Many banking security professionals spend a significant amount of time pondering how bad of a problem unlawful Caller ID and ANI spoofing really is. I should know, I’m one of them. If we take a step back and think about it practically, we know spoofing happens all the time for any number of reasons. We know social engineering occurs, and that the financial services industry has a pretty significant problem with identity theft.
I doubt too many experienced industry people reading this blog will dispute it’s an issue we have to deal with. While these terms have only become part of our vernacular within the past few years, there’s no doubt they support the notion that we have a serious problem.
Certainly, it’s not atypical that banks have reacted, and will continue to react as the crooks test our systems looking for the weakest link. To combat this problem, banks and other industries have responded with different levels of risk-based authentication processes — anywhere from simple customer questions like their mother’s maiden name, date of birth, or the last four digits of their social security number to more elaborate and personal knowledge-based verification (KBA), “out-of-wallet” type of questions.
More recently, many banks have also deployed (for a fee) a popular vendor solution that actually purchases data from the spoofing sites, which, in turn sell back the phone numbers that are being spoofed to their company’s 1-800 numbers. While this worked, initially, it never really felt good. It sort of felt like paying money to the very companies that were causing the problem. The larger concern is the tool cannot manage the growing number of spoofed calls that pop up, nor can it combat hacker-developed spoofing programs opposed to commercial spoofing. And this doesn’t touch on the more sophisticated software that goes way beyond simple spoofing sites, like Asterisk, available on the market today.
Lastly, some banks are trying to train and re-train representatives. This is an uphill battle given the high employee turnover rates, and the fact the crooks actually have the answers to the KBA questions, anyway. Add this to growing customer frustrations, and it’s not a reliable nor scalable solution.
So, how big of a problem is illegal Caller ID and ANI spoofing? The reality is we don’t know. Looking at the issue holistically across our respective organizations, we do know our efforts to mitigate harmful Caller ID spoofing and social engineering schemes are onerous and expensive. We know these threats are intrusive to good customers and the processes mentioned above, which, unfortunately, are becoming increasingly ineffective against them.
Until recently, I thought the banking industry had no viable, cost-effective means to fight unlawful Caller ID and ANI spoofing. All that changed after I learned about the TrustID® Telephone FirewallTM solution. To me, being able to stop illegal spoofing and reduce fraud losses while cutting operational expenses in your call center and restoring customer confidence and satisfaction is a win/win all the way around. And that’s what TrustID provides in one solution.
If you’d like to learn more about our telephone firewall solution, or would like a demo, feel free to contact me at your convenience at (831) 274-2042.
ANI, ANI Spoofing, Art Barger, Authentication, bank operations, Banking Fraud, banking fraud detection, Call Center, call center fraud, call security, call spoofing, caller authentication, Caller ID, Caller ID fraud, Caller ID Spoofing, calling party number, calling party number spoofing, contact center, data risk management, fraud mitigation, identity authentication, identity fraud, identity theft, KBA, knowledge-based authentication, multifactor authentication, personally identifiable information, risk management, social engineering threats, telecom security, telecommunications security, telephone authentication, telephone commerce, Telephone firewall, Telephone Firewall solution, telephone firewall validation, telephone fraud, traditional PBX, TrustID, TrustID Telephone Firewall, validate ANI, validate Caller ID