COVID-19 brought numerous unexpected changes to consumer behavior that, ultimately, have had a ripple effect throughout every organization. Millions of Americans, many for the first time, were forced to rely on digital services as in-person transactions became unavailable.
Ninety-three million Americans signed up for online services that were once carried out in person, and 75% expect to continue using those services after the pandemic. Both distracted consumers and those with less online experience, such as senior citizens, moving to online and mobile commerce have provided an open door to fraudsters, and they’re wasting no time in seizing the opportunity.
Understanding the Shifts in Consumer Behavior
Simply put, consumer behavior has been drastically impacted by COVID-19. To help businesses understand exactly how consumer behavior is changing and its impact on contact centers, IDology released new research comparing data among a representative sample of online American adults collected in March 2020 and July 2020. The research confirmed that in the wake of COVID-19:
- Consumer concern over fraud is growing. Due to the pandemic, 87 million Americans are more concerned about identity fraud and 49% expect fraud to increase. It’s easy to see why. In a separate pre-COVID-19 research report from IDology, one in four businesses saw fraud attempts increase in their call centers, which often are a vulnerable, enticing access point for fraudsters. At the same time, due to the coronavirus, many agents continue to work remotely, with such decentralization further increasing exposure.
- Mobile phones are more frequently used to reach contact centers—and more vulnerable. Forty-nine percent of Americans are more frequently using their mobile devices to interact with service providers. To this end, among consumers surveyed who contacted a call center, 85% who did so used a mobile phone. This means tech newbies who have questions about their accounts are more likely to use a mobile device to reach the contact center.
- The threat of social engineering is growing. Naturally, contact center agents want to help people and human interaction makes it especially enticing for fraudsters who are highly skilled in conning agents into sharing information. In a post-pandemic world, the risks are higher as social engineering becomes more accessible and is often augmented and facilitated by spoofing technologies. Earlier IDology data shows that social engineering is the most prevalent form of fraud in the call center, followed by Automatic Number Identification (ANI) deception via spoofing and Voice over Internet Protocol (VoIP).
The Good News
Shifting consumer behavior doesn’t only equate to increased risk for fraud. We also learned that consumers are more aware of the importance of identity verification and escalation to additional methods of fraud prevention. To that end, they’re becoming conditioned to using one-time mobile passcode verification and scanning identity documents, such as a driver’s license, with their smartphones during the verification process. Consider this:
- Forty-two percent of consumers have been required to provide further proof of identity, such as answering personal questions or scanning and submitting identification documents from their mobile phones, while signing up for a new online account or using an existing online account. Two-thirds say this extra step made them more trusting of the company.
- Eighty-six percent have used one-time passcodes or links to verify their identities in the last 12 months. Seventy-one percent say dual-factor authentication makes them feel more confident that a company is protecting their personal identity information.
The Road Ahead
Armed with an understanding of shifting consumer preferences and behavior, what can contact centers do to drive consumer engagement and prevent fraud in a post-COVID environment?
- Utilize a layered identity verification solution. Multiple, automated layers of verification techniques can be applied before a call is routed to the call center or put in the hands of a customer service representative. If a call appears to be questionable, call centers should have options for escalating to another form of verification. A smart and dynamic layered identity verification solution before or after the Interactive Voice Response (IVR) phase can reduce friction by incorporating upfront call verification with varied escalation methods depending on the level of risk.
- Verify numbers before callers get to agents. With more consumers calling from mobile devices, it’s important to understand the associated vulnerabilities and opportunities. Mobile change events, which include porting a number or changing carriers, make it easier for fraudsters to compromise consumer data and more challenging for businesses to identify and authenticate digital device identities.
Exposure to fraudulent, spoofed calls can be avoided with an identity verification solution that leverages access to real-time mobile carrier data to authenticate customers and their devices behind the scenes and verify that the phone number on an IVR is in session while it is communicating with the contact center. This lessens the time agents typically devote to customer authentication, gives them more time to focus on servicing legitimate customers and reduces the risk of social engineering attacks.
When a caller needs to be escalated, it’s important to consider best practices for using authentication methods effectively. Let’s take a closer look at the mostly commonly used methods: One-Time Passcodes (OTP) and secure links, Mobile ID Scan and Knowledge-Based Authentication (KBA).
One-Time Passcodes and Secure Links
An OTP, which is valid for only one login session or transaction, is typically sent via SMS to a mobile phone and frequently used as part of two-factor authentication (2FA). This gives contact center agents the added confidence that a consumer is who he or she claims to be by sending a numerical code to that person’s device before allowing them to access an account or complete a transaction. However, the basic passcode is increasingly at risk of being intercepted. In an earlier IDology report, one in five businesses reported SMS interception as the type of mobile-based fraud technique most prevalent within their industry.
A more effective method is to replace OTPs with a one-time secure link, which is more convenient for consumers and safer for businesses. With a provider that has access to real-time mobile carrier data, the link will automate the work of passwords, verify a customer’s mobile device and neutralize the threat of SMS interception with a tap on the link. Transactions are secure and customers can access their accounts quickly and easily.
Dynamic Knowledge-Based Authentication
KBA should be deployed as one of many methods in an arsenal of authentication tools. Research from IDology shows that consumers have a high degree of trust in KBA that utilizes more intuitive demographic information and pulls from multiple, diverse sources. Given the use case in which elevated levels of friction are warranted, this authentication should go beyond a simple, “what is your user name and password on the account?” and shouldn’t only depend on credit-based information that, more than likely, has been compromised in data breaches.
Mobile ID Scan
If additional verification is needed, an agent can prompt the caller to scan an ID document, such as a driver’s license, for verification. Next-generation mobile solutions greatly simplify the verification process by leveraging a caller’s smartphone camera to quickly capture a photo of their driver’s license. Once the level of assurance is met, the customer can go straight to the agent. While capturing and verifying an ID or driver’s license used to be thought of as a last resort and time-consuming process, this is no longer the case.
Arm Contact Center Agents with an Effective Defense
So, what does this all mean for contact centers and the fight against fraud? Keep your guard up. In times like these, when nothing is normal, we must be ever more vigilant. Defensive layers to protect against fraud have always been important but are more critical than ever in a post-COVID world.
Arming contact center agents with an effective defense requires businesses to deploy multiple layers of fraud protection that make it easy for legitimate customers to conduct business with minimal friction but harder for fraud to get in.
