialist at Nice Systems, an Israel-based company that provides voice analytics solutions for major financial institutions, says “Almost all major banks are using voice biometrics today.”
Nice uses more than 120 characteristics of a caller’s voice, including the tone, pace, pitch and even lung size and the thickness of the vocal cords. The company tracks these characteristics and creates a “print” of the voice to compare with the next time he or she calls. “It can recognize the voice with a unique digital print and accurately identify if it’s the person on the line,” says Thomson.
It can recognize the voice with a unique digital print and accurately identify if it’s the person on the line.
|\u2014 Erica Thomson|
Pindrop works in real time and immediately calculates a risk score for each call. Call center representatives then take the call or, if it’s suspicious, follow their company’s internal fraud procedures. If the call is deemed risky, some companies ask for more information to validate the caller’s identity and rule out any false positives. If they still can’t confirm the identity, the caller may be routed to a specialized fraud analyst. “We give the score with a level of risk. Companies have their own ways of responding” to suspicious callers, he says.
Inscoe says many companies that use voice biometrics aren’t making voiceprints of “good customers.” Instead, most rely on a database of recorded voices from previous calls that were determined to be fraudulent, which they then use as a blueprint to compare against future calls. Inscoe says many companies have also amended their pre-call disclaimers to say that callers are also being recorded for “fraud prevention.”
“It’s code for saying if you’re a bad guy they’re going to create a voice print for you. One firm was getting hammered and when they started using [voice biometrics], criminals figured it out and moved on,” says Inscoe.
Thomson says Nice is also being used for “whitelisting,” a process whereby a call-in center can validate callers’ identities simply by the sound of their voices.
Citibank launched a voice biometrics authentication project for its U.S. Citi-branded credit card holders in November 2015 to automatically verify the customer’s identity within the first few seconds of a call. Andrew S. Keen, Citi’s chief administrative officer of global consumer operating functions, says more than 430,000 customers have enrolled in the program as of mid-March 2016.
“It can save time. We move from a ‘who are you?’ experience to ‘how can I help you?'” says Keen.
|VOICES: YOUR NEXT PASSWORD?|
|While voiceprints are used today at call centers, they are also being rolled out as an authentication tool for authorizing payments and other interactions with credit card issuers.|