TRUSTID, the leading provider of pre-answer caller authentication, has outlined its top five fraud and customer authentication predictions for 2019 in a new brief.
Following is an overview of these predictions.
1. The social engineering aspect of cybercrime will become increasingly prevalent.
Organizations in every industry are suffering data breaches, including social media providers. The large amounts of personal information flooding the dark web as a result of these breaches are extremely useful for social engineering and account takeover attempts, particularly as fraudsters seek to impersonate customers via the phone channel.
2. Fraud efforts will continue to move to the phone channel.
Because security chips have made credit card fraud much more difficult, criminals are turning to account takeovers. And although account takeovers are usually identified in the online channel, most fraudsters actually start in the call center, where they use social engineering to manipulate agents and reset online account passwords. Call centers are vulnerable to these attacks because most rely on knowledge-based authentication (KBA) – using customers’ knowledge of personal information to verify their identity and grant access to accounts – even though this personal information can be easily purchased or gleaned from social media.
3. The window for accurate verification on financial transactions will continue to close.
As real-time payments become more widely adopted, there will no longer be a built-in lag in the payment process to provide extra time for fraud defenses and verification. Financial institutions will need to quickly adopt real-time authentication solutions across all channels to combat fraud.
4. Expect an increase in health care organization hacks.
The Journal of the American Medical Association recently reported that more than 175 million patient records have been exposed in more than 2,000 data breaches since 2010. A health care record can sell for more than a credit card number on the dark web, due to the much richer information, which can be used not only for financial fraud but also to illegally acquire medical supplies and services.
5. 2019 starts the final countdown for KBA: it will be gone in 5 years.
Business executives, security experts and customer contact center operators all recognize the weaknesses of KBA. At the 2018 Money 20/20 USA conference, Ellen Richey of Visa predicted that even passwords, a key KBA stalwart, will be fully eliminated in about five years. TRUSTID predicts that identity interrogation in the call center will meet the same fate by 2024. Smart businesses are moving rapidly to implement multi-factor authentication, for example, using voice-biometric and ownership-factor authentication solutions for the phone channel.
In this era of rampant data breaches and increasingly sophisticated social engineering attacks, implementing proactive security measures to identify legitimate callers faster and flag suspicious calls for further review is more important than ever. Organizations should be moving to replace KBA as quickly as possible. Deploying emerging technologies that automate caller authentication, either before the call is answered or alongside other customer identity tools during the call, creates a stronger, multilayered defense to help fight fraud in the phone channel.