REPORT VOICE INTELLIGENCE - A review of fraud, the future of voice, and the impact to customer service channels - Pindrop
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
VOICE INTELLIGENCE REPORT A review of fraud, the future of voice, and the impact to customer service channels
2019 VOICE INTELLIGENCE REPORT
EXECUTIVE
Imagine a world without passwords or secret questions that get
you access to an account or device.
OVERVIEW Imagine a world that instead relies on an “authentication
method” that’s always been a part of you—your voice.
Now imagine a world where your voice—a part of you—gets
This Voice Intelligence used by fraudsters to access your accounts, steal your personal
Report will: information, and control your devices.
Examine the consequences While exciting to think about where voice is headed, our
from a business and
consumer perspective of technological advances quickly turn to nightmares if we cannot
falling behind on voice provide security to consumers. This is something we need to
security in the conversational
economy. address. Now.
Examine the security Why? During the next few years, voice will become the dominant
risks introduced by voice
technologies as well as the interface across the Internet of Things as a world full of smart
impact of poor security to speakers, smart offices, and smart cars continue to propagate.
businesses and consumers.
In 2016, Gartner predicted that a growing number of searches
Examine current voice fraud (30 percent) would be screenless by 2020. We are now stepping
rates across industries and
provide an update about the into that reality. While only 28 percent of businesses in 2018
latest voice fraud tactics used used voice technology to communicate with customers, 83
by criminals.
percent planned on using voice technology to communicate
Provide guidance to
businesses looking to with customers in 2019.[1]
improve customer service
without sacrificing voice It’s no surprise then that companies are aggressively deploying
security. voice technology while consumer adoption continues to climb
Outline the consequences as people embrace digital assistants and voice activity through
of poor customer service
related to voice security connected devices. The ultimate endgame? All those speakers,
for both businesses and phones, apps, smart devices, cars, and offices will identify you
consumers.
by your voice regardless of platform or brand.
Welcome to the conversational economy.
However, hurdles exist along this road. Many are related to
technology. Computational resources. The right infrastructure
needed to support these resources. The promise of 5G providing
a breakthrough in edge computing. Privacy issues preventing
the sharing of information needed to verify a person’s identity.
Many hurdles are also societal. Businesses now face a multi-
generational customer base with broad-ranging levels of
expectations and spending power. Increasingly, businesses are
expected to provide an excellent customer service experience
pindrop.com | 866.245.4045 | info@pindrop.com 2
2019 VOICE INTELLIGENCE REPORT
whether their customers are members of the Silent Generation,
Baby Boomers, Gen Xers, or Millennials. Each generation has
specific tastes, needs, and capabilities when using technology—
and the same will hold true with evolving voice technologies.
To avoid abandoning a large segment of customers, businesses
must face the challenges of delivering a customer’s preferred
experience no matter their generation.
Despite these hurdles, organizations are increasingly
implementing voice technology to gain a competitive advantage.
Forrester research shows a correlation between customer
experience and stock performance, and a Walker study indicated
that customer experience will become more important as a key
brand differentiator than even price or product. For example, a
large bank that works with Pindrop has a high net worth client
base because many of their clients have reached retirement. As
a long-term growth strategy, this bank is actively improving their
customer experience with voice technology in hopes of drawing
in their clients’ children and grandchildren.
These efforts to streamline processes using voice technology
may create a seamless customer experience but it also introduces
security risks that can result in data breaches that negatively
impact a company’s revenue and reputation. As with many
technological advances, security is sadly often an afterthought.
As more businesses join the conversational economy to remain
at the forefront of their industries, it becomes more important
to ensure that security is incorporated right from the beginning
in the design and deployment of voice technology.
Because many organizations adopt “the customer is always
right” mentality to provide the best experiences for customers,
increasingly sophisticated criminals exploit customer service
representatives with social engineering tactics and gain access
to private accounts. As organizations augment digital security
with the latest technologies, hackers understand that targeting
company employees—especially through the call center—is
the most effective and least expensive way to commit fraud.
If they are to leverage voice to improve customer experience,
companies will need to strike a balance between improving
internal security hygiene and delivering exceptional customer
service.
pindrop.com | 866.245.4045 | info@pindrop.com 3
2019 VOICE INTELLIGENCE REPORT
MACRO TRENDS IN VOICE
The growing conversational economy and increased demands for better customer experience are
helping spur the evolution of voice interfaces. Concurrently, fraudsters are taking advantage of this
rapid technological evolution by exploiting voice channel security gaps through both classic and
cutting-edge social engineering tactics.
CONVERSATIONAL ECONOMY
As the conversational economy continues to percent of all customer interactions are by voice.
grow, voice will become the dominant interface For perspective, there are 10 times more call
for its communication and transactions. What do center agents than Uber, Lyft, and taxi drivers
we mean by the conversational economy? This is combined, and 10 times more voice assistants
an economy driven by interaction. Currently, that than call center agents.[2] Research indicates that
means always-on internet connectivity, access to voice-based ad revenue could reach $19 billion
products and services anytime/anywhere through by 2022, thanks in large part to the growth of
a plethora of devices, and platforms that allow voice search apps on mobile devices.[3] And
people to engage directly with businesses and one estimate suggests that voice shopping will
other consumers. Businesses already participate increase from a $2 billion industry in 2018 to a
in the conversational economy when they $40 billion industry in 2022.
immediately respond to customer complaints
on social media, engage with prospects through Specifically, the adoption of voice assistants
and voice activities is also starting to
chatbots, or provide seamless omnichannel
really accelerate. Over 25 percent of
buying experiences for customers across physical
the US population has access to a smart
stores, the internet, and the phone.
device, and a large percentage of people
Why has voice become so popular with anticipate more voice interactions going
consumers? Ease. Voice is the most natural form forward (such as on cell phones or using
of communication and the first one we learn voice assistants for shopping).[4] Voice
how to use, and it’s ironic that technology has tasks encompassing a variety of situations
only just now caught up to the rich intricacies of will increase in adoption over the next 18
months and especially over the next five
voices. Now that computing resources, internet
years—for inside the home, outside the
bandwidth, and technological innovation
home, and work tasks.[5]
can handle voice well, we predict that voice
applications have become the current gold
rush—just as we saw a gold rush with touch-
enabled devices (starting with the iPhone)—and
spawn an entirely new economy.
Voice already dominates customer interactions
and grows exponentially each year. Currently, 78
pindrop.com | 866.245.4045 | info@pindrop.com 4
2019 VOICE INTELLIGENCE REPORT
CONVERSATIONAL ECONOMY
Consumers are seeing the benefits of voice as it simplifies their lives, gives them more free time,
keeps them better informed, increases efficiency, removes barriers, and improves communication.
INSIDE THE HOME: 18 MONTHS TIME
Currently using my voice Will do in next 18 months
56%
53%
50% 49%
44% 43% 43% 43%
23%
24% 33%
25% 25% 30% 30% 30%
29%
26% 25% 25% 26% 26% 26%
21%
17% 22%
21% 20% 17% 21%
33% 18%
29% 25% 13%
24%
18% 18% 18% 17% 13% 11% 9% 9% 9% 9% 8% 8%
Conduct an Check the Play/control Dial numbers Check Conduct life Help with Operate Use as child Manage my Book travel Make Bank online Order Operate my Make
internet weather or music or radio on my smart transport admin cooking technology entertainmen t home purchases groceries car purchases
search news via a smart phone timetables or below over £/$/€30
device situation and £/$/€30
help navigate
BASE TOTAL: 4057
Q6 Think about some of the devices you could potentially control and interact with using your voice in your home;
which actions do you do today and/or plan to be doing in the next 18 months and in 5 years’ time?
INSIDE THE HOME: 5 YEARS TIME
Currently using my voice Will do in next 18 months Will do in 5 years’ time
72% 70% 68% 66%
63% 63% 63% 64%
16% 58%
17%
18% 17% 51% 52%
19% 20% 20% 21%
45% 47%
43% 44%
23% 25% 40%
24% 21% 22%
25% 25% 15% 18%
17% 18%
26% 25% 25% 26% 19%
17% 22%
21% 20% 17% 21%
33% 18%
29% 25% 13%
24%
18% 18% 18% 17% 13% 11% 9% 9% 9% 9% 8% 8%
Conduct an Check the Play/control Dial numbers Check Conduct life Help with Operate Use as child Manage my Book travel Make Bank online Order Operate my Make
internet weather or music or radio on my smart transport admin cooking technology entertainmen t home purchases groceries car purchases
search news via a smart phone timetables or below over £/$/€30
device situation and £/$/€30
help navigate
pindrop.com | 866.245.4045 | info@pindrop.com 52019 VOICE INTELLIGENCE REPORT
However, consumers still have a high distrust of
voice-activated technology—using it for low-value
ZELLE: PEER 2 PEER PAYMENTS APP
versus high-value purchases. Today, consumers
mostly use voice in the home for low risk “As consumers become increasingly
interactions and simple tasks, but we are seeing a accustomed to splitting dinner checks,
gradual evolution of more complex use cases and paying for their coffee and hailing an
higher-value purchasing behaviors. Ultimately, Uber without touching paper money,
people want to use voice to manage their lives, banks are rushing to stake their
become more efficient, and remove barriers to claim on the wallet of the future.”
productivity. That includes the workplace where
OWNED BY BANKS, INCREASING IN
voice adoption has so far been low. However,
while voice has gained the least traction in the POPULARITY, BUT HIGH IN FRAUD
workplace, the pace of change is expected to pick “…Items bought from an on-line
up. bidding or sales site, we recommend
As voice interfaces become ingrained into our you do not use Zelle for these types
lives at nearly every point in our homes, cars, and of transactions. These transactions are
even offices, businesses and IT leaders predict potentially high risk. Neither Zelle nor
that the use of voice technology will grow three the participating financial institutions
times in the next 12 months. They anticipate this offer a protection program for any
technology will enable cost savings, increase purchase or sale conducted using Zelle.”
customer satisfaction, and become a competitive
advantage. However, voice is also the least
secure interface—and companies cannot assume “The con was elaborate. First, a
customers prize convenience over security. Most phishing email that appeared to be
customers are concerned about businesses from Wells Fargo tricked her into
keeping voice-acquired data safe, misusing data, entering her bank ID and password into
or failing to combat fraud. a fraudulent website. The next day, Ms.
According to PaySafe, “53 percent of consumers Butler got a call that appeared to be
believe that voice-activated payments are quicker from Wells Fargo’s fraud department.
and more convenient than traditional online The number she saw displayed on
payment methods, but only 37% feel comfortable her phone screen matched the phone
that their financial details remain secure when number on the back of her bank card —
making a payment via a Smart Home device.” but it wasn’t her bank on the other end
Succeeding in the conversational economy also of the line. The call had been spoofed.
means overcoming challenges with voice such as The caller tricked her into handing over
securing it, allaying privacy concerns, copying and one-time passcodes that provided
relaying voice accurately, and recognizing slang, access to Zelle, which was then used
mumbling, or regional accents. If enterprises want to make six transfers from her account,
to leverage cost savings, customer satisfaction ranging from one penny to $999.98.
benefits, and competitive advantages from voice, Wells Fargo refunded Ms. Butler for
they must address voice application security to her loss.” -New York Times, April 2018
help encourage adoption.
pindrop.com | 866.245.4045 | info@pindrop.com 62019 VOICE INTELLIGENCE REPORT
CUSTOMER EXPERIENCE
As companies move to compete on customer Societally, customer experience also represents
experience as a strategic imperative, it has a significant challenge as we now live in an age
become a top priority for a large percentage where at least four generations—the Silent
of enterprises. We see customer experience Generation, Baby Boomers, Gen Xers and
as the next revenue battleground. By the year Millennials—are all potentially a target for some
2020, customer experience will overtake price enterprises. Each generation demonstrates
and product as the key brand differentiator. patterns of tastes, needs, and capabilities when
[6]
And by 2022, digital businesses with great using technology. For example, will the Silent
customer experience will earn 20 percent more Generation know how to use a voice assistant to
revenue than comparable businesses with poor confirm their healthcare benefits? Would that tool
customer experience.[7] Among competitors with work better than a web portal? What happens
similar products that solve the same problems, when a retiree doesn’t have a smartphone to
consumers will ultimately choose the company receive an SMS text, or doesn’t know how SMS
that provides the most thoughtful experience. texting works?
However, more demand for better customer The challenge for enterprises is not to ignore
experience causes more customer churn. Over one segment in favor of another but to market
90 percent of consumers answered a survey to all of them without isolating a specific
saying that three or fewer bad experiences would generation. If Baby Boomers expect someone
lead them to seek out another business—with 25 to answer their call 24/7 while Millennials want
percent saying they would do so with just one to serve themselves without talking to anyone,
bad experience[8] Consumers are now willing to how will companies serve both of their needs?
pay more for a better experience and prioritize If Generation Z prefers biometric authentication,
personalization over speed—moving ahead of are companies ready to meet their expectations?
price and product as key factors in their buying Despite predictions about the demise of phone-
decisions and brand loyalty. based customer service, it remains the number
one choice of nearly half the population.
Percentage of Each Generation That Prefers Phone-Based
Customer Service over All Other Forms of Customer Service “The other day I called my computer
helpline, because I needed to be made
RETIREES (70+) 80% to feel ignorant by someone much
younger than me, and the boyish-
BABY BOOMERS (55-69) 65%
sounding person who answered told
me he required the serial number on
my computer before he could deal with
GENERATION X (35-54) 50%
me. …We haven’t been talking four
seconds and already I can feel a riptide
MILLENNIALS (25-34) 40%
of ignorance and shame pulling me out
into the icy depths of Humiliation Bay.”
GENERATION Z (18-24) 36%
– Bill Bryson Silent Generation / Retiree
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
pindrop.com | 866.245.4045 | info@pindrop.com 72019 VOICE INTELLIGENCE REPORT
A changing customer base across multiple AI (such as through chatbots and voice assistants)
generations means changing customer to provide personalized and real-time attention
experience preferences. Ignoring the newest for customers.
preferred platform, growing market segments, or
Near Term - Point Solutions
the need to factor security into decisions about
customer experience will become detrimental to Just starting to emerge, these solutions include
companies. Many companies still prioritize speed areas such as keyless home security (requiring
to market and may ignore how accommodating voice unlocking and identity matching) and smart
market preferences implicitly involves security. speakers (requiring invoking voice applications,
Customers assume security on the part of the identifying voice, and verifying devices through
provider. Part of a customer’s brand experience voice). Keyless home security that relies on your
is trusting that their account, information, and own voice instead of traditional keys is already
activities are protected from data breaches and in development. Smart speakers will likely
bad actors who could use that data unethically. experience growing pains, but we already see
numerous digital assistants from Amazon (the
The evolution of customer experience related
market leader), Apple, Samsung, and Bank of
to voice transactions will go through three
America dominating the market while the list of
important stages from now into the future:
products continues to grow.
Today - Contact Centers and Voice Assistants
During this time, voice commerce (vCommerce)
Today, voice as a part of customer service will also grow as consumers use voice more as they
primarily exists through contact centers for most shop with digital assistants. Voice authentication
businesses. Customers call into contact centers (such as a second factor of authentication
to make purchases and resolve customer service at an ATM) will emerge alongside biometric
issues with the help of IVRs and customer service authentication such as facial recognition.
representatives (CSRs). Companies also leverage Consumer devices that already use voice include
pet feeding devices, nursery sleep monitors,
umbrellas, refrigerators, microwaves, and ovens.
Even government is evolving its These types of point solutions will continue to
customer experience. The beta version proliferate until a standard or popular platform
of an Alexa skill developed for the for identity is established.
City of Los Angeles offers information Future - Ubiquitous Authentication
about public events, and the city plans
Eventually, we are headed toward the smart home,
to connect 311 services to the skill in
connected car, and the smart office - integrated
the future. Mississippi and Utah are
solutions spanning devices that are all powered
also developing skills for Alexa, and at
by voice. For example, cars currently respond
the federal level the GSA’s Emerging
to voices but soon will become the key to your
Citizen Technology program is exploring car. All voice scenarios will start to connect. The
solutions for making government same authentication and security enjoyed today
services available via digital assistants. in call centers will be inside digital assistants and
authorize the use of a vehicle.
pindrop.com | 866.245.4045 | info@pindrop.com 82019 VOICE INTELLIGENCE REPORT
VOICE FRAUD AS AN ARMS RACE
Where companies see To say we’re not ready for
economic opportunity with the these advancements is an
conversational economy and understatement. With more
improved customer experience, than 70 security categories,
fraudsters see economic digital channel cybersecurity If customer service
opportunity. $14 billion is lost receives an average spend of reps are the current
annually to fraud, and 41 percent $11.7 million from companies way of combating
of consumers blame brands for while overall spend will increase voice fraud, then how
fraud.[9] On the horizon, we see to $1 trillion by 2021.[10] will we prepare for
the threat of deepfakes and Meanwhile, protecting voice sophisticated fraudster
AI-generated voice helping transactions in the contact tactics that continue to
fraudsters become even more center essentially falls to the call rapidly evolve?
sophisticated at exploiting the center CSRs—resources skilled
voice channel to effectively in customer service but may
steal identities and access not be great fraud detectives.
accounts. After all, he makes $15 per hour
and fights fraudsters with a list
of questions.
FRAUD RATES, TACTICS, AND TRENDS
Reducing fraud and increasing security affects the success of the conversational economy and
customer experience. Because voice fraud skirts the “superhuman” cybersecurity applied to the
digital channel, fraudsters prefer to use social engineering tactics that easily get past a contact
center representative
Let’s look at current fraud rates, explore the “why”s behind the data, and look at some concerning
fraud trends.
FRAUD RATES
Fraud rates in call centers have skyrocketed over the past few years, and we reached another peak
in 2018. The 2018 fraud rate is 1 in 685, remaining at the top of a five-year peak. We will likely
see this peaking trend continue for years to come as fraudsters make fewer attempts but exploit
companies for bigger losses as fraud becomes more effective over time.
Just like any industry that uses continual improvement processes like consumer electronics and
automobiles, each generation gets improved over time.
pindrop.com | 866.245.4045 | info@pindrop.com 92019 VOICE INTELLIGENCE REPORT
Over the last four years, phone channel fraud has increased 350 percent. Pindrop® Labs estimates
that 90 voice channel attacks occur every minute in the U.S.
CALL CENTER FRAUD RATES SPECIFIC TO EACH INDUSTRY
1/638
1/687
• Insurance 1 in 325 fraudulent calls
1/796
• Retail 1 in 755 fraudulent calls
• Banking 1 in 740 fraudulent calls
• Card issuers 1 in 1,742 fraudulent calls
1/2200 1/2000
1/2900 • Brokerages 1 in 7,500 fraudulent calls
• Credit unions 1 in 1,339 fraudulent calls [KH1]
2013 - 2014 2014 - 2015 2015 - 2016 2016 - 2017 2017 - 2018 2018 - 2019
Fraud is increasing and staying at these peaks phone number on the account and then receive
across all industries for many serious reasons. the OTP on their own phone.
Repercussions from data breaches: The amount Fraudsters getting smarter and working less
of information available on the dark web from for more payoff: As fraudsters grow more
data breaches effectively renders knowledge- sophisticated, they use more targeted social
based authentication (KBA) obsolete. The engineering attacks for bigger payoffs. They
US remains a favorite target of
fraudsters because Social Security
numbers (SSNs), often used to
verify identity over the phone, are With an explosion of omnichannel payment
now very easily accessible. We
are unable to change SSNs, so as options, fraudsters exploit retail call centers
long as institutions rely on them, to take over accounts with information
fraudsters will succeed.
accessed from past data breaches and
Consumers not following security
dark web research. Peer to peer apps such
best practices: Consumers share
passwords between friends and as PayPal, WhatsApp, Zelle, Apple Pay,
coworkers at an alarming rate. and Venmo are also exploited as part of a
In addition, consumers often
choose weak passwords and call center attack.
KBA questions while not paying
attention to cyber hygiene.
For example, previously used
plan more, rely on information acquired on the
one-time passwords (OTPs) over mobile are
dark web, and go after large amounts of money.
easily acquired through social engineering as
a fraudster pretends to be the bank. They talk The “why” boils down to success. If fraudsters can
to the victim while another fraudster initiates succeed, they will continue. And weaknesses in
the OTP, pretending to be the customer on the the call center encourage fraudsters to continue
phone with the bank. Or, they may change the committing voice fraud.
pindrop.com | 866.245.4045 | info@pindrop.com 102019 VOICE INTELLIGENCE REPORT
LEARNING TO THINK LIKE A FRAUDSTER
THE FRAUD BIBLE
Have you ever wondered where - and
how - fraudsters learn how to do what
they do best? A new publication,
The Fraud Bible, is here to answer all
your questions - and unfortunately
share the means of becoming a criminal.
From a consumer mindset, this bible will
offer insight into the ways fraudsters take
advantage - but from a fraudster mindset, it is only a starting point.
Regardless of how it appears, this guide is more sinister than a first glance may
allow. Though gaining immense traction this past week, over six months have
passed since the Fraud Bible was originally released. Inside, there’s there’s
information on everything from counterfeiting to creating fake IDs, bitcoin and
giftcarding. These shared fraud tactics and methods are criminal offenses, yet
in a format of a guide found on the internet, it looks more and more like non
criminal activity.
My next question is how do you find this criminal guide? A quick Google search
will get you there - some with promises of a free download, others costing
you hundreds of dollars. And with it, there are over 14,000 files making up 35
gigabytes. These files are in highly specific named folders, which gives us an
insight to how detailed fraudsters are in their methods of committing fraud - and
how they target their victims.
We have seen fraud rise 350% over the past five years. Is the Fraud Bible
responsible? Not solely - but it has definitely contributed. As fraudsters begin to
become more intertwined with one another, and as there is more communication
between who fraudsters are targeting and the ways they are accomplishing this,
the fraud rate will continue to rise.
pindrop.com | 866.245.4045 | info@pindrop.com 112019 VOICE INTELLIGENCE REPORT
CALL CENTER WEAKNESSES
Fraudsters are always playing a cat and mouse game by asking for different information when they
call into contact centers. Originally, fraudsters used available credentials to take over accounts and
focused first on banks. As banks eventually shored up their security (such as with Chip and PIN),
fraudsters started to look at other industries and developed techniques specific to those industries.
Any industries currently overlooked by fraudsters will become targets as fraudsters exploit industry-
unique contact center security vulnerabilities.
Today, fraudsters can now overcome formerly effective security measures such as the one-time
password (OTP), knowledge-based authentication (KBA) questions, and Automatic Number
Identification (ANI).
Six ways that contact centers currently enable fraud through poor voice security include:
1. Password Resets: As one of the most common 4. Credential Stuffing: With so many account
scams, fraudsters request a new password, posing credentials such as usernames, email addresses,
as a target victim, and then use the changed and passwords stolen and leaked after many
credentials to log into accounts. If a fraudster major data breaches, fraudsters use automated
has the right credentials, they can easily reset a programs to attempt online logins. Once they
password through the call center. hack into an account, they can use the information
found there to commit additional fraud over the
2. Reconnaissance and Account Mining: Call
phone.
center IVRs and CSRs offer a wealth of information
to fraudsters. Without needing to commit a crime, 5. Account Takeover: As one the most common
fraudsters conduct reconnaissance to learn how fraudster practices, fraudsters take control of the
best to execute a targeted attack. account and change phone numbers, passwords,
and other information—allowing them to make
3. Social Engineering: Contact center
unauthorized transactions in another person’s
representatives are especially vulnerable to
name.
social engineering. Fraudsters know how to
psychologically manipulate people, exacerbated 6. Synthetic Identities: Synthetic identity fraud is
by CSRs feeling pressure to give the best the fastest growing financial crime in the United
customer experience. When the customer is States. AI now exists that creates convincing
always right, it’s difficult for CSRs to lean on the video from one photo and synthetic audio from
side of vigilance. less than a minute of speech.
Despite knowing the deficiencies of KBA questions, enterprises still use them and they remain a
big role in authentication. When authentication methods fail, enterprises use KBA questions as a
fallback—and bad actors are well prepared to answer. And even with security involving “something
you have” (such as a smartphone), there are ways for a fraudster to get around this multifactor
authentication obstacle. OTPs, push notifications, and other forms of multifactor authentication
are vulnerable to SIM swapping, cloning, and telecommunications account takeovers.
It’s true that voice (“something you are”) is a great method of authentication because fraudsters
pindrop.com | 866.245.4045 | info@pindrop.com 122019 VOICE INTELLIGENCE REPORT
have much more difficulty compromising it. But even voice is not foolproof. Research has also
shown that voice recognition technology can skew toward white males—with results more
accurate with them than women or non-white males.
These problems aren’t just impacting your call center—they also impact the security of your
digital channel. Fraudsters use call centers as a jumping off point to get further into target
accounts by resetting passwords, changing shipping addresses, performing reconnaissance on
target accounts, and testing which agents they can manipulate. Weaknesses in the call center
compromise other channels.
HOW FRAUDSTERS ARE ATTACKING
FRAUD TACTICS AND TRENDS
Here are some of the many ways that
Fraudsters evolve their tactics to take advantage fraudsters can attack your call centers.
of call center weaknesses. These are some of the
•
Calls and acts extremely nice, getting the CSR on
top fraud tactics we are seeing. their side by commiserating with their struggles so
that authentication controls are not used.
RETIREMENT AND ELDER FRAUD ABUSE
•
Spoofs bank’s ANI, calls customer, and obtains
Retirement funds are now a huge target for PIN. Then, spoofs customer’s ANI, calls the bank,
fraudsters. After banks and payment providers and uses PIN to authenticate.
started shoring up their phone channels, fraudsters
•
Spoofs bank’s ANI, calls customer, and obtains PII.
Then, spoofs customer’s ANI, calls the bank, and
sought out adjacent targets such as pension uses PII to authenticate.
providers and retirement firms. Retirees and elder •
Uses call forwarding to receive outbound call
individuals come from a more trusting generation made from bank to verify outgoing wire transfer.
and are a ripe target for fraudsters. •
Enlisting elderly mules to open accounts in bank
branches. New accounts are used for fraudulent
Required Minimum Distribution plans are a special Zelle transactions.
target for hackers. Typically, these accounts have •
Pretends to be from a bank and asks for verification
large balances—often in the six or seven figures. of funds on a checking account.
To withdraw those funds, a particular fraud ring •
Spoofs financial institution and victim’s numbers to
obtain OTP code from the victim and successfully
could obtain the appropriate download forms
verify the OTP code with the financial institution on
from a company’s website and use the call center the other line. Activity proceeded by high dollar
to complete the fraudulent transaction(s). gift card purchases at Walgreens and Publix.
•
Targets personal loans for a business by getting
Fraudsters are also using the elderly as mules to fraudulent applications approved through the
open new accounts, which then are used in peer to interception of an OTP by spoofing, ANI porting,
and SIM swapping.
peer payments. Again, the elderly can be trusting
•
Calls into call center requesting new cards to be
and in need of employment in their retirement
sent to the customer’s home address. Fraudsters
years if they don’t have enough savings. They then use USPS’s Informed Delivery service to
intercept the card in the mail.
can be deceived into thinking they are working
pindrop.com | 866.245.4045 | info@pindrop.com 132019 VOICE INTELLIGENCE REPORT
a legitimate job when they are actually passing
money and goods illegally to help transfer and
launder money for fraudsters.
As the population ages, the number of consumers
FRAUDSTER PROFILE reaching retirement age is growing—presenting
MARK TWAIN more victims to fraudsters. Elder abuse has been
This fraudster calls as a son cited by Pindrop customers as a growing problem.
and beneficiary of the policy Family members or caretakers can call on behalf
owner to obtain a death of the elderly, or even pose as the elder customer,
claim worth over $200,000. to make changes to an account, submit a claim,
The true policy owner lives in or cash out policies. According to the ICX 2019
another country and another Trend Report, “Senior citizens are more likely to
beneficiary (the wife) receives a have savings and own property, making them
letter from the insurer notifying an attractive target to criminals. And due to
the wife of her husband’s generational differences, many elderly people are
untimely more trusting than younger generations, making
demise and is them more susceptible to scams. According to the
provided the Consumer Financial Protection Bureau, financial
claim packet. institutions reported more than 180,000 suspicious
The wife and activities targeting the elderly, involving more than
owner call to $6 billion.”
state that the INSURANCE VOICE FRAUD INCREASING
policy owner
With insurance, the sums of money and stakes
is in fact still
of success go up. Fraudsters use fewer but more
alive.
effective tactics to steal this money. We have seen
a 248 percent fraud increase in insurance contact
centers. The current fraud rate for insurers (1 in
© PIN
7500) is still much lower than the overall call center
D RO
P, INC
fraud rate of 1 in 685, but the fraud exposure for
.
insurance is much higher. Life insurance policies
are typically a higher value target than a bank
account, and fraudsters attacking this space often
pindrop.com | 866.245.4045 | info@pindrop.com 142019 VOICE INTELLIGENCE REPORT
go after policies that exceed $500,000. During the
past year, one Pindrop insurance customer saw
attempted fraud loss average go from $5,000 to
$500,000.
In the insurance industry, IVRs are highly at risk for FRAUDSTER PROFILE
data mining and reconnaissance, and ineffective DUO DUO
KBA questions do not work to deter fraudsters.
This fraud ring uses
For example, the “Policy Marm” fraudster phishes
two fraudsters. The first
through the phone channel to get information
fraudster contacts the bank
about insurance policies and 401k plans, gains
impersonating the intended
intimate knowledge about the rules and processes
victim and gets the bank to
involving large withdrawals, and pretends to be
initiate sending a OTP to
an elderly female to gain the trust of call center
the phone
agents.
number on
The insurance industry’s shift to digital business file through
channels, both for customer onboarding and SMS. At the
claims submissions, has further exacerbated same time,
these problems by making it easier for criminals the second
to create fake identities and perpetrate fraud. fraudster calls
According to the FBI’s website, the total cost of the intended
insurance fraud (excluding health insurance) is victim
estimated to be more than $40 billion per year. posing as the bank and tells
That means insurance fraud costs the average U.S. them for security purposes
family between $400 and $700 per year in the form they will receive an SMS OTP.
of increased premiums. The second fraudster now
passes the legitimate OTP
Common types of insurance fraud gaining
to his partner in crime, and
popularity with fraudsters include:
the first fraudster is able to
• Policy fraud: Policy fraud is the cashing out authenticate into the victim’s
of life insurance policies or taking loans against account.
them. Consumers check in with a life insurance
company infrequently, and fraudsters will use
that fact to their advantage. Sophisticated
pindrop.com | 866.245.4045 | info@pindrop.com 152019 VOICE INTELLIGENCE REPORT
fraudsters have a well-developed knowledge of
how to cash in a policy or loan without arousing
suspicion. They know the paperwork process
of the company they target and can pose as
an enterprise policy administrator as well as a
FRAUDSTER PROFILE
policy holder. The more process knowledge
FISHING CHIP
they acquire, the more they are able to socially
This fraudster targets a victim engineer the CSRs they encounter.
getting a new card or a business
• Claims fraud: Claims fraud involves the use
issuing new cards by using real
of counterfeit documentation and in-depth
time location tracking from the
knowledge about the paperwork process
telecom carrier and intercepting
to change the policy owner or beneficiaries.
the card while in transit. In more
Some fraudsters even go so far as to claim the
daring and brash attempts,
death of the policy owner to collect benefits or
fraudsters
redirect benefits of claims in process. This is a
intercept
less frequent occurrence than policy fraud but
corporate
still a high value target for bad actors.
cards and
replace the • Account Takeover (ATO): The most popular
EMV chip. and most frequent type of insurance fraud is
When the the account takeover. Fraudsters are looking
business to gain credentials to claim themselves as the
activates the owner of an existing account. From here, the
new cards as fraudster can make claims, change mailing
instructed, addresses, change beneficiaries, and even take
fraudsters out loans against life insurance policies.
use the stolen
Other types of fraud include true name fraud
chip to drain
(taking a person’s stolen credentials to open a
the accounts.
© PINDROP, INC.
new account), enrollment fraud (fraudsters calling
a person to steal information while pretending
they are enrolling them as a customer), and fraud
reconnaissance (calling CSRs and navigating IVRs
to collect information later used in fraud).
pindrop.com | 866.245.4045 | info@pindrop.com 162019 VOICE INTELLIGENCE REPORT
FRAUDSTERS CRACKING VOICE BIOMETRICS
While we already highlighted voice biometrics as vulnerable
if used in isolation , trends show that voice biometrics will
only increase in adoption. The boon of voice biometrics for
omnichannel customer experience, spurred by improved
voice biometrics technology, will only increase adoption.
Enterprises benefit from authentication that only takes two
FRAUDSTER PROFILE
to six seconds while reducing Average Call Handling (ACH) MR. NICE GUY
time and customer experience friction.
This fraudster calls
Voice biometrics alone isn’t perfect. Fraudsters are finding
ways to crack voice biometrics and Pindrop diligently
and acts extremely
monitors any possible threats to voice as a valid form of nice, getting the
authentication and fraud prevention. CSR on their side
Some tactics fraudsters use to bypass voice biometric by commiserating
solutions include: with their struggles
• Imitation: Fraudsters either impersonate the genuine so that the
speaker or escape positive identification through a authentication
disguise.
controls are not used.
• Replay Attack: Well-recorded audio is perceptually
indistinguishable from legitimate speech, making replay GHOST VENDOR
attacks—recording someone’s voice and playing it over
the phone—simple and effective. Recording devices After setting up
(usually on a smartphone) are ubiquitous and easy to a fake account
use, requiring no social engineering or imitation skills.
for access, the
Quality, of course, is highly dependent on the recording
and acquisition conditions. fraudster sends an
invoice he found
• Voice modification: Much more sophisticated than
the previous two methods, fraudsters use software that in the organization
converts their voice to the target’s voice. The software’s email and sends
electronic voice distortion capabilities allow the fraudster it to the target
to perfect nuances such as the pitch of the voice.
business. The
• Voice synthesis: Synthesized voices have improved business, that happened to
in quality in recent years through the evolution of deep
owe money, now wires the
learning. Services such as Google WaveNet can take
text and make it sound like a natural human voice. While money to the fraudster control
Google WaveNet produces the sound of generic human account.
voices, software such as Adobe VoCo or Lyrebird can
take a few minutes of genuine speech to sound like the
target’s voice.
pindrop.com | 866.245.4045 | info@pindrop.com 172019 VOICE INTELLIGENCE REPORT
DEEPFAKES AND SYNTHETIC VOICES
Originating in academia in the late 1990s, technology. The impact ranges from involuntary
deepfakes grew out of computer vision research pornography to political slander. Many security
and evolved into programs such as Face2Face experts call deepfakes worrying.
(2016) and “Synthesizing Obama” (2017).
Currently, we are seeing the dawn of the testing
Deepfakes gained major popularity after Jordan
of synthetic voices in the banking sector.
Peele voiced a video of President Obama about
Fraudsters are calling into contact centers using
deepfakes that was made by Peele’s production
synthetic voices that start talking gibberish.
company using a combination of old and new
These fraudsters are likely testing reactions to
technology: Adobe After Effects and the AI face-
detected synthetic voices or seeing if they have
swapping tool FakeApp. More advanced research
the technology in place to detect them. If their
was presented at a 2018 Siggraph conference
ANI isn’t blacklisted, they
called Deep Video Portraits
may try to further push these
that offered a photo-realistic
attacks.
re-animation of videos
debuted by researchers at Deepfakes will only become
Cornell University. more concerning as deep
learning improves. Deep
Concurrently, amateurs in
learning depends on
online communities began
Generative Adversarial
sharing deepfakes while
Networks—deep neural net
improving software made
architectures comprised of
it easy to experiment. In
two neural nets, pitting one
2018, deepfakes used for
against the other. Under
pornographic purposes
certain conditions, the
gained attention but the
training process reaches a
topic started to become
point where the discriminator
mainstream in 2019 because
cannot classify generated
the technology had improved
examples from real ones.
so much that people were
GANs were introduced in
having trouble telling apart
a paper by Ian Goodfellow
real from fake videos.
and other researchers at the
The audio portion of deepfakes is part of a University of Montreal.
wider trend of synthetic voices growing more
The potential of GANs is huge because they can
accurate and indistinguishable from a target’s
learn to mimic any distribution of data—replacing
voice. Currently, benign positive uses are being
images with video, or video with sound. These
developed such as Google Duplex that can
technologies use machine learning to generate
help people make mundane, routine calls on
audio from scratch, analyzing waveforms from a
their behalf (such as making an appointment or
huge database of human speech and re-creating
reservation). Deepfakes and synthetic voices can
them at a rate of 24,000 samples per second. The
also serve as entertainment or a fun app, but
end result includes voices with subtleties such as
malicious uses immediately emerge from such a
lip smacks and accents.
pindrop.com | 866.245.4045 | info@pindrop.com 182019 VOICE INTELLIGENCE REPORT
TRENDS IN
AUTHENTICATION
The rise of the conversational economy, the
demand for better customer experience, and the
FRAUDSTER PROFILE increase in fraud due to social engineering means
THE POSTMAN authentication has taken center stage as a key
technology for companies. Voice authentication
This fraudster steals mail and adoption lags behind fingerprint and facial
looks for statements of wealth to recognition, and authentication methods may still
apply for insurance policies and include other biometrics (such as a person’s face,
even mortgages. Using stolen fingerprint, or gait). However, the interface will be
documents, the fraudsters set up the spoken word.
fake accounts to socially engineer
the CSR and get the funds wired Consider the following statistics:
to an account
• Live agent authentication is conducted
the fraudster for 88 percent of calls
controlled.
• 68percent of calls require security and
identity checks
• The average length of time for a
security check is 35 seconds
• The cost of agent authenticated calls is
$0.67 per call
• Thetotal cost of authentication in
contact centers is $10.2 billion per year
• The contact center fraud rate increase
over the last 5 years is 350 percent[11]
We see various myths about authentication
© PINDROP,
propagated by companies that, if not debunked,
will affect them from succeeding in the
INC.
conversational economy and providing the best
customer experience in a world dominated by
voice interfaces. Let’s debunk a few of these myths.
pindrop.com | 866.245.4045 | info@pindrop.com 192019 VOICE INTELLIGENCE REPORT
MYTH 1: VOICE BIOMETRICS CREATE AN IMPENETRABLE OBSTACLE FOR BAD ACTORS. IT IS
(ALMOST) COMPLETELY BULLETPROOF.
Actually, any single authentication factor is vulnerable to exploitation. What happens when a false
positive biometric gets into an account? How would you prove that someone else was verified as
you? What happens when someone else can authenticate into your account? If someone else has
your password, are they you?
It’s critical that companies use multiple authentication factors and methods to reduce the odds
of false positives and assure skeptical consumers that these methods are secure. Yet, companies
must still provide as frictionless an experience as possible with multi factor authentication. The
technology must be able to identify a person’s voice accurately, and the authentication must serve the
omnichannel demands of the conversational economy—traversing both the real world (call centers)
and digital world (texting, chatting) with voice-activated assistants and products.
MYTH 2: AUTHENTICATION SOLUTIONS KEEP FRAUD OUT OF MY CALL CENTER.
Not necessarily. Authentication solutions work by blacklisting fraudsters. But voice blacklisting
means a fraud must first occur in order to then blacklist a fraudster and later catch them during
the authentication process. But how do you stop a fraudster the first time? How are you preventing
fraudsters from enrolling as customers during an initial rollout? Even when they call for the first time,
you need to catch them in the act by positively identifying a fraud call and adding their voice to your
blacklist.
But what if that same fraudster uses a voice modulator? What if they use a call center to reset a
password and then commit the fraud online? What if the fraudster gets a friend to get past the first
part of the call or the point in time where the company collects the voiceprint? So many weaknesses
surround current authentication solutions that fraudsters can easily get around.
MYTH 3: KNOWLEDGE-BASED AUTHENTICATION WORKS FOR US.
Although we dealt with this topic earlier, it’s worth mentioning KBA in the context of authentication
because so many companies still cling to this method.
Consider a few statistics:
• In 2018, 446 million records (including answers to KBA questions) were exposed from
more than 1200 data breaches
• 47 percent of people can’t remember their favorite food answer after 1 year (Google)
• 30 percent of callers are unable to authenticate because of KBA question issues (Gartner)
It’s clear that KBA questions are not an effective form of authentication anymore. After major data
breaches, nearly everyone’s personal data—including answers to most KBA questions—has been
leaked several times over in breaches by consumer credit companies, retailers, social media companies,
and other entities. Additionally, fraudsters are actually better than customers at answering KBA
questions. They know what types of questions institutions typically ask and are prepared to answer.
pindrop.com | 866.245.4045 | info@pindrop.com 202019 VOICE INTELLIGENCE REPORT
So should the questions become harder? No, because then legitimate customers also have a hard
time answering them, rendering the authentication process ineffective. Relying on KBA questions is
a losing proposition.
MYTH 4: ONCE YOU HAVE ENROLLED A CUSTOMER INTO A VOICE BIOMETRIC PLATFORM,
THEIR VOICEPRINT WILL WORK FOREVER.
Voice ages just like our bodies. Over time, vocal cords lose elasticity and flexibility. The larynx, across
which the vocal cords stretch, is a muscle that can atrophy and become thinner or weaker over time.
As these muscles change, the pitch and speed of a voice can change—rendering a “permanent”
voiceprint impossible. A Pindrop® Labs study confirms that the error rate of voice biometrics doubles
as voices age just two years. Even health issues, emotions, and stress can alter a person’s voice
enough to fail a voice biometric match.
MYTH 5: REACHING CRITICAL MASS FOR ENROLLMENT IS EASY OR CAN BE DONE QUICKLY.
Many enterprises are overly optimistic about enrollment despite evidence to the contrary. Active
enrollment is costly and can produce less than desired results—making it a huge challenge for
enterprises.
In an eight-month Pindrop® Labs study, 48 percent of callers only called once and less than 10 percent
called three times or more. Enrollment also involves time retraining staff on new call procedures.
Then, even when implemented, let’s say each call takes two minutes to enroll but only saves 30
seconds of call time later. That means an enrolled customer needs to call back four times before a
return on investment can happen—forcing you to enroll a large portion of your customer base to
justify the purchase price of an authentication solution.
Further, active enrollment typically nets only about 30-40 (???) at best over the lifetime of the solution.
Unless you have an identity claim (such as a phone number on file) that is accurate for your entire
customer base, enrollment and authentication rates will mathematically be imperfect. Of your total
customers, how many have an identity claim on file? Then, how many call in often enough to enroll?
Then, are they authenticating when they do call? If you can only get 50 percent of callers into your
voice biometric authentication, then what about the other 50 percent of your customers?
What about facial recognition as an alternative to voice recognition? Some issues crop up if enterprises
want to go this route. First, facial recognition requires an HD camera (which everyone doesn’t own)
and lighting as a variable. These factors detract from accurate identification. By contrast, audio noise
can actually help the credentialing of a voiceprint. Voice is more universal because we can assume
that everyone has access to a telephone (even if it’s a landline) as opposed to a smartphone. Any
mobile phone verification still leaves the device as the choke point and becomes something you have
versus something you are—your voice.
Voice Authentication best practices must include:
• A risk-based solution: Calculated decision making needs to take place that assesses the risk of
each person who calls into your call center.
pindrop.com | 866.245.4045 | info@pindrop.com 212019 VOICE INTELLIGENCE REPORT
• Layered intelligence: We need to think beyond even two-factor authentication, as any two
factors are eventually overcome by sophisticated fraudsters.
• A continuous analysis: We need to move authentication from an “event” (such as biometric
enrollment) to a process.
• A passive process: We need to add security without adding complexity, avoiding customer
experience friction through adding obstacles. The solution must work passively in the background
to ease customer experience. Passive continuous voice authentication allows frictionless
enrollment rates of more than 60 percent in 12 weeks and multi-factor authentication rates of
more than 60 percent in 26 weeks.
Remember, customers expect a frictionless yet secure experience. Ideally, enterprises will eventually
need to aim at an omnichannel authentication experience where customers authenticate once and
gain access to their accounts across different devices.
THE CURRENT STATE
OF VOICE SOLUTIONS FRAUDSTER PROFILE
Given the trends we’ve discussed with voice, fraud, GOLDEN GIRL
and authentication, we see multiple weaknesses
with the current state of voice solutions—especially This fraudster can pass all
in call centers. verification questions, create
• Poor security easily outpaced by fraudsters:
an online account, and fax in
Where web and mobile security offers many annuity withdrawal paperwork.
layers of protection, call centers usually only Funds are wired to a business
have the telecommunications carrier, any IVR account where the imposter
identity claims, and KBA questions offered by
is listed as
an agent. This is not enough as fraudsters easily
outpace many of these basic security measures. a signer
after socially
• Poor detection rates and false positives:
Many solutions simply miss a high volume of engineering
fraud calls while identifying legitimate callers the CSR to
as fraudsters. add her on
• Ineffective enrollment processes: While the the account.
intent to enroll customers is good, enrollment
processes are long, cumbersome, do not
capture most callers, and do not provide a
pindrop.com | 866.245.4045 | info@pindrop.com 222019 VOICE INTELLIGENCE REPORT
return on investment.
•Poor implementation: Enterprises sometimes
make missteps when rolling out a voice
solution, training staff, or enforcing processes
and policies.
These weaknesses result in friction for customers,
high average handle time (AHT), low IVR containment
rates, higher contact center operational costs,
FRAUDSTER PROFILE increased fraud exposure and loss, and risks to
THE POSTMAN a company’s brand and reputation. For example,
the increased time it takes to enroll a customer
This imposter called as a husband
during active enrollment situations could likely
and wife, passed all PII to obtain eat up the time savings they are meant to provide.
a loan, policy owners were elderly Additionally, customers might not authenticate as
and fell victim to a scam. A few expected if they don’t remember the phrase or
months later exact wording of the phrase they created—which
would impact a short utterance citation.
the husband
died. Imposter So, given all that we’ve highlighted and analyzed
in this report, what is needed for companies to
called back
succeed in the conversational economy, provide
as the excellent customer experience, and deter
son/bene fraudsters. The ideal includes the following:
passed PII • Rapidly adopted and zero effort enrollment
to obtain experience: Enterprises need to quickly enroll
the death customers and create credentials using short
proceeds. utterances that are phrase and language
agnostic. Enterprises should be able to enroll a
majority of customers in less than a year.
• Secure authentication transparent to the
customer: The customer needs confidence in
© PINDROP,
the security and reliability of any authentication
INC.
process related to voice calls and transactions.
Once authenticated, this status is known by
the CSR in seconds. This process also needs to
prevent imposters from enrolling as customers.
• Risk based fraud assessment for unenrolled
and non-customer calls: While analysis occurs
in seconds in the background, a CSR gets a
pindrop.com | 866.245.4045 | info@pindrop.com 23You can also read
