For years, contact centers have been tightening security around digital channels such as web, app, chat, and email, while the voice channel kept chugging along, largely untouched. But that oversight is now becoming a liability.<\/p>\n
AI-generated voice attacks, imposter calls, and IVR mining have created a new kind of inbound threat that\u2019s invisible to traditional fraud systems and surprisingly effective against undertrained agents.<\/p>\n
The inbound voice channel, still a mainstay for financial services, healthcare, and government, has lagged behind digital channels in security evolution, Mike Schinnerer<\/strong>, Vice President of Product Management at Transaction Network Services (TNS)<\/strong>, told CX Today in an interview.<\/p>\n Online, there is pressure to move away from passwords to multi-factor authentication, but inbound contact center engagements often still rely on knowledge-based authentication\u2014the \u201cWhat\u2019s your mother\u2019s maiden name?\u201d routine\u2014to verify callers.<\/p>\n \u201cThat\u2019s pretty vulnerable,\u201d Schinnerer said.<\/p>\n \u201cIt often ends up being an imposter talking to an agent. And those agents are sometimes easily fooled and manipulated\u2026 because they\u2019re people too and they\u2019re vulnerable to being misguided.\u201d<\/p><\/blockquote>\n The result is a perfect storm of human vulnerability and AI-enabled deception.<\/p>\n As AI voice synthesis becomes easier to deploy, bad actors are exploiting it to create lifelike caller voices that can pass basic screening. Some use interactive voice response (IVR) mining \u2014 repeatedly calling 1-800 numbers to study how an organization\u2019s IPR system behaves, before launching a real attack.<\/p>\n \u201cThe intent of this initial call into the care support line is not necessarily to\u2026 steal money,\u201d Schinnerer explained. \u201cThey’re just trying to do reconnaissance to understand where the vulnerabilities are.\u201d<\/p>\n That\u2019s the double-edged sword of AI in the contact center: it\u2019s both the threat and the solution as enterprises deploy it for call routing to enhance customer experience. \u201cThat\u2019s great, but let\u2019s make sure that we\u2019re not embracing a technology that has vulnerabilities,\u201d Schinnerer said.<\/p>\n \u201cIt’s a new technology for the contact centers, so there is continual learning back and forth on how we can understand how they implement their AI agents, and then we can work with them to identify vulnerabilities. It’s almost like penetration testing and software code to help identify those moments,\u201d Schinnerer said.<\/p>\n \u201cThe AI agent is new, it’s a good buzzword, but we’re still learning. Every cloud contact center, if you go into their marketplace, there’s [at least] five different service providers touting an AI voice or AI agent experience.<\/p>\n \u201cWe’re trying to evaluate the credibility of those and the vulnerabilities of those types of service providers, either in partnership with them or not.<\/p>\n \u201cIt’s new. It’s not going to be solved in the next three months. It’s going to take more than that to identify where those vulnerabilities are, and then to help the education of the enterprises using them on how to strengthen [their defenses] if there is an exposure or not.\u201d<\/p>\n Fraudsters are now extending their reach into smaller companies, requiring them to be more alert.<\/p>\n For instance, in financial services, \u201cten years ago, a lot of the imposter fraud was attacking larger financial institutions,\u201d Schinnerer said. \u201cBut we’re now seeing it trend into the regional banks. And those regional banks often have more vulnerabilities or exposure to risk, and\u2026 when these fraud events happen, they\u2019re more impactful for them.\u201d<\/p>\n For one, it creates an unsavory taste in the consumer’s mouth, and they might leave and go to a bigger brand that they feel is protecting them better, or they already have financial payouts and penalties.<\/p><\/blockquote>\n From working with health care organizations on outbound calling, it is clear that businesses have to be tech savvy to navigate these increasingly sophisticated attacks, Schinnerer said.<\/p>\n \u201cWhat we’re seeing when we engage the healthcare organizations is that they don’t necessarily have a sophisticated customer care service and platform that they’re using. So there’s a little bit of immaturity in the healthcare market on what calling platforms that they use, and a lot of them are calling from local numbers within their regions, but\u2026 it is a target.\u201d<\/p>\n Brands also need to be aware of how imposters are carrying out multimodal attacks, using both voice and messaging to find vulnerabilities or use them in tandem, to see which one they can get through.<\/p>\n \u201cWe’re working with other partners who have more of a messaging background and messaging security, and seeing how we can complement one another with the data that they have and the data that we have, so that we can bring a multimodal solution to the market,\u201d Schinnerer said.<\/p>\n To counter these threats, companies like TNS are pushing for a zero-trust approach to voice \u2014 treating every inbound and outbound call as potentially hostile until verified.<\/p>\n \u201cA zero trust voice framework is gaining momentum. So we started shifting the conversations as we engage enterprises.<\/p>\n \u201cWhere before we were getting engaged with their support organization or their marketing organization for customer outreach, we started elevating these conversations to the CISO organizations, and those are the ones that understand and comprehend this \u2018never trust, always verify\u2019 approach, because that’s what they’ve implemented for their data security or their online security principles.\u201d<\/p>\n \u201cWhen we approach them and say we’re not going to trust any call into or out of your voice platform, because that’s the only way we can ensure that we remove fraud, they say, \u2018Yeah, that makes perfect sense.\u2019\u201d<\/p>\n Ultimately, what we see is that there’s an ROI to it, there’s an arc. There’s an ROI from the customer satisfaction perspective, and then there’s an ROI because we can remove a lot of the fraud that originates from this exposure that they have, which is their voice network.<\/p><\/blockquote>\n This zero-trust framework uses AI and network-level data to validate that calls come from the devices and networks they claim to \u2014 effectively creating multi-factor authentication for voice.<\/p>\n TNS monitors billions of calls daily for carriers and enterprises, which allows it to develop multi-factor authentication that is less reliant humans to authenticate callers.<\/p>\n \u201cWe can check [the carrier network] if the phone call is originating from the actual device,\u201d Schinnerer explained. \u201cIf they\u2019re on Verizon, we go ping Verizon \u2014 is this call active? We can do more deterministic type of interrogations. We can also do some AI voice detection, to see if this is not the actual caller\u2019s voice.\u201d<\/p>\n One of the biggest shifts in inbound voice protection is moving detection to the \u201cedge\u201d, using network attributes to identify suspicious callers.<\/p>\n \u201cThe goal is\u2026 to filter the bad actors and the imposters before they get to the agents,\u201d Schinnerer said.<\/p>\n That way, customer service agents aren\u2019t vulnerable or under pressure to resolve fraudulent calls, especially as high churn rates of contact center employees make it challenging for managers to keep their teams trained and vigilant.<\/p>\n This filtering relies on network intelligence\u2014for example, seeing if one number has been calling multiple banks or trying to penetrate several financial institutions in a short time frame.<\/p>\n Crucially, these checks happen in real time. TNS’ Enterprise Voice Security<\/span> suite also runs AI synthetic voice detection while a conversation is happening.<\/p>\n \u201cWe can do the detection within about 15 seconds and\u2026 we can alert the care agent that we think something’s going on here,\u201d Schinnerer explained.<\/p>\n \u201cAnd within those 15-30 seconds, by that time, you haven’t really disclosed anything. You’re still trying to figure out why they’re calling, what the intention is, and you haven’t disclosed any PII information.\u201d<\/p>\n This allows the enterprise to identify fake calls without disrupting the experience for legitimate customers.<\/p>\n \u201cThe thing we need to be mindful of is that we don’t ruin the experience for good actors,\u201d Schinnerer said. \u201cSo we don’t want to make it too long on the phone to do the analysis and the determination before we send the good calls to the agents.\u201d<\/p>\n While adding new security layers can sound like friction, in many cases, it actually improves brand trust. \u201cUltimately, even if there\u2019s a little delay getting [callers] to an agent, what we’re also seeing with institutions that we talk to, especially these downmarket ones, because they’re competing against the big brands\u2026 we help them position it to their consumers as a differentiator.\u201d<\/p>\n Brands can highlight their strong security focus on protecting customers in their marketing campaigns, emphasizing how their fraud prevention measures set them apart, Schinnerer suggested. This messaging appears to resonate with customers, who express appreciation and trust towards companies prioritizing their safety.<\/p>\n This mindset also applies to buyer evaluations. \u201cIt’s really important to understand what impacts their business,\u201d Schinnerer said.\u201cFirst and foremost, understanding what really business outcomes you want and understanding what that spend and cost also might look like, because that is also part of that ROI assessment, and then it’s a matter of always trying to improve your implementation and your solution.\u201d<\/p>\n What are you trying to accomplish? Are you trying to improve your agent efficiency? Are you trying to reduce your exposure, or reduce your out payment of fraud loss?<\/p><\/blockquote>\n Because, as Schinnerer pointed out, there is no magic, hands-off answer:<\/p>\n \u201cWe’ve had inbound voice authentication for a little while now, and it’s been expensive\u2026 When you think of the fraud departments inside of those organizations, they were hopeful that it would be a silver bullet, in that if they can implement inbound voice authentication, it would remove the fraud, and it necessarily hasn’t, that’s just because, again, with the AI voice agents and other ways of bad actors always changing, it is not a set-and-forget type of solution.\u201d<\/p>\n Enterprises have to stay on top of understanding the threat landscape and where new attacks are coming from. To do that, they need to \u201cchoose a partner that can see the whole picture, not just the inbound picture,\u201d Schinnerer said.<\/p>\n As AI blurs the line between real and fake voices, inbound call security is no longer optional \u2014 it\u2019s strategic. Enterprises need to start treating the phone channel like any other digital access point \u2014 zero trust, AI-augmented, and continuously verified.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":" For years, contact centers have been tightening security around digital channels such as web, app, chat, and email, while the voice channel kept chugging along, largely untouched. But that oversight is now becoming a liability. AI-generated voice attacks, imposter calls, and IVR mining have created a new kind of inbound threat that\u2019s invisible to traditional […]<\/p>\n","protected":false},"author":11074,"featured_media":74942,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[11850],"class_list":["post-74935","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-contact-center","tag-agentic-ai","tag-ai-agent","tag-ai-agents","tag-artificial-intelligence","tag-cloud-contact-center","tag-security-and-compliance","brands_to_track-cx-today","editorial_type-interview","intent-loyalty","target_audience-industry-professional"],"acf":[],"yoast_head":"\nFrom \u2018Trust But Verify\u2019 to \u2018Never Trust, Always Verify\u2019<\/h2>\n
Filtering Fraud at the Edge<\/h2>\n
Security as a Customer Service Differentiator<\/h2>\n