As featured on TM Forum’s the Insider Blog
Online security continues to be a major issue as we search for technology that will help tilt the equation in favor of the service providers and away from the fraudsters.
If the following is true, we may soon forget those passwords, PIN numbers, security tokens, voice recognition, et al – because the solution may lie in the connection itself.
It seems the latest breakthrough in online security recognizes the 'fingerprints' embedded by the network, handsets, exchanges, switches and other call-routing infrastructure onto the audio of any phone call.
This is the phenomenon that security company, Pindrop, hopes to use to prevent fraudsters from using stolen credit cards over the phone.
According to Pindrop's CEO and cofounder, Vijay Balasubramaniyan, it is possible to identify whether a person is using a landline or cell phone, or when a call supposed to come from a mobile in Atlanta comes from a landline in Nigeria. Sure you can identify the calling party number and determine much the same information using existing technology, but ‘spoofing’ a caller ID to match a victim’s number when calling their bank has also become commonplace.
Pindrop processes the recordings of customer calls to flag possible cases of fraud. Another version of the system, not yet released, can instantly communicate a “risk score” when a call connects. That could mean that you won’t get asked so many security questions when you call your bank, because your line noise vouches that it really is you.
The concept is not so hard to believe when you think how noticeable calls placed from different places, different devices, and via different networks, such as a cell phone call compared to one made through internet services like Skype, sound different. According to Pindrop, when a person makes a call, the chain of technologies between them and the recipient creates a very particular and unique ‘line noise.’
Their software has been trained to extract specific information from the line noise on a call. It can even estimate a caller’s location, thanks to the patchwork of different telecommunications equipment that links up the globe.
The older infrastructure in Western Europe, for example, makes line noise on calls from there very distinct from those made from Africa. The audio processing software used by providers in different locations also imparts distinctive effects. As a result, a distance of less than 100 miles can alter line noise in a clearly detectable way, says Mustaque Ahamad, a professor at Georgia Institute of Technology and chief scientist and cofounder of Pindrop.
Ahamad and Balasubramaniyan say that it would be very difficult for a fraudster to spoof line noise. Changing phones—for example, between different wired and wireless handsets—would alter only some of the features that Pindrop looks for but “the other features stay the same.”
The only way someone could change his line-noise profile significantly would be to somehow convince the companies carrying the phone calls to replace their current equipment. Even then the line noise would be very unlikely to exactly match that of the person being impersonated. That makes Pindrop’s fast-growing database of line-noise fingerprints from known fraudsters a powerful resource to use to screen future calls.
Sounds weird to me (no pun intended), but how soon before those clever little fraudsters really do work out how to spoof line noises? Anything is possible, right?