“The ring, nicknamed "West Africa One," has a dozen members, and they have varying skill levels. If a bank account has a larger credit line, it goes to one particular fraudster who's particularly adept at manipulating call center operators.
The fraudster who's attacking the $100,000-and-more account has so much information at his disposal, he's done so much research on the account, that he's flawless on his call," Vijay Balasubramaniyan, the CEO of Pindrop Security, says. "When the call center agent asks him a particular question, the way he answers, the pauses that he takes, all of that is a work of art as compared to someone going after the smaller-sized accounts."
This is a description by one of the US phone security companies of a fraud case that typically starts with a number of robocalls – automated calls performed by a machine much in the same way as some advertising campaigns are being conducted nowadays.
The US and European regulators are trying to address the problem of illegal automated phone calls by recommending consumers to hang up immediately and do not engage at all when they realize it is a robot calling. Most of the complaints received are connected with the fact that once you engage in any way, even by pressing 1 or 2 responding to the robot’s request, robocalls will tend to increase in number as you are letting the initiators know that there is a live person on the line who is ready to engage.
Some of phone scams that have been seen almost exclusively in the US are going to “migrate” to Europe with a very high degree of probability in the immediate future. For example – a voice signature scam called “can you hear me?”.
Here’s how it works, according to “The Independent”:
You’re effectively being tricked into signing a verbal contract, much the same as clicking ‘I agree’ to terms and conditions online.
Voice signatures like these are legitimately used by companies doing business over the phone, but this is being exploited by scammers who have conned many Americans already, predominantly in Florida, Pennsylvania and Virginia.”
These are just some cases of high tech phone fraud out of scores of constantly evolving techniques. Only in UK, according to FFA, financial fraud losses across payment cards, remote banking and cheques totalled £755 million in 2015, an increase of 26% compared to 2014. Prevented fraud totalled £1.76 billion in 2015. This represents incidents that were detected and prevented by the banks and card companies. It is the first time the full-year prevented fraud figure has been collected by FFA UK. More than 1 million incidents of financial fraud occurred in the first six months of 2016, representing a 53% increase compared to the same period of 2015.
In other countries of Europe the situation is a little less severe, but it is only a matter of time for the internationalized fraudster rings, that are becoming more organized and well-equipped with modern technologies, to identify weak spots and easy targets.
Active response efforts include implementations of different types of voice biometrics from a more traditional passphrase approach, to methods of identity verification and speaker identification that are based on free speech and run in the background, unnoticeably for callers. It should be noted that the verification based on the set passphrase (e.g. “my voice is my password”) is the method that appears to be most vulnerable to replay attacks by fraudsters for obvious reasons.
Protecting bank accounts, credit cards, and online payments in e-commerce by text independent (free speech) voice biometrics is a key security measure for telephone banking and other voice channel customer services, because it presumably remains impossible for fraudsters to imitate another person’s voice.
Automatic identification and verification systems analyze over 100 distinctive features and characteristics of human voices, which no artist can imitate with a degree of perfection delivered by the machine. Using voice recordings to spoof the system, which appears the natural way for fraudsters to go around it, will not work in a live conversation with a call centre agent, during which the transaction authentication takes place. However, most specialists in the financial sector are asking valid questions whether such spoofing attacks will remain a threat for fully automatic call processing systems.
In the fully automatic identification and verification systems produced by Spitch AG, spoofing attacks by pre-recorded speech are practically impossible thanks to a simple precautionary measure: callers are asked by the system to repeat an automatically generated short random phrase to ensure that the caller is a human being and the conversation is live. After the caller has successfully been identified, continuous verification is conducted throughout the entire duration of the conversation.
In the past, it was not possible for many vendors to offer in-call customer identification with their standard solutions also because of a latency issue. Delays inevitably appeared when matching a sample of the caller’s speech with voiceprints in large customer databases. Spitch technologies made it possible. We are using a combination of customer list pruning and algorithms that help ensure that biometric identification processes are running smoothly in real time.
Spitch AG, as one of the most advanced providers of voice biometric identification and verification solutions, is placing an emphasis on converting some latest academic research findings into market-ready products to ensure the highest level of security of fully automated systems, making them capable to deflect pre-recorded speech-based spoofing attacks. Our R&D team is open for collaborations and expertise exchange with researchers and practitioners in this field to continue perfecting our solutions.
