How fraudster behavior changed in our long 2020
By Collin Davis, CTO, Pindrop
For three-quarters of last year, “business as usual” was a distant memory. Essential workers masked, distanced, and sanitized, while people who could work from home took their meetings to Zoom and their water-cooler chatter to Slack. Even after relief efforts passed and office workers became accustomed to their ad hoc remote work setups, productivity slumped and millions remained without work. While the legitimate economy suffered, the underground economy picked up steam: Hardly a day went by without reports of new coronavirus-related scams or distressingly innovative pandemic fraud. Businesspeople in every sector have spent the last fifteen months reflecting on the transformation of their industries. At Pindrop, we commissioned a study on the changes in customer and fraudster behavior in our area of expertise: Customer service contact centers and interactive voice response (IVR) systems. I expected the data would reveal a radically changed industry, but what the study uncovered still surprised me.
Because COVID-19 made face-to-face conversations so difficult for so long, it’s no surprise that 2020 saw many more service interactions conducted by telephone. In some industries, in the second quarter of 2020, when almost the entire world was locked in and hunkered down, average call volume rose by 800 percent! With numbers like that, it’s no wonder that a full 76 percent of fraud detection and security managers admitted that coronavirus had forced them to update protocols and policies. Fraudsters could still exploit Interactive Voice Response (IVR) systems by mining them, but full account takeover often requires speaking with a contact center agent, and that was increasingly difficult to do.
When the contact center queues were at their largest and customer wait times were at their lengthiest, fraudsters readjusted their strategies. Social engineering attempts went down, not because fraudsters had repented of their behavior, but because they realized that long waits made them inefficient. So while agents, stretched thin as they were, recorded fewer social engineering attempts in early 2020 than they had in any period since May 2017, the fraudsters weren’t resting.
While honest consumers were on hold with their banks or insurance providers, fraudsters were developing new tricks for the New Normal. The launch of the Paycheck Protection Program, the stopgap job-preserving loan arrangement included in the broad CARES Act was, unsurprisingly, not entirely smooth. When, after all, had anyone designed and successfully launched such a large benefit program in so short a time? The U.S. government gave banks and fintechs the responsibility of actually administering the loans, and quickly the claims began rolling in. “Fintech” is a relatively new coinage, and the companies aren’t much older than the word that describes them. Fraudsters hoped that fintechs’ security procedures weren’t quite so mature as those at established banks. Their bet paid off: Around three of every four fake loan applications came through a fintech company.
Fintechs weren’t alone in suffering from an increase in fraud attempts. Banks have always had to cope with illegal behavior, from counterfeiting to bank robbery, but in the course of the pandemic, banks’ prepaid card departments faced an unusually high number of illegitimate calls. The reason? Because not every American has a bank account, some stimulus payments were distributed by prepaid card. Fraudsters could claim someone else’s card, use it, and then double their earnings by reporting the first card lost! Between stimulus payments and unemployment benefits, a single fake identity could cost taxpayers $24,700.
What will happen next is always difficult to predict, but one thing I know for sure is that fraudsters are reliably innovative. No matter what happens in the remainder of this year or what conditions prevail when the coronavirus is finally vanquished, you can be sure that fraud will continue. The good news is that fraud does not have to flourish. With proper training for agents, good communication with customers, digital and voice security systems, and a close attention to trends, you and your organization can repel whatever attacks fraudsters mount. The choice is yours and the time is now.
About the author
Collin Davis is the CTO of Pindrop. Davis joins Pindrop from Amazon Web Services (AWS), where he was a general manager for Productivity Apps, leading three AWS services, including Chime, WorkMail, and WorkDocs.
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.