Recognizing Social Engineering: How to Build “Guardians of the Enterprise”

Author: NICSA

One out of every 2,500 calls into financial call centers is a fraud call.1This staggering statistic is part of a growing and evolving trend in the asset management industry. Fraudsters are on the rise, and their methods of exploitation are becoming increasingly sophisticated.

“I cannot think of another topic that has captivated our collective industry with such force and pervasiveness as fraud,” Craig Hollis, Head of Compliance, DST Systems, Inc., said to NICSA members on a recent #WebinarWednesday.

Hollis moderated the Aug.2 9 discussion, “Social Engineering Recognition and Response”, which focused on how to prevent the industry’s contact centers from being the weakest links in fraud prevention. NICSA members can replay an archived version of the webinars here.

State and federal oversight is on the rise, with FINRA recently ruling that reasonable efforts must be taken to obtain contact information for a trusted person for shareowners opening new accounts, and both FINRA and the SEC ruling that firms and transfer agents may delay disbursements in certain circumstances when fraud is suspected.  These actions, Hollis said, “are indicative of a larger industry trend which is expected to evolve and grow for some time.”

“It’s getting more complicated, more dangerous, and more prevalent,” said Bethany Hendricks, Vice President – US Transfer Agent, Franklin Templeton Investments. “If someone has a piece of information, whether it’s a family member or complete stranger, the contact center is an opportunity for them to lead with the information they know and then gather additional information that allows them to complete the fraud.”

Mark Trenchard, Director of Operational Compliance at PutnamInvestments said that digitization has also presented increased risk. “The deployment of new technologies, enabling shareholders to initiate transactions directly, whether it be through a voice response system or through the web, has opened the door to greater opportunity for bad actors… When firms are developing and deploying these customer service enhancements, often the controls seem to lag,” Trenchard said.

Training is Key to Combating Social Engineering

Social engineering can be described as a combination of social, psychological and information gathering techniques that are used to manipulate people for nefarious purposes. Social engineering manipulates the natural human tendency to be helpful. A key issue in the fight against this type of fraud is the inherent conflict between training your call center reps to provide premier quality service, while being skeptical and inquisitive.

Training is key. Putnam, said Trenchard, employs an identity theft prevention program that is a very active part of call center training. “Recognizing that call center reps are the first line of defense, it’s important for them to know what to listen for, and when to escalate, so that we can get out in front of things before we subject the shareholder’s assets to unauthorized processing.”

According to Hendricks, there is an opportunity for the contact center to be part of the solution through rigorous training and ongoing communication. Franklin Templeton’s process, said Hendricks, involves new employee training as well as an ongoing process where information about fraud trends is shared in real time. “It’s not just a one and done effort.”

Technology Solutions

Brett Beranek, General Manager of the Security Business for Nuance, a market leader in multi-modal biometric authentication,explained how technology applications are increasingly becoming effective in combating the fraud epidemic.

“Technology can facilitate the prevention process significantly and provide an amazing tool to financial organizations. Biometrics is a technology that this industry has not yet fully explored, compared to others, and the timing may now be optimal,” Baranek said.

Biometrics is any technology that allows the unique identification of a human being. The technology can involve the measurements of a physical being (body or voice) as well as the measurement of human behavior. “As it relates to financial call centers, the ability to identify a human being – whether it be a shareholder, or a known fraudster – by the sound of their voice is a very powerful too,” said Baranek.

We’re All in This Together

The main theme emerging from #WebinarWednesday was that investor fraud should be viewed as an industry issue, not just from a single-firm perspective. Communicating about effective solutions among peers and industry participants will help everyone succeed.

With that ideal in mind, Bethany Hendricks shared Franklin Templeton’s best practices as they related to call center training: 1. Train for a balance of friendly service with skepticism; 2. Provide an avenue for escalation; 3. Teach agents to not “give away the keys” to the authentication process; 4. Share live examples of fraud trends; and 5. Recognize favorite patterns of steps taken over time by fraudsters.

Like our panelists, we at NICSA hope that the sharing of best practices and evolving technologies aimed at combating this issue sparks constructive dialogue and furthers the ability to fight fraud across the industry.

SOURCES

  1. Nuance. Retrieved from Javelin Strategy & Research 2014, Bank info security Aite Group, Agari report, Forbes and Industry Interviews.

Note: Although the observations contained in this work represent the best thoughts of the individuals comprising the NICSA webinar panel, they do not necessarily reflect the views of NICSA or any of its member organizations. Matters addressed in this work may touch upon legal or regulatory matters, however nothing herein is intended to be or should be construed as legal advice. You should contact your own counsel in order to obtain legal advice regarding these or any other matters.



Leave a Reply

NICSA: 8400 Westpark Drive, 2nd Floor McLean, VA 22102 • Tel: 508.485.1500 • Fax: 508.485.1560