arrow left facebook twitter linkedin medium menu play circle

Emerging ATO Tactic: Call Center Scams – Part 1

By Alex Niu September 25, 2018

Photo of Alex Niu

about Alex Niu
Alex Niu is Director of Solution Engineering at DataVisor. He brings a decade of experience in the financial industry to his role, with a focus on risk management analytics. He was previously Director of Decision Science at American Express, where he led a team of data scientists developing and implementing advanced machine learning solutions.

This blog post is part one of a two-part series that explains how fraudsters are targeting financial institution call centers to commit ATO fraud. The series also highlights some of the security processes many financial institutions have put in place to prevent fraud via the call center and what’s still missing.

Account takeover (ATO) fraud, where a fraudster takes over an account using an account holder’s online credential, is one of the online fraud types on the rise for financial institutions. Financial institutions are fighting traditional ATO fraud with technological tools such as two-factor authorization (2FA), multi-factor identification, and machine learning models.

These defensive measures have led to a change in tactics for fraudsters- many fraudsters are now setting their sights on financial institution call centers to commit ATO fraud.

An Increasingly Popular Target for Fraudsters

Customer call centers are an increasingly popular target for fraudsters. According to a Pindrop infographic (based on a report from Aite Group), 61% of fraud in the U.S. can be traced back to call centers, and contact center loss is expected to increase from $393M in 2015 to $775M in 2020.

The number of fraudsters targeting financial institution call centers is increasing for many reasons. One reason is that the rollout of EMV technology has severely hindered the ability for scammers to duplicate cards used at brick and mortar stores. The rising use of cards with EMV chips has caused fraudsters to look for new ways to steal credit card numbers and bank account balances. Another reason more fraudsters are targeting financial institution call centers is that call center security measures tend to be far weaker than the security measures for web and mobile financial applications.

One of the biggest reasons fraudsters are targeting call centers to commit ATO fraud is that the fraud is difficult to detect not only at the time of the call but also once the scammer has taken over the account.

ATO Fraud via Call Center is Difficult to Detect

One of the most common things a fraudster will do is ask a CSR to send a credit card to a different address right away. The scammer may tell the CSR that they are traveling and that they lost their credit card. Or the scammer could tell the CSR that their house burnt down, and they lost everything including their credit card– the CSR needs to send a new card to the hotel right away.

Another common thing for the fraudster to do is ask the CSR to add a secondary person to the account. Sometimes fraudsters will add a secondary person to numerous accounts to build up a credit history so that the accounts become legitimized and harder for the institutions to detect upcoming fraud.

ATO fraud, in general, is difficult to detect because fraudsters often take over many accounts but will then do nothing with those accounts for an extended period. And all that time the legitimate primary account holders have no idea scammers have commandeered their accounts. When a fraudster adds a secondary person to a bunch of sleeper accounts, they will often one day decide to bust out and use all the accounts at once. When the fraudster is done with all the accounts, they do not have to maintain any connection with them. The fraudster then disappears, and since most of the information is based on the primary account holder, it is difficult to identify and catch the fraudster.

A Multi-Layered Approach

In the next post of the series, we explain the approaches financial institutions are taking to try to prevent ATO fraud via the call center and some of their pitfalls.

Popular Posts

Intelligent solutions. Informed decisions. Unrivaled results.

DataVisor Fraud Index Report: Q2 2019

Learn More

The DataVisor Q2 2019 Fraud Index Report is here.

Customers online want convenience, ease, and access. Fortunately, your business offers it all. Unfortunately, that’s what fraudsters want too. To a cyber criminal, those features means vulnerabilities. To bring you the very latest and most actionable insights about where the risks are and what you…

Dumb & Dumber vs Ocean’s 11

Learn More

Understand the range of modern fraud attacks to ensure complete coverage for your organization.

Complex and coordinated fraud attacks that are extensively planned, hard to detect, and highly scalable are the new normal for online platforms. Explore and understand the full spectrum of fraud attacks—from simple to sophisticated—and learn how you can defend against each type in this…

Diagnose and Defeat Application Fraud with the Latest AI-Powered Tools

Learn More

Learn how leading financial institutions are using ML to proactively detect card application fraud.

In this insightful webinar, you’ll explore how organizations are leveraging AI-powered fraud management solutions to get tangible, real-world benefits as they work to proactively detect and defeat sophisticated modern fraud attacks. Plus, you’ll discover strategies for empowering cross-team…

Protect your business, your customers, and your data.

Request Demo