BID® Daily Newsletter
Jun 29, 2021

BID® Daily Newsletter

Jun 29, 2021

Four Strategies To Fight IVR Fraud

Summary: Does your institution use an interactive voice response system? Most do. While very effective at providing round-the-clock customer service, fraudsters are now using them to infiltrate customer accounts. Scammers love IVRs, so we explore four strategies to help you fight this type of fraud.

Do you remember the olden days when cameras were stand-alone devices that you had to lug around just in case you needed it? Well, since today is National Camera Day, we thought it was appropriate to remind you how far we have come with cameras. These days, it is easy to capture a picture — just pull out your smartphone!
Smartphones make everything easy, even actual phone calls. When a customer calls a financial institution (FI), they typically go through a phone tree and an interactive voice response (IVR) system. FIs have spent time and effort making IVRs more user-friendly for customers. But making IVRs more customer-friendly and feature-rich can also make them more vulnerable to fraud. An estimated 60% of online fraud starts with or includes a call to the IVR. In another survey, 37% of bank executives said they had seen evidence of fraud coming through their IVR system.
Why scammers love IVRs

The characteristic of IVRs that FIs find so appealing is the ability to handle large volumes of calls, any time of day or night. But that is exactly what makes IVRs so susceptible to abuse. Scammers can make hundreds of calls to an institution’s IVR, looking for a way to navigate into an account. They employ bots and robocalling to probe IVRs, testing thousands of PIN numbers until they find one that works. In other words, they try repeatedly to find a hook that allows them to impersonate a real customer. Oftentimes, they move from the automated responses to a live agent and try to trick the agent into revealing sensitive information – such as a security word like a dog’s name. All it takes is one slip and a scammer has the key to unlock an account they can loot. A break-in can also lead to more serious damage, if the cybercrook can get into other parts of an institution’s system.
Strategies for community financial institutions (CFIs) to protect themselves
  1. Improve monitoring of the IVR. You may be monitoring your IVR system, but with the growing fraudulent activity, you will need to step it up. Constant monitoring of IVR for signs of fraudulent activity like repeated calls from the same number or calls from a number that can’t be authenticated as real, can help a CFI spot a fraudster before he gets very far. 
  2. Use security solutions that are designed to spot fraud in IVR. These solutions should provide an umbrella of protection by identifying accounts being targeted by possible scammers and callers who may be mining for data, instead of seeking customer service. These should also analyze data in real-time and issue alerts about suspicious activity.
  3. Ensure agents who receive calls through IVR are trained in spotting suspicious calls and can respond. Fraudsters often enter through IVR and use bits and pieces of information to try to impersonate real account holders. Then they try to trick the agent into revealing more information about the account. Agents need to be educated so they don’t mistakenly fall for this.
  4. Make sure your institution’s IT security team is trained to act quickly in dealing with these security alerts. Specific protocols should be in place and tested, as with all others. 
IVRs can be valuable tools in a CFI’s ability to provide 24-7 customer service. But their durability in responding to customer calls can also present a security risk. Balancing customer ease of use with tight security is the key to an effective IVR.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

CFIs are Taking a Bite Out of Apple Pay’s Dominance
An Iowa credit union has filed a class-action lawsuit against Apple over features built into its phones that limit the payment options people can use outside of Apple Pay. We detail how the lawsuit could impact other big tech companies entering the payment space and the overall banking industry.
Self-Service Banking Is Here to Stay
Pandemic shutdowns accelerated the adoption of self-service technologies. Now, more and more customers at CFIs expect such services in both digital channels and inside branches. We explore some of the most popular DIY technologies.