Fraudsters target call center chats & non-voice channels

According to, cybercrime targeting call centers and non-voice channels to obtain payment data more than doubled in 2017, jumping by 113% from the year before. Recently, call centers have become the primary customer-company interaction point, as more commerce moves toward online and mobile channels, giving way to a new type of fraud.

AI Deployed to Help Manage Latest Fraud Threat

Merchants are deploying artificial intelligence (AI) that supports online chat and non-voice services to help manage customer interactions and maintain the call volumes associated with them. Further, many call centers are also expanding services to help close potential sales. New chatbot and non-voice AI services are used to quickly answer customer questions regarding goods and services and drive users to complete the sale. According to Chris Bauserman, vice president of product and segment marketing at NICE inContact, a call center solutions provider, merchants in the eCommerce realm will need to focus on embracing advanced tools and strategies to better serve their customers if they hope to succeed in the future.

While AI is an efficient method for managing customer interactions, there is a risk of potential exploitation if additional anti-fraud and security measures are not used in conjunction with these services. Without proper vetting, these services and software solutions provided by third-parties potentially introduce the risk of vulnerabilities that may be discovered and exploited by criminals.

How Do Merchants Fight This New Fraud?

According to Visa’s latest security alert, there are 6 ways that merchants can fight against call center chat and non-voice channel cybercrime.

  1. Merchants should thoroughly vet any third-parties that provide chat and non-voice channel support for payment acceptance or processing.
  2. Merchants should be careful to ensure that payment data is never exposed or at risk when integrating chat solutions.
  3. If the chat solution is designed to support payment account capture as part of its functionality, the vendor must be PCI DSS compliant and registered as a Service Provider. While some of these providers may not process payment data, their services can still introduce risks due to connectivity and integration into merchant websites.
  4. As with all new technologies, new products should be thoroughly tested and reviewed for vulnerabilities before implementation.
  5. Take a tiered implementation approach as the best defense to include educating call center staff in addition to the use of new authentication technologies and advanced analytics.
  6. Third-party service providers should also deploy thorough logging and monitoring defenses to detect unusual system activity.

Learn More About Protecting Your Business From Fraud:

Contact chamber partner Infintech online or call 513-725-3623.