Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

CSI: Atlanta? No, It's Phone Fingerprinting

Pindrop Security collects $11M in funding to build out next-gen solution for preventing phone fraud

A criminal dials into your company's call center, looking to steal data on one of your customers. He's pretending to be the customer, fishing to get a password, a mother's maiden name, or anything that might help him set up a fraudulent account.

About 18 seconds into the conversation, your company has identified the call as fraudulent. You know where the fraudster's calling from, what names and numbers he has used before, and even his calling patterns. The transaction is blocked, and the caller is identified and blacklisted.

Is this an episode of CSI? No, it's new technology from an emerging vendor called Pindrop Security, which received an $11 million round of venture funding from Andreessen Horowitz and other firms on Wednesday.

Pindrop has developed a patent-pending technology called Phone Fingerprint, which enables companies to identify fraudulent callers through forensic analysis of their calls. Phone Fingerprint analyzes information such as the phone number and device used, voice recognition, and even background noise to uniquely identify callers within 15 seconds. It then takes about three seconds to flag the company and terminate the transaction.

"A lot of criminals and fraudsters are finding that socially engineering an inexperienced employee or call center representative is a very effective attack vector," says Vijay Balasubramaniyan," co-founder and CEO of Pindrop. "Depending on human error to break into an account is a lot easier than most forms of online attack."

About 30 percent of all financial fraud begins with a phone call, Pindrop says, and some financial firms say that as much as 60 percent of the fraud they see takes place over the phone. About one in every 3,000 calls to a customer call center is a fraudster, Pindrop estimates.

"That doesn't sound like a lot, but what it means is that the average call center rep is probably not very experienced in recognizing a fraudster," says Matt Anthony, vice president of marketing at Pindrop. "Our goal is to recognize that fraudster and let [the company] do something about it before the transaction is completed."

Phone Fingerprint analyzes phone call audio signals to identify the caller's location and calling device type to create a unique fingerprint, which can be used to match the caller to other calls they've made, regardless of attempts to mask identity and calling activity.

After receiving a $1 million round of seed funding last year, Pindrop now has $11 million more to make its presence known in the enterprise arena.

"Financial institutions are on the front lines, facing a well-organized, well-funded growth industry of cyber criminals," said Arvind Purushotham, managing director at Citi Ventures, one of the investors that provided the funding. "Pindrop Security developed a truly unique technology, providing a legitimate solution to address two of the biggest problems financial institutions face today, detecting attackers and identifying legitimate callers."

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MALLYN971
50%
50%
MALLYN971,
User Rank: Apprentice
6/20/2013 | 7:27:12 PM
re: CSI: Atlanta? No, It's Phone Fingerprinting
There is also the possibility or RF finterprinting; ie; how the RF transmitter starts transmitting. To see this, connect a high speed storage oscilloscope to a receiving antenna close to your phone. Start transmitting. The start of the RF transmission is unique to every transmitter because of minute physical differences in the physical attributes of the RF components that affect how the signal starts transmitting. There is a ham radio operator in Seattle who pioneered this technology for the purpose of identifying jammers for a ham radio repeater.
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31922
PUBLISHED: 2021-05-14
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.
CVE-2021-32051
PUBLISHED: 2021-05-14
Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter.
CVE-2021-32615
PUBLISHED: 2021-05-13
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
CVE-2021-33026
PUBLISHED: 2021-05-13
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the ca...
CVE-2021-31876
PUBLISHED: 2021-05-13
Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with ...