Phone Fraud Threats to Government

2015 Pindrop Security™. Confidential.

PHONE FRAUD THREATS TO GOVERNMENTMatt GarlandVice President of ResearchPindrop SecuritySeptember 2, 2015


NOTE

These slides are from a webinar held October 7,

2015.

You may view a recording of the webinar at

www.pindropsecurity.com/webcast-archive

http://www.pindropsecurity.com/webcast-archive

http://www.pindropsecurity.com/webcast-archive

2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.

Physical PhoneOnline

THE WEAKEST LINK

1995 2010


PHONE VULNERABILITIES


CUSTOMER SERVICE REPRESENTATIVES

• Human Element• Social Engineering• Customer Experience


KNOWLEDGE BASED AUTHENTICATION

• Social Media• Previous Data Breaches

• Online Black Markets• Failure Rates


CALLER ID / ANI

• No longer reliable• Spoofing


CROSS CHANNEL

• Online • Phone• Physical


WHAT IS AT RISK


CITIZEN DATA


CITIZEN DATA

$11$30

$500 $0.50


GOVERNMENT DATA

• Classified & Unclassified Information

• Internal Statistics• State Secrets


PUBLIC SAFETY

• Immigration• National Defense• Funding Terrorism


ABUSE OF RESOURCES

• Emergency Services


FRAUD LOSS

$7.6 millionfraud exposure

$0.57average

fraud lossper call


FRAUD CALL RATES

Avg. Call Cen-ter

Banks Brokerages Credit Card Retail

1 in 22001 in 2650

1 in 3000

1 in 900

1 in 1000


PHONE CHANNEL ATTACKS


PHONE FRAUD STEPS

Reconnaissance Account Takeover Monetize the Attack


RECONNAISSANCE

• Identify policy holders• Determine policy value• Collect KBA answers


ACCOUNT TAKEOVER

• Change contact information• Reset password• Setup online account


MONETIZING ATTACKS

• Payment of Benefits• Tax Refunds• File fraudulent claims


CROSS INDUSTRY ATTACKS

Validate SSN in IVR Use SSN to get tax transcripts

Target high income individual bank accounts


DEFENDING THE PHONE CHANNEL


LOSS• Packet loss • Robotization • Dropped frames

SPECTRUM• Quantization • Frequency filters• Codec artifacts

NOISE• Clarity• Correlation • Signal-to-noise ratio

147 audio features

UniquePhone

Geo-Location Risk Factors

PHONEPRINTING™

Phoneprint™

Call AudioRequires 15 seconds

of call audio

Risk Score

Call Type


HOW AGENCIES CAN USE PINDROP

Detect Phone Fraud Forensic Investigation Regulation


CONCLUSION

• The phone channel is the “weakest link” in protecting citizens and government data

• Sophisticated criminals use the phone channel for reconnaissance, account takeover, and cross-industry attacks

• Best Practice• Use PhoneprintingTM to detect phone fraud and investigate attacks


PINDROP SECURITYPhone Fraud Stops Here.

For more information contact [email protected]

Phone Fraud Threats to Government

Government & Nonprofit

Transcript of Phone Fraud Threats to Government