January 09, 2013, 9:11 PM — You've heard such stories. Mat Honan, a reporter for Wired magazine had almost his entire digital life erased when a fraudster used social media account information to trick Apple and Google into allowing him access to Honan's account information.
Paul Allen, the billionaire co-founder for Microsoft fell victim to identity theft when an AWOL U.S. Army solider called Citibank and changed the address of Allen's card from Seattle to Pittsburgh, which he then used on a $15,000 shopping spree.
The common theme between these two high-profile stories is the way fraudsters were able to penetrate the contact centers of these big companies and misrepresent themselves as legitimate customers.
MORE SECURITY: 12 must-watch security startups for 2013
Call center fraud has recently become the hack-de-jour for fraudsters, some industry experts say. Shirley Inscoe, a fraud analyst at Boston-based Aite Group, says many financial institutions have beefed up their online defenses, particularly in response to new guidelines that have been released by the Federal Financial Institutions Examination Council (FFIEC) about how best to comply with existing regulations.
There has not been as close scrutiny on call center security though. "Many banks have really shored up their defenses in the online channel in the last two to three years," she says. "As a result, now we're seeing fraudsters go to the call center, where there it's perceived to be an easier target with fewer defenses."
Not only have organizations focused their security efforts outside of the call center, but information fraudsters can use to launch attacks is much easier to obtain online. Knowledge-based authentication - "what's your mother's maiden name?" -- are far from private. Inscoe says she's heard of databases listing the maiden names of individuals. Even more dynamic questions such as what street did you used to live on or what high school did you attend are not fail-safe. "People post that information on Facebook," Inscoe says. Easier access to information combined with the call center being perceived as a weak link has left the contact center vulnerable, she says.