Hello, everybody. My name is Conor White. I’m the president of strategic initiatives at Daon. I’m joined today by Brett Beranek, former general manager of Microsoft and Nuance’s voice business units. It’s a pleasure to have you here today, Brett. It’s a pleasure to be here, Conor. You’ve said that the contact center is a very exploited channel of fraud, you know, historically. Why is this still the case in 2026? That’s a very good question, Connor. And a lot of executives in the industry don’t realize this, but the contact center is the entry door for a lot of fraudsters for the very simple reason that it is a channel of last resort. So legitimate customers, when things don’t go well in digital channels, they have a problem, they hit a roadblock, what do they do? They call the contact center. So the contact center has all these processes to deal with exceptional cases. And those cases are exploited by fraudsters. Maybe a second point to bring up is that the fraudsters often call into the contact center to collect information, to collect data. They’ve already compromised a database of individuals, right biographic data, and then they call into the contact center to validate, is this data valid? And so that’s the first step that a fraudster takes in their fraud journey. And the contact center is just a fantastic channel for them to do that. Many organizations think that fraud is digital first, but they still engage the contact center. So tell me a little bit more about how you see how the contact centers, how people develop their fraud attacks through the contact center. Absolutely. And, you know, it is true that a lot of fraud actually takes place in digital channels, whether it’s, you know, web or mobile. What a lot of individuals don’t see is the steps that the fraudsters takes before that cashcash-out out event actually occurs. And account takeover actually occurs very frequently in the contact center. And as I mentioned earlier, the fraudsters, they call into the contact center, they collect information, they validate if a customer is actually a customer of the organization. In financial institutions, they’ll do things like verify account balance or do does this individual have a line of credit or a credit card? You know, those are assets that could be exploited. And then often, they call into the contact center and perform the account takeover, usually using one of these edge cases such as a customer that loses their phone or they’re traveling and they’ve lost their wallet and they’re in a moment of crisis. And contact centers are designed for those moments of crisis and that’s where the fraudster will leverage one of those use cases and take over the account. So it’s fair to say then that the actual the first call to the conductor is actually not trying to take money, it’s trying to do reconnaissance, trying to learn what how the fraud how the conductor works, trying to build a pattern that enables a very effective fraud later on. That’s exactly it. And that’s why the contact center has been overlooked, because a lot of organizations, they just look at the channel in which the fraud event took place and not necessarily the steps that the fraudster took beforehand. And that’s why securing the contact center is so impactful. Once you secure the contact center, you’ve put sticks into the fraudster’s wheels, and now they’re not able to do that account takeover, and they’re not able to do that fraud event in a digital channel or other channel. So a dollar invested in the contact center has several dollars of benefit in the digital channels. And when we talk about the channel-specific attack, we talk about the contact center. Social engineering keeps coming up as a pretty effective tool. And why is it so effective on agents these days? Very good question. And you know, put yourself in the shoes of an agent. A contact center agent is told that they’re there to service the customer. They’re there to help the customer in a time of need, in a time of crisis or resolve a financial problem or whatnot. And so that’s their training. And so when they have a fraudster that presents a seemingly legitimate customer problem, the contact center agent’s natural instinct is to try to find a solution. And they shouldn’t be put into a role of being the security agent or the security guard within an organization. They should have technology that does that work for them so that they can focus their jobs on providing that excellent customer service. And so we’re in a new era, a rather new era of AI. Right? And it’s this is nascent stages, but it’s everybody’s talking about it. Everybody’s doing it. We at Daon are obviously very heavily invested in AI and machine learning and things. But AI has the ability to change contact centers, right, from the agentic approaches. Yet, they also have a deep impact on the hackers and their tools, the democratization of some of their fraud tools. What are the main AI fraud threats and risks you’re seeing in the industry today that are driven and powered by AI-based technologies? Yeah. Conor, that’s such an important question that, unfortunately, a lot of people aren’t asking. There is anxiety in the industry around technology that could be used by fraudsters. And a lot of industry experts jump to the conclusion that deepfakes are the biggest issue, and they are. And I don’t want to underestimate that. But actually, the first AI tool that fraudsters are using are LLMs, and they use those to understand an organization’s processes. They use them to come up with fraud scripts. And so knowing that that is the first technology that a fraudster is using is very informative. And for fraud prevention teams, that can give them a couple of hints on how to address that attack. When it comes to generative AI, we are starting to see fraudsters use those advanced technologies in order to do things such as mimic somebody’s demographic. So, especially in the contact center, when they call in, they want to be convincing. Right? And we were talking about social engineering before. Well, social engineering only works if the agent on the other side of the phone believes, right, the story that they’re being fed. And so mimicking somebody’s demographic is extremely important and very useful for the fraudsters, and we’re seeing a lot of that taking place. And then finally, if we look into the future, how these technologies could be used by fraudsters, leveraging Gen AI in order to try to mimic somebody’s characteristics, such as their voice characteristics, is something that we are forecasting will take place in the future. And that’s where Daon can play an incredibly useful role, not only in securing the contact center using technology such as voice biometrics, but also when these risk factors come up such as the use of Gen AI, doing step up authentication such as a push notification to somebody’s phone, validating their face, potentially doing document verification, those are step up authentication methods that can reduce the risk that these Gen AI technologies bring into an organization. I totally agree with you. I mean, it’s what Daon’s all about, strong digital identity. And fraudsters, they tend to go to the weakest link, right, the soft spot. Speak a bit more about how you see digital identity, strong digital identity helping the call center and the organization as a whole, so in terms of like, it’s not just one vector of attack anymore that’s being used? Yeah, that’s a very good question and it exposes one of the weaknesses that organizations have. Many organizations today, this is a common issue in that identity is often siloed and the way we validate identity is often siloed. So we’ve been talking about contact center today. We’ve also been talking about digital channels. Often, how you identify a person in both of those channels is completely different. Obviously, that’s something that a fraudster or a malicious individual can exploit. And so, having a holistic view of identity across an organization, across channels, using the same solution can deliver a lot of benefits and can identify risk factors and reduce the risks of fraud. So that’s one of the things that I really love about Daon is its ability to provide that identity journey from A to Z in channels such as digital and the contact center and the branch as well. So in your global experience, because you’ve obviously helped organizations all over the world, where do you see these companies overestimating their capabilities when it comes to stopping fraud? Very good question. I’ve I’ve seen a lot of organizations make material investments in their digital channels, and those investments are paying off. We see that fraudsters are having less opportunities to perform fraud in the digital channels. And what I’ve seen is fraudsters changing their tactics as a result. One of the financial institutions that I’ve been working with recently had shift in their fraud attack vectors where the fraudsters attack the contact center first, and then the actual fraud event takes place in branch. Something that you and I probably would have never anticipated a few years ago, because it seems like such a high effort, high-friction way of perpetrating fraud for a fraudster, but that’s explained by the investments made in digital. So I was once told that fraud is like water. It will seep through one way or another. And so an organization needs to create that wall across the entire organization. So one of the things when we talk to customers, we find that the technology adoption is generally slower because they’ve got all sorts of rules and things to follow, procurement rules. Technology adoption by the institution is much slower than the tech adoption by the fraudster. So, fraudsters can actually decide on a Monday to do something different on a Tuesday. Organizations can’t necessarily do that. What are the things that those organizations should be thinking about today and doing today to try and at least stay ahead of what these guys on the dark side are doing to them? It’s more about not just the tech but the processes because these guys can react so much quicker than the institutions can. It’s a kind of a losing game unless they kind of adopt or change their posture. Excellent point, Connor. One of the things that I recommend to organizations is that they put themselves into the shoes of a fraudster. And they think through what are the steps that they would take, what are the technologies that they would use, and that’s the best way to imagine, well, what are the countermeasures that we need to implement as an organization to prevent those fraud attacks from going through. And you’re absolutely correct that having an agile approach, as you mentioned, not only to technology procurement but also to evolving processes, fraud prevention teams need to be able to pivot on a dime. And, you know, the advent of Gen AI is just one example of the type of tools that fraudsters have access to that can create an incredible amount of damage. And so I’d say, you know, if we’re speaking to executives, you know, providing a message to board members, just because an organization had a certain level of fraud last year Is no guarantee that they’ll have the same level of fraud next year. And I want this to be positive. It’s not just a question of doom and gloom. There are amazing technologies out there, especially biometrics, that can solve these problems. They just need to be used across the board. They need to be used across the identity journey. And you need to think about, well, when authentication fails with one of those biometrics, what do you do in that case? And make sure that you have a a step up authentication approach that uses potentially a different biometric modality to ensure that you haven’t left any gaps in that in that fortress that you’ve built to protect your organization. Yeah. So one of the things we see, and hopefully I think you see too, is the ability of an organization to actually adapt quickly through a low-code, no-code process. If you discover a risk or a vector of attack, you can almost immediately adapt to it and deploy other technologies to counter it. And so you’re able to respond. Response times are super, super critical here because you cannot build one thing that will protect you in all cases. And like you said earlier, being able to adapt when you see something emerging without having to go and rebuild everything or redeploy things is really, really critical in the future. Yeah. Very good point. I really love Daon’s ability to orchestrate these journeys in a very simple fashion that a business analyst could do without any code in the background. That is critical, as you mentioned, to be agile and to react to an event. You can’t anticipate everything. But once something happens, if you’re able to react within minutes, that’s going to protect the organization versus taking days, weeks, or months to make a change. So final question from me. If you were advising a board of a large bank, healthcare company, or so on today, what would you tell them not to ignore? The number one message that I would communicate is don’t ignore the contact center. It is overlooked time and time again, and it is an entryway for fraudsters into the organization and can cause an incredible amount of damage. There’s a natural tendency to be excited about digital channels and about automating experiences. We hear a lot about technologies such as agentic AI that will automate even further. And these are all very important technologies, and absolutely have a place and they should be invested in. But as long as there’s a channel of last resort where there’s a human being in the mix, you need to have technology to protect those channels as well and to ensure that your organization doesn’t have any cracks in it that defrosters can infiltrate through. Fantastic insights, Brett. Thank you so much for joining us today. It was a real pleasure to interact with you and to hear your views and your guidance to us and to other organizations. It was a pleasure, Conor. Thank you.
