Bojan - stock.adobe.com
US bank FNBO uses Pindrop to tackle voice fraud, deepfakes
Learn how First National Bank of Omaha in the US is enhancing customer authentication and verification in its contact centres, eliminating friction points and making life easier for its customer service teams, with Pindrop voice security technology
With cyber criminality and fraud against banks running rampant in recent years and showing no signs of slacking off, banking organisations around the world are coming to understand that they need to be doing much more effective due diligence when managing inbound customer contacts via voice calls or web chats.
First National Bank of Omaha (FNBO) is one of the myriad of consumer and commercial banks all over the world that has to deal with these challenges on a day-to-day basis, but in the past few years, it has undergone a quiet revolution in how it identifies and verifies its customers, after enlisting the help of emergent voice security specialist Pindrop.
Based in Nebraska in the US, FNBO was founded by two brothers during the pioneer days of the 1850s. Over a century and a half later, FNBO today runs a full service retail and business banking operation spanning America’s central Great Plains region, from Illinois down to Texas, and westward to the Rocky Mountains.
Working at one of the largest privately held banks in the US, with over $30bn in assets, Steve Furlong, FNBO director of fraud management, spends his days ensuring the security of thousands of inbound customer contacts, not all of them from his own customers – FNBO also operates Visa and Mastercard credit cards on behalf of other commercial organisations, with partners including hospitality companies, nonprofits and retailers alike.
The core cyber security challenge Furlong’s fraud team faces is clearly a know-your-customer (KYC) issue. “Am I really speaking to the true cardholder?” says Furlong. “Am I transacting with the right person, and not a fraudster, a man-in-the-middle, or even a deepfake?”
The difficulties associated with customer verification are something Furlong recognises well after many years in the world of fraud. Historically, he had always been told to work to two core tenets – first, he was not to lose any money, but second, he was to make it very easy for customers to do whatever they wanted to do. It’s easy to see how these two goals can be fundamentally in conflict with each other.
“It’s an extremely tough challenge,” he tells Computer Weekly. “My gut tells me to put every bit of protection in place that I can and make it very hard for anybody to interact – using all of the KBA [knowledge-based-authentication] tools out there and making people jump through hoops.”
Data requests
For a long time, says Furlong, he approached the fraud problem with this in mind, asking for as much data as needed – the colour of your first car, your favourite primary school teacher, your first pet’s name, your address in 1995 – checks that many legitimate customers would inevitably fail and then have to go to a physical branch to have their government photo IDs confirmed.
“That’s a horrible experience,” concedes Furlong. “But from a fraud viewpoint, it’s super successful, so it was the hat that I used to wear, and I think everybody in my world did.
“But as times changed, we realised we couldn’t keep putting customers through these hoops – we would lose them,” he says. “And as we became more partner-centric, issuing cards for other companies and brands, we would get complaints from them saying, ‘you’re denying our customer, and not only that, you’re doing it in our store!’”
Furlong was also experiencing friction with his colleagues in FNBO’s contact centres, whose goals were to eliminate time spent on calls, answer questions, and solve problems more quickly and efficiently. He describes it as the antithesis of his old way of thinking.
Addressing the verification challenge
It was this growing need to better meet the challenges of in-the-moment customer authentication and verification that first led FNBO to Pindrop about five years ago. Pindrop got its start in the early 2010s, when its founder, Vijay Balasubramaniyan (who holds a PhD in telecoms security), became frustrated at having legitimate transactions flagged and denied by his bank when visiting India, simply because there was no easy way to prove his identity.
Furlong first heard about Pindrop through industry contacts via whom he learned other banks were starting to implement its Protect fraud detection product in their contact centres. However, this first engagement quickly hit a wall that meant FNBO couldn’t move forward with the supplier – it had to be run on-premise, which for the bank wasn’t feasible.
“We spoke to them but we didn’t move down that road because we can’t allow someone behind our firewalls,” says Furlong. “[But] then they went to the cloud and brought out their Passport product, which is all about authentication.”
He reopened discussions, took the temperature of his peers and analysts, and ultimately was able to sell Pindrop to FNBO’s board based on the argument that even though the organisation was not seeing a whole bunch of fraud through inbound customer service channels at that time, it could use an insurance policy against the possibility.
Initially, the partnership centred only the Protect product, but during discussions at the bank’s Omaha headquarters, it became apparent that Passport could also help solve some of Furlong’s challenges, so ultimately FNBO took the decision to move forward with both.
“Pindrop has a great partnership approach,” says Furlong, turning to the implementation process. “They sent a bunch of people out to Omaha where we had a big, day-long kick-off meeting, [and] then we had regular, biweekly meetings with their development and implementation staff.
“Because it was in the cloud, it was a fairly seamless process – we stood up Protect within 60 days, Passport took a little longer ... to be able to integrate it in the fashion we’d want to.”
Frictionless verification
For FNBO’s customers, the implementation of Pindrop has probably gone, by-and-large, completely unnoticed, says Furlong. “It’s seamless to them,” he says. “Outside of the fact that we don’t put them through so many authentication steps anymore, depending on what Pindrop is alerting us to.
“So, if it says, ‘hey, this is a good person, this is Steve, the fraud scores are low, the authentication scores are high,’ I’m not asking you three questions or sending you a one-time passcode. I’m able to shorten that process a lot depending on risk.”
The authentication scoring process draws together various data points that Pindrop’s systems glean during the customer contact. These data can include, but are not limited to, information such as the geographic location of the inbound contact, or whether or not the customer has changed their device, or downgraded it – this is often a sign of nefarious intent.
If these scores hit a certain threshold and a contract becomes flagged as a potential risk, FNBO will escalate the contact to a dedicated contact centre where they will speak with a customer service agent who specialises in fraud and can throw down some of the more traditional KBA hurdles.
Banking customers will not notice any of this, says Furlong. “We’ve not had any customers come to us and ask why we’re not asking 30 questions anymore, so in my mind, they’re liking that – they’re not complaining about it!”
In terms of more tangible benefits, he says, these are largely being seen in FNBO’s contact centres. “We do get a lot of feedback on it from contact centre reps we have out there,” says Furlong. “They love the product because it directs them into what to do. They do not have to be fraud experts anymore. We have a fraud shop for that, so they don’t have to detect fraud.
“It’s kind of the running joke here, when we lose connection with Pindrop on our side, the agents have to go back to the other KBA processes, and they are immediately raising alarm bells to our IT team saying, ‘hey, something’s down here; I’m not getting a score’. They love that score.”
A partnership for the future
Reflecting on the work FNBO and Pindrop have done to date, Furlong says he has been particularly impressed with the degree to which the relationship between the two firms has been a partnership, rather than a transaction.
“They take on an advisory role – they care as much about hearing from us as we care about hearing from them on what we should be doing,” he says. “They’re always working with us to know what we’re doing and what’s the next thing on our mind; what is the next risk.”
And the next risk is clearly linked to the prospect of hard-to-detect, artificial intelligence-generated deepfake fraud – something that has been talked about since the launch of ChatGPT in November 2022.
At a recent media and analyst event in Washington DC, Pindrop executives demonstrated some of the new anti-deepfake capabilities it’s now bringing to bear in a recently launched product called Pulse, which it claims provides near-instantaneous analysis and identification of audio deepfakes in the interactive voice response (IVR) system or at the customer service agent level. FNBO helped beta-test this product.
“I was presenting at a conference two years ago, and someone talked about deepfakes and asked if I was worried about them,” says Furlong. “I said, ‘no, not really’.”
But in 2023, he started to change his tune, and in 2024, he made a complete 180 on the issue. “When we partnered with Pindrop on deepfakes, I was very interested to see if we were getting attacked by them,” he says. “And we sure were – we were getting deepfake calls coming in.”
Read more about communications security
- Enterprise collaboration is an integral part of doing business. But companies must learn to guard against voice security issues that could compromise their networks.
- Chinese hacking of US telecom networks raises questions about the exploitation by hostile hacking groups of government backdoors to provide lawful access to telecoms services.
- How Olympic-sized networking nightmares were avoided in Paris despite unprecedented traffic peaks and usage patterns.
Concerningly for Furlong and FNBO, deepfakes are democratising, and have the potential to democratise cyber crime and fraud, widening the potential pool of criminality – he recounts how during the beta process, he asked one of his team to go off and create a convincing deepfake to try to break through the system, something they were able to accomplish in a matter of minutes.
“A lot of my peers are worried about gangs and organised crime, and they’re absolutely right to be, but I’m also worried about some guy sitting at home thinking he’s going to go after some money as well,” says Furlong.
“They’re coming through the phone, through our IVR, they’re coming through chat, they’re coming through video-conferencing,” he says. “It’s super cool that the world has come to that, and we’ve advanced to do these kinds of things, but it’s become scary as to what we can do with those things.”
FNBO officially implemented the deepfake detection technology in late 2024, and it’s already detecting attacks – albeit not at a significant rate. “It’s at an expected rate, enough to notice,” says Furlong. “I would expect as we get into 2025 and 2026 that it will become very significant.”
Going forward, FNBO is continuing to work with Pindrop on deepfakes and other aspects of voice security – currently, Furlong is looking into live call transcription and analysis to be able to tell if a customer is being victimised or prompted by a scammer.
“Can Pindrop do that for me by detecting pregnant pauses – meaning there’s a man in the middle – or do they sound like they’re reading a script?” says Furlong.
“To me, that’s the next evolution of this whole piece,” he concludes.
