Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

CSI: Atlanta? No, It's Phone Fingerprinting

Pindrop Security collects $11M in funding to build out next-gen solution for preventing phone fraud

A criminal dials into your company's call center, looking to steal data on one of your customers. He's pretending to be the customer, fishing to get a password, a mother's maiden name, or anything that might help him set up a fraudulent account.

About 18 seconds into the conversation, your company has identified the call as fraudulent. You know where the fraudster's calling from, what names and numbers he has used before, and even his calling patterns. The transaction is blocked, and the caller is identified and blacklisted.

Is this an episode of CSI? No, it's new technology from an emerging vendor called Pindrop Security, which received an $11 million round of venture funding from Andreessen Horowitz and other firms on Wednesday.

Pindrop has developed a patent-pending technology called Phone Fingerprint, which enables companies to identify fraudulent callers through forensic analysis of their calls. Phone Fingerprint analyzes information such as the phone number and device used, voice recognition, and even background noise to uniquely identify callers within 15 seconds. It then takes about three seconds to flag the company and terminate the transaction.

"A lot of criminals and fraudsters are finding that socially engineering an inexperienced employee or call center representative is a very effective attack vector," says Vijay Balasubramaniyan," co-founder and CEO of Pindrop. "Depending on human error to break into an account is a lot easier than most forms of online attack."

About 30 percent of all financial fraud begins with a phone call, Pindrop says, and some financial firms say that as much as 60 percent of the fraud they see takes place over the phone. About one in every 3,000 calls to a customer call center is a fraudster, Pindrop estimates.

"That doesn't sound like a lot, but what it means is that the average call center rep is probably not very experienced in recognizing a fraudster," says Matt Anthony, vice president of marketing at Pindrop. "Our goal is to recognize that fraudster and let [the company] do something about it before the transaction is completed."

Phone Fingerprint analyzes phone call audio signals to identify the caller's location and calling device type to create a unique fingerprint, which can be used to match the caller to other calls they've made, regardless of attempts to mask identity and calling activity.

After receiving a $1 million round of seed funding last year, Pindrop now has $11 million more to make its presence known in the enterprise arena.

"Financial institutions are on the front lines, facing a well-organized, well-funded growth industry of cyber criminals," said Arvind Purushotham, managing director at Citi Ventures, one of the investors that provided the funding. "Pindrop Security developed a truly unique technology, providing a legitimate solution to address two of the biggest problems financial institutions face today, detecting attackers and identifying legitimate callers."

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MALLYN971
50%
50%
MALLYN971,
User Rank: Apprentice
6/20/2013 | 7:27:12 PM
re: CSI: Atlanta? No, It's Phone Fingerprinting
There is also the possibility or RF finterprinting; ie; how the RF transmitter starts transmitting. To see this, connect a high speed storage oscilloscope to a receiving antenna close to your phone. Start transmitting. The start of the RF transmission is unique to every transmitter because of minute physical differences in the physical attributes of the RF components that affect how the signal starts transmitting. There is a ham radio operator in Seattle who pioneered this technology for the purpose of identifying jammers for a ham radio repeater.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/3/2020
Data Loss Spikes Under COVID-19 Lockdowns
Seth Rosenblatt, Contributing Writer,  5/28/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10548
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10549
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10546
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10547
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-11094
PUBLISHED: 2020-06-04
The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests (and all information pertaining to each request including session data) whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as ...