Call center services are typically provided by service providers to enable clients to access, modify, delete or otherwise manage their accounts. For security purposes and to otherwise support accounts, call centers may store sensitive customer information, such as social security numbers, account numbers, account balances, email addresses, phone numbers, postal addresses and the like. Thus, call centers, and particularly the communications between call centers and customers, are frequently the targets of third parties who seek to access the sensitive customer information for identity theft and other malicious purposes.
To overcome this problem, customers may have to prove their identity to a call center, for example, by providing their sensitive information to the call center for validation purposes. Such practices are known in the industry, and consumers expect to provide such sensitive information to call centers. As such, an understanding has evolved between call centers and consumers whereby the consumer trusts that the call center is authorized to receive such information, and that the transmission of such information is secure.
A problem arises when third parties, understanding this dynamic, pose as call center agents and contact consumers, soliciting sensitive information as part of a fraudulent authentication process. For example, a malicious third party may contact a consumer, posing as a service provider representative, and describe an issue with their account that requires action; as a prelude to performing the action, the imposter may request sensitive information under the pretense of validating the consumer. Unfortunately, once the third party has obtained the sensitive information, the consumers accounts are at risk. It would be desirable to minimize the exposure of consumers to losses associated with such practices.