Guarding Against Bad Actor Fraud: The Role of Customer Journey Management


As the holiday dust settles, let’s take a moment to celebrate your achievements. Yet, amidst the joy, did bad actors clogging up your contact center cast a shadow on potential revenue opportunities? Do you and your agents really know who is calling your contact center?

If not, your business may be at risk of fraud. Bad actors are targeting businesses based on a variety of factors, including potential financial gain, vulnerabilities and ease of exploitation. Cybersecurity attacks can devastate businesses financially—and jeopardize customer perception of the brand. Sift predicts billions in fraud losses by the end of 2023, with over $635B related to account takeover (ATO) attacks.

Organizations must be able to identify bad actors to prevent fraud. Customer journey management systems do this by leveraging real-time customer data profiles that connect all touchpoints across channels and lines of business. They can identify patterns in behavior to determine customer intent, then continue to refine business logic as caller behavior evolves.

What Is a Bad Actor?

According to Tech Target, “a threat actor, also called a malicious actor or bad actor, is an entity that is partially or wholly responsible for a security incident that impacts – or has the potential to impact – an organization’s security.” Cybersecurity bad actors attack and infiltrate digital systems, motivated by money, politics or some other malicious intent. An account takeover (ATO) attack is a type of theft where a hacker gains unauthorized access to an online account with malicious intent.The attacker may seek to profit, disrupt service delivery or generate fraudulent transactions.

Account Takeovers and Cybercrime Are on The Rise—And Lead To Lost Profits

Cybercrime is soaring due to the rise of generative artificial intelligence (GAI) adoption and rapidly expanding attack surfaces (due to growing numbers of IoT devices), among other factors. ATO attacks increased a whopping 354% year-over-year in Q2 2023.

Consumers blame the brand for account takeovers—and victims will take their business elsewhere. Most (73%) consumers believe the brand is accountable for ATO attacks and responsible for protecting account credentials. The majority (76%) would permanently stop shopping with a brand if they became a victim of ATO via that company’s website or app. Are you confident in your security measures across the enterprise?

Examples of Bad Actor Attacks

Cyberattacks and the bad actors behind them are constantly making headlines across industries. One recent example includes Mr. Cooper, a mortgage and loan giant, who shut down its systems after detecting that a threat actor accessed its technology systems on October 31, 2023. The cyberattack blocked millions of customers from making payments and processing mortgage transactions, resulting in a potential impact to more than 14 million customers.


Stealing gift card codes.

Gift card fraud and imposter scams, the most reported fraud category in 2022, often go hand in hand. Gift card fraud is highly appealing for several reasons:

  • Monetizing gift cards is incredibly easy.
  • There is little risk of being detected or prosecuted for gift card fraud.
  • Gift cards require very little verification and are hard to track.
  • Gift cards are not protected like credit cards or bank accounts.
  • There are no authentication barriers and gift cards can be used online or in-person.

Bad actors commit gift card fraud in the following ways:

  • Social engineering tactics. The bad actor uses social engineering to trick individual consumers and gain access to codes, such as posing as an employee of the organization to convince them to share codes. They also trick victims into paying for something by loading money onto a gift card and then asking them to share the numbers on the back.
  • Phishing scams. A bad actor who stole a gift card code calls the store’s contact center, trying to get the agent to activate the stolen card. Generative AI produces conversational, natural-language text and audio that are often virtually identical to human writing and speech, making it difficult to detect phishing attempts.
  • Physical theft. Stealing gift card numbers from physical cards on store racks is one example of physical theft. After someone purchases and activates the card, the bad actor can use it.


Vishing (Voice or VoIP phishing).

Bad actors also call company employees, pretending to be an IT person. They tell employees that their system has been compromised and they need to download an application or install a link. This action gives the bad actor access to sensitive data.

MGM Resorts recently experienced a ransomware attack during which an unauthorized third party obtained personal information (e.g., name, address, date of birth, driver’s license number, social security number) of some MGM customers. According to the MGM filing to the SEC, the 10-day cyberattack is expected to cost MGM more than $100 million through operational disruption. MGM guests had problems with ATMs, digital key cards, slot machines, online reservations and electronic payment systems.

The threat actors linked to the MGM cyberattack claimed to have accessed the company’s Okta (an identity management service) environment before the attacks. In a recent filing with the SEC, Okta reported that multiple U.S. companies were recently fooled by hackers, who called IT service desks and convinced them to reset MFA (multi-factor authentication) factors of highly privileged users. The bad actors were then able to impersonate users within the compromised organizations. Threat actors may have used a similar approach to access MGM’s system.

Impact of Bad Actor Fraud on Businesses


1. Damaging customer experience, trust and loyalty.

Customers whose new gift card code expired because it was already used won’t be eager to shop at your business. With a ransomware attack, customers will become distrustful of your business and will look to a more secure competitor.


2. Revenue and profit loss.

When gift card codes are stolen (without anyone paying for the card), the business loses money from the legitimate sale of the item purchased with the stolen card. When businesses need to shut down operations due to a cyberattack, they lose the revenue they would have made in that period.


3. Increasing costs.

After a cyberattack, the company’s security, risk and operations teams spend vast amounts of time, energy and money to remedy security issues. 

Customer Journey Management as a Defense Mechanism

Customer journey management software uses business logic and rules to detect bad actors and decide how to respond to them 24/7, regardless of which channel the bad actor is using.

Here are some examples of how customer journey management speeds up the identification, prevention and refinement of bad actor fraud:

Creates customer data profiles for trusted customers 

Real-time customer data profiles play an important role in actor identification. You need to know how your trusted customers behave so you can distinguish them from bad actors without subjecting customers to numerous, cumbersome security measures that increase friction, damaging the customer experience.

Is this caller a good or bad actor? Organizations must define bad actors based on business rules related to real-time data profiles (e.g., demographics, contact information, browsing history, purchase history across lines of business, website activity) that can connect every touchpoint a customer has with your brand. For example, when someone calls your contact center for help activating a gift card, you need to know:

  • Is the phone number known or unknown?
  • Does the system recognize the phone number the person is calling from? 
  • Have they called the contact center in a different division before?

If the answers to the second and third questions are “yes,” the caller is probably a “good” actor. If the phone number is unknown, the system evaluates the caller’s behavior, looking for other indicators (e.g., suspicious website activity or chatbot activity). 


Uses journey analytics to analyze behavior and determine intent 

Journey analytics analyzes the caller’s interactions with your brand, detecting behavior patterns and actor intent. Conversational AI determines intent by analyzing responses to Interactive Voice Response (IVR) prompts (e.g., by looking for pre-determined phrases) and identifying bad actors based on business-defined rules, that can be refined at any point based on changing calling behaviors.

By analyzing customer data to identify patterns in purchase and other behavior, journey analytics spots unusual activity or behavior to determine intent. You can also use multivariate testing on theories to retune business rules as fraudulent behaviors adapt or you expand across different lines of business.


Leverages a decisioning engine 

Journey orchestration (a decisioning engine) determines the next best action based on ongoing evaluation of the actor’s behavior. 

Start by creating rules for how the system should respond, according to the actor’s various touchpoints with your brand. For example, if the system doesn’t recognize the caller, the process may be to:

  1. Keep listening, waiting for other intent indicators
  2. Examine recent website activity
  3. Ask for authentication
  4. Inform call center agent in real-time of suspicious actor

A journey management platform can filter calls that come in to your Interactive Voice Response system to protect against bad actors. If the system detects that a caller is a suspicious or bad actor, it can prevent that caller from reaching—and fooling—your call center agents. Voice biometrics, digital listening technology and call handling analytics identify suspicious callers and then block them or route them to an agent with warning flags.

Implementing Customer Journey Management to Combat Bad Actor Fraud

How can you start using a customer journey management system to begin identifying and defending against fraud?

1. Start with journey mapping. Create a hypothesis around what the bad actor journey would look like by leveraging customer data profiles. How would the bad actor behave when interacting with your brand via contact center, email, website or other channels? Are there other lines of business where interactions need to be considered as part of the customer profile? What would someone who is trying to activate a gift card say or do?

2. Use journey analytics to measure the actor’s customer journey activity (examining each step in the journey).

  • What did the person do before calling the contact center?
    • Visit your website and view the gift card FAQs?
    • Recently changed account details (new password, email, phone number)?
    • Interacted with your website’s chatbot requesting gift card codes?
    • Made a purchase with a different division within your business?
  • What is the caller’s intent as determined by the system?

Compare the actor’s behavior and intent against your business rules to determine bad actor identification and leverage multivariate testing to confirm the hypothesis.

3. Use journey orchestration with rule-based decisioning and machine learning to determine how to handle bad actors in real-time, 24/7. For example, will the next best action be to:

  • Block the caller?
  • Alert call center employees that the caller may be a bad actor?
  • Automatically route the bad actor to a different division?

The next best action depends on the situation and your business rules, with flexibility on which channel to deliver the experience or which department should handle the potential fraudulent caller.

4. Use journey analytics and AI (fraud-detection algorithms) to improve the identification and treatment of bad actors. Use key performance indicators (amount of good actor calls incorrectly routed, etc.) to measure the effectiveness of your bad actor identification approach. Armed with this information, you can adjust the actor identification and fraud prevention journeys as needed or across lines of business using additional hypothesis testing.

To improve omni-channel actor identificationand prevent fraud, you need a journey management system that is configurable, making it easy to adjust the business rules as technology and security threats change. Follow these steps for a more proactive approach to fraud, and you will be well on the way to unlocking profit and delivering better customer experiences, quickly.

CSG Xponent: An Important Tool in Your Fraud-Prevention Toolkit

CSG Xponent, our industry-leading journey management solution, combines a customer data platform with journey orchestration and journey analytics to deliver the next best action regardless of channel throughout every customer interaction with your brand. Xponent is configurable, allowing the ability to create and adjust business rules yourself. Start harnessing the power of CSG Xponent, with proven results in as little as 60 days.

Contact us to learn more about safeguarding your business with Customer Journey Management.

Guarding Against Bad Actor Fraud: The Role of Customer Journey Management