The bad news: customer service call centers at financialinstitutions are largely unprotected, said Shirley Inscoe, a fraud expert with Boston-based Aite Group.

The worse news: as big banks toughen their defenses against callcenter fraud, criminals are shifting their focus to smallerinstitutions – that means you – and they are finding the pickingsare easy and sweet, said Inscoe.

Behind the scenes, many financial institutions have beenscrambling to beef up their computer defenses as global hackershave mounted relentless campaigns against U.S.-based institutions –but those same institutions may have taken their eyes off theirold-fashioned call centers.

Criminals have not forgotten them and, increasingly, they looklike the weakest link. “Fraudsters are shifting attacks into callcenters,” said Mark Lazar, CEO of Victrio, a call center security company in Menlo Park,Calif.

“We are seeing many more attacks on call centers by highlyorganized criminal gangs,” said Inscoe.

These criminals are good at their work. They are polished,persistent, smart. If they hit a suspicious call center worker,they hang up and redial. Often a crook will call many times,netting one piece of information on this call, another on thatcall, until, eventually, they have pieced together all theinformation they need to empty the target account.

In many cases, the institution won't even know it is sufferingcall center-spawned crime, said Inscoe. Executives will bemoan whatthey say is a rash of computer crimes – where criminals logged intocustomer accounts using the customers' credentials – but they donot understand it was their own call centers that provided thecriminals with the information they needed to log in, saidInscoe.

Don't blame the call center workers. They are in a classicdouble bind. They are told to be helpful – but how are theysupposed to mesh that invocation to helpfulness with the realitythat wily criminals who are good at what is called socialengineering are adept at exploiting that helpfulness for criminalgain?

“Most call centers,” added Inscoe, “aren't very welldefended.”

But, she noted, some are. Some of the very biggest banks havebeen deploying slick anti-fraud technology. Victrio, for instance,has a database of known fraudster voiceprints. Say a caller is onthe line asking for a replacement debit card to be sent out and,oh, he is traveling so would you send it to a hotel in downtownPhoenix?

With a smart system – one that takes a lot of decision-makingout of employees' hands – that high-risk event would justifyrunning this caller's voice against the database, a search thathappens in real time, said Lazar.

The database, he explained, is compiled from known fraud casesand there also is technology in the system designed to thwartcriminal attempts to disguise a voice.

If the system finds a match in the database, it turns the caseover to the financial institution's fraud team – no need for thecustomer contact agent to get involved. “This process isautomated,” said Lazar.

Sound good? Inscoe said that tools like that – she endorsed noparticular company's solution in a call with Credit UnionTimes – are now starting to show up at big banks and, yes,that may be bad news for you because criminals will flee thebetter-defended institutions in search of easier pickings.

What a smaller institution can do, said Dan Draz, a Naperville,Ill., fraud expert, is train employees and train them some more.“Raise their awareness about attacks,” said Draz.

Draz added: “A red flags policy is critical and all employeesshould be trained as to what constitutes a red flag for furtherfollow up.”

Every institution will have its own policies but cases in pointof red flags that warrant extra caution might be address changes,replacement debit cards requested for new addresses, and just aboutall password resets.

Nobody is saying don't be helpful to the member – just proceedwith caution knowing that certain requests are often associatedwith criminal intent.

The other thing to remember: amid all the focus on high tech,“the phone remains one of the biggest tools of criminals,” saidDraz. And employees need never to forget that.