Voice is still the preferred channel for customer service, with 68% of consumers saying they’ve contacted a live agent via phone in the past 12 months for a customer service or support interaction, shows “The State of Customer Experience” report from Genesys. And this means the voice channel is an increasingly attractive pathway for cybercriminals and fraudsters.

This article was written by Vicki Sidor, VP, Sales and Channel at Mutare, Inc., a Genesys AppFoundry Partner.

Voice is still the preferred channel for customer service, with 68% of consumers saying they’ve contacted a live agent via phone in the past 12 months for a customer service or support interaction, shows “The State of Customer Experience” report from Genesys. And this means the voice channel is an increasingly attractive pathway for cybercriminals and fraudsters.

According to TechRepublic, cybercrime is a $1.5 trillion annual market — with individual criminals making between $45,000 to $2.5 million a year selling stolen data. Protecting your customers and your employees from nefarious inbound calls is imperative to maintaining customer trust — and to your bottom line. In this blog, we’ll examine the voice channel as a threat vector in the contact center. We’ll also look at how preventing nuisance and nefarious inbound calls will not only protect your organization from cybercriminals, but it can also help improve contact center KPIs and enhance the overall customer journey.

Understanding Contact Center Vulnerability

The voice channel is an enticing target for contact center fraudsters. It’s staffed by agents who are dedicated to delivering a seamless end-to-end experience that meets the needs of every customer caller while meeting the organization’s performance expectations. Voice conversation has the power to resolve issues quickly – but is also a potent tool for manipulation. Bad actors know this and are using it to their advantage.

In addition, by exploiting the contact center’s toll-free number, bad actors behind spoofed IDs can easily and freely initiate countless fraud attempts with little risk of being caught. And financial services firms and healthcare companies are at an even higher risk because customers and patients often are sharing very sensitive personal data.

And that data is making criminals money. Social security numbers and personally identifiable information like birthdates can earn cybercriminals up to $62 per record on the dark web, shows cybersecurity company IdentityIQ.

Identifying Voice Security Threats

All unwanted calls are detrimental to your contact center. They affect your KPIs and metrics, degrade the customer experience and diminish your organization’s security posture.

For simplicity, we break down unwanted calls into two segments:

Nuisance

Forms: Robocalls, dead-air calls, spam calls, spoof calls

Impacts: Reduced productivity, reduced customer service

Nefarious

Forms: Toll fraud, vishing, social engineering, direct nefarious, spam storms

Impacts: Data theft/breach, financial scams, lost credentials, personal information

Let’s dig a little deeper into the four most common nefarious threats — and how they affect the contact center.

  1. Spam storms

A spam storm is a sudden influx of robocalls coming into an organization. These events are mostly generated by scammers and, if hitting a contact center’s IVR, have multiple impacts, including overwhelming the network, undermining response times for legitimate callers and skewing KPI data.

  1. Dead-air calls

These are robocalls with a recorded message that’s triggered when first hitting the IVR. Depending on the organization’s policies, calls that fail to pass through the IVR might still get routed to a dedicated resource for further vetting. In those cases, the agent is greeted by “dead air,” but must still waste precious time (and resources) confirming that there is, indeed, no person on the other end.

  1. Toll fraud

Toll fraud is a kick-back scheme perpetrated by a threat agent in partnership with a rogue carrier. High-value toll-free numbers, such as those used by contact centers, are often the target. Calls to those numbers are free to the caller, while the organization using the number pays a per-minute, per-call fee to the number provider. That provider, in turn, distributes a portion of that fee to every carrier in the call path.

The criminal’s goal, then, is to simply keep the call “alive” for as long as possible to generate the most revenue. They often use automated keypad inputs to keep the call circulating in the IVR. While these calls may never reach an agent, they still waste resources and degrade network performance.

  1. Vishing

Contact centers are an increasingly popular target for direct calls from cybercriminals posing as customers or other trusted sources. In this form of attack, known as “voice phishing” or “vishing,” the threat agent is highly skilled at impersonation and social engineering. And they’ll use those skills to extract sensitive information from an agent that can then be used to access accounts or internal systems and data.

With vishing incidents seeing a 550% increase in the past year alone, it’s no surprise that 69% of companies admit that they, too, have already been targeted.

Hardening Your Contact Center Defenses

Contact centers need measures in place to protect their customers, agents and the organization from growing threats. Smart routing, agent training and caller authentication practices have clear roles to play. Protecting the integrity of the voice channel itself requires technology-based defenses at all points in the threat intrusion process. A critical step in protecting customer data is to adopt a cloud contact center platform that meets and exceeds modern security standards with external penetration testing, attack defense automation, and TLS and AES-256 encryption.

In addition, contact centers should look to integrate third-party applications that have been fully vetted for value, interoperability and security using a rigorous testing and validation process. Trusted integrations from the Genesys AppFoundry® Marketplace give companies the confidence that the new system capabilities they’re adding are safe.

Protecting Your Call Flow

As contact centers face the growing security threats that target the voice channel, their front line of defense should include unwanted call detection and diversion at the point of entry — before those calls enter the agent call flow. Advanced applications can tap into the digital call data and apply sophisticated analytics and database integrations to identify and deflect those that fit a clear profile of both nuisance calls and nefarious calls.

By elevating the integrity of the traffic that flows through to contact center agents, these applications optimize the value and performance of the secure Genesys Cloud™ platform while offering added protection to agents and organizations.

Learn how the Mutare Voice Traffic Filter further protects contact center agents and customers from the negative effects of unwanted voice traffic. To sign up for a free 30-day trial of the Mutare Contact Center as a Service solution, visit the Mutare listing in the Genesys AppFoundry.