How to Prevent Fraud in the Contact Centre

Fraud is not a niche issue sitting on the edge of contact centre risk anymore. Alan Linter, Group Consulting Director at FourNet, explains that "fraud's 40% of all crime now, and the uncomfortable follow-on is that contact centres sit directly in the path of that activity". The research the team reference suggests 61% of fraud involves a contact centre at some point, which means a huge proportion of incidents either start, progress, or complete through an interaction route your agents manage every day. 

This matters even if you feel confident in your digital estate. You might have invested in stronger authentication, improved app security, and hardened online journeys, yet still leave a route open through the phone channel where identity checks can be pressured, bypassed, or socially engineered. Kevin Prone, Head of Security Operations at FourNet, summarises the pattern clearly, saying attackers are "changing the way they operate", using AI to amplify what works, then "repeating things, particularly within contact centres... based on a sort of a campaign". 

It is also not just a consumer problem. When Alan asks whether businesses should be aware too, Kevin's answer is effectively yes, because once identity is compromised, the same technique can be applied across personal and organisational accounts. If the contact centre can reset access, change contact details, or authorise sensitive actions, it becomes a high-value route for criminals to focus on. 

One of the most useful parts of the podcast is Kevin's description of how methodical these attacks have become. These are not usually opportunists making a single attempt. Many are organised teams that approach fraud like a process, beginning with reconnaissance and building momentum over time. 

Kevin describes the early stage as "working out the lay of the land", including "where the doors are, where the entry points are, where the control points are", before they "pick a weak point". That matters because it tells you what criminals value. They are not only looking for a technical vulnerability; they are looking for a predictable process, a moment of friction, or a point where an agent can be pressured into bending a control. 

That is also why contact centres are so attractive. Kevin calls them "an environment there to help you", and in many organisations that helpfulness is reinforced by KPIs and customer expectations. Fraudsters exploit that reality, because they know agents are balancing service, empathy, compliance, and speed, often with limited time to pause and sense-check. 

A key takeaway here is that fraud defence is not only about blocking a single interaction. It is about understanding how your journeys can be mapped, probed and replayed, then reducing the value of trial-and-error by tightening controls at the points attackers like to test. 

You already have a lot of the signals you need to identify malicious behaviour, but they are often trapped in separate places. When Alan asks whether there are things you can do with data to spot suspicious behaviour, Sandip Patel, Senior CX Insight Analyst at FourNet, shows how basic operational data can quickly become meaningful when you know what to look for. 

He explains that you can track "short calls, repeat calls, calls that go through to a particular agent", then use those patterns to highlight repeated probing. Kevin adds an important reality check, which is that criminals will not stick to one number. They "often change" CLI, and will use "many" numbers to keep trying. 

This is exactly why looking at single calls in isolation often underplays the risk. If you can link contact detail records, IVR behaviour, agent routing, and CRM outcomes, you move from anecdote to evidence. You start to see whether failed verification attempts cluster around certain journeys, whether the same types of changes are being attempted repeatedly, or whether certain agents are being targeted more often. 

Sandip's point about building an end-to-end journey view is critical here. He says that "having all the data sets and being able to link an end to end journey is the most valuable way to prevent these things from happening", because otherwise you are only "analysing one part of that journey". 

Fraud tactics are easier to anticipate when you get clear on what success looks like for the attacker. In the discussion, Kevin explains that intent tends to centre on gaining access, either to an account, to data, or both. In practical terms, that often means forcing a reset of credentials or manipulating a process that lets them take control of an application journey. 

He gives a straightforward example in a banking context. If the aim is to reset an app and get into the account, a fraudster will keep pushing until they find a route through. They will "have a pool of accounts" they are working on, vary the approach "so we're not being too predictable", and treat failure as learning, not defeat. 

Kevin captures this mindset well when he says it is "very much like trying to pick a lock", because each failed attempt tells them which pins resist, and which ones move. That is why a defence that only reacts to successful fraud misses the real pattern. The pattern is often visible in the attempts, the repetition, and the gradual testing of your journeys. 

Social engineering is the engine behind a lot of contact centre fraud. These calls succeed when the agent is nudged into moving faster than they should, or when the process is bent in the name of being helpful. 

Kevin describes classic techniques that create delay and distraction. If the caller is asked for information they do not have, they might use "playing noises in the background" to buy time, or create a distracting tone so they can search for details. They also work out which agents are more likely to give ground. Kevin explains that fraudsters will learn "which agents are more guarded and which agents are more placid", and if it feels too difficult they will hang up and try again, hoping to reach "agent number three because agent number three is lovely and very forgiving". 

That should concern any operational leader because it means a single agent's helpfulness, combined with a weak control, can become the entry point into broader account takeover. It also means that process consistency matters. If verification steps vary by agent, confidence, fatigue, or call type, fraudsters will detect it, exploit it, and repeat it. 

The discussion does not treat AI as a future concern. It treats it as an accelerant that is already changing the economics of fraud. Early on, Kevin explains that "with the advent of AI now these attacks are now being amplified", because they are becoming "more believable" and easier to improve through repetition. 

Later, Kevin shares a real example outside the contact centre context that still lands hard for customer operations leaders. An organisation recruited remote developers, interviewed them over collaboration tools, then shipped laptops, only to discover "those people were actually AI", with techniques used to "change people's facial features, remove accents and answer all the interview questions perfectly". The reason this matters for fraud is not the HR story itself. It is what it shows about how convincing AI-driven deception can be, and how easily trusted access can be gained if checks are weak. 

He also makes the operational challenge clear from a defender perspective. Attackers can "rewrite my tool sets every two, three weeks" using AI, which means detection based on static patterns becomes harder. This is where contact centre fraud stops being a purely training problem. It becomes a data, tooling and process problem, because attackers are learning faster and iterating more often. 

A practical defence starts as early as possible, ideally before the call ever reaches an agent. That is where the podcast's discussion of Smart Numbers is useful, because it frames it as a data-driven risk indicator rather than a silver bullet. 

Kevin explains that there are tools that "read the number that's coming in... reference it against the database... and provide a risk score". Sandip then spells out why that matters, saying it lets you "make an informed decision" and handle a high-risk call "in a different way or be extra vigilant". 

This approach is not perfect, and Alan acknowledges that criminals change numbers constantly, which makes it a cat-and-mouse problem. Even so, it gives you an early warning layer that can drive sensible actions, such as routing to a specialist fraud team, applying enhanced verification steps, or using real-time prompts to support the agent. 

The important point is that you are not relying on a single control. You are creating layers that reduce the chance that a single human moment becomes a full compromise. 

Sandip's point about journey visibility becomes even more important when he talks about real contact centre architecture. Most organisations have multiple platforms, multiple data sets, and years of bolt-ons, so even when the signals exist, they are hard to connect. As he puts it, contact centres are rarely set up with a clean identifier that links "all those separate pots up", which is why finding patterns becomes as much an engineering challenge as an operational one. 

He also highlights a gap that fraudsters exploit. Quality Assurance (QA) in many environments is sample-based and retrospective, which means you might only review a small proportion of calls, and often weeks after the event. Sandip explains that most contact centres "only complete evaluations on a very small proportion", and even if you are lucky enough to catch something, you may be catching it "two, three weeks after", by which time attackers may have repeated it "to 10, 20, 50, 100". 

That is why the conversation turns towards scaling QA coverage and using analytics as a detection layer, not just a performance tool. The goal is not to turn the contact centre into a security operation. The goal is to shorten the time between suspicious behaviour and action, so patterns are spotted while they are still emerging. 

When you listen to enough fraud attempts, patterns start to stand out, and the podcast gives some very practical examples of what those patterns can look and sound like. Kevin talks about listening for "consistent stumbling or mumbling, lots of pausing", and paying attention to "background noise", particularly when it sounds like "an office context" rather than an individual. 

Those are conversational signals, but he also reinforces that fraud leaves digital markers too. He points to changes in CRM, such as "changes to your usernames and passwords that are logged inside the platform", which can become powerful when combined with call behaviour. 

The caution here is that fraud markers cannot stay static. Kevin is explicit that if attackers know you are analysing 100% of calls, they will change how they behave, and that is why "this is an ongoing data exercise" where you "keep tuning and optimizing and adapting your defences". 

In other words, fraud detection works best when it is treated as a living system, not a one-off project with a finished checklist. 

Agents sit in the most difficult position in this conversation, because they are expected to be empathetic, fast, compliant, and accurate, while also acting as a barrier to fraud. Sandip describes the reality in a way most contact centre leaders will recognise. Agents are "wired... to help the customer", often "a little bit tired... back to back on call", and working in an environment where "no easy calls anymore... calls are hard, emotional, stressful". 

It is not realistic to simply add fraud vigilance onto that workload and hope it sticks. The answer, as the podcast frames it, is to support agents with real-time structure so they do not have to hold every risk marker in their head while they are managing an emotionally charged call. 

Sandip describes practical support such as a "single pane of glass" with pop-ups and prompts, where the system checks whether verification steps have been completed and ticks them off as the agent goes. He also describes visible risk context at the top of the screen, for example a call scored as high risk before it is even answered, so the agent starts with situational awareness rather than suspicion built purely on instinct. 

The podcast gets into something that is often missed in fraud conversations, which is that the response has to protect the customer without turning every call into a hostile interrogation. Kevin makes the point that if you throw someone "by default into a fraud channel", you can create a poor experience, so you need the right triggers and the right confidence. 

One of the best practical concepts he shares is the idea of a pattern interrupt. If an interaction would grant meaningful access or make a sensitive change, the process should prompt an additional verification step. Kevin gives a clean example, explaining that the agent can say "I'm going to just send you a text message to your mobile phone on the registered account", then ask the customer to read it back before proceeding. 

He is also clear that agents should not accept new contact details as proof, because attackers will try to steer the process. He warns against accepting "any... mobile number or email address" given on the call, especially when the customer says they have changed it. This is where Alan's advice lands well in the discussion, because "never letting the customer dictate the process" becomes a simple principle agents can remember in the moment, without needing a detailed policy manual to hand. 

Kevin also points out that digital channels can be part of the solution. If customers have an app, you can move them to that environment for certain actions, and he shares his own approach, saying he will not speak to a bank unless they interact "through the app" and send a push notification. 

The podcast closes with a point that should shape how leaders think about this. Fraud defence is cyclical, not a one-time fix. Alan highlights the "continual nature of tuning and optimising and defending", and Kevin reinforces it with a line that holds up well in practice, saying "security is a journey, not a destination". 

That mindset matters because attackers are not standing still. They are iterating, learning, sharing techniques, and using AI to make deception more believable and more repeatable. In the same way you would not implement a customer experience programme and assume you are finished, you cannot implement a fraud control and assume it will hold forever. 

The strongest operational approach is layered. Start at the point of entry with number intelligence and routing decisions, build visibility through end-to-end journey data, scale QA and analytics to spot markers quickly, then support agents with real-time guidance so they can stay helpful without being manipulated. When you do that, you reduce reliance on individual judgement and create consistency across the operation, which is exactly what criminals struggle against.