This Is the New ‘Wild West’ of Retail Fraud

Retail call center fraud rates rise sharply, new study finds

Author: Andria Cheng

April 26, 2017

The rollout of EMV chip cards in recent years may have deterred criminals from making fraudulent in-store purchases, but it hasn’t stopped them dead in their tracks. They simply found a new target: call centers. 

Call center fraud rates have increased steadily every year since at least 2013 and more than doubled between 2015 and 2016, according to an annual call center fraud study by the research lab of Pindrop, which helps financial institutions and retailers battle call-center fraud. It counts among its investors Google Capital and Citi Ventures.

For retailers, so-called chargeback fraud is the most common: Criminals call a retailer, make a fraudulent purchase using someone else’s identity and credit card number, and have the product sent to another address. Loyalty cards also have surfaced as a major area of attack as criminals use them to cash out reward points, said David Dewey, director of research at Pindrop Labs, in an interview.

The report, which studied more than half a billion actual call center calls, mostly in the US, and most of them involving companies that receive an average of 40 million calls a year, found that the fraud rate surged to 1 in 937 calls in 2016, up from 1 in 2,000 in 2015, and 1 in 2,200 in 2014.

While every industry in the study is seeing increased fraudulent activity, the retail industry has an unusually high incidence rate: last year, one in nearly 500 retail call center calls was fraudulent, up from one in 1,000 in 2014. In comparison: credit card issuers’ call center fraud rate in 2016 was one in 832 calls; for banks, one in 867; insurance companies, one in 4,700.

Against the backdrop of EMV card rollouts, improved online payment security and retailers’ traditionally less sophisticated call-center security measures against their financial industry counterparts, fraud rings have now moved to exploit retailers’ call centers, the study found.

The call center has become the weakest link from a security perspective

“The call center has become the weakest link from a security perspective,” said Dewey. “This is catching retailers by surprise. At the call center, your No. 1 priority is giving good customer service and resolving problems quickly."

Call center staffers, he said, are focused on customer service, not on detecting and preventing fraud.

“It’s a wild west out there,” he said.

To be sure, the rollout of EMV cards also looks to have sent more criminals online from stores. A recent Experian study showed that online fraud rose 33% last year, thanks to the switch to EMV cards. The online fraud rate, however, remained relatively low despite the increase, at 0.2%.

A study published last year by financial industry research and advisory firm Aite Group also highlighted the increased risk of call center fraud. It found that organized fraud rings are targeting call centers more than ever before as criminals use data they acquired from data breaches and social websites to impersonate consumers. Aite said the increase also is due to the use of EMV cards that’s “disrupting” the use of counterfeit cards.

The Aite report said that call centers are often “the soft underbelly” of many banks because fraud-fighting technology investments have primarily been directed online in recent years. In a survey of 25 executives at major US financial industry firms, over three-fourths said that their call center fraud losses are trending upward.

In general, criminals on average make calls five times to attempt changes on an account’s address or email address or nail answers to security questions before they “accomplish the attack,” according to the Pindrop study.

Fraudsters “will split different activities” to avoid drawing attention, Dewey said. “These call centers are used to having to walk people through the answers to the questions. They don’t make the correlation” that there may be fraud.

Criminals are also getting more sophisticated in hiding their identity. Whereas in the past they wouldn’t hide where they are calling from, now they take more care to hide their location and use measures including buying prepaid phone cards, using Skype or Google Voice to make calls, or taking over someone’s home VoIP system so it looks like the call originates from a customer’s home. “The creativity that they use to hide themselves has skyrocketed,’” Dewey said.

Some 83% of fraud calls in the US originate overseas, Dewey said.