IVR: what is it and why is it vulnerable to SIM swap fraud?

IVR - vulnerable to SIM swap

Interactive Voice Recognition (IVR) applications are telephone systems that can interpret and respond to a person's voice. These systems are commonly used in over-the-phone customer support. For example, an account holder contacts customer support and is asked by the IVR to state their problem. The system then routes them to the service representative that can best help them.

Though IVR systems create convenience for consumers — and alleviate the workload for customer support teams — they can be easily exploited through mobile fraud.

The following scenario explains how…

A customer contacts their bank to reset access to their account information. A one-time password is sent to the customer’s phone before allowing them to do this — this security step is intended to ensure the caller is genuine, to avoid putting sensitive information in the wrong hands. Unfortunately, a fraudster has already performed a SIM swap — this individual now has access to OTPs, overriding the security measure and taking control of the customer’s bank account details.

As this simple use case illustrates, OTP security measures are powerless against SIM swap fraud.

How to advance IVR systems to prevent SIM swap fraud

Although IVR systems are traditionally easy to circumvent, companies can improve the security of their IVR systems in several ways.

1.    Background checks via mobile data

The best way to reduce mobile fraud through an IVR system is to go straight to the source: mobile data.

Mobile data is the metadata attached to a phone number, which mobile operators carry in their databases. This data includes information such as where a SIM card typically connects from, when it last changed carriers, and when it last swapped to a new device.

The challenge for companies that use IVR systems is that they typically don't have access to mobile data on their own. To access and use this data, companies need to partner with mobile operators and create systems that allow them to implement mobile data background checks securely.

Taking advantage of mobile operator data allows businesses to see if a call's location matches the known data for that SIM card, if that SIM card has been swapped within a few hours of the call being made, and more. Companies can then alert their customers, close off access to accounts, and ensure that risks to the consumer are minimised.

2.    Customer voice recognition

OTPs work on the assumption that the customer has sole access to their mobile SIM — the customer receives a one-time password, uses it to contact customer support, and can then access their account details. However, with SIM swap fraud, this is not the case — a fraudster has already infiltrated the system.

Therefore, to increase security measures for banking customers, companies should add multiple types of verification to their IVR system; customer voice recognition is an effective way to do so.

Although voice recognition isn't a strong security measure on its own, it's a useful secondary verification method for several reasons. For one, it doesn't require any extra hardware. Someone calling your IVR system already has a microphone and speaker, which is all the hardware that voice recognition requires.

Second, voice recognition is quick and easy to set up. Your customers can complete their voice recognition security during the on-boarding process. And, since your IVR system is already listening to their voice, voice recognition can happen in the background of your customer's call.

3.    Recognising delays in call connection

Another way to prevent mobile fraud over IVR is to flag calls as potentially fraudulent upon connection to your IVR system. This will warn the system not to share any sensitive information with the customer until you can verify that the person calling is genuine.

A delay in the time it takes to connect a call to the IVR system can suggest the call is fraudulent, either as a result of poor cell service, or a call diversion taking place.

JT_Top 3 banking use cases you should check SIM swap fraud_eBookWhile fraud prevention remains a hot topic in the industry, there is no doubt there are a number of steps providers can take to improve their IVR systems' security.

Start now by learning more about SIM swap fraud and how banks can protect their clients from it, check out our eBook on the topic.

 

Download eBook