In this series of weblogs, A Slice of TADSummit, we review some of the important themes from TADSummit EMEA Americas 2020. This slice focuses on Fraud and Security. This segment is a little broader as identity is an important element that enhances customers’ experiences.
Security and Real-time Communications – a maze of twisty little passages, that all look alike. Olle E. Johansson, Consultant in network security and real-time communication – PKI, webrtc, SIP , XMPP, Kamailio and Asterisk expert.
This is an excellent story about SIP & Security. Olle takes us on a journey into a cave, through twisty little tunnels, and towards a little more enlightenment on this critically important topic of end to end RTC Security, which is growing ever more important.
Because Olle has worked on this topic for 30+ years, he’s able present the current situation in an insightful context. SIP brought the telecom and datacom worlds together. Those world’s have very different trust models. Which has resulted in the problems we see today.
This is a long presentation (50 mins) but well worth your time, do take advantage of the fika (coffee) breaks Olle includes in the presentation. Even listening at 2X, there’s much covered, so you need to take a break to consolidate all the insights. I learned much, and Olle freely shares his views on the security standards and their strengths and weaknesses.
Getting offensive: a different approach to RTC security. Sandro Gauci, CEO / Senior Penetration Tester / Chief mischief officer at Enable Security GmbH
Sandro explains how defensive security needs the offensive side of security to have the desired effect. There are practical examples of how a purely defensive approach to RTC security fails.
Sandro provides a great review of the current status of RTC security, with some very revealing stories from the trenches across VoIP and WebRTC. His comments on STIR/SHAKEN increasing the attack surface because of its complexity makes sense, especially as its designed by committee and while adopting many of the latest techniques lacks the battle testing from the trenches.
His core recommendation is using threat modelling and offensive security (think evil) together to deliver better protection across CIA (Confidentiality, Integrity, and Availability). As penetration testing does not mean your infrastructure is secure. His recommendations show we’ve got much work to do in this space. RTC Security must be part of every TADSummit, it deserves much more attention.
Fighting Fraud and Delivering Frictionless Customer Experience in the Contact Centre. Abhinav Anand, Chief Product Officer at Smartnumbers
Abhinav provides an excellent quantified review of the role Smartnumbers plays in call center fraud and authentication. For inbound calls they are in the signalling path and use over 200 parameters in their machine learning model. Gathering data beyond signalling using behavioural models and fraud consortium data. From that, their model produces a score and reason for that score. Which the call center uses in how the call is answered.
The impact Smartnumbers has on fraud is impressive. Out of all incoming calls, about 0.2% are suspect, and they achieve 50% net new fraud caught by Smartnumbers on top of layered fraud defences.
The size of the UK fraud market, which is likely underreported is 1.8 billion GBP; with card and APP fraud dominating those numbers.
Abhinav also provides some great quantification on the authentication impact, such as IVR containment saving 3.50 GBP per call. That is when the confidence is high on the call, additional IVR options can be provided. And Agent Acceleration of 0.13 GBP per call.
Skype 1 – 0 Robocalls: How TeleSign helped Skype “Score” against fraudulent callers. Abhijeet Singh, Senior Product Manager, TeleSign
Here are a couple of excellent introductions to Telesign from previous TADSummits:
- At TADSummit Americas 2019, a keynote from Pierre Demarche, VP Product and Marketing, TeleSign on Identity, Authentication, and Programmable Telecoms.
- At TADSummit Asia 2020, a keynote from Stacy Stubblefield co-founder of TeleSign who now drives TeleSign’s product strategy and innovation.
Abhijeet focused on the case study with Skype. The volume of the robocalling problem Skype faced surprised me: 1 million incoming robocalls per day! Skype has about 100 million monthly users and 40 million daily users. It’s still a significant communications service provider. I use it mainly with my family in the UK, and the few die-hards like me that have the app in their system tray.
Abhijeet provides some great quantification on the volume of robocalls (both good and bad), with scams accounting for 40% of the calls, resulting in $20B in losses in the US alone. It’s a massive business.
I’d always assumed the US was the robocalling capital of the world, but the averaged rate is only 18 robocalls per user per month. Brazil is 46 robocalls per month, and India 26. As shared in my experience above, the scammers do their homework on the person being called, also taking advantage of seasonal events and use of local numbers to make the call / communication seem plausible.
Abhijeet runs through how Score is derived, all the data sources, and 2200+ behavioural variables. What was achieved with Skype is half the inbound calls were blocked, improving average call durations, lowering abuse reports with no negative PR (false negatives). Please get in contact with Abhijeet if you’d like to learn more. Identity management can be used across many aspects of the customer’s journey.
More TeleSign TeleTalks