Few people understand how sophisticated real-life organized crime can be. Right now, professional criminal gangs are devising complex strategies to steal identities and take over bank and credit card accounts. These techniques are often so subtle, we don’t realize we are giving away information that could lead to identity theft.
One example of this subterfuge is the silent phone call: You get a call from a number you don’t recognize, and there’s nothing on the other end, not even a recorded message. This is certainly annoying, but you may not realize that by picking up the phone, you have increased your chances of becoming a fraud target.
If you are like most people in this country, when the phone rings, you pick it up and say, “Hello.” Criminals take advantage of this social conditioning to collect data. They use a robodialer to efficiently and cheaply place dozens thousands of phone calls at once. If the robodial system detects someone answering the phone, criminals then know there is a human at the other end of that line, one who is likely to pick up the phone when an unfamiliar number calls.
Criminals compile lists of these “live” phone numbers to efficiently target consumers for the next step in the identity theft process — the consumer phone scam. Criminals call people on their target list and impersonate banks, the IRS or local police in an attempt to steal personal information. Criminals build a dossier on a consumer target from information they gather from these scam calls. They may add further research from online searches or social media.
The final step in this scheme is when criminals monetize the newly acquired information. One of the most lucrative methods involves calling the customer service line of a bank or other financial institution. Most banks rely on a system known as Knowledge Based Authentication (KBA) for phone security. KBA relies on personal questions such as “What’s your mother’s maiden name?” or “What is your Social Security number?”
KBA questions provide little real security. The criminals who have done their homework will already know the answers to most of these questions. They further the deception by “spoofing” their victim’s phone number; phone systems can be manipulated to match the caller ID to the phone number the bank has on file for the target.
Once criminals gain access to an account, they can change PINs and passwords, request money transfers, and even open new lines of credit. My company, Pindrop Security, works with financial institutions to combat this type of phone fraud. Our researchers estimate 1 in every 2,200 calls to a bank is a fraud attempt. We’ve also found the average financial institution exposes $7 million to $15 million every year to phone fraud.
How can these phone criminals be stopped?
On the banking side, the key is analyzing components of a call that criminals can’t manipulate. Pindrop researchers have identified 147 clues in the audio of a phone call (beyond the actual voice and what the person says) that can identify whether the caller is trustworthy or trying to disguise his or her identity. These clues tell us what device a caller is using, what part of the world the call is coming from, and whether the caller is using a land line, mobile or VoIP. Pindrop combines these clues to create unique “audio fingerprints.”
Consumers can do their part to stop fraud by being wary of answering calls from unknown numbers. Hang up on robocalls without interacting or pressing a button to be removed from the list. Be aware of popular phone scams, and never give out personal information over the phone.
Vijay Balasubramaniyan is CEO of Atlanta-based Pindrop Security.
About the Author
