Your Telco Infrastructure is a Weapon of Choice for Fraudsters

Abuse of telecommunications infrastructure dates back to the late 1950’s when fraudsters, then called phreakers, discovered the ability to make free long distance calls by mimicking the audio routing tones. This act of discovery and exploitation created a community of people interested in telecommunications technology and the gaps in protection against malicious use, setting off an arms race between fraudsters and telecommunications providers that still exists today.  Technologies such as private branch exchanges, or PBXs, and virtual private networks have evolved to aid in the fight against fraudsters, but costly schemes are still pervasive. For example, “One ring and cut” where fraudsters attempt to get subscribers to unknowingly return missed calls to premium rate lines, represents significant financial liability for these operators.

Today, fraudsters are using the phone channel in a much simpler way to execute fraud. They are target call centers and running fraud schemes over the phone. In Mexico, the most popular fraudulent operations over the phone are card activations, new PINs for cards, modifying account information, travel notices and phishing scams. As fraudsters get more sophisticated, their ability to utilize every means to commit fraud continues to grow.

This shift towards call centers as a primary point of fraud attacks is reflected in the 113% growth in global call center fraud over the past year.[1]

In Mexico, the vast majority of phone fraud cases are domestic, meaning the fraudsters are in country where their focus is making large volumes of calls attacking an organization starting with the call center and moving throughout the organization.  Fraudsters have been able to turn the their targeted calls into larger cross channel fraud schemes. Fraudsters use the call center as a point of entry and then move on to fraudulent ATM transactions, fraudulent purchases at physical stores or online, and interact with the bank’s website.

According to the analyst firm Aite Group, as much as 61% of account takeovers financial losses can be traced back to the call center.[2] The effect of weak call center security plays a significant role on fraud losses in other channels.

As fraudsters become more knowledgeable about the phone channel’s infrastructure and fraud prevention methods, they are now banding together working in organized fraud rings. Local fraud rings are highly organized and able to large amount of fraud call in a single day using “boiler rooms”.  A boiler room is a entire call center dedicated to fraud. Currently, a large number of boiler rooms in Mexico are focused on the debit and credit segment.   Operating as a collective group allows fraud rings to pool resources, intelligence, and tactics providing them with an ability to subvert security measures like stand-alone blacklisting voice biometrics. If a fraudster discovers their voice is being flagged by a particular organization, they simply pass the job onto a fellow fraudster for a fresh voice that will not trigger a matching voiceprint.

Traditional methods for detecting advanced fraudster techniques are becoming a challenging task. Simple caller ID verification becomes useless in the wake of an increase in cellular based fraud. With inexpensive prepaid cellular telephones available, often called “burner phones”, fraudsters can have a number that is not associated with any fraud history or behavior.  These burner phones are a popular choice for fraudsters in Mexico.  The ability to change phones and numbers regardless of location or origination of service, provides fraudsters with the perfect social engineering tactic to avoid suspicion and simply tell the call center agent they purchased a new phone and need to add this new number to their account. Historically, VoIP devices comprised the majority of fraudulent call center calls, however, over the past two years the use of prepaid cell phones as fraudsters’ device of choice has more than doubled.

In 2014, only 21% of fraudulent calls were made over mobile devices. This past year their use increased to 43% of all fraudulent calls.[3]

As fraudsters get more experienced and efficient, solutions that protect telecommunications provider’s call centers must evolve as well. Single factor anti-fraud solutions are not enough to stop fraud rings from modifying information to take over an account. Stopping today’s organized fraudsters requires multi-factor anti-fraud solutions that eliminate the use of traditional knowledge based authentication information, which is now widely available on the dark web. Truly effective solutions use layered defenses and involve extracting every facet of information from inbound calls. Analyzing the calls’ metadata to get a picture of fraud history associated with that number, a way to detect anomalies that indicate fraud during the call, and the ability to capture a detailed device and voice prints to recognize fraudsters and fraud rings are paramount in the fight against call center fraud.

Pindrop’s anti-fraud solution, Pindrop® Protect, provides multi-factor fraud protection using the metadata, audio, and voice of every fraud call.  Protect utilizes second generation PhoneprintingTM technology to develop high definition telephony device prints, advanced voice biometric voiceprinting, and deep phone number analysis from the calls’ metadata to provide a risk assessment and intelligence for every call. Protect captures up to 80% of fraudulent calls with a very low rate of false positives. Protect provides reduced fraud losses to call centers along with an improved customer experience, by eliminating intrusive question and answer sessions during authentication. Pindrop Protect can help reduce average handle times for call centers all while protecting a company’s brand by keeping their name out of the headlines due to excessive account takeovers. Pindrop provides effective anti-fraud solutions for some of the world’s premier call centers. To learn more about Pindrop Protect, visit pindrop.com.

 

[1] Pindrop Labs, April 2016, Call Center Fraud Report

[2] Shirley Inscoe, Aite Group, Contact Centers: The Fraud Enablement Channel

[3] Pindrop Labs, April 2016, Call Center Fraud Report

Leave a Reply

Your email address will not be published.