Call center fraud has been growing at an alarming rate over the past few years. There are many reasons for this growth. Some of the main reasons for this growth include an increased robustness of web and mobile application security, and the introduction of chip cards by the credit card industry, thereby causing fraudsters to seek easier opportunities elsewhere. The telecom field is one such area, which has historically had much weaker security awareness and defenses.
The deregulation of the telecom industry coupled with the rise of voice-over-Internet-Protocol (VoIP) has caused the traditional telephony network to be exposed to technologies that it was not originally designed for. This includes the ability to spoof caller identifications (IDs), launch large-scale attacks through automated telephony applications, and to fake personal identities.
The traditional authentication method used by call center agents is one of knowledge-based-authentication (KBA), which relies on call center agents asking the caller to answer questions to which they alone would know the answers. However, the easy availability of personal information through Internet search engines, data breaches in government and corporate networks, and various social media websites, has given fraudsters the ability to gather a wide variety of data, thereby providing them with the ability to convince call center agents that they indeed are who they are pretending to be. Given that that their primary function is to assist customers, call center agents are particularly vulnerable to social engineering practices used by fraudsters. All of these factors have contributed to a steady and steep increase in call center fraud.
Many existing fraud detection systems use a fraudster database (also referred to as a fraud database) containing fraudster profiles. Whenever a new call is processed, a fraudster database is referenced to verify if a match can be found in the database for the current caller. The lookup may be based on a variety of approaches, such as, for example, a voice print or a phone print, or another biometric, but the overall approach has remained relatively constant in involving the lookup against a fraudster database. These approaches are typically based on three essential requirements being met, including: (1) a fraud must have taken place earlier for a fraudster profile to be created; (2) the incident that occurred should have been identified as fraud by a fraud specialist (or team); and (3) the incident should then be reported along with all relevant data to the fraud detection system, so that a fraudster profile can be created or updated in the fraudster database.
Disadvantages of the foregoing approaches are immediately obvious. For instance, the system can only detect fraud when: a new incident of fraud is perpetrated by a fraudster who is already present in the fraudster database; when the fraudster's actions were successfully identified in the past as fraud; and/or when a fraud incident was successfully submitted to the fraud detection system using a feedback loop or a fraud notification system. When any of the aforenoted requirements are not met, regardless of the sophistication of the technology employed to establish an identity of the caller so that a lookup can be done, the system is unable to meet the expected behavior.
The disclosure provides a novel system and method that overcome the disadvantages discussed above, and that meet an unfulfilled need for effectively and efficiently rating the fraud risk associated with an incoming call, including a fraudulent call made to a call center.