Call center fraud has been growing at an alarming rate over the past few years. There are many reasons for this growth. Some of the main reasons for this growth include the increased robustness of web and mobile application security, and the introduction of chip cards by the credit card industry, thereby causing fraudsters to seek easier opportunities elsewhere. The telecom field is one such area, which has historically had much weaker security awareness and defenses.
The deregulation of the telecom industry coupled with the rise of voice-over-Internet-Protocol (VoIP) has caused the traditional telephony network to be exposed to technologies that it was not originally designed for. This includes the ability to spoof caller identifications (IDs), launch large-scale attacks through automated telephony applications, and to fake personal identities through various means.
The traditional authentication method used by call center agents is one of knowledge-based-authentication (KBA), which relies on call center agents asking the caller to answer questions to which they alone would know the answers. However, the easy availability of personal information through Internet search engines, data breaches in government and corporate networks, and various social media websites, has given fraudsters the ability to gather a wide variety of data, thereby providing them with the ability to convince call center agents that they indeed are who they are pretending to be. Call center agents being in the role of assisting their customers are particularly vulnerable to the social engineering practices used by fraudsters. All of these factors have contributed to a steady and steep increase in call center fraud.
Many existing fraud detection systems use a fraudster database (also referred to as a fraud database) containing fraudster profiles. Whenever a new call is processed, a fraudster database is referenced (or looked up) to verify if a match can be found in the database for the current caller. The lookup may be based on a variety of approaches, such as, for example, a voice print or a phone print, or another biometric, but the overall approach has remained relatively constant in involving the lookup against a fraudster database. The approach may be based on three essential requirements being met, including: (1) a fraud must have taken place earlier for a fraudster profile to be created; (2) the incident that occurred should have been identified as fraud by a fraud specialist (or team); and (3) the incident should then be reported along with all relevant data to the fraud detection system, so that a fraudster profile can be created or updated in the fraudster database.
Disadvantages of the foregoing approach are immediately obvious. For instance: the system can only detect fraud when a new incident of fraud is perpetrated by a fraudster who is already present in the fraudster database; the system can only detect fraud when fraudster's actions were successfully identified in the past as fraud; and/or the system can only detect fraud when a fraud incident was successfully submitted to the fraud detection system using a feedback loop or a fraud notification system. When any of the aforenoted requirements are not met, regardless of the sophistication of the technology employed to establish an identity of the caller so that a lookup can be done, the system is unable to meet the expected behavior.
Existing fraud detection systems completely disregard the life cycle aspects of a typical telephone call flow, in that different stages of the call flow may be associated with different types of fraud. For example, a system that uses a voice print would not be able to start the fraud detection process until such time as when the caller starts to speak. As such, no detection is possible during the time the call was received and answered by an interactive voice response (IVR), and during the caller's dual tone multi-frequency (DTMF) interaction with the IVR.
Existing fraud detection systems also are not flexible in addressing the collective requirements of a large group of different clients whose IVR applications and agent interaction call flows are very different. A voice print or phone print-based fraud detection system therefore is of little use to a client whose IVR application is being targeted by fraudsters using DTMF inputs.
A further shortcoming of existing fraud detection systems is the fact that different clients belonging to different industries have vastly different requirements for the desired accuracy of fraud detection. For instance, a financial services company such as a credit card company or a life insurance company has a much more stringent requirement for fraud detection accuracy than that of, for example, a restaurant table reservation service. As such, an unfulfilled need exists for a fraud detection system that is configurable differently in terms of technologies, costs, and accuracies, in a manner that is cost-wise optimal to the different clients.
A further shortcoming of existing fraud detection systems is in how they assume fraud manifests itself. For instance, a person may commit fraud without ever having been associated with fraud earlier and may be calling from a location that has remained the same for several previous calls. A voice print or other biometric solution may be of little or no use in such a case, as would a solution that relies on a phone print or other means to verify the geolocation of the caller. However, a speech analysis solution, as provided by the instant disclosure and described in greater detail below, can analyze the caller-agent discourse to detect incongruent speech patterns that may be useful in detecting that the fraudster may be employing social engineering tactics that are causing stress in the agent's voice. This example is described here merely to illustrate that fraud manifests itself in many different ways, which may be detected by the FDMS system (and method) of the instant disclosure, which may include one or more solutions, depending on the situation. The novel system (and method) disclosed herein may provide a multitude of technologies required to address the many manifestations of fraud, and the novel fraud detection system may adaptively trigger and effectuate the appropriate technologies based on the individual call flows and the fraud risk exposures of different applications, such as, for example, in different industries.
The disclosure provides a novel system and method that overcome the disadvantages discussed above, and that meet an unfulfilled need for accurately, effectively and efficiently detecting a fraudulent call, including a fraudulent call made to a call center.