Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Contact center fraud and identity verification gaps: what teams need now


(@lalit)
Member Admin
Joined: 1 year ago
Posts: 257
Topic starter  

TL;DR: Contact center fraud is rising fast, with nearly 29% of U.S. adults experiencing account takeover in 2024 and fraudulent calls reaching 12.5 billion in Q1 2025, according to 1Kosmos. The real issue is not just fraud volume but the weakness of identity proofing, agent workflow, and monitoring controls built for slower, less adaptive attackers.

NHIMG editorial — based on content published by 1Kosmos: Contact center fraud happens when criminals exploit customer service operations to steal sensitive information, drain accounts, or gain unauthorized access

By the numbers:

Questions worth separating out

Q: How should contact centers verify identity for high-risk customer requests?

A: Use layered verification, not a single check.

Q: Why do traditional call center checks fail against modern fraud?

A: Traditional checks fail because they assume attackers cannot easily obtain the information needed to pass them.

Q: What do security teams get wrong about contact center fraud detection?

A: They often look for a single bad call instead of a pattern of escalating behaviour.

Practitioner guidance

  • Remove sole reliance on knowledge-based verification Retire security questions and caller ID as standalone approval signals for account changes, password resets, and high-risk disclosures.
  • Correlate fraud signals across channels Join IVR behaviour, agent desktop activity, call metadata, and account-change events so repeated retries, unusual urgency, and rapid profile edits can trigger intervention before takeover completes.
  • Train agents against pressure-based bypass tactics Use scenario-based coaching that teaches agents to pause when callers create urgency, claim authority, or present overly detailed personal information.

What's in the full article

1Kosmos's full article covers the operational detail this post intentionally leaves for the source:

  • Specific examples of fraud tactics across account takeover, spoofing, IVR probing, and internal misuse
  • Implementation detail on passwordless authentication, voice biometrics, and document verification in contact center workflows
  • The article’s own deployment example showing 450,000 phoneless agents across 80 countries
  • Practical guidance on training cadence, monitoring, and escalation procedures for frontline teams

👉 Read 1Kosmos's analysis of contact center fraud and passwordless identity →

Contact center fraud and identity verification gaps: what teams need now?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Contact center fraud is a human identity failure first, not a call-quality problem. The article shows that attackers win by exploiting the gap between verification policy and real agent behaviour under pressure. Security teams should treat customer service as an identity enforcement point, not just a support function, because the transaction itself is where the compromise occurs.

A few things that frame the scale:

  • The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
  • Only 44% of developers are reported to follow security best practices for secrets management, which shows that confidence and execution are often misaligned.

A question worth separating out:

Q: Who is accountable when a fraudster convinces an agent to bypass verification?

A: Accountability usually sits with the organisation, not the individual agent alone. If the workflow allows exceptions under pressure, the issue is a governance failure in policy, training, and control design. Regulators and auditors will expect the contact center to demonstrate that high-risk actions required stronger verification and that exceptions were monitored, recorded, and reviewed.

👉 Read our full editorial: Contact center fraud is exposing gaps in identity verification



   
ReplyQuote
Share: