Asian professional female assistant service helpline operator wearing headphone microphone

Safeguarding call centers: strategies for insider fraud risk mitigation

Authors

  • Bob Boyle

    Managing Director

  • Jeffrey Sallet

    EY Americas Crisis & Investigations Leader; Partner, Forensic & Integrity Services, Ernst & Young LLP

3 minute read 06 Jan 2026
Related topics
Forensic & Integrity Services

Financial institutions must adopt robust strategies to combat call center fraud and insider threats, protecting data and trust.

In brief

  • Institutions experienced a surge in call center fraud due to pandemic-related vulnerabilities and modern fraud tactics that complicate customer ID verification.
  • Companies should understand their existing insider risk management framework and related controls surrounding high risk roles, like call center agents.
  • Understanding a company's vulnerabilities helps teams enhance fraud detection and controls, using data analytics to combat insider threats and protect assets.

Part 1 of 4 in a series focusing on insider threats, risk management insights and points of view

Financial service organizations are continuing to observe increases in call center fraud as fraudsters exploit vulnerabilities in digital infrastructure that emerged during the pandemic. Fraudsters are augmenting their tactics with the latest technology to conduct fraud more efficiently, increasing call center volumes and straining control effectiveness. Fraudsters armed with stolen customer information and AI tools, like facial generation and voice cloning, are making it harder for call center agents to know if they are truly talking to their customers. These persistent risks underscore the need for heightened vigilance and the implementation of more robust security measures.

How EY can help

  • Crisis & Investigations

    Forensic Investigations & Crisis Management Services team provides complete crisis and incident response solutions. Team of former law enforcement, forensic accountants.

    Read more

As call center agents are the gatekeepers to various critical organization assets (e.g., confidential data, network systems and customer account information), they are a key vulnerability to the organization. Fraudsters specifically target call center agents that may be experiencing financial pressures and/or are not well-versed in the latest fraud trends leading to a continued increase in recruiting schemes and abnormal behavior:

 

  • Bad actors recruiting agents through social media to participate in scams or provide non-public information (e.g., standard operating procedures, customer information) for monetary “bonuses”
  • Agents assigning specific cases to themselves to circumvent authorization policies and/or avoid others from detecting their misconduct
  • Agents reflecting higher than average call times and/or accessing more customer profiles than expected (e.g., Receiving calls from fraudster to coordinate and/or share information)
  • Agents with higher throughput and higher fraud/error rates indicating a lack of training or skipping steps in procedures

 

Organizations continue to enable hybrid work environments which limits oversight and fosters a need for programs that incorporate insider risk management and enhanced mitigation, detection, and investigation processes. Outdated controls, like one-time passwords and knowledge-based authentication that can be bypassed by bad actors and insiders, no longer provide substantial security to customer accounts, furthering the need for more advanced authentication tactics, such as multifactor and in-app authentication.

 

Key points for fraud risk mitigation to consider

  1. Identify high-risk personnel within the organization that have access to sensitive information and may be susceptible to insider threat risk.
  2. Provide clear guidance on how to identify and report insider threats, keeping employees current on emerging fraud risks or other related company policies.
  3. Establish robust active monitoring technology to detect insider threats and emerging risks including abnormal agent behaviors or performance shifts that may indicate increased vulnerability to fraud.
  4. Monitor social media and collaborate with peers to quickly identify, communicate, and respond to targeted fraud campaigns.
  5. Train agents to identify suspicious patterns, such as repeated failed authentication attempts or unusual call behavior, reinforcing that successful authentication doesn’t prove legitimacy.
  6.  Implement protocols for agents to escalate and report suspected fraud, enabling rapid response including all relevant key stakeholders.

How EY teams can help


Nicholas Spinella, Erin Poggi and Lauren Mackey also contributed to this article.

Summary

This article discusses the heightened risks that financial institutions face regarding call center fraud and what they should do to prepare their organizations.

About this article

Authors

  • Bob Boyle
    Managing Director
  • Jeffrey Sallet
    EY Americas Crisis & Investigations Leader; Partner, Forensic & Integrity Services, Ernst & Young LLP
Related topics
Forensic & Integrity Services

Related articles

FINRA: what the agency’s priorities are for 2025

FINRA’s 2025 priorities include Reg BI, cybersecurity, market surveillance and emerging risks such as AI. Learn more.

Walid Raad + 1

Increasing litigation and regulatory focus on cash sweep accounts

Institutions facing class action lawsuits and regulatory scrutiny over cash sweep accounts. Forensics can provide litigation and investigation support.

Walid Raad + 1

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.