We hear a lot about cybercrime, rather less about voice fraud. But as Dr Nikolay Gaubitch explains to James Goulding, this is still a major problem and one that businesses must do more to address
Voice fraud may not have the high profile of cybercrime, but according to Dr Nikolay Gaubitch, Director of Research at Pindrop, it is a very real problem and one that criminals are exploiting to support their online activities.
“In the 10 years since Pindrop was started by CEO Dr. Vijay Balasubramaniyan, we’ve analysed over 2 billion phone calls and have detected around 1 million fraudulent calls, so somewhere between one in 700 and one in 1,000 calls received are fraudulent. In the retail sector, we have seen fraud rates as high as one in 100.”
According to recent research conducted by Forrester Consulting on behalf of Pindrop, the prevalence of fraudulent calls increased significantly during the COVID-19 pandemic, with 59% of call centres in EMEA reporting a rise in attacks and 61% of respondents complaining about the impact on their bottom line.
Gaubitch points out that despite high fraud rates, some call centre managers continue to underestimate the problem because the consequences are not always immediately apparent.
“There are fraudsters who specialise in very fine data. They get a list of data and all they do is call banks or retailers or insurance companies to confirm that the data is valid. Once data is confirmed, they may sell it on to somebody else. This is very difficult behaviour to catch because companies are not losing money.
“Banking and retail customers can assign concrete value to losses. But that is not the case with utility companies, for example. They are huge targets for fraudsters wanting to get names and addresses, particularly in the UK where utility bills are effectively a form of ID. Because there’s no real monetary loss linked to it, it can be very difficult to persuade them to take action.”
So what are some the activities fraudsters use this data for?
“In the banking world a typical example is where fraudsters get hold of some details – your account number, your name, your address – and then call up a bank pretending to be you. There was one fraudster we dubbed Postman Pat who was calling up banks, claiming that he had lost his debit card and requesting a replacement card to be sent to the home address on file. Because this fraudster had access to bank customers’ addresses, he was able to intercept the mail, which is relatively easy to do especially if the victim lives in a block of flats. This fraudster had details of many people’s accounts and was doing this in volume.”
Gaubitch adds that fraudsters also use phone calls to facilitate their online activities, the classic example being requests for new passwords that are then reset online to facilitate online fraud.
Pindrop offers a range of voice authentication and fraud prevention solutions to help banks, insurance companies, retailers and other customers to automate the identification of genuine customers and the prevention of fraud. These include Pindrop Protect (for fraudulent call detection), Pindrop Passport (for caller authentication) and VeriCall Technology (for Automatic Number Identification and spoof detection).
As Gaubitch explains, all Pindrop solutions are based on three technology pillars.
“One is obviously voice analysis and being able to match a known voice to somebody you’re talking to, which you can use to detect known fraudsters and/or to authenticate known callers.
“The second pillar is the patented technology of Pindrop, called phone printing, which analyses everything about a phone call, from background noise to artefacts in the audio that are introduced when it is compressed and transmitted across networks. We have about 1,300 features that we measure outside of the speech, which can tell you lots about where the audio is coming from.
“The third pillar is the behaviour of callers. For example, when you see the phone number of a caller who calls many, many times it could indicate that something is not quite right.
“These three pillars or engines produce a risk score for every phone call going into a call centre of between zero and 100, with a low score indicating low risk and a high score high risk. This helps call centre agents and fraud specialists to deal with phone call security in a completely new and different way.”
The benefits of technology
Gaubitch points out that the artificial intelligence and machine learning technologies underpinning Pindrop’s solutions deliver more comprehensive and faster authentication than traditional methods, such as verifying the number of an incoming call or asking knowledge-based authentication questions that have become increasingly complex and hard to remember.
“Contact centres in call centres have developed a lot over the last 20 years. Technology has been heavily used to optimise the operation of call centres, to minimise average handling times and so on, but it’s only now that the security aspect is being digitised and transformed significantly,” he says.
“Technology is very important here because no human being can deal with 10,000 calls coming in every day and be able, within a few seconds, to tell you whether it is a risky call or not or whether the caller is a known fraudster or not. Technology is able to do that.
“It’s important to note that this is not technology that will replace humans; it is really a tool to help human operators have greater confidence that they’re speaking to the right person.
“In that context, we believe: one, that technology should be non-intrusive – it should happen without interrupting the flow of the conversation between the caller and the agent; and two that it should happen in real time with respect to the conversation. We typically give our risk score within less than 30 seconds, and usually within 15 seconds, so the correct decisions can be made by the operators.”
How organisations respond to risk scores supplied by Pindrop varies from customer to customer, but at root they enable organisations to increase checks on calls with high scores either by passing them to a fraud team or by prompting an agent to ask the caller more security questions.
By the same token, they enable organisations to reduce checks for lowrisk calls, resulting in more efficient call handling (with an average reduction in call handling time of 45 seconds), higher self-service rates and a better customer experience.
A recent Total Economic Impact (TEI) Study commissioned from Forrester Consulting found that a mid-size customer using Pindrop technologies over a threeyear period can look forward to operational gains of 10% and a 15% reduction in fraud incidents and losses, resulting in an ROI of 171% and annual savings of as much as $5 million.
To date, Pindrop has focused on inbound call centres, offering a choice of on-premises and cloud-based solutions for authenticating callers and/or detecting fraudulent calls. This includes a new European-based cloud service to meet the needs of organisations, such as those in the financial sector, that for regulatory reasons require cloud services to be located in their region of operations.
In the future, Gaubitch expects the company’s technology to be used more in small to medium-sized call centres and in a much broader range of applications, including authentication of voice assistants like Alexa and other voiceenabled IoT devices.
“In the IoT market, with short utterances and short commands, you need to be able to tell who you’re speaking to within a much shorter amount of time – just a few seconds – which has really pushed technology to a new level,” he says.
For the company’s partners, including alliance partners, service providers and solution providers, Pindrop’s expansion into new, largely untapped markets bodes well, particularly at a time of significant frustration with traditional processes (see box) and greater focus on the customer experience.