Archive for the ‘Uncategorized’ Category

Phone Security Issues


Last week, Pindrop’s CEO, Vijay Balasubramaniyan, was featured on Quora, a question-and-answer forum where questions are asked and answered by its’ multitude of users. Available in Spanish and French, Quora has plans to expand to other languages with its $1.8 billion in Series D funding. With over 200 million monthly viewers, Quora is a popular site focused on sharing information and insights on endless topics.

Vijay’s Quora session was focused on voice security, machine learning, social engineering, as well as the Atlanta tech scene. Here are the top five questions and answers from Friday’s session:

1. How will applications of machine learning change in the next 10 years?

With machine learning, we are heading towards a future where technology becomes more human. We are already seeing this trend with machine learning getting close to human parity in tasks like image recognition and classification, speech recognition, self driving cars…(cont.) 

2. How is social engineering being used as a hacking tactic?

Social engineering is about building trust through careful exchange of information, such that the person on the other end of the informational transaction is eventually convinced to perform some task.Hackers know that it is much easier to hack a human than a machine…(cont.)

3. How can consumers ensure that their voice-controlled products are secure?

I would recommend that the consumers look at the following to ensure that their voice-controlled products are secure: Is it equipped with trustworthy voice biometrics? While some products have voice biometric technology already integrated, the technology by itself is often vulnerable to malicious voice attacks such as pitch morphing or replay attacks. If your device includes voice biometric technology, make sure that it also includes voice spoofing countermeasures…(cont.) 

4. What are the most recent developments in the field of voice security as of 2017?

There have been many interesting developments in the field of voice security this year. One is the availability of secured voice-activated IoT devices. At the beginning of this year, there were several news stories about accidents involving Amazon Echo and Google Home that raised security concerns. While the current solutions are still not optimal, good progress has been made towards making voice interactions more secure…(cont.)

5. What are the shortcomings of machine learning?

Machine Learning has several shortcomings. First ML is only as good as the quality of data used in the models. The old adage, “Garbage in, garbage out” holds true here. In addition, with ever increasing amounts of data and model complexity, it is easier than ever to reach false conclusions or “see what you want to see” when developing ML models…(cont.)

Visit Vijay’s Quora session here to read the full answers and insights on machine learning and the future of voice.





Earlier this year, Gartner released a report which shed new light on how organisations can continue their pursuit against contact centre fraud.

Analysts Tricia Phillips and Jonathan Care recommend to “partner with contact centre leadership or third-party providers to implement fraud-prevention-based phoneprinting technology. This, they suggest, will help improve customer authentication and reduce call times for legitimate customers, while identifying high-risk calls for appropriate scrutiny.”

The report uncovers three important facts that are driving this urgency:

  1. Contact centres are often neglected in the fight against fraud and as such become the weak link in omnichannel organisations
  2. By 2020, 75 percent of omnichannel customer-facing organisations will sustain a targeted, cross-channel fraud attack with the contact centre as the primary point of compromise
  3. The technologies and techniques available to detect and prevent contact centre fraud and omnichannel fraud have reached a maturity point that justifies investment and integration for most organisations that have the need to mitigate contact centre fraud

At Pindrop, we have been tracking the increase in fraud call rates and have seen fraud exposure costs within call centres skyrocket during this time. Last year we analysed more than 500M calls and witnessed more than a 100 per cent increase in fraudulent activity.

Pindrop delivers solutions to cover nearly all components that Gartner highlights in the report to help solve the contact centre fraud problem, including:

  • Implementing a solution: Pindrop’s Phoneprinting™ technology uses 147 unique call features to create a distinctive identifier for each caller so that calls are identified quickly and fraud is eliminated
  • Using of biometric voice recognition: voice biometrics are imbedded in fraud detection technology and passively voiceprints every call to identify known fraudster
  • Sending fraud activity to central fraud analytics tool: Use a centralised case management system that allows you to hear the full call exchange, review each calls risk assessment, and provide feedback leveraged by our consortium to help spot known fraudsters in your organisation and even other companies in our network
  • Allowing CSRs to service customers without asking them to detect fraud: With advanced fraud detection technology, you should be able to catch over 80 percent fraudulent calls with less than 1 percent false positive rate. This assurance allows more focus on providing a positive customer experience

The contact centre is under attack and companies urgently need to reduce fraud exposure and provided a better authentication experience for their valued customers.

Still need to be convinced? Read the full Gartner Report to find out why phoneprinting is necessary.



Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

For many businesses, the cost of phone fraud is stacking up. Data collected by Pindrop® Labs found that, in the UK, £0.86 per call was lost to phone fraud in 2016 – a 68% increase from £0.51 in 2015.

It doesn’t help that phone fraud is getting harder to detect. Fraudsters have found many ways to exploit the vulnerabilities in call centre defences, and they attack in ways you might not expect…

  1. You don’t really know who’s calling you
    Technology to spoof caller ID and manipulate voice is easily available, which means caller ID is no longer truly reliable for authentication. Voice distortion apps also help fraudsters bypass voice biometric solutions, making both solutions poor stand alone options.
  2. Your call centre staff are only human
    Call centre staff aren’t trained adequately on how to spot fraudsters. They may not necessarily be on the lookout for attackers, and wouldn’t know the telltale signs even if they were.
  3. Your efficiency is actually a weakness
    Call centres are designed to be efficient. Agents are measured on how quickly they resolve each call. Fraudsters know this and often pretend to be in a rush or angry to gain sympathy and move the call along quickly.

Understand the scale of your vulnerability, and the ways in which fraudsters might exploit it, in our free 2017 UK Call Centre Fraud Report.


We use voice controls to adjust the temperatures of our homes, order movies on-demand, schedule appointments using virtual assistants, and even accommodate in driving. With each advancement in voice-to-machine communication, the interaction becomes more human, expanding the types of opportunities for voice as an interface. However, with these leaps in consumer voice interfaces like Amazon Echo, criminals have kept up.

As we transition away from the technology we know best – from clicking a mouse to using a stylus on a touch screen, we’re moving towards voice. This rise of voice based technology is not only removing the physical elements of the technology, but is also taking away the one-to-one aspect. For example, when the command is given to a shared Amazon Echo “Alexa, read me my emails;” how does Alexa determine the who’s emails to read?

When a smartphone is prompted with the same command, the individual has already been identified through a pin or other form of biometric, like a fingerprint, and therefore does not face the same barrier as devices such as Amazon Echo or Google Home.  The transition to voice adds new complications to authentication that have not existed before due to the removal of the physical interface – voice is in the air.

Even though voice is utilized today mostly by simple requests and demands, it is moving in a conversational direction. Not only has voice been expanding through consumer interfaces, but has been utilized by enterprises in terms of taking payments, and more widely used in authentication processes.

Voice biometrics can be used in authenticating an individual, most commonly over the telephone. Instead of relying on traditional authentication methods such as the employment of knowledge-based-authentication questions (KBAs), voice biometrics provides an extra layer of security. However, voice biometric technology is not inherently multi-factored and is limited by the aging qualities of voice.

There is a greater need for authenticating and securing voice as an interface because of its ubiquitous nature.

Contact Pindrop to start securing the future of voice now.


How Phone Fraud by Actresses Damages Customer Trust in Businesses

Breaches and fraud cost businesses their reputations. If you can’t protect your customers’ data – or their money – then how can you expect to earn their trust?

But sometimes keeping customers safe and maintaining operational efficiency can tug the business in opposite directions. In a call centre, the time and resources needed to detect phone fraud can conflict with the goal of reducing call times and overheads.

Fraudsters are an operational drain on the call centre. Attackers often make multiple calls to gather intelligence about potential targets, reset passwords, change mailing addresses or make other account modifications. Not only does this reduce the number of customer service agents able to take legitimate calls – it increases the risk of money going missing and the reputational damage that inevitably follows.

To better understand the different methods used by fraudsters and how those methods sap call centre resources, Pindrop® Labs reviewed more than half a billion calls for fraudulent activity. We discovered that attackers assume a variety of personas, each with unique ways of siphoning off both your time and money.

Your awareness of these methods could be the key to protecting both your customers and your brand.

Introducing the Actress

This female fraudster calls from a service centre on behalf of other people who “do not speak English very well”.

The Actress is so-called because of her use of impressions to con call centre agents. She often switches between being herself and being the ‘actual customer’ on the same call. She’s also able to make herself sound like a man, or even a young boy.

Despite her unusual approach, the Actress has an extremely high hit rate.

Beating fraud without sacrificing efficiency

Trustworthiness as a brand is rapidly becoming predicated on how well organisations can protect their customers’ money and data. A 2016 study found that 75% of UK consumers would stop doing business with an organisation that had suffered a breach.

The Actress is just one of many different types of fraudsters that pose a threat. Any business that loses customer money to fraud faces both reputational damage and the cost of compensating affected customers.

The challenge is to find a means for tackling phone fraud in a way that doesn’t add exorbitant operational costs to the business. The right solution will accelerate the verification process and free up agents to deal with a greater volume of calls, ensuring long-term opex reductions and an increase in call centre efficiency.

What’s more, if businesses are seen to be investing in solutions that protect customers without compromising their experience, there are huge reputational gains to be made.

But first, you need to understand the full scale of the threat fraudsters pose.

Find out about other types of fraudsters targeting businesses, and how to deal with them, in our free 2017 UK Call Centre Fraud Report.


The call centre is a key customer touch point for your brand, but fraudsters are squeezing more and more cash out of it. Data collected by Pindrop® Labs found that, in the UK, £0.86 per call was lost to phone fraud in 2016 – a 68% increase from £0.51 in 2015.

Not only are fraudsters taking your customers’ money, they’re also putting a significant drain on the call centre operation. They use a variety of methods and tactics to exploit the weaknesses in the call centre for their benefit.

  1. They use technology to bypass your defences
    Freely available VOIP tools allow fraudsters to spoof the caller ID and location of actual customers. Meaning that attackers can very easily bypass some of the call centre’s traditional authentication methods.
  2. They take advantage of your call centre agents
    Staff on the phones may take hundreds (or thousands) of legitimate calls for every one fraudulent call. They might be more worried about the potential downside of mistaking a legitimate customer for a fraudster than the risk of an attack.
  3. They turn your efficiencies against you
    Resolving a call quickly is part of a great customer experience. Fraudsters use this pressure to social engineer conversations with call centre agents, who subsequently give out account information and access to callers they believe to be genuine.

To find out about the other tricks fraudsters use to take your customers’ money, read our free 2017 UK Call Centre Fraud Report.


How the “Distorted Please” is Taking Advantage of Your Staff

You run a tight ship in your call centre. Your agents are highly trained to provide excellent customer service and resolve calls quickly.

But this commitment to making customers happy comes at a cost. It makes you a target for fraud. Attackers know that your employees want to deliver a great customer experience – and they exploit it ruthlessly.

Fraudsters are well known for their use of social engineering to manipulate agents into giving away confidential information. They often create personas or contrive situations on calls that they know will persuade agents to divulge personal information or make changes to account details.

To learn more about the tactics that fraudsters use, Pindrop® Labs reviewed more than half a billion calls for fraudulent activity. We identified a number of different but prolific fraudsters, each with their own methods for exploiting the good nature of customer service agents.

Here’s just one of the characters taking your customer service agents for a ride…

Introducing the “Distorted Please”

This fraudster uses voice distortion software to manipulate his natural sound by lowering or increasing the pitch. This gives him options, such as using a high-pitched voice to access accounts held by women.

Even with his voice disguised, this fraudster’s speech has identifiable characteristics – repeated use of the word “please” being his most obvious giveaway.

But despite this, and the audibly poor attempt at vocal deception, the Distorted Please fraudster has successfully transferred money out of a large number of accounts.

Beating Fraud Without Sacrificing the Customer Experience

The problem is, the better your customer service agents, the more susceptible they are to tactics such as those leveraged by the Distorted Please.

Fraudsters are often ingenious in the ways that they gain access to crucial information. Our 2017 UK Call Centre Fraud Report outlines the most prolific among them, and their methods. Knowing your enemy is the first step to identifying the weaknesses in your call centre.

However, placing the burden of fraud detection entirely on call centre agents is not a sustainable solution. Having employees conduct exhaustive security checks on the phone wouldn’t just drastically increase call handle times, but also damage the customer experience.

Organisations need to invest in solutions that let agents do what they do best without having to worry about detecting fraud.

Read the 2017 UK Call Centre Fraud Report to learn about the other types of fraudsters targeting businesses, and how technology can help you fight them.


The General Data Protection Regulation (GDPR) is a legal framework for the handling of personal data of individuals based in the European Union (EU), regardless of where their data ends up being held or used. As consumers, we are living in a highly connected world where we are constantly adopting new digital behaviors. With these new behaviors, organizations have to adhere to consumers’ expectations for real-time personal engagement, while still being sensitive to their concerns over privacy. The GDPR not only aims to give individuals control over their personal data, but also to simplify the regulatory environment for international business by unifying regulation. With new standards around the legal obligations regarding the use of personal data, a response is required from organizations of all sizes, inside and outside of the European Union.

Top Takeaways

  • Why is the regulation in place? The GDPR legal framework reflects the urgency required to confront the privacy issue that currently threatens to undermine the digital economy. More than 4.8 billion data records have been exposed since 2013 with identity theft being the leading type of data breach accounting for 64% of all data breaches. The mismanagement of customer data matters to both to the individual and the organization. While individuals suffer from the compromised protection of their personal data, organizations suffer from damaged brand reputation.
  • Which individuals are protected? The GDPR protection of an individual’s personal data is triggered by that individual’s physical location in the EU, not nationality. Individuals also remain protected by the GDPR if they temporarily or permanently leave the EU territory, providing their data is still physically held within the EU. Visitors to the EU are also protected because they become EU customers during their stay. Additionally, GDPR protection applies to personal data even if it is being stored and processed outside of the EU. This will require organizations to unpick the personal data of EU citizens and residents, which is often scattered among the rest of a business’s corporate data.
  • What changes are organizations facing internally? The GDPR demands a certain level of ongoing data management competency that affects the entire organization, including the call center. This requires creating an accountability and governance strategy for protecting the privacy and personal data of customers. Additionally, organizations must provide consumers with information and transparency around the use of personal data, as well as give them the right to access and change that personal data.
  • How does the GDPR affect the call center? When it comes to information security, call centers are a vulnerable touchpoint where customers engage directly with their most sensitive information. Today’s fraudsters are equipped with highly sophisticated technology that allows them to easily surpass security measures put in place by both call center agents and self-service IVR technology. Call centers need to use technology to move onto the forefront in terms of responsiveness to the threat of fraud in order to avoid the consequences that come from failing to comply with the GDPR.

Learn more about how organizations can protect personal data within the call center.

0 No comments

According to BBC, MoneyConf is “where the world’s largest banks and tech firms meet.” This year, over 1800 top names from 69 different countries attended from CEOs of global financial brands to the founders of the world’s most disruptive startups. For two days, all attendees had access to keynotes, fireside chats, workshops, and panel discussions from key players redefining the boundaries of financial technology. At this year’s conference, Pindrop’s own, Vijay Balasubramaniyan, shared his insights during a roundtable, panel discussion, and workshop session.

Presentation Recaps

Roundtable: “Biometrics and the Future of Passwords”

  • Many of today’s organizations still rely on outdated security measures in the call center. Caller ID is easily fooled by spoofing phone numbers or ANIs, and knowledge-based authentication questions (KBAs) are easily bypassed with the right information. A fraudster can socially engineer the answers, find them online with the multitude of personal information available through social media, or buy them on the black market.
  • With the ongoing rise in identity theft and the desire by companies to securely help customers access their information as rapidly as possible, voice biometrics has emerged as a new, convenient method of authentication. Many organizations are now moving toward voice controls for consumer passwords. However, this approach to user authentication is not sufficient enough on its own a multi-layered approach is required to defend against the sophisticated fraud tactics now being used, as noted by Gartner.

Panel Discussion: “Fraud Prevention in 2017: What You Don’t Know”

  • Vijay joined Cisco’s Gregory Akers, Au10tix’s Ron Atzmon, and Reuters’ Eric Auchard to discuss how the financial services industry is currently failing to identify security threats, which is essential to halting the rising rate of both domestic and international fraud. When it comes to financial crimes, many enterprises fail to identify the call center as the root cause of fraud loss, enabling fraud in others channels, such as debit card, credit card, and check order takeover. Meanwhile, fraudsters are capitalizing on this misdiagnosis and targeting the call center as the weakest link in security.

Workshop Session: “Is Voice Recognition the Key to Killing Fraud?”

  • Last year, international criminal activity taking place in the call centers of financial institutions nearly doubled. Technology is improving on both sides – fraud and anti-fraud. With increasingly sophisticated tactics, fraudsters have been using the call center to launch their cross-channel attacks, taking advantage of the customer service agents on the other end of the call, to access and change the account information of legitimate customers.
  • Interaction with a call center agent is a point-of-contact where voice can be leveraged for both fraud prevention and user authentication. Building out a multi-layered, anti-fraud strategy with Pindrop’s Phoneprinting™ enables enterprises with the information necessary to filter out illegitimate callers.

Learn more about current fraud trends facing the financial industry. Catch the panel discussion on-demand.

0 No comments

Pindrop Labs discovered drastic increases in call center fraud from 2015 to 2016 after analyzing more than half a billion calls. Last week, Dr. David Dewey, Pindrop’s Director of Research, hosted an online discussion on the findings from the 2017 Call Center Fraud Report, analyzing the latest data points and evaluating the reasons for the surge in call center fraud.

Top 5 Takeaways

1. In 2015, one in every 2,000 calls were fraudulent. In 2016, call centers faced a rise in fraudulent calls, experiencing a 113% increase with one in every 937 calls being fraudulent.

2. The global fraud trend is driven by four main factors: the growing sophistication of fraudsters, data breaches, weak security, and the rollout of chip (EMV) cards.

  • Growing Sophistication. Fraudsters are constantly innovating and employing different tactics to gain access to accounts and ultimately commit fraud. With Caller ID spoofing apps, burner phones, and other devices, fraudsters can manipulate call characteristics to get  past traditional security measures.
  • Data Breaches. In the case of data breaches, intelligence is often leaked directly to or purchased by fraudsters, which often leads to account takeover. Before this happens, however, fraudsters typically make multiple interactions with the call center. During these interactions, the criminal gains more and more information about the account or policy holder. Dewey states, “Fraudsters often know more about the victim than the victim knows about themselves.”
  • Weak Security. Traditional security systems, such as knowledge-based authentication questions (KBAs), or systems relying on only one method of security often prove to be weak. If
    security systems are not readily updated, fraudsters become familiar with them and can hack into them with more ease. Additionally, call center representatives are typically more concerned with customer experience than deterring fraud, which also influences the levels of security put in place. These call center representatives are also known to fall victim to the social engineering tactics that these fraudsters employ
  • EMV Technology. The rollout of EMV chip cards has made it far more difficult to commit card-present fraud, which has resulted in an increase in card-not-present fraud, leading to an increase in the amount of fraudsters perpetrating over the phone.

3. Fraudsters have moved away from landlines, focusing more on mobile and voice over IP (VoIP) lines. In 2014, only 21% of fraudsters made their calls over mobile devices; however, today, mobile devices are used 43% of the time. This growth can likely be  attributed to easy access to burner phones and available spoofing applications.

4. Fraud rates vary extensively across industries, each dependent on different factors. Some of the most alarming statistics include a 61% increase in call center fraud for banks and brokerages and a 55% increase for device insurance. The retail industry was also highly affected,  with 1 in every 491 calls found to be fraudulent.

5. The escalation in international fraud in the U.S. can most likely be attributed to the rise of mobile devices and the utilization of VoIP. The U.K. is experiencing more domestic fraud, which is most likely due to EMV cards and differences in chargeback policies.

Combatting the amplified sophistication of fraudsters requires a universal security system that can identify a fraudster accurately, in real time. Pindrop’s solution provides a transparent,multi-layered authentication process that provides an associated risk score and phoneprint unique to each caller.

Thank you for listening!

Catch the on-demand session.

Loading posts...