A classic image of payment fraud involves a fraudster stealing credit card numbers and shopping for goods in-person or online. But what’s left out of this picture, said David Dewey, director of research at Pindrop Security, is the element of voice.
“Much of the time, fraud involves a voice transaction — with a credit card issuer, a retailer or somewhere else along the chain,” Dewey said, noting that it’s often much easier to for fraudsters to find or even guess the answers to knowledge-based authentication questions than to guess a password.
He gave a telling example: he and a colleague once conducted an experiment where Dewey dialed the call center listed on the back of the other’s credit card. While the phone rang, Dewey performed a web search of his colleague’s name and was able to use the information that came up to answer all of the authentication questions.
“They let me right in,” Dewey said. “From there, I could have done anything I wanted to on his account.”
Founded in 2011, Pindrop’s security solution was built to protect banks and other financial institutions from call center and voice fraud. Today, the company also provides its voice fraud solutions to leaders in insurance, government and retail.
In online retail cases, Pindrop has seen fraudsters call retailers to have shipments redirected to them, away from the original purchaser. On eCommerce marketplaces, if a fraudster using stolen credit card information is flagged by consumer back-end credit card monitoring systems, he or she can call into the call center and ask them to reset that fraud flag.
While the roll-out of EMV in the U.S. has largely worked to secure card payments, Dewey noted that voice fraudsters have found a way around it. After getting a hold of card information, fraudsters will call the issuer to report the card stolen, requesting that the issuer ship out a new card to their address rather than the account holder’s.
“Voice interaction with call center agents is the most wide-open area for getting around security measures,” Dewey said, “because often that person’s primary job is not to be suspicious and try to identify fraud. Their job is customer service, ensuring that the person calling is delighted with their experience.”
Pindrop’s solutions enable call centers to fight the threat of voice fraud by leveraging a cornerstone technology the company calls ‘phone printing’ developed by founder and CEO Vijay Balasubramaniyan while working on his Ph.D. at Georgia Tech.
“Every phone has a unique acoustical signature,” Dewey said. “By extracting that information from the phone signal, we can generate a phone print for that device.”
Phone printing allows Pindrop to uniquely identify any device that has dialed into a call center by extracting 147 different features from a phone’s audio signal.
If a person dials into a call center and commits fraud, Pindrop’s solution will store the device’s the phone print. In the event that device ever calls in again, that phone print would display a high-risk score to the call center agent, who would then take additional action.
“That works great for repeat fraud,” Dewey said, “but for that, you have to have some kind of Patient O. Somebody has to lose something so that you can get that phone print.”
To identify call center fraud in real-time, Pindrop leverages another capability of phone printing — the ability to gather intelligence on where in the world the call originates from as well as what type of service the call is being made over, whether it be cellular, by landline or VoIP.
If the caller ID indicates, for example, that a call has come in from a cell phone from Houston, TX, but the audio signal indicates the call is coming from a VoIP call from West Africa, then Pindrop’s solution will assign high risk to that call.
Pindrop’s solution ships as a set of applications that the call center installs, including an API that allows call centers to integrate the solution to representatives’ screens to access risk score data in real time. Generally, Dewey said, Pindrop is able to provide call center representatives with a risk score within 30 seconds of when the audio portion of a call begins.
Today, Pindrop’s solution monitors upwards of 100 million calls annually, generating a risk score for each one. Recently, Pindrop partnered with credit union service provider PSCU, an organization whose products and financial services solutions support over 850 owner credit unions. The partnership, Dewey said, allows Pindrop to provide coverage to these credit unions from one centralized location.
“The models that we train are specific to each customer,” he said. “But with this PSCU partnership, since all the calls are routed through that PSCU call center, when we build out a phone print for a known fraudster, that same phone print will apply to all of PSCU’s customers.”