People who take part in State and Local Government Programs are prime targets for fraudsters waiting anxiously to grab-n-go their valuable information and funds. Crooks from around the world use a range of tactics to acquire personal information so they can take over a constituent’s account to steal benefits or payments.
At Contact Solutions, we’ve seen how clever fraudsters have tried to be in the interactive voice response (IVR) , a gateway used by many government programs to provide automated self-service and a path to live agent support. Without proper protocols in place identities, data, and funds disappear in the blink of an eye.
Here’s how fraudsters try to beat the system:
- They obtain a constituent’s personal information from health records, data posted on social media, or old fashioned mail theft.
- Pretending to be a government program representative, they may contact the constituent to “validate account information.” The person is persuaded to reveal confidential information that can be used to unlock their accounts and steal funds.
- The fraudsters call the government program’s contact center and attempt to take over the constituent’s account based on this identity information. Many interactions take place via the IVR, while others involve speaking with an agent.
Multiple tactics demand multi-layer protection
Fraudsters are not only diverse—ranging from individuals to international gangs—but also use many different tactics to steal constituents’ information, benefits and funds. These people are smart, creative and incredibly persistent. They will eventually find a way to defeat any single defense against identity theft.
That’s why State and Local Government Agencies and Programs need a multi-layer, adaptive approach to identify and stop fraudsters before they can take over constituent accounts via the IVR or by fooling a contact center agent. Such a solution should target three aspects of fraud we’ve found highly successful in reducing fraud previously passed through undetected:
- Phone number reputation: This layer of the solution automated in the IVR compiles a database of phone numbers used by callers to the IVR, including geographic locations, network providers, phone types and any fraud activity history. It assigns a reputation score that can be used to flag suspect numbers. The solution also targets call spoofing, voice distortion and other tactics used to trick the system. For example, VoIP calls can indicate a suspect call. Only 1 percent of legitimate callers use VoIP, as opposed to nearly half of fraudulent callers. And while 10 percent of legitimate calls are international, about 40 percent of fraud calls come from another country.
- Behavior patterns: Based on huge volumes of behavioral data generated by the IVR, this layer uses data mining, algorithms, and other tools to identify, prevent, and/or control unusual caller behavior in real time. This approach helps detect and deter fraud activity before a transaction can occur. On average, a fraud attack comprises five IVR calls – the majority for surveillance, data gathering and probing – before the account is breached. This suspicious behavior can be detected and dealt with using the technology described above and below.
- Knowledge-based authentication (KBA): The third layer is constituent authentication based on a dynamic set of automated questions derived from public sources. Instead of having a contact center agent read a questionnaire to the caller – a time-consuming and expensive process – KBA is integrated into the IVR workflow using automated questions with multiple-choice answers. If the caller passes the test, he or she advances to the next step. KBA stops fraudsters before they reach a live representative, helping to avoid the use of verbal coaching or persuasion that can result in a successful attack.
Thousands of fraud calls
A typical medium-sized government contact center can receive three dozen fraudulent calls per day, adding up to a thousand each month. Fraud not only hurts vulnerable constituents by depriving them of much-needed funds and benefits, it also impacts the program or agency’s reputation and can quickly add up to millions in losses.
Reality in numbers
Unfortunately, fraud hits home for each of us individually across our lives. We’ve seen it with Target, Home Depot, and other major brands where we shop, and we are highly sensitive to it in the programs we provide to the constituents we serve.
Sample case study
Fraud detection for one large government card program uncovered previously undetected fraudulent activity and demonstrated the ability to detect fraud before account takeover occurred, with the following results:
- $3 million savings per year based on deposit accounts attacked
- 34% detection of new fraud
- 85% of account takeover fraud scam successfully detected and saved
- 25% counterfeit fraud scam successfully detected and saved