Friday, June 05, 2009

Contact Centre impersonation arrives in the UK

I wrote yesterday on the problems the Commonwealth Bank of Australia was having with a phishing attack that caused customers to call a fake contact centre that impersonated the bank's centre and captured their credit card details ("Phishing fraud steps up a new level with fake bank IVR & contact centre").

It now seems that this fraud has reached the UK. The BBC is reporting here that the Bank of Scotland has been targeted by fraudsters who have been able to divert customer calls. There's few details in the BBC report other than that the calls were diverted and that there is a theory that a former contact centre employee may be involved. An inside job does seem a strong possibility, and the infiltration of call centres by organised crime is a real risk. Although it wasn't widely covered, the BBC reported back in 2006 that Strathclyde Police believed that perhaps one in ten call centres had been targeted by organised criminals (article here). Normally, though, crime in contact centres has been opportunistic and carried out by individuals. A typical example was when the Barclays Chairman, Marcus Agius, had his details and money stolen by one of his own employees (covered on the blog in the post "Security, Call Centres and Fraud").

It is a worrying development if organised crime has, well, got itself more organised, and moved up from individuals stealing details to systematic attacks from the inside on the banks' contact centre systems.

1 comment:

VeHaggis said...

I must admit that I do work for a vendor in the industry and have myself, blogged on this topic: Who would you trust, with a view to using voice bioemtrics in call centres as a way of hopefully combating this type of activity.

This has already been taken up by National Australia Bank and also Aviva in Australia. Perhaps this poses the question of what measures institutions can take to