Photo by Aijiro
According to Neustar, call center fraud was up 40% in 2020 due to the high emotions and anxiety caused by the pandemic. Because of this, call center agents must become more vigilant during calls. The report also stated that call center scammers target agents because they’re more prone to social engineering and manipulation, granting account access.
Falling victim to call center fraud has a lot of consequences. It exposes businesses and customers to security threats and account takeovers. Here’s a guide on everything you need to know about call center fraud and how to stop them.
How to Detect Call Center Scammers: 8 Tips for Call Center Agents
Detect a call center scam by asking knowledge-based questions, observing the caller’s demeanor, or checking their customer history. Asking specific questions per customer and their profile requires more vigilance from call center agents but proves to be an effective line of defense.
If you’re a call center agent, here are more in-depth tips on detecting call center scammers that could threaten company security.
1. Ask knowledge-based authentication (KBA) questions
Knowledge-based authentication (KBA) questions are a method of verifying a person’s identity by asking questions only they know how to answer. By asking these questions, a call center agent prevents a scammer from gaining access to private information on an account.
There are two types of KBA questions to employ. Static KBA is generic questions such as asking the client for their mother’s maiden name or first pet’s name. While these provide clients with easy-to-remember answers, the danger is that they have this information online, which scammers can find.
Dynamic KBA, on the other hand, are questions with more specific answers, like the last digits of their social security number or the previous amount charged to their credit card. While the information is more difficult to obtain, scammers can use data breaches and phishing attacks to know these answers.
These various methods make KBA one of the easily broken defenses, though your company can supplement them with software detection and other lines of questioning. You may implement different security procedures as the information the caller is trying to access gets more sensitive.
2. Ask questions based on company and customer relationship
Instead of KBA questions, a call center may task an agent to ask callers questions regarding their relationship with the company. However, the information to answer these questions is more complex because a customer’s business with the call center varies depending on the industry and the services they employ.
For instance, you could ask the caller about which package of services the company has them enrolled in, who their point of contact is, or how many years they’ve been a client.
If you’re asking these types of questions to a caller, you need to be careful of social engineering. Instead of cyberattacks against the company’s software, the caller will manipulate you to give up information. Therefore, you must stay vigilant to safeguard sensitive information.
3. Observe the caller’s attitude
Some scammers will purposely be irate, taking on the persona of an angry customer. Callers use this form of social engineering to trick you into giving them essential information or granting them account access.
They may often appear in a hurry and need to access their account urgently. These callers cite reasons such as having a bad day, receiving poor customer service in the past, or knowing the company’s owner and contacting them if you don’t give them special treatment.
Taking on an irate persona is the scammer’s means to bypass your standard authentication methods and induce fear. By being extremely unreasonable and unbearable to deal with, they hope to exploit the “customer is always right” mentality and have you expedite the process. They may even throw threats to have you fired if you don’t comply.
Another red flag is if the caller goes in the opposite direction and tries appealing to your emotions. They could say they got into an accident and can’t remember their account details or lost their credit card while traveling abroad.
This behavior’s goal is the same as acting angry; the scammer wants to bypass the standard authentication procedures and access the information they want.
The third type of attitude they could do is trying to build rapport. They seem extraordinarily kind and may even flatter and befriend you. Then slowly, over a few calls, they make small changes to their victim’s account information before fully taking over.
Remember always to stay professional and that overly friendly callers may subtly manipulate you into giving up crucial data.
4. Verify customer history
Even if a scammer has a customer’s information and answers the KBA questions, their behavior while on the call may not match their history. Install software that logs a customer’s behavior through your company systems, such as logins and previous payments, and have an agent bring these up when speaking to a client.
Some signs that a scammer is on the other side of the line are if there are different logins from different locations or devices or if their most recent payment or withdrawal is significantly higher than previous transactions.
5. Be wary of several requests
If the scammer successfully obtains sensitive information, they want to lock out the original owner while stealing details from their other accounts.
They do this by asking call center agents to change information on their accounts, such as their addresses or the names of supplementary account holders. These methods make verifying information in succeeding calls or giving access to their colleagues easier.
Multiple requests could mean they’re trying to verify account details for online transactions, which allows them to drain bank accounts or obtain the owner’s contacts list, so they have more victims.
6. Listen for pauses after asking questions
Many people can quickly answer KBA questions regarding their social security number, mother’s maiden name, or latest purchase. However, scammers who steal information may have several documents or screenshots to go through.
If you’re asking KBAs and they take time to answer, it could be a significant red flag that means a scammer is trying to look for the correct information from their database. It may lead to other suspicious behavior, like making excuses as to why they can’t answer a KBA question.
Different responses could include asking you to wait before giving you an answer or saying they forgot.
7. Check for several attempts to access information
Some call centers have software installed that tracks a caller’s history. By looking up their number or using KBA questions, you can find out how many times a caller tried to access or change a victim’s information. If they tried to get inside an account several times, that could indicate that they’re a scammer.
Take action depending on the call center’s protocols. Ask more KBA questions to verify your suspicions and observe their behavior. If they pause after your questions, demand access, or attempt an emotional appeal, there’s a good chance that the caller is fraudulent.
8. Use two-factor authentication
Aside from KBA, a call center sometimes requires that a caller undergo two-factor authentication if they have an existing account. Send a code through a customer’s phone number on file, which the caller will need to either input or repeat to you.
Though there are several ways that a scammer obtains a person’s sensitive information, two-factor authentication stumps them because they don’t have access to their victim’s phone. While it’s possible to clone another person’s phone, it isn’t easy to do and requires a lot of time and resources.
While not completely foolproof, two-factor authentication is one of the most effective ways to deter or stump fraudulent callers.
Constant Vigilance is the Key
Scammers target the human elements in a call center because they’re the most likely to make a mistake and provide sensitive information. As a call center agent, you must stay vigilant against fraudulent callers’ tactics.
Remember to follow your company’s security protocols in verifying a caller’s identity and to observe their behavior while they’re on the line. If they can’t answer your questions, have long pauses, are irate, overly friendly, or seem desperate, those could be potential red flags.
If your call center has two-factor authentication, it can be one of your most effective defenses and may be enough to deter a scammer.
Executive Boutique Call Center helps safeguard customers’ card information for businesses. We’re a PCI-compliant call center that employs in-depth security training for all our agents to ensure customer data is fully protected.
In addition, we provide a round-the-clock workforce with industry-specific experience to deliver the best support you need.
Get in touch with an expert today for a free quote!