Endpoint
6/20/2013
07:28 AM
Tim Wilson
Tim Wilson
Quick Hits
Connect Directly
RSS
E-Mail
50%
50%
Repost This

CSI: Atlanta? No, It's Phone Fingerprinting

Pindrop Security collects $11M in funding to build out next-gen solution for preventing phone fraud

A criminal dials into your company's call center, looking to steal data on one of your customers. He's pretending to be the customer, fishing to get a password, a mother's maiden name, or anything that might help him set up a fraudulent account.

About 18 seconds into the conversation, your company has identified the call as fraudulent. You know where the fraudster's calling from, what names and numbers he has used before, and even his calling patterns. The transaction is blocked, and the caller is identified and blacklisted.

Is this an episode of CSI? No, it's new technology from an emerging vendor called Pindrop Security, which received an $11 million round of venture funding from Andreessen Horowitz and other firms on Wednesday.

Pindrop has developed a patent-pending technology called Phone Fingerprint, which enables companies to identify fraudulent callers through forensic analysis of their calls. Phone Fingerprint analyzes information such as the phone number and device used, voice recognition, and even background noise to uniquely identify callers within 15 seconds. It then takes about three seconds to flag the company and terminate the transaction.

"A lot of criminals and fraudsters are finding that socially engineering an inexperienced employee or call center representative is a very effective attack vector," says Vijay Balasubramaniyan," co-founder and CEO of Pindrop. "Depending on human error to break into an account is a lot easier than most forms of online attack."

About 30 percent of all financial fraud begins with a phone call, Pindrop says, and some financial firms say that as much as 60 percent of the fraud they see takes place over the phone. About one in every 3,000 calls to a customer call center is a fraudster, Pindrop estimates.

"That doesn't sound like a lot, but what it means is that the average call center rep is probably not very experienced in recognizing a fraudster," says Matt Anthony, vice president of marketing at Pindrop. "Our goal is to recognize that fraudster and let [the company] do something about it before the transaction is completed."

Phone Fingerprint analyzes phone call audio signals to identify the caller's location and calling device type to create a unique fingerprint, which can be used to match the caller to other calls they've made, regardless of attempts to mask identity and calling activity.

After receiving a $1 million round of seed funding last year, Pindrop now has $11 million more to make its presence known in the enterprise arena.

"Financial institutions are on the front lines, facing a well-organized, well-funded growth industry of cyber criminals," said Arvind Purushotham, managing director at Citi Ventures, one of the investors that provided the funding. "Pindrop Security developed a truly unique technology, providing a legitimate solution to address two of the biggest problems financial institutions face today, detecting attackers and identifying legitimate callers."

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MALLYN971
50%
50%
MALLYN971,
User Rank: Apprentice
6/20/2013 | 7:27:12 PM
re: CSI: Atlanta? No, It's Phone Fingerprinting
There is also the possibility or RF finterprinting; ie; how the RF transmitter starts transmitting. To see this, connect a high speed storage oscilloscope to a receiving antenna close to your phone. Start transmitting. The start of the RF transmission is unique to every transmitter because of minute physical differences in the physical attributes of the RF components that affect how the signal starts transmitting. There is a ham radio operator in Seattle who pioneered this technology for the purpose of identifying jammers for a ham radio repeater.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web