The story of the last ten years in financial fraud is one of industrialization. What used to require skill and effort is now bought as a service, automated, and pointed at whichever door is easiest to open. Increasingly, that door belongs to a community institution.
Why smaller institutions became targets
- Large banks invested heavily in fraud controls, pushing attackers toward softer targets.
- Breach data and identity profiles are cheap and abundant, so the cost of attacking any given institution dropped.
- Members of small institutions are just as valuable to a fraudster — and often less defended.
The attack moved to the phone
As online channels hardened, the call center became the path of least resistance. Account-takeover increasingly begins with a phone call: a fraudster armed with breach data passes knowledge-based checks, resets credentials, and moves money — all without ever touching the website.
What actually moves the needle
The institutions reversing the trend are the ones that stopped authenticating callers with secrets. Voice biometrics, device signals, and a One-Time Passcode together raise the cost of an attack far beyond what a recited answer ever could — and they do it without punishing the legitimate member.
Not sure where your call center sits on this curve? We will help you pressure-test your current caller-verification flow against how attacks actually run today.
See Confirm running in your core.
Tell us about your institution and we’ll get back to you within 24 hours.