Transactions and customer interactions flowing through your contact center and other customer support lines are the financial lifeblood of your enterprise. Unfortunately, security threats such as Telephony Denial of Service (TDoS) attacks and fraudulent social engineering schemes are dramatically increasing and becoming more difficult to detect and prevent. These and other threatening, negative value calls are having a significant, operational impact on many financial, heath care, retail, emergency response, and other organizations across North America.
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keeping Denial of Service and Financial Fraud out of Your Contact Center
1. Keeping Denial of Service and
Financial Fraud Out of Your
Contact Center
Mark Collier, Chief Technology Officer
SecureLogix Corporation
2. About SecureLogix
SecureLogix:
•UC security and management solution company
•Security solutions for UC and TDM
•Solutions integrated on Cisco ISR/ASRs
•www.securelogix.com
Mark Collier:
•Author of Hacking Exposed: UC and VoIP
•Author of many SIP/RTP attack tools
•Conducted many security assessments
•www.voipsecurityblog.com
•markcollier46 on twitter and Google+
SecureLogix
7. Example Impact/ROI
Revenue: $30BN (Annual)
Employees: 30,000
Call Count: 9,750,000
Cost per Call: $3.00
Negative Value Calls: 477,750 (5%)
Customer LLR: $62.15
------------------------------------------------------
NVC Cost: $1,433,250
Lost Revenue: $4,500,000
Efficiency Impact: $5,593,500
------------------------------------------------------
Total Annual Loss: $11,526,750
SecureLogix
8. Telephony Denial of Service (TDoS)
for fraud, extortion, and disruption
SecureLogix
9. TDoS Bulletins from DHS and FBI
2013 Public TDoS & Voice Attack
Warnings Issued by:
•DHS – Department of Homeland Security
• Initial Alert in March 2013
• Latest TDoS Alert issued from DHS
on Oct 17, 2013
•FBI – Federal Bureau of Investigations
• Private Industry Notification on
TDoS – July 2, 2014
• Call Pumping Alert - Oct 25, 2013
• Original announcement – May,
2010
•NENA 911 – National Emergency Number
Assoc.
•APCO International – Assoc. of Public-
Safety Communications Officials
•Several U.S. state agencies
SecureLogix
23. Financial Fraud
• An issue for all enterprises with financial contact centers
• Attackers take over individual’s accounts (ATO)
• A growing threat – arguably easier than Internet/mobile
• Typical targets are consumer accounts - credit, debit, HELC
• Knowledge Based Authentication (KBA) is ineffective
• Attackers know limits and corresponding authentication
SecureLogix
24. Financial Fraud
• Attackers use anonymous numbers and burner phones
• Spoofing the number is also common
• Attackers disguise their voice, use distortion/noise
• Easy to get PI via the Internet, phishing, black market, etc.
• Attackers can also get PI through the IVR
• Attackers may also intercept verification calls
• It usually takes multiple calls to get the money
SecureLogix
27. System Architecture - SIP
Service
Provider
SIP Trunk
CUBENetwork Tap
ENUM
Request
Request
ENUM
Appliance
SIP/RTP
Probe
Web Interface
System Console
Managed Service
Reports
Dashboards
Mediation/
Management
Database
Server
Cache/Audio
Processor
IP PBX/IVR/CC
SecureLogix