Call Center Fraud | Intellicheck Podcast
Author
RESOURCE Info
Mentioned in this article
Author
RESOURCE Info
Mentioned in this article
This week’s topic is Call Centers. With us this week is Bryan Lewis, CEO of Intellicheck.
For more information on fraud in call centers, read Verification Methods: How Call Centers Can Stop Fraud.
For newcomers, this is the show where we delve into the news and issues around identity verification, identity fraud, and the tools needed to combat it. For more information, see https://intellicheck.com
Transcript
Bill Roth: Hello, and welcome everybody to episode five of the Intellicheck podcast. I'm your host, Bill Roth. This is the show where we delve into the news and issues around identity verification, identity fraud, and the tools needed to combat it. This week's topic is call centers and how they are at the center of fraud in this country.
With us is Intellicheck CEO Bryan Lewis, a noted expert on the topic. Welcome, Bryan.
Bryan Lewis: Thanks for having me here.
Bill Roth: So there's a brand new article on the Intellicheck website about call centers and them being at the center of this. What makes call centers a hub for fraud?
Bryan Lewis: Well, I think they're an easy vector for the bad guys to come in because, I can call up the call center. It's hard to make sure that it's me, but I can do things that will lead to account takeover.
You can change your address where things are sent. I can potentially change passwords. There's a lot of things that would allow me, as a bad actor, to assume your identity.
Bill Roth: And I guess someone in the article it mentions that 61% of fraud is traceable to a call center. That's a huge number.
Bryan Lewis: Yeah. Because again, usually sort of the first step. Right. So if you think about it, oh, I lost my debit card, I need a new one, but I moved right now, we're getting it sent somewhere else, or even if they just say, I lost it and I want a new one and they're porch pirates. They're going to be watching your mailbox and come in and steal it, and then they can call in and activate it. So, making sure in a call center that they know who they're dealing with on the other side of the call is very important.
And it's not just like sort of financial fraud, right?
One of the things that people, you know, kind of miss is the fact that I've got a lot of points with a couple of airlines, right? I call the call center, and I want to cash those points in, right?.
Bryan Lewis: So loyalty program fraud in call centers is huge. So it's not just that I'm calling up to pretend to be you to steal your bank account.
I could be using, pretending to be you, to take every one of those points that you earned flying a bajillion miles for work.
Bill Roth: Fascinating. Yeah. And those points have real dollar value because you can get stuff for them. So that makes sense.
Bryan Lewis: Yes.
Bill Roth: You mentioned account takeovers. I also think data breaches, that call centers are often at the center of data breaches.
Bryan Lewis: Well, because that's almost like internal. And I think that's a very important thing to think about. People will call up an internal help desk and say, Hey, I'm Bryan, I forgot my password, I need to reset it.
Now you've got access to internal systems. So identity access management within companies is really important because if you think about most of the breaches have not been because somebody forcibly hacked their way in. It's because they pretended to be somebody else. You got into the system.
So, making sure no matter what, whether it's internal or external, that I know with certainty who I'm dealing with is really important.
Bill Roth: So one of the things the article calls out, which again, as we talked about in a previous episode on just how easy it is to steal an identity, is that your basic kind of knowledge-based authentication, like asking for an address, is not really all that good at all. Right?
Bryan Lewis: No, if you think about it, there's so many websites where I can go into and find out, type in a name and an address.
Bryan Lewis: Where else have I lived? Who am I related to?
Bryan Lewis: Every address I have. And if you think about even some of the challenge questions that will be posed to you, where have you lived, what cars have you had? You know, those types of things, that's so much in the public domain, let alone what has been breached.
So, just doing KBA knowledge-based authentication, you're going to get hurt because there's too much of that information out there. Again, both through public information as well as breaches. I look at last year, I think I was in nine data breaches. There is not a shred of anything that somebody doesn't know about me. Even to the point that I was in the United Healthcare breach. So guess what? They know what medications I take. So if you're going to ask, hey Bryan, do you take this for this?
Yeah, it's out there, it's known. So you've got to do more.
Bill Roth: So yeah, essentially all those KBA-based questions, the answer is just Google it, and someone can figure it out with enough.
Yeah. So let's talk about Intellicheck. How do they, how do they help counter the problem, call center fraud?
Bryan Lewis: So I think the really unique thing about North America compared to the rest of the world is that we have DMV-issued documents that have a barcode.
And that barcode is unique to every state, every province, and every territory. And they all have unique hidden security features that you cannot get through AI, machine learning, or anything. And that is our forte. We work with the DMVs, and we help them figure out their barcodes. That means we've got the information about that barcode.
Bill Roth: Right.
Bryan Lewis: And again, I'm going to point out that people think scanning means it's real, but scanning does not mean it's real. This giant stack of fake IDs that I have here, every single one of them scans, does not mean it contains for that jurisdiction, that state, territory, or province. Doesn't mean it has their hidden security features. We can tell you that with near certainty to help you figure out should I continue the transaction with this person, whether it is I'm calling up to change my password on my email account, my social media account, or my bank account.
Bill Roth: Yeah. When even you think about it, if you're trying to do an account, not a takeover, but let's say you lose your password, what are you doing? You're really just taking a picture of your driver's license, which really isn't all that effective.
Bryan Lewis: No. The easiest thing for AI and machine learning to do is to copy the format of the driver's license. So the photo is going to look absolutely real. You know, and the thing I tell everybody, kind of scares a lot of folks, is everybody thinks that real ID means it's really secure. No.
Within 30 days of a state coming out with a real ID, that ID is available for sale on the web.
Bill Roth: Yeah, that's a really terrifying, terrifying statistic.
Well, that's all the time we have today. My guest today on the Intellicheck podcast has been Intellicheck CEO Bryan Lewis. And we've been discussing call centers and their relationship to the epidemic of fraud in this country. Thanks, Bryan.
Bryan Lewis: Thank you.
Bill Roth: Be sure to check out the show notes in the description, and we'll have a list of all of the articles and data mentioned in this episode. Thank you for listening to the Intellicheck podcast. See you next time. And by all means, folks, stay safe out there.
