Using Speech to Combat Robocalls, ANI Spoofing, and Fraud
The sooner a company finds out, the better. “If the company has a relationship with a customer, they should ask that customer how they want to be contacted,” as well as what methods they prefer at different times of the day, she suggests.
A bank, for instance, might make this inquiry when on-boarding a new customer for a credit card account. A local hair salon can establish the terms during a welcome call. “The company should have a preference solution where it reflects how different people want to be contacted for different situations, and they should use that,” Fluss says.
This can get more complex than it sounds. For instance, I might prefer to receive an email or SMS notification reminding me about a doctor’s appointment. However, if my bank account has been broken into at a time when I usually prefer to stay off my computer (or don’t check it as frequently), a call might be the best way to let me know.
When national companies need to reach customers in an emergency, using localized number identification (LNI) spoofing is a best practice, Fluss says.
But anyone who is planning to use these methods would be well advised to make it very clear to customers that they intend to do so.
Get Serious, Take Precautions
Analysts agree that companies today must invest in the right technologies to protect themselves against nefarious callers. Central among them is IVR. Kagan calls it “a cost-effective alternative,” adding that while it has existed for decades, the “technology gets better year after year.”
“On an inbound basis today, the best solution is voice biometrics,” Fluss posits.
Companies typically start at a low level, allowing the IVR to handle basic requests and delegating more complex tasks to live agents. However, the longer companies use IVR systems, the more they tend to feel they can allow then to handle sensitive operations.
However, IVR has two sides, Kagan says. “One side is better technology and lower costs. The other side is security threats.”
“There are so many holes in processes like IVR that it looks like a piece of Swiss cheese,” Kagan adds. “Yet we keep marching ahead like there is nothing to worry about.”
It truly is a dual-edged sword: Companies must use IVRs to stay competitive. But companies that move ahead rapidly run the risk of damaging their brands if their IVR systems get breached. While the damage can get bad, Kagan says, it used to be far worse when there were fewer break-ins. Now that they are commonplace, the damage is not as severe.
Brett Beranek, director of product strategy for biometrics at Nuance Communications, says his company’s solutions are designed to help companies identify when the voice of the caller doesn’t match the voice of the person in their records.
Beranek adds that over the past few years, Nuance has seen a rise in demand for biometrics. One reason is that companies are frustrating customers by having them answer hard-to-remember authentication questions through legacy methods.
Another big factor leading to adoption, of course, is fraud. “In the last couple of years companies have seen increasing losses from fraud,” Beranek says. “One of the key reasons we believe that is happening is because organizations have invested heavily in securing the web. Perpetrating fraud in digital channels has become a lot more difficult, and a lot of fraudsters have migrated to the contact center, where security is still very lax in many organizations.”
He notes there are two ways to combat fraud. One is strengthening the authentication process and using more sophisticated methods for verifying customer identities. The other is proactively looking out for fraudsters and fraudulent behavior by adding suspicious callers to black lists after they’ve been detected by voice biometric systems, thus allowing the system to immediately detect and flag or terminate calls as they come in. “That’s a very powerful technique because a lot of fraudsters are career fraudsters and just tend to call back over and over again and perpetrate fraud on a regular basis,” Beranek says.
Through a technique called “liveness detection,” speech systems today can also pick up recorded, synthetic, mimicked, or modified voices.
Large financial institutions such as HSBC, Citibank, and Barclays have successfully used voice biometrics to cut fraud losses, Beranek says. “One of the top banks in the U.K. recently reported that about 50 percent of the fraud that was being committed within their contact center was perpetrated by approximately 10 individuals. This shows you that if you’re able to identify those kinds of human beings through their voice characteristics, you can get rid of 50 percent of your fraud off the bat.”
Next Caller also provides a front line of defense for ANI spoofing, robodialing, and account takeovers: It uses a simple application programming interface to analyze call data “within milliseconds,” Roncoroni says, and determine if the fingerprint of the number matches the fingerprint of the number being shown in the system.
Roncoroni holds, however, that there is no “one-size-fits-all solution to prevent ANI spoofing.” The best approach is to apply a layered strategy of security methods to catch all possible variations, he concludes.
Oren Smilansky is associate editor at CRM magazine. He can be reached at osmilansky@infotoday.com.