How stolen data enables criminals to target call center by dialing for dollars

Every day another cybersecurity breach gets revealed. While those breaches are clearly a cause for concern one of the reasons the hue and cry surrounding them is not as loud as it should be is the general public doesn’t often see how that data gets employed by cybercriminals to launch attacks directly against corporations.

A report published this week by TRUSTID, Inc., a unit of Neustar company that provides IT services, sheds some light on just how big a problem all the lost data really is. The report details how cybercriminals are using the details they gather from all that stolen data to commit fraud. Specifically, the report describes how cybercriminals use personal information to fool call center representatives into thinking they are a legitimate customer. The client information stolen via data breaches is used to correctly answer identity-interrogation questions that call center representative routinely ask to confirm identity.

This type of fraudulent activity is also getting more sophisticated. The report notes criminals attempting account takeovers are increasingly shifting from traditional call spoofing (32 percent) techniques to computer-based services such as Skype to bypass the spoof-detection systems that most call centers have in place.

The challenge organizations face is they need to very careful concerning how authentication controls are put in place. Customers don’t appreciate when organizations implement a lot of security control mechanisms that get in the way of the task at hand. A full 54 percent the 134 contact center managers, customer experience leaders, IT professionals and fraud managers surveyed by TRUSTID want authentication completed before the call is answered. Not surprisingly, 46 percent of respondents say they are “somewhat” or “very” unsatisfied with their current authentication process. On the plus side, over three quarters (75%) said they believe it is possible to prevent account takeovers without impairing the customer experience.

Overall, the top three priorities ranked by survey respondents are quick and easy customer enrollment (91%), Improved fraud detection (91%) and increased authentication accuracy (90%). Alas, interest in two-factor authentication as a means of achieving those goals remains low. Only 17 percent of survey respondents plan to replace traditional authentication mechanism with two-factor authentication.

Of course, when it comes to call center cybersecurity most organizations find themselves in a bit of a quandary. They desperately want customers to share as much information as possible. But if customers become more aware of the fact that call centers are now a primary target for cybercriminals, many of them will become less inclined to share that data. As a result, many organizations prefer not to let it be known how often cybercriminals are trying to access, for example, financial accounts using compromised credentials. Criminals trying to commit that type of fraud may not be able to reverse engineer the credentials for every account using stolen data, but it’s clear they are enjoying enough success to continue to make it worth their while.

The root cause of the problem, of course, is the stolen data employed to compromise those credentials. So long as stolen data is readily available there’s no real reason for criminals to stop dialing for dollars.