Anonymous hacker in front of his computer. | iStock photo
Anonymous hacker in front of his computer. | iStock photo

Finding balance between customer access and security

Fraudsters are changing tactics partially due to the COVID-19 pandemic.

Companies must adapt, but they must also capitalize on increasing the quality of the customer experience for their legitimate customers reaching out to call centers, Pindrop CTO Collin Davis said.

There are different reasons fraudsters call into centers, Davis began.

The first one folks usually identify to use the information they have found online to steal from accounts. They guess your answers to common questions like a favorite movie or find your mother’s maiden name and try their luck.

Collin Davis

Davis explained that this is one scenario that presents businesses with multiple factors to consider.

Yes, they need ways to confirm the person they are speaking to is the one they are claiming to be. The questions have their place, but one study Davis has read found fraudsters to be better at answering a customer’s security questions than the average customer.

But the other side of that is how can those companies give their legitimate customers an improved experience when they call in?

In our current quick service mentality, security cannot be sacrificed, but the companies that can provide quick AND secure service have a clear differentiator over their competition.

API uses biometrics

One of the new areas Pindrop is working on is a developer-facing API that enables businesses to use biometric voice capability programmatically in any voice experience, Davis said.

He knows what he’s talking about. Davis joined Pindrop from Amazon, where he worked on its Alexa assistant. He said the lack of knowing who is speaking to the unit impedes its value.

“Unlike our mobile phones, where we do banking, and all sorts of things all the time because we are able to lock those devices to only ourselves, voice assistants are missing that capability,” Davis said. “And the API that we’re providing will help developers turn their voice assistants into something more personal and more secure.”

The unused potential of voice technology is one of the areas that most excites Davis, he said. Once the voice confirmation nut is cracked, they will be able to check calendars, read emails and conduct financials. It’s just beginning.

Davis said that the COVID-19 pandemic has changed how customers interact with a company’s call center. Instead of visiting a physical branch, more folks are phoning in. So are fraudsters, whose calling tactics are part of why fraud attempts against financial services companies have surged by 269 percent over the past few years, he explained.

Scammers might call in with information to see if they can get into an account to steal money. They may also be conducting reconnaissance by answering the questions to see if the information is accurate.

Query things like account balance

“They may also be able to query things like an account balance,” Davis said. “They might not be able to perform a wire transfer, but they can learn more information about that account. And then they will take the information that they have either validated or learned and use that to prioritize the high-value targets, and perhaps conduct fraud in a different channel like the web like a digital channel or something else.”

Davis said that some data on the ratio of fraudulent calls coming into contact centers during the pandemic is misleading. Before COVID-19, one in 770 calls was fraudulent. Now it is one in 1,100. Note that the volume of total calls has increased so dramatically that the fraudulent ones have too.

Wait times in many call centers have increased substantially, and fraudsters don’t like waiting either. That has led to a shift in strategy.

“We’ve started to even see scenarios where fraudsters don’t want to get to an agent in the customer contact center,” Davis said. “What they want to do is validate the information that they have and harvest new information, and if they do get sent to an agent, they will immediately hang up.”

One strategy Pindrop has found successful is sending identified fraudulent calls to a specially trained staff group dealing with them, Davis said. One large financial institution directs 550 calls each month to its team.

Open banking equals more data flow

As open banking becomes more prominent stateside, information will be more frequent in transit. Fraudsters also like to move around, and Pindrop combats this by maintaining a consortium of known bad actors that every client can access.

“As open banking becomes more mobile and more transient, maybe you may bank with multiple institutions and use different services for different reasons,” Davis said. “Having that notion of a consortium and having the ability to understand and catch fraudsters regardless of where they’re attacking, as long as we’ve seen them before, is an essential element to being able to prevent fraud.”

Davis cautioned that companies must be prepared for another critical issue is deep fakes. Fraudsters may want to sound like you or not sound like themselves if they believe their voice is captured in a security program.

Whatever the situation, Pindrop can determine if a voice is synthetically generated. They can also use the voice profile of an individual and grab only their voice while eliminating other voices and noises like barking dogs and street noise that impeded early industry efforts.

“If there are other people talking, if they’re in a crowded room, if it’s just a bad connection, we can still grab the information that we need in order to be able to provide a voiceprint,” Davis said.

“Something fraudsters often will do as soon as they get on the phone with an agent, they’ll turn on some speaker or some microphone that makes it sound like they’re driving or they’re in a crowded room, or there’s noise happening in the background. They do that to mask the books and make it harder for systems like this to capture them. 

“We’ve spent a lot of time and built a lot of science to be able to extract human voices from intentionally adversarial environments, and we’ve done this using the same voice profile technology.”

Voice confirmation not always best

Which factors are utilized for multi-factor authentication depends on the environment you’re operating in, Davis said. Voice is great when talking in a car or a home alarm system. In some cases, voice is enough, while in others, it forms the foundation upon which other techniques can be added.

“If I were a doctor talking to a patient and I wanted to make sure the patient was who they say they were and vice versa, I’ve got face, I’ve got a voice, those two things together create an excellent multi-factor story that’s also very natural for the for the goals,” Davis said.

“Other times, it might be a combination of voice and a fingerprint or a combination of a fingerprint and face or a palm. And what is important is having enough forms that you’re able to be able to identify the user or the customer in a secure and relatively easy way.”

While a clear focus must be on fraud detection, the other side of the coin is using the technology to provide superior customer experiences in today’s environment.

“We all know at this point that customer service and customer experience is going to drive loyalty, and the businesses that are really good at it, everyone knows who they are,” Davis concluded.

“It matters people really care about good customer service and being able to reduce friction, provide a personalized experience, and provide a friendly experience where people are recognized.

“It is a huge, huge opportunity.”

  • Tony Zerucha

    Tony is a long-time contributor in the fintech and alt-fi spaces. A two-time LendIt Journalist of the Year nominee and winner in 2018, Tony has written more than 2,000 original articles on the blockchain, peer-to-peer lending, crowdfunding, and emerging technologies over the past seven years. He has hosted panels at LendIt, the CfPA Summit, and DECENT's Unchained, a blockchain exposition in Hong Kong. Email Tony here.