Date post: | 13-Apr-2017 |
Category: |
Government & Nonprofit |
Upload: | pindrop |
View: | 274 times |
Download: | 0 times |
2015 Pindrop Security™. Confidential.
PHONE FRAUD THREATS TO GOVERNMENTMatt GarlandVice President of ResearchPindrop SecuritySeptember 2, 2015
2015 Pindrop Security™. Confidential.
NOTE
These slides are from a webinar held October 7,
2015.
You may view a recording of the webinar at
www.pindropsecurity.com/webcast-archive
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
Physical PhoneOnline
THE WEAKEST LINK
1995 2010
2015 Pindrop Security™. Confidential.
CUSTOMER SERVICE REPRESENTATIVES
• Human Element• Social Engineering• Customer Experience
2015 Pindrop Security™. Confidential.
KNOWLEDGE BASED AUTHENTICATION
• Social Media• Previous Data Breaches
• Online Black Markets• Failure Rates
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
CITIZEN DATA
$11$30
$500 $0.50
2015 Pindrop Security™. Confidential.
GOVERNMENT DATA
• Classified & Unclassified Information
• Internal Statistics• State Secrets
2015 Pindrop Security™. Confidential.
PUBLIC SAFETY
• Immigration• National Defense• Funding Terrorism
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
FRAUD LOSS
$7.6 millionfraud exposure
$0.57average
fraud lossper call
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
FRAUD CALL RATES
Avg. Call Cen-ter
Banks Brokerages Credit Card Retail
1 in 22001 in 2650
1 in 3000
1 in 900
1 in 1000
2015 Pindrop Security™. Confidential.
PHONE FRAUD STEPS
Reconnaissance Account Takeover Monetize the Attack
2015 Pindrop Security™. Confidential.
RECONNAISSANCE
• Identify policy holders• Determine policy value• Collect KBA answers
2015 Pindrop Security™. Confidential.
ACCOUNT TAKEOVER
• Change contact information• Reset password• Setup online account
2015 Pindrop Security™. Confidential.
MONETIZING ATTACKS
• Payment of Benefits• Tax Refunds• File fraudulent claims
2015 Pindrop Security™. Confidential.
CROSS INDUSTRY ATTACKS
Validate SSN in IVR Use SSN to get tax transcripts
Target high income individual bank accounts
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
LOSS• Packet loss • Robotization • Dropped frames
SPECTRUM• Quantization • Frequency filters• Codec artifacts
NOISE• Clarity• Correlation • Signal-to-noise ratio
147 audio features
UniquePhone
Geo-Location Risk Factors
PHONEPRINTING™
Phoneprint™
Call AudioRequires 15 seconds
of call audio
Risk Score
Call Type
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
HOW AGENCIES CAN USE PINDROP
Detect Phone Fraud Forensic Investigation Regulation
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
CONCLUSION
• The phone channel is the “weakest link” in protecting citizens and government data
• Sophisticated criminals use the phone channel for reconnaissance, account takeover, and cross-industry attacks
• Best Practice• Use PhoneprintingTM to detect phone fraud and investigate attacks
2015 Pindrop Security™. Confidential.
PINDROP SECURITYPhone Fraud Stops Here.
For more information contact [email protected]