Securing your app and driving down call center fraud

In this Help Net Security podcast, Angie White, Product Marketing Manager at iovation, talks about how optimizing the customer journey through your mobile app can help you optimize your call center.

driving down call center fraud

Here’s a transcript of the podcast for your convenience.

Hi, this is Angie White, Product Marketing Manager for Iovation, a TransUnion company. In this Help Net Security podcast, I’m going to discuss how optimizing the customer journey through your mobile app can help you optimize your call center.

There are a lot of activities that don’t add value to the customer experience that wind up in the call center, things such as credential resets, customer complaints, transaction disputes. These are all things that you can help automate through your application, ultimately driving down the volume, average call times, and cost in your call center.

Specifically, I’m going to dive into two categories of use cases. The first being functions that you can automate through your app to completely avoid the call center. The second being functions that you can streamline to reduce call times.

First, I’d like to take a look at why apps are taken on an increased importance in managing the customer life cycle. It really quite simply is that mobile phones are now the predominant way that consumers are accessing the web and interacting with businesses. BrightEdge found in 2017 that 57% of all US traffic now comes from smartphones and tablets.

This made me curious so I went and look at our own data and for the past 12 months, mustered up to see how we compared for mobile versus desktop. For the sake of scope, I’ll let you know that we processed over 9 billion transactions in that 12-month period. That was across all industries: financial, insurance, gaming, travel and leisure, and on a global scale.

Looking at all 9 billion transactions across all industries, we saw that 56% of those came from mobile versus 44% from desktop. A very close match with BrightEdge who put the rest at 57%. I then looked at data to see by industry if there were any differences. For ecommerce, we saw that 65% of transactions came through mobile and 35% from desktop. When we looked at financial services, we saw that mobile transactions stepped to 52% for mobile and 48% from desktop.

What is all this have to do with securing your app and driving down call center fraud? Firstly, businesses really need to go where their customers are, on their mobile device. This really provides a powerful opportunity to streamline customer interactions by using those mobile channels. Secondly, I think there’s a real opportunity for businesses to expand that mobile footprint by building bidirectional trust. And what do I mean by bidirectional trust? This is really about assurance.

Building assurance for your business, that you’re not doing business with fraudsters, that you can trust that the transactions coming through are good transactions from a good customer. And then on the customer side, them being able to trust that their data will be protected and that they can securely do business with you.

How do we get to this point of bidirectional trust? Obviously, I’m a little biased, but I think one of the ways that you can really do this one is through having a robust fraud protection in place, but two, also deploying mobile multi factor authentication.

Mobile multi factor authentication, as the name implies, you can integrate that directly into your own native app. Then it uses two or more factors of knowledge, something you know, such as password of PIN. Possession – this could be the device itself, it could be using Bluetooth proximity for devices such as an Apple Watch or Fitbit. Inherent – something you are, biometrics, fingerprint scan, facial scan. And this provides a lot of convenience for customers. They’re already on their mobile devices so much and now they can use the mobile device to authenticate directly within your app. It can also be used to authenticate through other channels both offline and online. You could use that to authenticate with your call center. It provides this optimized customer experience that customers like.

Back to call center avoidance. How does this help you overall with your, one, building bidirectional trust and two, optimizing your call center? There’s a number of functions that you can automate to avoid the call center altogether. One good example is moving from alerts to authorizations. I’ll give you the example of a credit card company. You might have received a notification in the past when there was a suspicious transaction, maybe it was a transaction that was coming from a foreign country. But a lot of times those alerts come through email or maybe a text message, but the onus is put on the customer to then either reach out to the call center or to take some action on their own to fix the problem.

driving down call center fraud

With automated authorizations build right in with mobile MFA, you could instead push out an authorization request, allowing the consumer to say “yes, this was me trying to make this transaction in Kazakhstan, please let it go through” or “no, that was not me making that transaction in Kazakhstan, please stop it”. You’re avoiding that interaction altogether of the consumer then having to take an action and reach out to the call center to get an issue resolved.

Couple of benefits to that: one, you completely avoid them having to go through the call center, and two, you’re building that bidirectional trust we talked about earlier, where consumers now see that you’re monitoring their account, you’re proactively protecting their account.

Another place where we see this is an area where you can automate an avoid the call center completely is with password resets. Now with traditional authentication systems, consumers have to remember really complicated passwords, 8 to 10 characters, a special character, a number, an upper case. Instead of that, you make authentication easier for them by using biometrics or Bluetooth proximity. By using some of those more passive modes of authentication that actually provide a higher level of security, you’re also decreasing customer friction and decreasing overall volume to your call center.

Another common use case is account changes. This is a common threat factor that we see for account takeover. Fraudsters are finding that, with some of the online checks added by businesses, it’s harder to infiltrate accounts, so they go to the call center hoping to bypass your controls. With this you can push out an authentication request directly to the user’s device. They can either quickly authenticate that “yes, this is me” or they could deny the transaction saying, “no, I did not request that my ship to address be changed”.

That also leads me to fraud in general. We’d looked at a recent Pindrop study and they found that one in 937 calls was fraudulent. This was 113% increase over the year before, where they were seeing 1 in 2000 calls. That really matches up with what we’ve been hearing from our customers, that they’re seeing the shift in fraud from online to the call center. Fraudsters are really looking for that weak link in the chain and trying to exploit it. With mobile multi-factor authentication, you can avoid that altogether. You simply send an authentication request directly to the user’s device. Once they authenticate, you can proceed with the call.

One of the other use cases that I wanted to talk through real quick was multiparty authorization. This is something that’s very useful for commercial accounts. We’ve actually heard from some of our customers that they see that fraudsters will call in to the call center or try to go online, and they’ll take over a commercial account because they can do more damage there. Say if you have a telecom provider they could go on for, add a commercial account and then order 100 new phones at once, or with an ecommerce site, they could do something similar where they takeover a commercial account, add a ship to address and order 100 laptops at one time.

It’s really important to be able to shut down those types of fraud because it can do a lot of damage quickly. With commercial accounts there’s an option for multi-party authorization. This sends an automated authorization request to two of three of approvers. You could send that out to all three. Once you get two authorizations, you could proceed with the transaction. You could set that up for whatever threshold you want: for adding a ship to address, to authorize transactions over $1,000.

We feel like we fill a really great solution here and think it could be really beneficial to a number of businesses, especially in increasing assurance within your mobile application, driving down fraud, and building that bidirectional trust that we talked about. If you’d like to learn more about our solutions, you can visit our website at Thank you for your time.

Don't miss