Caller Anti-Fraud PIN Protection
Caller Anti-Fraud PIN Protection
A PIN number or some form of verification is required for almost every type of financial account, from Amazon shopping to your cell phone carrier account. But there is no system in place for the consumer to request verification of a caller's identity.
In 2019 alone, 26 billion illegal robocalls and scam calls eroded subscriber’s faith in telephone service worldwide. Between January and October 2019, $24 million was stolen from Canadians. How much loss is actually incurred by businesses such as a credit card company or cell provider by calling an unverified customer, in addition to the millions every year that is lost by the public from scam callers pretending from a recognized company?
Scam callers can "spoof" or fake the number that they are calling you from. Any institution or business dealing with financial information or PII (personally identifiable information) should be required to offer the ability for customers to opt-in to setting up a pin access code for the caller to identify themselves to the customer. This especially needs to be an option available for persons that have already been a fraud victim, suffered an account leak, or identity theft.
Information from account breaches, password hacks or other info such as email addresses are passed around in hacker lists for years after an incident, leaving victims vulnerable to potential problems for years to come.
There are existing digital standards already in place such as 2FA (two factor authentication) or setting a pin/access code to require identity verification on the customer side, protecting liability of the business but there is no actual security requirements designed with the specific intent of protecting the consumer. The commercial or financial industry is unlikely to adopt any requirements that may incur additional financial costs on their part, or that will require additional employee time on a call without a government mandate demanding implementation of a more secure program for 2-way security verification.
After years of major losses to Canadians, especially following the CRA breach and associated fraud phone calls, the Canadian Revenue Agency implemented new 2fa procedures and includes on their website information about what to expect from a CRA call. Implementing 2fa is a good first step, and although well-meaning, the information about "what to expect" is unfortunately information that scammers can also read to adjust their scam-call tactics. A system where a 2-way pin is required would resolve this problem.
With Canada implementing a method to reign in robo-calls (STIR/SHAKEN), it doesn't fully address the specific problem of verifying the individual callers identity or their authority to be placing the call. Furthermore, portions of the technology used in STIR/SHAKEN cannot be transmitted over legacy (PSTN) networks, which carry 85 per cent of all robocalls. This is the largest roadblock in establishing the STIR/SHAKEN in Canada as most operators use a mix of both systems.
The security systems in place still mainly focus on protecting the companies or institutions involved against liability of allowing scammers to manipulate their phone system to spoof their numbers, which fortunately as a by product provides a level of protection to the consumer; but it is not designed top-down as a consumer-focused safety measure.
The effects of implementing a simple 2-way verification process for even one government agency or credit card company would be felt immediately, as scam callers pretending to be from that agency would be prevented from impersonating that agency, which would eventually cause word to spread thereby preventing other callers from attempting the same in the first place.