alphaspirit - Fotolia
An estimated £310.2m of e-commerce fraud took place on cards in 2017, accounting for 55% of all card fraud and 76% of total remote purchase fraud, according to the Fraud the facts report from UK Finance.
The figures show there were 9,575 reported cases of phone banking fraud in 2017, 9% less than the 10,395 cases reported in 2016.
Telephone banking is open to abuse through social engineering-style attacks, in which fraudsters can pretend to be a bank official and phone a customer to extract personal details that would enable them to hack into the customer’s bank account.
Fraudsters with access to banking credentials gained from recent high-profile data thefts may also try to gain access to customer bank accounts via the telephone banking channel.
Voice biometrics has previously been used to check the authenticity of bank customers. Brett Beranek, who heads the security business at Nuance, said: “If I call in as a customer, voice biometrics provides a score that determines how likely it is that the voice on the telephone line is actually me. You can get a high degree of accuracy.”
Jason Costain, head of fraud strategy and analytics, retail and business banking at RBS Group, said: “We are a big player in banking, and we are seeing a fair share of fraud attack. A lot of attention is paid to apps and mobile security. Voice biometrics is an area we have accelerated mainly because the telephony channel is a legacy channel.”
The banks operated by RBS Group – Coutts, NatWest, RBS, Ulster Bank North and Ulster Bank South – receive about 17 million telephone calls a year.
“Customers have become used to quite slick processes online,” said Costain. “Telephony is an area we are keen to address. With the high volume of calls coming in, fraudsters are active in the telephone channel.”
Identification of a customer is key in telephony. Previously, telephone banking relied on information such as the customer’s date of birth, PIN and password, and mother’s maiden name.
Move beyond static data
RBS has been working on a way to move beyond using static data for customer authentication, said Costain. “As we move from static data, we are looking at technology for face and voice biometric capabilities. We are looking at how we can harness technology to make it hard for criminals to get hold of data.”
The bank has been using Nuance commercially for three years, and in the past year, it has started using the system for fraud detection.
“We have a dataset of known fraudulent voices,” said Costain. “These have been confirmed as fraudulent from cases we’ve seen.”
All incoming calls are screened in near real time against this database. The voice biometric technology is combined with other data the bank has about the phone call and is fed into its fraud detection system, which is tuned to work out genuine calls from fraudulent calls.
Costain said the approach RBS has taken to detect fraudulent calls was very easy to implement. “We are looking for fraudulent voices,” he said. “This does not impact on the customer journey.”
According to Costain, it is relatively easy for the system to identify a new voice. Often, a fraudster will phone in to check whether stolen credentials are valid, but in certain cases, the fraudster may scam the customer to obtain these credentials.
“It’s a bit like epidemiology with Patient Zero,” he said. The same voice may try to access multiple accounts, which would signal an attempted fraud.
RBS has also been compiling a database of evidence, which Costain said has led to a few police arrests of people who have made fraudulent calls.
Over the next six months, the bank will have technology to enable customers to determine whether a call they receive from the bank is genuine, he said.
Experian’s Global fraud report 2018 found that customers want to be recognised, while businesses want to address the growing fraud they are experiencing. “Advanced authentication methods, such as device intelligence or behavioural biometrics, could help address both without adding friction to the online experience,” the report said.
Joined-up way of combating fraud
RBS’s Costain sees a more joined-up way of combating fraud going forward. “We can combine behavioural data with biometric data and use big data analytics to detect that something unusual has happened,” he said.
Nuance’s Beranek thinks the combination of biometric voice for authentication and for fraud detection would be very effective in securing telephone banking. Nuance is also researching the unique way that individuals speak sentences, he said. “A conversation print validates your identity by analysing how you speak and form sentences.”
As banks start to look at smart speaker devices such as Google Assistant and Amazon Alexa as viable channels for online banking, there is a need to authenticate who is actually speaking to the voice assistant. Beranek said Nuance is in talks with the main manufacturers to investigate how voice biometrics could be deployed in smart speakers.