before the attack: detecting early stage brokerage account takeovers
TRANSCRIPT
2015 Pindrop Security™. Confidential.
BEFORE THE ATTACKDETECTING EARLY STAGE BROKERAGE ACCOUNT TAKEOVERS
David Dewey, Director of Research
Pindrop Security
August 12, 2015
2015 Pindrop Security™. Confidential.
NOTE
These slides are from a webinar held August 12,
2015.
You may view a recording of the webinar at
www.pindropsecurity.com/webcast-archive
2015 Pindrop Security™. Confidential.
ACCOUNT TAKEOVER
/əˈkount/ /ˈtākˌōvər/
noun
1. When a criminal impersonates a legitimate customer to gain control of an account and eventually transfer money out of that account.
See: Social Engineering
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
Physical
THREE WAYS TO EMPTY AN ACCOUNT
1995 2010
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
Physical Online
THREE WAYS TO EMPTY AN ACCOUNT
1995 2010
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
Physical PhoneOnline
THREE WAYS TO EMPTY AN ACCOUNT
1995 2010
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
THE THREAT IS GROWING
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
THE THREAT IS GROWING
$0.57average
fraud lossper call
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
THE THREAT IS GROWING
$15 millionfraud exposure
$0.57average
fraud lossper call
2015 Pindrop Security™. Confidential.
ANATOMY OF AN ACCOUNT TAKEOVER
When we think about an account takeover over the phone, we think of an attacker calling the financial institution, answering some KBAs and asking to transfer money out of an account.
2015 Pindrop Security™. Confidential.
ANATOMY OF AN ACCOUNT TAKEOVER
In reality, it takes fraudsters an average of 5 phone calls before they ask to transfer money.
2015 Pindrop Security™. Confidential.
CALL ONE: TARGETING
• IVR Reconnaissance• SSN Phishing• Account Balance Inquiry
2015 Pindrop Security™. Confidential.
CALL TWO: RECONNAISSANCE
• Social Engineering• Online Research• Black Markets
2015 Pindrop Security™. Confidential.
CALL THREE: CHANGE CONTACT INFORMATION
• Physical Address Change• Email Change• Phone Number Change• Password Reset
2015 Pindrop Security™. Confidential.
CALL FOUR: REDUCE FRAUD TRIGGERS
• Travel Notification
2015 Pindrop Security™. Confidential.
CALL FIVE: MONEY TRANSFER
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
LOSS• Packet loss • Robotization • Dropped frames
SPECTRUM• Quantization • Frequency filters• Codec artifacts
NOISE• Clarity• Correlation • Signal-to-noise ratio
147 audio features
UniquePhone
Geo-Location Risk Factors
DETECT EARLY CALLS WITH PHONEPRINTING™
Phoneprint™
Call AudioRequires 15 seconds
of call audio
Risk Score
Call Type
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
BEST PRACTICES
COLLABORATIVEShare info across
organizations
EVERY CALLFunction in adverse conditions, on all or
most calls
ANOMALY DETECTION
Detect fraud on the first call
TRANSPARENTFast, behind the
scenes
MULTIFACTORExamine multiple aspects of call for
accuracy
2015 Pindrop Security™. Confidential.
PINDROP SECURITYPhone Fraud Stops Here.
For more information contact [email protected]