table of contents - pindrop...fraudsters are finding new types of institutions to target. the credit...

3

4

6

8

10

14

15

16

17

19

Executive Summary

Introduction

A Growing Problem

Know Your Fraudster

Industry Variations

Phone Fraud in the UK

Methodology

About Pindrop

Appendix A: Quick Reference Guide

Appendix B: Glossary

TABLE OF CONTENTS

PINDROP LABS / CALL CENTER FRAUD REPORT 2016 2

EXECUTIVE SUMMARYIn the past two years, call center fraud has grown at an alarming rate. Attackers target call centers to gain access to funds, as well as gathering, testing and augmenting personal data to use in future fraud attacks or to sell on the black market. To learn more about these attacks, the Pindrop research team has analyzed more than 10 million calls to major enterprise call centers between 2011-2016. These researchers believe the rise in the number of attacks can be traced to a migration of fraudsters to the phone channel, which is the weakest link into an organization. Factors influencing this migration include the US rollout of chip credit card technology, the global increase in data breaches, and stronger online and mobile security.

ENTERPRISE CALL CENTER FRAUD IS EXPENSIVE AND GROWING FAST.The rate of fraud calls has grown 45 percent since 2013. In the same period, call center losses to fraudulent transactions rose 14 percent.


45%INCREASE IN GLOBAL

FRAUD OVER THE LAST

3 YEARS

2XUK PHONE FRAUD

COMPARED TO THE US

USE PHONEPRINTING TO IDENTIFY FRAUD RISK FACTORS.Call center fraud will continue to rise. Prepare now by implementing multi-layered solutions that quickly and accurately detect fraud.

ATTACKERS CONDUCT PRE-FRAUD ACTIVITIES TO PREPARE FOR CROSS-CHANNEL ATTACKS.Criminals use the IVR to test stolen data and mine for accounts. They socially engineer live agents to augment their stolen data and build a profile of their targets.

PREVENT ATTACKS BY MONITORING IVR AND LIVE AGENT CALLS FOR PRE-FRAUD.Few call centers today have visibility into IVR activity. Look for solutions that offer comprehensive protection across the entire call center infrastructure, including both IVR and live agent.

FRAUDSTERS ARE FINDING NEW TYPES OF INSTITUTIONS TO TARGET.The credit union and insurance industries are lucrative targets, with higher than average fraud exposures. Traditional financial institutions like banks, brokerages, and credit card issuers remain at high risk.

ALL INDUSTRIES SHOULD LOOK FOR VULNERABILITIES IN THEIR CALL CENTERS.Call centers should understand their expected fraud exposure and average loss. Learn whether your organization should expect fewer but more costly attacks, very frequent but less expensive attacks, or some other variation.

THE UK OFFERS THE US A GLIMPSE OF THE FUTURE GROWTH OF CALL CENTER FRAUDThe UK has had chip card technology for many years. This has resulted in a doubling of fraud rates and more attacks originating domestically.

IMPLEMENT SOLUTIONS NOW TO MONITOR AND DETECT PHONE FRAUD.As physical card security in the US increases, US call centers should expect to see a spike in call center fraud. Now is the time to implement solutions.

US

UK

INTRODUCTIONWHY THE CALL CENTER IS THE WEAKEST LINK

Stronger online and mobile security, recent data breaches, and the rollout of chip cards in the US means cybercriminals are changing tactics, exploiting the weakest link in the organization: the call center. Pindrop researchers reviewed over 10 million phone calls to enterprise call centers between 2011-2016. In this report, enterprises will gain a deeper understanding of the growing threat of call center fraud, as well as the level of attacker sophistication.

Call centers have many vulnerabilities that make them an attractive target for fraud:

THE HUMAN ELEMENT IS UNRELIABLECall centers that rely on live agents to look for suspicious callers are at high risk for social engineering attacks. They also risk customer experience, by forcing agents to enforce policy before helping the customer

CALLER ID CAN’T BE TRUSTEDCall metadata like Caller ID numbers, Automatic Number Identification (ANI), or Calling Line Identification (CLI ), is completely unreliable today. Fraudsters have cheap and easy solutions to spoof this information.

KBA DOESN’T WORKAccording to Gartner’s Avivah Litan, “Failure rate on KBI is on average 10 percent to 15 percent and sometimes it can go as high as 30 percent.”1 At the same time, many criminals can pass KBA authentication. The abundance of customer information available on the black market means fraudsters can easily find the correct answers.

THE IVR IS A BLIND SPOTMost companies do not have sufficient insights into customer IVR activity. Pindrop researchers analyzing IVR calls found repeated PIN resets, account mining, extremely long calls, and other suspicious activity that indicates IVR fraud at a rate close to that seen in live agent fraud.


1 Bank Info Security “Gartner’s Litan on Fixing Authentication” 2013.

WHAT IS CALL CENTER FRAUD?For the purposes of this report, call center fraud represents any interaction between a criminal and a call center agent. Though many of these calls involve attempting to complete a fraudulent transaction, the majority of fraudulent calls do not. Pindrop research suggests that a criminal makes up to five calls before completing the fraudulent transaction. Think of these calls as “pre-fraud.” Examples of pre-fraud calls include:

Testing stolen data in an IVR system to identify accounts

1 Tricking an agent into revealing customer data

2 Using the IVR to change the PIN number on an account

3 Asking an agent to change contact information

4 Requesting to complete a fraudulent wire transaction

5

CROSS-CHANNEL FRAUD AND THE CALL CENTERFraud in the call center has wide ranging effects on an organization. Online, mobile, and physical channels have many layers of strong authentication and security. Meanwhile, most call centers rely on ineffective security measures like Caller ID, live agents, and KBA. Criminals take advantage of this, using the call center as a back door to the organization. Here, they complete pre-fraud, which allows them to move across channels to pass further authentication and complete attacks. Pre-fraud phone calls set the fraudster up for later cross-channel attacks. Aite Group research suggests 61% of all fraud activity can be traced back to the contact center, with several financial institutions reporting rates as high as 90%.2


2 Aite Group, “Contact Centers: The Fraud Enablement Channel,” 2016.

RECENT DATA BREACHESIn recent years there has been an influx of data breach information being sold on the black market. Before a criminal purchases this information, they must test the data. They attempt to learn which card numbers are valid. They must also augment the data, finding additional personal information that allows them to pass authentication. The easiest channel for conducting these pre-fraud activities is in the call center, especially in the IVR.

A GROWING PROBLEMFRAUD CALL RATES HAVE GROWN 45% SINCE 2013

The number of fraudulent calls received by the average enterprise call center continues to grow dramatically. In 2013, call centers saw an average of 1 fraud call in every 2,900 calls received. This year, fraud rates are at 1 in 2,000 calls. This rate represents a 45 percent increase since 2013. There are three main factors contributing to this increase:

US CHIP CARD ROLLOUTThe continued rollout of chip cards in the US has made it more difficult for fraudsters to commit card-present attacks, using counterfeit cards at the point of sale. This has caused criminals to change tactics and look for ways to commit fraud that do not require a physical card. As Aite Group writes, “Over US$4 billion in counterfeit card fraud has to find a new home... Contact centers are the weak link that will be increasingly exploited.”3

INCREASED SECURITY IN OTHER CHANNELSChip cards are just one example of security innovations that are causing fraudsters to move to the phone channel. Other innovations in online security tools, mobile security, and more are forcing fraudsters to look for new attack techniques. Pre-fraud data gathering in the call center allows fraudsters to defeat these new technologies in other channels.



FIGURE 1: FRAUD RATES

2013

1:2900

2015

1:2000

THAT’S A 45 PERCENT INCREASE SINCE 2013.

1 IN 2000 CALLS IS FRAUD.


In 2015, enterprises lost an average of $0.65 to fraud per call. This means a call center that receives 40 million calls per year should expect to see somewhere between $17 million to $27 million in fraudulent transaction losses annually. Phone fraud losses have grown 14 percent since 2013, when the average loss was $0.57 per call. According to a recent survey by the Aite Group, 72% of contact center executives expect this fraud loss trend to continue on an upward trajectory, almost doubling in the next five years.4

FIG 2: PHONE FRAUD LOSSIncreased fraud losses are a result of more sophisticated attackers with a greater amount of data at their fingertips. Today’s fraudsters are able to identify and target higher value accounts to efficiently maximize their earnings.

Note, Pindrop only measures losses from fraudulent transactions that take place through the call center. However, many more fraudulent transactions that take place in the online, mobile, or physical channels can be traced back to phone channel pre-fraud.

These pre-fraud calls also account for the different growth of fraud call rates (45%) and phone fraud losses (14%). The number of pre-fraud calls that do not request transactions has grown significantly.

THE HIDDEN COST OF FRAUDCall center fraud carries further consequences than just the cost of fraudulent transactions. These factors are far more difficult to put a number to. They include:

PHONE FRAUD LOSSES HAVE RISEN 14% SINCE 2013

2013

$0.57

2015

$0.65

CUSTOMER EXPERIENCECall centers that are unable to quickly sort fraudulent from legitimate callers must spend time establishing identity before they are able to offer any assistance. This creates a frustrating customer experience.

OPERATIONS COSTThe longer it takes to verify a caller’s identity, the longer the call handle time will be. Long call handle times translate into higher operations costs for the call center.

BRAND REPUTATIONCall center fraud attacks can include identity theft and data breaches. News of these attacks has a severe effect on a brand’s reputation, especially in the hyper-competitive insurance industry.

REGULATORY RISKMany industries issue strict standards for protecting customer data, health, and financial records. Call centers that mistakenly allow a fraudster access to a customer’s private information risk fines and other damages.



Several factors, including calling device type and geographic call origin can indicate a potentially fraudulent call. However, though the use of Caller ID spoofing, voice distortion, and other tools, fraudsters can hide these risk-factors and make their calls appear legitimate. Call centers then must not only be aware of the risk factors that indicate fraud, but must also find solutions to quickly and accurately assess these factors in incoming calls, allowing them to overcome fraud technology and separate fraudsters from legitimate callers.

FRAUDSTER WEAPONS OF CHOICE

FIGURE 3: DEVICE TYPES FIGURE 4: FRAUD DEVICE TYPES

KNOW YOUR FRAUDSTER

VOICE OVER IP PHONESVoice over IP (VoIP) phones are the fraudster’s first choice of devices when it comes to making fraud calls. In the past year, 16 percent of legitimate callers used a VoIP device, yet 42 percent of fraud callers did so. This number has remained relatively steady over the past five years.

In the US, VoIP calls are cheap or free, making them popular choices for fraudsters. VoIP calls are also difficult to identify. This is because it is very easy to spoof a Caller ID number with VoIP. Adding to this confusion, VoIP calls are typically routed through multiple carriers onto the PSTN network, making them hard to trace and prosecute.

MOBILE PHONESMobile devices are increasingly being chosen to launch fraud attacks, displacing landlines as the second most popular calling device for fraudsters. In 2011, only 5 percent of fraud calls were made using a mobile device. Today, that number is 35 percent.

This rise in popularity can be attributed to several factors. In many parts of the world mobile is more cost effective than even VoIP. Fraud-enabling apps like Caller ID spoofing and voice distortion are widely available. Finally, many criminals believe “burner” mobile phones are untraceable (this belief is not true.)

Landline39%

VoIP16%

Mobile46%

Landline23%

VoIP42%

Mobile35%

40%

20%

60%

2011

2012

2013

2014

2015

10%

30%

50%VoIP

Mobile

Landline

NON-FRAUD CALLS FRAUD CALLS


FRAUD WITHIN AND ACROSS BORDERS

INTERNATIONAL FRAUDPhone channel attackers are not bound by geography. Up to 49 percent of fraud calls originate in a country other than the country of the attack target. Attackers call across international borders at 12x the rate of legitimate callers. Spoofing technology allows international fraudsters manipulate ANI codes (or CLI codes in the UK) to appear as local callers on Caller ID, making them difficult to detect.

The reasons behind this trend are twofold. First, much of this activity comes from international organized crime rings, many of which are based out of Eastern Europe and Africa. Second, international call centers are subject to fewer regulations and are more difficult to prosecute.

DOMESTIC FRAUDThis year, for the first time, domestic fraud was slightly more prevalent than international fraud in the call center. Fraud calls originating within the country targeted for attack have grown from 36 percent to 51 percent of fraud call traffic.

In the US, this growth is likely associated with the chip card rollout. Card-present fraudsters, who were located within the country in order to use their counterfeit cards at the point-of-sale are being faced with the choice between moving to a non-chip card country (to continue doing card-present fraud) or staying in their own country and switching to attacks that do not require a physical card, including domestic call center fraud. Thus, the absolute number of international fraud attacks has not necessarily decreased. Rather, domestic fraud has increased relative to international fraud.

Domestic96%

International4% Domestic

51%International

49%

2014

36%

2015

51%

FIGURE 5: CALL ORIGINS FIGURE 6: DOMESTIC FRAUD

NON-FRAUD CALLS FRAUD CALLS


5 RAND, “Consumer Use of Banks and Credit Unions,” 2009.

INDUSTRY VARIATIONSFINANCIAL INSTITUTIONSPhone fraud rates at banks, brokerages, credit card issuers, and credit unions are perennially high. These entities offer a clear route to a profit because they deal with financial transaction accounts. Yet, different types of financial institutions experience different rates of phone fraud.

Retail banks report a fraud call rate of 1 in every 1,400 calls. Credit unions and brokerages show slightly less risk at 1 in 2,000 calls and 1 in 2,700 calls respectively. Credit union and brokerage industries see lower fraud rates because these account numbers are used less frequently than credit card or bank accounts, and consequently fewer are stolen and sold on the black market. In addition, it may be more complicated for a fraudster to monetize a brokerage account than a bank account.

Credit card issuers experience phone fraud at nearly double the rate of other financial institutions, reporting 1 fraud call for every 800 calls to the call center. This is because credit cards are widely used and widely stolen. Credit cards are relatively easy to monetize with Card-Not-Present (CNP) style attacks.

Fraud exposure among financial institutions is very similar between banks ($11M), brokerages ($10M), and credit card issuers ($11M). Credit unions, however, expose nearly three times the amount of other financial institutions, at $29 million annually. This may be traced back to the fact that credit union members often use their financial institution as a one-stop shop, holding multiple accounts at the same credit union. According to research from RAND, “On average, bank customers use 5.4 services with their primary financial institution, while credit union members use 7.1 services.”5 Fraudsters who are able to pass credit union authentication in the call center generally can gain access to a larger selection of accounts and funds than in a typical bank.

FIGURE 7: FINANCIAL INSTITUTION FRAUD RATES AND EXPOSURES

Banks

1:1400

$11M

CreditUnions

1:2000

$29M

Brokerages

1:2700 $10M

CardIssuers

1:800

$11M

1:1400

Fraud Rate

Fraud Exposure

WHAT IS FRAUD EXPOSURE?Fraud exposure is the monetary value of an account that a fraudster has gained access to. Fraud exposure is different than fraud loss. An attacker who impersonates a financial institution’s customer over the phone and passes KBA processes may have access to an account worth $10,000 (the fraud exposure), but the attacker will often only try to move a fraction of that money. Attackers understand that higher-value transactions trigger enhanced authentication and want to avoid a potential auto-alert system or consumer realization.

FIGURE 8: LIFE INSURANCE FRAUD RATES & EXPOSURE

Fraudsters are increasingly finding ways to monetize attacks against some types of insurance companies. These schemes are often more sophisticated than the typical attacks against a financial institution. In this section, we will highlight two very different types of insurance and the types of attacks they face.


policyholder the cash value of the policy, minus any surrender charges.

Fraudsters impersonating legitimate policyholders have been able to access very large cash payouts using fraudulent policy surrenders. This attack requires an impressive level of sophistication on the part of the fraudster.

The more common scheme in life insurance call centers aims for a lower, but still lucrative payout. Fraudsters call a life insurance company impersonating a customer taking out a loan against a life insurance policy. These loans are rarely suspicious, and because many consumers do not monitor their life insurance policies closely, loans against policies can go undetected for many years.

INSURANCE

LIFE INSURANCELife Insurance call centers experience a relatively small volume of fraud calls. At 1 fraud call for every 12,000 calls, life insurance organizations had the lowest fraud rate of any industry Pindrop surveyed.

However, fraudsters are still at work in these call centers. The damage that these fraudsters do can be significant. Life insurance call centers actually have the highest annual fraud exposure of any industry in this study, at $31 million per year per institution.

Fraudsters targeting life insurance call centers have found two ways to monetize an account. The most damaging attack is a fraudulent policy surrender request. When a legitimate customer surrenders a life insurance policy, the company pays the

Avg. CallCenter

Avg. LifeInsurance

1:2000

$11M

1:12000

$31M Fraud Rate

Fraud Exposure


DEVICE INSURANCEDevice insurance call centers are seeing fraud at the rate of 1 in every 300 calls, the highest fraud rate among industries Pindrop investigated. Device insurance companies offer replacement phones and other devices if a consumer’s device gets lost, stolen, or damaged. As mobile devices have become more popular and more expensive over the years, this type of insurance has grown. Subsequently, fraudsters have found ways to take advantage of this flow of desirable goods.

Criminals commit fraud in device insurance call centers by filing false claims. Fraudsters impersonate legitimate customers, asking for replacement phones, but redirect the shipment of the device away from the address on file. They may request that the new device be sent to a “work address” or the place they are vacationing. Once the fraudster has the new phone, he or she will then sell the device on the black market.

WHAT IS SOCIAL ENGINEERING?Social engineering is any act that influences a person to take an action that may not be in their best interest. The call center offers perhaps the best route for a social engineer to work. Unlike online interactions, voice communication allows fraudsters to use emotion and personal connection to manipulate agents. Aite Group’s recent survey shows 22% of financial institution executives believe social engineering is a critical issue.6


FIGURE 9: FRAUD RATES BY INDUSTRY

Banks

1:1400

CreditUnions

1:2000

Brokerages1:2700

CardIssuers

1:800

LifeInsurance

1:12000

DeviceInsurance

1:300


CALL CENTER FRAUD IN OTHER INDUSTRIES

MONEY TRANSFERMoney transfer call centers are unique in that in addition to taking incoming calls from customers, many make outgoing calls to verify high-risk online transactions. Though the typical fraud rate for money transfer call centers is 1 in 360, the rate for this small subset of outgoing verification calls is as high as 1 in 94.

RETAILRetail call centers are popular targets for card-not-present fraud. Criminals place orders using stolen credit card credentials. These fraud calls not only cost the retailer the price of the stolen merchandise, but also raise operations costs and increase chargeback fees.

TRAVELTravel industry call centers have a particularly difficult time identifying fraudsters. This is because fraudsters often look like high-value business passengers, buying tickets for expensive routes or rooms at the last moment.

PUBLIC SECTORPublic sector call centers must be vigilant in securing confidential information. Recent hacks at the IRS and the Department of Homeland Security have been traced to security issues in the call center.


PHONE FRAUD IN THE UKFraud attacks vary across the globe. This year, Pindrop examined the differences between financial institution call center fraud in the United States and in the United Kingdom. This comparison is interesting because both countries speak English and have similar types of financial institutions. The major difference at play between the two countries is the fact that the UK has had chip card technology (there more commonly known as EMV or chip and PIN) since 2004. The UK offers the US a preview of how to expect fraud to evolve in the coming years.

FIGURE 10: GLOBAL FRAUD RATES

UK call centers see more than double the fraud calls when compared to the US. Financial institutions in the US have a fraud rate of 1 in 1700 calls. In the UK, fraud rates are as high as 1 in 700 calls. This is likely because the UK has had chip cards much longer than the US, and the fraudsters have effectively transitioned to fraud attacks that do not rely on physical cards, such as those in the call center. According to the Aite Group, these fraud attacks grew 79% in the UK in the years following the chip card rollout (2005 to 2008).7 See US Chip Card Rollout on Page 3 for more information.

7 Aite Group, “EMV: Lessons Learned and the U.S. Outlook,” 2014.

FIGURE 11: US VS. UK FINANCIAL INSTITUTION FRAUD GEOGRAPHY

UK fraud calls are mostly domestic. In the UK, 72 percent of fraud calls to financial institutions originate from within the UK. This compares to only 48 percent of US financial institution fraud calls originating within the US. Again, this trend can be linked to the UK’s extended use of chip technology. Years ago, when the UK implemented chip cards, fraudsters who used card-present tactics switched to non-physical attacks like call center fraud, rather than relocate out of the country.8 (See Domestic Fraud on Page 6 for further information on how this works.) The UK is not unique in this shift. After France implemented EMV cards, it saw domestic card-not-present fraud attacks increase by more than 360 percent between 2004 and 2009.9

8 Congressional Research Service, “The EMV Chip CardTransition: Background, Status, and Issues for Congress,”

2015.

9 Iovation, “Fighting CNP Fraud: 5 Things to Consider,” 2016

COMPARING US & UK FINANCIAL INSTITUTIONS

US

1:1700

UK

1:700International

48%Domestic

52%International

28%Domestic

72%

UNITED STATES UNITED KINGDOM


Most UK fraud comes from mobile devices. Mobile phones are heavily used for fraud in the UK. UK financial institutions see 64 percent of fraud calls coming from mobile devices, while US financial institutions only see 37 percent from mobile. In the UK it is easier for mobile phones to be programmed to show a restricted caller ID. In fact, 70 percent of fraud calls in the UK use a restricted caller ID, rather than spoofing a phone number.

Mobile37%

VoIP46%

Landline16%

FIGURE 12: US VS. UK FINANCIAL INSTITUTION FRAUD DEVICE TYPES

Mobile64%

VoIP22%

Landline14%

UNITED STATES UNITED KINGDOM

For this report, Pindrop analyzed millions of calls globally, using Phoneprinting to dissect the details of attacker techniques and behavior. Pindrop’s patented Phoneprinting technology analyzes the audio content of a phone call. Phoneprinting measures 147 characteristics of the audio signal in order to form a unique fingerprint for the call. This information provides an unprecedented level of insight into the phone channel.

METHODOLOGYPhoneprinting determines a caller’s true location and device type. The Phoneprint is highly resilient –detecting voice distortion, Caller ID Spoofing, gateway hijacking and other obfuscation techniques. In addition, Phoneprinting helps to identify multiple callers associated with the same phoneprint, which allows enterprises to track fraud rings. Phoneprinting is the only technology that can see through these attacker tactics.

HOW PHONEPRINTING WORKS

Geo-Location

Call Type

Unique Phone

Risk Factors

Risk ScoreEvery Call,every time

Initial call

86

Pindrop’s Patented PhoneprintTM


ABOUT PINDROPPindrop is the leader in voice fraud prevention and authentication. Pindrop provides enterprise solutions to reduce fraud losses and authentication expense for some of the largest call centers in the world. Pindrop’s patented Phoneprinting™ technology can quickly and accurately identify, locate and authenticate phone devices uniquely just from the call audio, on the first call and every call. Pindrop has been selected by the world’s largest banks, insurers, brokerages and retailers, detecting over 80 percent of fraud. Pindrop’s solutions allow customers to reduce call time and improve their customers’ experience even while reducing fraud losses. Pindrop was founded in 2011 and is venture backed by Andreessen Horowitz, Citi Ventures, Felicis Ventures, Google Capital, GV and IVP. In total, Pindrop has raised $122 million.

ABOUT PINDROP LABSPindrop Labs is a group of scientists focused on researching threats and vulnerabilities in the audio and telecommunications channels. This area, traditionally neglected from a security perspective, is increasingly favored by attackers for pre-fraud, exploitation, account takeover, and other attacks. Pindrop Labs’ research falls into two main areas: phone fraud prevention and securing the increasingly ubiquitous voice interface. Phone fraud prevention includes security for call centers, telecommunications infrastructure, and phone-reliant systems, organizations, and consumers. Securing voice interfaces includes providing authentication, threat detection, and fraud prevention for voice-enabled infrastructure.

CONTRIBUTORSMatt Garland, Vice President of ResearchMatt Garland has over 15 years of experience with contact center technology and is an expert in call recording systems. Prior to joining Pindrop, Matt was Vice President of Architecture at Nexidia.

Dr. David Dewey, Director of ResearchDavid Dewey leads the Pindrop Labs team. David began his career at Internet Security Systems, where he worked as a vulnerability researcher and manager of the X-Force Advanced Research Team.

Dr. Kailash Patil, Research Manager, AmericasKailash Patil is a leader on the Pindrop Labs team, researching in the areas of forensic signal processing, feature extraction, speech processing, pattern recognition, and machine learning.

Dr. Nikolay Gaubitch, Research Manager, EMEANick Gaubitch leads Pindrop Lab’s EMEA team. Nick’s research centers around contact center phone fraud, ad-hoc microphone arrays for speech enhancement, and law enforcement audio research.

Valerie Bradford, Product Marketing ManagerValerie Bradford has eight years of experience in the information security industry.


APPENDIX A

FIGURE 13: OVERALL FRAUD METRICS BY YEAR

Fraud Call Rate

Phone Fraud Loss Per Call

Mobile Fraud

Landline Fraud

VoIP Fraud

International Fraud

Domestic Fraud

FIGURE 17: FRAUD METRICS BY INDUSTRY

Annual Fraud Exposure

$10,000,000

$11,000,000

$11,000,000

$29,000,000

$10,000,000

$31,000,000

Fraud LossPer Call

$1.44

$1.20

$0.46

$0.52

no data

no data

Fraud Rate

1 in 300 calls

1 in 800 calls

1 in 1400 calls

1 in 2000 calls

1 in 2700 calls

1 in 12000 calls

Device Insurance

Credit Card Issuer

Bank

Credit Union

Brokerage

Life Insurance

Trend 2015

1 in 2000calls

$0.65

35 percent

23 percent

42 percent

49 percent

51 percent

2014

1 in 2200calls

no data

21 percent

26 percent

53 percent

65 percent

36 percent

2013

1 in 2900calls

$0.57

no data

no data

no data

no data

no data

QUICK REFERENCE GUIDE


FIGURE 14: US VS. UK FINANCIAL INSTITUTION FRAUD METRICS

US

1 in 1700calls

$0.58

37 percent

16 percent

46 percent

52 percent

48 percent

UK

1 in 700calls

$0.74

64 percent

14 percent

22 percent

28 percent

72 percent

Fraud Rate

Fraud Loss Per Call

Mobile Fraud

Landline Fraud

VoIP Fraud

International Fraud

Domestic Fraud


APPENDIX BAccount takeover

Black market

Burner phone

Call handle time

Caller ID

Card not present (CNP)

Chip cards

Data breach

Domestic fraud

Eurocard, Mastercard, and Visa (EMV)

Fraud rate

Fraud exposure

International fraud

Method of fraud in which a fraudster attempts to gain access to a consumer’s account by impersonation or fraudulently adding his or her information to the account (e.g. changing account mailing address, adding a user, etc.)

The illegal sale of personally identifiable data, most often in an online forum

A prepaid cellular phone that may be frequently replaced.

Call center metric for the duration of one transaction, typically measured from the customer’s initiation of the call and including hold time, talk time, and related tasks

A telephone service that identifies and displays the reported telephone number of an incoming call

Transaction in which the card is not present; card data is manually entered. This includes transactions made online, by phone, or through the mail

A standard plastic debit or credit card that contains an embedded microchip used to increase data security when making transactions at terminals or ATMs.

Unauthorized disclosure of information that compromises the security, privacy, or integrity of personally identifiable data

Fraud that originates in the same country as its target

Global standard for credit and debit payment cards based on chip card technology

The average number of fraud calls received compared to the number of legitimate customer calls

The total value of the account attackers had access to by successfully passing initial authentication.

Fraud that originates in a country other than the country of the organization being targeted

GLOSSARY


Loan against policy

Mail intercept fraud

Organized crime

Phoneprinting

Pre-fraud

Policy surrender

Reshipping

Shipment redirect

Social engineering

Spoofing

Voice distortion

Voice Over IP (VoIP)

Borrowing against the cash value of a life insurance policy

Stealing card-related mail, such as new cards, statements, and PIN numbers, out of an unsecured mailbox

Highly centralized enterprises run by criminals who intend to engage in illegal activity, most commonly for money and profit

A patented technology that analyzes phone calls to identify malicious behavior and verify legitimate callers

Harvesting, testing, and augmenting personally identifiable information to build a profile of target victims

A full cancellation of an insurance policy. Many forms of life insurance build cash value over time, and upon surrender these funds are available to the policy-owner.

Fraudsters purchase items using a stolen card and have them shipped to a ‘mule’ who then ships the goods out of the country

Socially engineering call center agents to change the shipping address on in-transit orders

A type of confidence trick or psychological manipulation of people into performing actions or divulging confidential information

Falsifying the phone number, ANI, or CLI that appears on the recipient’s caller ID display

Modifying, changing, or otherwise disguising a voice to avoid fraud detection

A group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet, rather than by using the public switched telephone network (PSTN)

table of contents - pindrop...fraudsters are finding new types of institutions to target. the credit...

Documents