That applies across the board, whether the target is a multinational corporation or a credit union. One reason is because member service representatives must weigh the need for security against their goal of providing outstanding customer service. Those two factors often are difficult to balance at face value.
Plus, a well-intentioned employee could be at a disadvantage when dealing with a manipulative, persuasive fraudster armed with legitimate information about another person.
Using a fabricated story that provokes empathy—such as a parent stuck in a desperate situation with their child, or a soldier deployed overseas—these “social engineers” try to persuade staff into bending or breaking procedure by divulging confidential information. They want to gain unauthorized access to sensitive data, which opens the door to identity theft.
“The nature of customer service jobs is to develop a mindset that ‘the customer is always right,’” says Chris Hadnagy, founder of Social-Engineering.com.
And while this is an essential attitude for providing good service, Hadnagy explains, one effect is that you’re constantly in the mode of answering questions. This tends to make a social engineer’s job much easier.
Data breaches affect a credit union’s revenue streams and future productivity; damage its reputation and brand; and compromise organizational, member, and employee data. Breaches resulting from malicious activity cost an organization $318 per record on average, reports a TraceSecurity white paper.
Last year, fraudsters stole the identity of 13.1 million victims in the U.S., according to Javelin Strategy & Research, resulting in $18 billion in losses. A record incidence of account takeovers fueled the increase.
The telephone is the No. 1 medium for social attacks, accounting for 46% of all breaches social engineers caused, according to the 2012 Verizon Data Breach Investigations Report. But fraudsters also launch attacks via email, online, or social media inquiries.
What can call center managers and employees do? Follow these tips:
♦ Know and follow procedures—and question them if you see inconsistency, ambiguity, or a potential loophole. Pay particular attention to your credit union’s policies about what types of information you can share on social media and unsecured servers.
♦ Take security awareness training and testing seriously. Ask that your credit union regularly provide information on popular fraud scenarios that pertain to your position. The more front-line employees receive training on the different styles and tactics of social engineers, the better they can defend against threats such as phishing, friendly elicitation, and intimidation.
♦ Don’t let emotional requests sway you. Keep your guard up and use critical thinking skills when dealing with requests. Don’t be influenced by an extremely charismatic caller or an aggressive bully.
Fraudsters prefer to select targets of opportunity that they can exploit with minimal effort, offer a low risk of being discovered, and possess the potential for a big payoff.
As a result, call centers may be prime targets. But by following well-established and regularly updated procedures, front-line staff can turn away would-be threats.
This article first appeared in Credit Union Front Line Newsletter, the monthly sales and service newsletter for branch staff and their managers. Subscribe now to the print edition or PDF version.