Date post: | 09-Feb-2017 |
Category: |
Technology |
Upload: | pindrop |
View: | 531 times |
Download: | 3 times |
2015 Pindrop Security™. Confidential.
USING THE PHONE CHANNEL TO DETECT MONEY TRANSFER FRAUDMatt GarlandVice President of ResearchPindrop SecurityOctober 14, 2015
2015 Pindrop Security™. Confidential.
NOTE
These slides are from a webinar held October
14, 2015.
You may view a recording of the webinar at
www.pindropsecurity.com/webcast-archive
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
Physical PhoneOnline
THE WEAKEST LINK
1995 2010
2015 Pindrop Security™. Confidential.
PHONE VULNERABILITIES
2015 Pindrop Security™. Confidential.
CUSTOMER SERVICE REPRESENTATIVES
• Human Element• Social Engineering• Customer Experience
2015 Pindrop Security™. Confidential.
KNOWLEDGE BASED AUTHENTICATION
• Social Media• Previous Data Breaches
• Online Black Markets• Failure Rates
2015 Pindrop Security™. Confidential.
CALLER ID / ANI
• No longer reliable• Spoofing
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
THE THREAT IS GROWING
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
FRAUD CALL RATES
Avg. Call Center
Banks Brokerages Credit Card Retail Money Transfer
1 in 22001 in 2650 1 in 3000
1 in 900 1 in 1000
1 in 490
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
$800 - $1500Per Transaction
MissedOpportunities
FRAUD LOSS
2015 Pindrop Security™. Confidential.
PHONE CHANNEL ATTACKS
2015 Pindrop Security™. Confidential.
ATTACK STAGES
Reconnaissance Account Takeover Verification Intercept Monetize the Attack
2015 Pindrop Security™. Confidential.
RECONNAISSANCE
• Identify account holders• Collect or test KBA
answers
2015 Pindrop Security™. Confidential.
ACCOUNT TAKEOVER
• Change contact information• Reset password• Setup account
2015 Pindrop Security™. Confidential.
VERIFICATION INTERCEPT
• Verification Call Intercept• Preempting Verification
2015 Pindrop Security™. Confidential.
MONETIZING THE ATTACK
• The most direct way to monetize an attack
2015 Pindrop Security™. Confidential.
CONSUMER ATTACKS
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
BEST PRACTICES
Track Phone Fraud
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
BEST PRACTICES
Track Phone Fraud Detect Phone Fraud Authenticate Callers
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
LOSS• Packet loss • Robotization • Dropped frames
SPECTRUM• Quantization • Frequency filters• Codec artifacts
NOISE• Clarity• Correlation • Signal-to-noise ratio
147 audio features
UniquePhone
Geo-Location Risk Factors
PHONEPRINTING™
Phoneprint™
Call AudioRequires 15 seconds
of call audio
Risk Score
Call Type
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
CONCLUSION
• The phone channel is the “weakest link”
• Sophisticated criminals use the phone channel for reconnaissance, account takeover, and cross-industry attacks
• Best Practice• Use PhoneprintingTM to detect phone fraud and investigate attacks
2015 Pindrop Security™. Confidential.
PINDROP SECURITYPhone Fraud Stops Here.
For more information contact [email protected]