Bad actors are increasingly turning to voice connections to conduct fraud and account takeovers. Pictured: A headset hangs on a cubical wall on Sept. 26, 2003, in Philadelphia. (Photo by William Thomas Cain/Getty Images)

Cybersecurity concerns are all-too-often focused on digital platforms: online, mobile and even wearable devices. However, old-fashioned voice connections to financial institutions are increasingly being used by bad actors for nefarious gain, according to a recent report from Pindrop.

Indeed, while so much attention is focused on digital access and the potential fraud there, some cybersecurity analysts are looking at how bad actors have been abusing long-standing voice access to financial institutions, through call centers and automated voice trees. Atlanta-based voice technology provider Pindrop recently released its annual Voice Intelligence & Security Report, aimed at uncovering fraud, dark-web threats and other fraud challenges that could impact voice-based security.

Since individuals and their financial service providers may not consider voice channels and providers in their security plans, fraudsters are increasingly making their attacks here, since they see an unprotected opportunity. Indeed, the Pindrop study found that 92% of fraudsters were able to pass knowledge-based authentication (KBA) questions based in security authentication tests, while genuine customers only passed these knowledge-based tests 46% of the time.

Hence the findings of this most recent Pindrop report point to a “security weakness when used as an authentication method, as well as the impact on genuine customers who will often fail to pass authentication with this security system,” according to the release.

The Pindrop study also found:

  • 42% of customers are satisfied with the identification process required to access accounts via phone with 52% feeling satisfied with online access
  • Fraudsters passed knowledge-based authentication (KBA) 92% of the time, while genuine customers only passed KBAs 46% of the time
  • A cloned Mastercard with PIN costs $15 on the dark web
  • A cloned American Express card with PIN is $35
  • Credit card details for an account balance up to $5,000 is $20
  • Online banking logins with a minimum of $100 is $35

“With 2021 seeing a 68 percent increase in data breaches, bad actors are compromising data easier and more efficiently,” said Vijay Balasubramaniyan, CEO and cofounder of Pindrop, in a prepared release. “Now is a good time to change the locks and advance the way customers can open more worlds safely and privately with just their voice.”

The report pointed out that organized cybercrime groups are setting up “storefronts” on the dark web, where they sell data that they often cull from voice-based fraud and accessing legitimate accounts. The situation has gotten so bad that customer satisfaction with identification online is actually better than with voice calls, which is a far more long-established delivery channel, according to Pindrop.

Roughly two-thirds (65%) of corporate board members expect that customer engagement and loyalty will improve if companies (including financial institutions) increase their investment in technology and digital business capabilities, per the Pindrop study.

The report examines how authentication and identification technology that “allow people the right access have a dual nature. While the systems are designed to let users in, these programs also have the ability to let in individuals who are not the user,” per the release on the Pindrop study. “To stay protected and secure, it is crucial to understand how bad actors rely on certain authentication methods to commit fraud.”