For financial institutions, managing bank fraud and identify theft is a 24/7 challenge. The American Banker recently highlighted the growing problem of telephone fraud at bank call centers – employees being conned into giving up critical customer information to criminals or changing account passwords. Although the article focuses on call centers, the risk is also high in bank branches, where managing this risk depends heavily on employees eager to provide efficient and accommodating customer service.
What is the threat and why is it growing?
Stronger customer authentication security in mobile and internet channels has driven criminals to exploit what is perhaps now the weakest link in banks’ efforts to protect customer’s personal information – eager-to-please customer service representatives at branches and call centers.
The article cites estimates that at least one in every 700 calls placed to a regional bank are fraudulent, and that 30% to 80% of all bank fraud now has a phone component. First, fraudsters might search the web for information about accountholders and start building a profile of a customer. Then they will call the bank several times asking for information about an account, and gradually amass enough information about a customer to take over the account, go online, and complete a wire transfer.
How can banks take a tougher stance on bank fraud and identity theft without turning away legitimate, valued customers?
- Train – Person to Person Quality recommends that banks conduct training sessions with all personnel that handle telephone inquiries from customers, including all branch-level employees and call center representatives, to alert them of this growing threat, review authentication procedures, and help them look for signs of foul play.
- Be Vigilant – Whenever someone calls asking for information about a customer’s account, first attempt to authenticate the customer using the following basic pieces of information: 1) The first and last name of the accountholder; 2) social security number and/or account number; 3) mailing address; and 4) date of birth. Make sure that the caller is able to provide all of the above information with 100% accuracy, including every letter and every digit. If there is any doubt whatsoever, ask for additional information, such as the date of their last deposit, the amount of a monthly loan payment, or the name of the branch where they opened their account.
- Test for Compliance – Place test calls to all branches and call centers on a regular basis, posing as actual bank customers, to make sure employees are consistently following authentication procedures. Track and analyze results.
- Enhance Audit and Training Programs – Use these results as input for your broader consumer privacy audit program and to enhance ongoing training.
This article was written by Marc Ciagne. For more information about about the Person to Person Quality division of ADI Consulting, contact Mike Mitchell, President, at 703-535-3983 or firstname.lastname@example.org.