Pindrop Security

"What are you doing to make the world a better place?"

I recently spoke with Andy Pittman at Pindrop Security and that was the first question I asked him. Over the years, I've heard plenty of dubious marketing fluff about a company's products and services and I wanted something different. I wanted to know how his company was solving real world problems that no one else was addressing. If he was going to excite me about Pindrop's products, I first wanted to know why they excited him.

What I got back was an earful that had me digging through Pindrop's whitepapers and documentation to learn as much as I could about this young company. I thought I completely understood fraud detection, prevention, and mitigation, but what I discovered was practically revolutionary.

To give you an idea as to where Pindrop is making a difference, let's start with a typical phone call to an online brokerage. A caller dials the brokerage's telephone number and is immediately prompted for an account number and password. If that pair of numbers is authenticated, the caller is then transferred to a live agent to complete the financial transaction.

However, let's say that those credentials were stolen from the rightful owner and the caller is actually a criminal looking to steal money from the brokerage. What protections exist to detect this fraudulent activity and stop it before serious harm is done to the financial institution and the account owner? Up to now, there weren't many.

This is where Pindrop steps in. Imagine the same scenario as before, but instead of stopping verification after the account number and password are entered, a second level of authentication begins that literally listens for fraud inside the audio conversation. Pindrop calls this phoneprinting and claims that it can catch over 80% of fraudulent calls within the first 30 seconds.

There are a number of different aspects of phoneprinting. Some are applied before a call is even placed and others act in real-time as the fraud attempt is being perpetrated.

Before the call:

Pindrop uses honeypots (or as they playfully call them, phoneypots) to attract would be hackers in order to collect fraud telephone numbers from robo-dialers and automated calling systems.
Email spam traps gather telephone numbers that hackers commonly use in their attacks.
Fraudulent telephone numbers are gathered from complaint sites, online communities, and web forums.

During the call:

Call analysis technology determines the actual location and device type used by a caller and compares it to Caller ID and ANI information to determine spoofing and fraud. For example, the Caller ID says that the call is coming from Denver, but Pindrop discovers that it actually originated in Nigeria.
A unique call fingerprint matches the caller to previous fraud attempts. These attempts may have occurred at different companies, but can be referenced in real-time.
Non-intrusive validation of customers occurs through transparent location and device type verification.

You may not be aware of this, but a call placed on the AT&T network sounds different from one placed on Sprint. Also, a call from Moscow has a different audio fingerprint than one from Pittsburg. Fortunately, Pindrop knows this and their patented technology uses this awareness to determine when things aren't what they seem to be. This is a level of fraud protection that goes well beyond even the strongest forms of two-factor authentication.

What's Your Number?
Using a combination of biometric voice signatures, call velocity, ANI location, call forwarding detection, and voice distortion, Pindrop's fraud detection creates a risk score for every call. This score is then used to dynamically classify the possibility and level of fraud that may exist. Within a matter of seconds, a company is made aware of this risk allowing them to take action before any real damage occurs. This detection can even occur within an IVR system before a live agent is engaged. Disregarding the savings that are realized from stopping fraudulent activities, keeping your agents focused on actual customers is in itself a cost saver.

Flexibility
The people at Pindrop realize that no two enterprises are alike and each has its own set of requirements when it comes to creating a secure communications environment. That's why Pindrop solutions come in a variety of different packages.

Portal. This allows access to phone number history, background information, and previously calculated risk scores.
API (Applications Programming Interface). Some companies might want to integrate Pindrop solutions directly into their existing applications creating a single, cohesive system for their users.
Appliance. This provides a high-volume, high performance analysis of live and recorded calls.
Mobile. Pindrop solutions can be used to protect mobile users from fraudsters.

A Call to Action
Pindrop's research shows that for every call into a financial institution, $0.57 is lost due to fraud. Do the math and you will find that 10,000 calls a day leads to approximately $1.5m a year in losses. Who is willing to throw that kind of money away?

Money is also lost in agent productivity as valuable time is wasted on fraudulent calls. Talk to any call center manager and he or she will tell you that people costs are often a contact center's biggest expense. Where would you like to see your money spent – serving paying customers or being scammed?

The world can be a scary place and it seems that every day another large security breach is exposed. Think Anthem, Target, and Neiman Marcus. We are all aware of the importance of securing corporate and customer data. We need to be just as security conscious when it comes to voice traffic.

That certainly "sounds" good to me.

Andrew Prokop writes about all things unified communications on his popular blog, SIP Adventures.

Hear more from Andrew at Enterprise Connect Orlando 2015, March 16-19, at the session, Interoperability: Has Anything Actually Worked? Register with code NJSPEAKER to get $300 off Entire Event or Tue – Thu pass.

Follow Andrew Prokop on Twitter and LinkedIn!
@ajprokop
Andrew Prokop on LinkedIn

Tags:

News & Views

Security

Enterprise Connect

Articles You Might Like

How Securing the Browser Can Help Mitigate Gen AI Security Threats

Matt Vartabedian

April 04, 2024

The Internet browser is a common tool for knowledge workers. Access to Gen AI sites only takes a few keystrokes and some clicks – and that’s all it may take to expose personal or corporate data to threat actors.

Workplace Collaboration Security Threats are Growing

Irwin Lazar

February 29, 2024

AI, especially GenAI, present new concerns as older ones linger.

Security in 2024: Five Heroes To Protect Your Communications Kingdom

Scott Murphy

January 18, 2024

These next generation tools provide cybersecurity and IT teams with the detection and response capabilities using both human and artificial intelligence.

Five Technologies to Watch in 2024