Managing Fraud and Social Engineering in Your CX Strategy

Fraud has always been a concern when designing a customer experience strategy because a high quality customer journey relies on access to personal data such as home address, purchase history, and payment details.

Fraud cannot be eliminated by network security measures alone. People need to be a part of your fraud strategy too.

In fact, a focus on fraud sits at the heart of a strong trust and safety strategy for your customers. You need to guarantee customer account integrity, keep customer data secure, and curate content. You also need to ensure that keeping customers safe doesn’t ruin the customer experience, as our team outlined in this article in Global Banking & Finance Review.

People are often surprised that content curation sits within a trust and safety strategy—isn’t that just for social media?

Look around today at how many apps and online services invite customers to create user-generated content. Everyone is asking for reviews, ratings, images, videos. “Send us some photos once you are using the product!”

There is now a huge opportunity for bad actors to use these content channels for fraud or just to upload offensive content intended to damage your brand.

All this demands a combination of humans and technology in multiple ways:

  • AI content moderation: If customers upload content to your site, then artificial intelligence can scan it for anything obviously offensive, such as pornography or violence. If the AI is certain there is an issue, it can delete the content before it is ever posted on your site. If it is unsure, then it can suspend posting until a human moderator can approve the content before it becomes public.
  • Social engineering: Everyone within your customer service operation needs to be aware of social engineering as a threat and how they can counter it. Social engineering fraud is a type of scam that relies on manipulating individuals into divulging confidential information or taking certain actions that may result in financial loss. Companies can provide training to their employees on how to recognise and respond to social engineering scam attempts. Employees should be taught to be cautious about requests for sensitive information and to verify the legitimacy of requests through established channels.
  • Payment standards: Standards and regulations such as PCI can put a barrier between the associate, customer, and their personal financial details. This can be as simple as having a bot collect credit card information so associates never participate in the payment section of the call. Complying with secure procedures like this protects your employees, who cannot be accused of fraud because they don’t have access to financial data.

There are several other policies that can be implemented that build on the technological security alongside human training, including:

Implement strong security policies. Companies can implement security policies that restrict the sharing of sensitive information and require verification for any requests. Policies should also include guidelines for handling suspicious emails or phone calls.

Use multi-factor authentication. Companies can require multi-factor authentication for access to sensitive information or systems. This can reduce the likelihood of an attacker gaining access to sensitive information even if login credentials are obtained through social engineering.

Monitor and analyse activity. Companies can monitor activity on their networks and systems to identify suspicious behaviour. This can help detect attempts at social engineering before they cause financial loss. Cloud computing companies have deep experience in building AI tools that can sniff out unusual network activity. Learn from their experience.

Keep software up to date: Companies should ensure that all software and systems are kept current with the latest security patches and updates. Outdated software can be vulnerable to attacks that use social engineering tactics. This is especially important in a hybrid situation where some (or all) of your associates are based at home. The equipment they use needs to be verified or sealed off from the network using secure thin client tools.

Overall, fraud prevention in the customer service environment requires a combination of security policies, technology tools, and training or coaching for the human operators in the team. A culture of security must be established and constant support offered so individuals are aware of the threat of social engineering in addition to more high-tech threats.

Social engineering can appear as benign as a caller requesting a password reset, or it can be more sophisticated phishing attacks. Fraud prevention needs both human awareness of the threats and the technology to back them up with insight into unusual activity.

It is possible to build a strategy to fight fraud alongside improving CX. We have case studies and other examples that demonstrate exactly how it can be achieved.

TTEC equips brands with the resources they need to safeguard against fraud. Our experts and solutions also help clients respond and manage the fallout when the inevitable occurs.

Learn more about TTEC's Fraud and Prevention solutions and how a proactive strategy will keep your company safe and out of the headlines.