BID® Daily Newsletter
Jun 29, 2021

BID® Daily Newsletter

Jun 29, 2021

Four Strategies To Fight IVR Fraud

Summary: Does your institution use an interactive voice response system? Most do. While very effective at providing round-the-clock customer service, fraudsters are now using them to infiltrate customer accounts. Scammers love IVRs, so we explore four strategies to help you fight this type of fraud.

Do you remember the olden days when cameras were stand-alone devices that you had to lug around just in case you needed it? Well, since today is National Camera Day, we thought it was appropriate to remind you how far we have come with cameras. These days, it is easy to capture a picture — just pull out your smartphone!
Smartphones make everything easy, even actual phone calls. When a customer calls a financial institution (FI), they typically go through a phone tree and an interactive voice response (IVR) system. FIs have spent time and effort making IVRs more user-friendly for customers. But making IVRs more customer-friendly and feature-rich can also make them more vulnerable to fraud. An estimated 60% of online fraud starts with or includes a call to the IVR. In another survey, 37% of bank executives said they had seen evidence of fraud coming through their IVR system.
Why scammers love IVRs

The characteristic of IVRs that FIs find so appealing is the ability to handle large volumes of calls, any time of day or night. But that is exactly what makes IVRs so susceptible to abuse. Scammers can make hundreds of calls to an institution’s IVR, looking for a way to navigate into an account. They employ bots and robocalling to probe IVRs, testing thousands of PIN numbers until they find one that works. In other words, they try repeatedly to find a hook that allows them to impersonate a real customer. Oftentimes, they move from the automated responses to a live agent and try to trick the agent into revealing sensitive information – such as a security word like a dog’s name. All it takes is one slip and a scammer has the key to unlock an account they can loot. A break-in can also lead to more serious damage, if the cybercrook can get into other parts of an institution’s system.
Strategies for community financial institutions (CFIs) to protect themselves
  1. Improve monitoring of the IVR. You may be monitoring your IVR system, but with the growing fraudulent activity, you will need to step it up. Constant monitoring of IVR for signs of fraudulent activity like repeated calls from the same number or calls from a number that can’t be authenticated as real, can help a CFI spot a fraudster before he gets very far. 
  2. Use security solutions that are designed to spot fraud in IVR. These solutions should provide an umbrella of protection by identifying accounts being targeted by possible scammers and callers who may be mining for data, instead of seeking customer service. These should also analyze data in real-time and issue alerts about suspicious activity.
  3. Ensure agents who receive calls through IVR are trained in spotting suspicious calls and can respond. Fraudsters often enter through IVR and use bits and pieces of information to try to impersonate real account holders. Then they try to trick the agent into revealing more information about the account. Agents need to be educated so they don’t mistakenly fall for this.
  4. Make sure your institution’s IT security team is trained to act quickly in dealing with these security alerts. Specific protocols should be in place and tested, as with all others. 
IVRs can be valuable tools in a CFI’s ability to provide 24-7 customer service. But their durability in responding to customer calls can also present a security risk. Balancing customer ease of use with tight security is the key to an effective IVR.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

Keep Your Eye on AI in Your Hiring Process
AI can help you handle your CFI’s hiring process by efficiently finding qualified job candidates. Keep in mind, though, that it learns what you teach it. Plan to check AI’s results regularly, respond personally to the candidates you interview, and keep the data AI gathers secure.
The Gap Between Tech Enthusiasm and Actual Customer Use
A recent study by McKinsey found that bank customers voiced overwhelming support for digital transformation, with three of four saying they would be willing to try digital account opening. But only 15% said they had actually opened an account digitally. What accounts for this difference between thoughts and actions, and how can CFIs bridge the gap?