News

How can enterprises support remote working without opening the door to occupational fraud?

Economists who surveyed thousands of Americans found that, after the pandemic, the average employee would like to spend nearly half their time working from home. Employer attitudes have shifted too: most expect that employees will work from home one day a week. Indeed, PwC has found that only 19% of companies are planning to operate a completely in-person working environment in fall 2021.

But this shift creates new security threats. As organizations move to formalize “work from home” and “work from anywhere” policies, they need to understand — and mitigate — the increased risk of fraud that comes with allowing remote access to their systems.

Remote working brings increased opportunity to commit fraud

Away from the controlled environment of a shared workplace, employees are missing their traditional support and accountability structures, giving them more opportunities to commit internal fraud.

For example, a contact center agent who’s working from their kitchen table can easily copy down a customer’s valuable personally identifiable information (PII) or credit card details with little fear of being caught by a colleague or supervisor.

The agent might use this information to commit fraud themselves or sell it to professional fraudsters — who are actively targeting vulnerable employees. Fraudsters are capitalizing on the financial pressures that many workers face in times of social disruption, seeking to turn trusted employees into willing accomplices. I’ve recently spoken to organizations with fraudsters on record  — in voice calls and in messaging chats — offering their employees cash or goods to facilitate a crime.

Remote working brings new access risks

There’s no clean desk policy when your office is your spare room. Even if your employees are unfailingly scrupulous, their family, friends, and housemates may not be so trustworthy.

When operating remotely, employees may be using a shared device or working in a communal space. This can give family members or housemates  — who also may be facing financial pressures — ample opportunity to copy down customer information from an unattended screen. In some cases, a friend or family member can even log in to your systems with a password that your employee has scribbled on a sticky note and copy information wholesale.

The role of biometrics in authentication and fraud prevention

Increasingly, enterprises are strengthening their security and fraud prevention capabilities with AI solutions that layer advanced biometric and non-biometric factors into a single platform. Biometrics authenticate a person’s identity based on characteristics inherent to them, such as the sound of their voice, the way they speak, type, and swipe on their device, and even their word choice and sentence structure.

Biometrics are proven to transform the working lives of customer-facing staff. Authentication based on voice biometrics, for example, can take place entirely in the background of a customer service call, while the agent — rather than interrogating the caller with security questions — can focus on addressing the customer’s need.

The result isn’t just a shorter average handle time and lower operational costs; biometric authentication creates a more rewarding work experience for agents. This translates into lower absenteeism rates and lower attrition because employees who enjoy their jobs and are much less likely to quit. 

Biometrics reduce risk of hand-off and data leakage

By turning a biometric authentication solution to face internally, companies can mitigate many of the fraud risks involved in giving employees the freedom to work from where they choose. For example, by authenticating remote agents during customer calls, a company can be sure that employees aren’t handing off their work to friends and family. 

Biometrics also enable companies to institute a new kind of clean-desk policy for the work-from-home environment. By authenticating customers based on who they are, rather than asking them for personal information, companies can reduce or even eliminate the customer PII displayed on their agent desktop. 

Organizations that use biometrics for customer authentication don’t need to give their customer-facing staff access to sensitive information like dates of birth, addresses, and security question answers. As a result, there’s a significantly reduced chance of fraudsters tricking or bribing them into sharing it.

Biometrics strengthen employee authentication

Biometrics also play a crucial role in helping organizations reduce security risks for — and from — their remote employees.

Organizations can use voice biometrics, for example, to verify that it’s actually their employee logging onto their systems. Then, they can use behavioral biometrics to continually monitor for signs that someone else has taken — or been handed — control of the session.

Compared to authenticating employees with passwords or even authenticator apps, voice authentication is both faster and more secure, while freeing employees from being dependent on their secondary device. 

One railway network uses biometrics to authentic its train conductors. When its field offices contact conductors to issue instructions, they need to be sure that they’re speaking to the right person. Authentication via voice biometrics is a fast, secure way for the operator to verify their conductors in the field and mitigate the risk of work being handed off to unknown individuals.

Similarly, a leading wireless network operator uses biometric authentication to verify its technicians in the field. The technology has replaced one-time passcode tokens, providing a faster, more reliable authentication factor.

Biometrics drive accountability and compliance

Still, other organizations are using biometrics to bolster the accountability and record-keeping crucial to preventing and detecting occupational fraud.

One leading financial services company now asks its employees to authenticate themselves with voice biometrics when conducting high-value transactions on behalf of a customer. This creates a high level of accountability, proving to be an effective deterrent to occupational fraud, and provides a clear, robust audit trail, simplifying regulatory compliance.

Biometrics improve worker efficiency 

The moment a worker forgets their password to an internal system, their productivity plummets. Often, the reset process involves a call to a busy IT helpdesk (40% of IT help desk volume, according to Gartner estimates). Organizations are adopting authenticator apps as a second authentication factor, but if an employee’s phone is out of commission — due to a dead battery, a software update, or any other reason — they may be locked out of their work entirely.

Either way, the employee loses minutes or even hours of productivity. But reducing security in the recovery process isn’t an option — not when data breaches are hitting the news every week, and 1/3 of fraud cases can be traced back to a lack of internal controls.

All told, Forrester estimates that large organizations spend up to $1 million each year on handling password resets — while Gartner estimates that a single reset costs an organization, on average, $70 to complete.

That’s why companies are increasingly turning to device-agnostic voice biometrics to authenticate password resets and other account recovery requests. One Nuance customer in the telecommunications industry provides the perfect example: Employees calling its helpdesk are now authenticated from their voice instead of a security token. This means reset requests can be handled both more securely and more quickly, getting employees back to work and helping to mitigate critical security risks.

Getting expert advice on fraud prevention for remote working

Many organizations are still evaluating the impact of remote working on their fraud prevention strategy. If you’re in this situation, it’s a good idea to talk to an expert.

Industry experts can help you to understand not only the occupational fraud risks that come hand-in-hand with a “work from anywhere” model, but also how to address them with the latest biometrics.

Back to top button