Snapchat data hack shows why hackers value phone numbers

Posted on: January 08th, 2014 by Art Barger

In recent years, banks and other companies have largely focused on deploying anti-fraud tools to protect their digital assets. With all the attention cyber threats, last week’s Snapchat data breach was reminder of how telephone numbers still provide valuable information for hackers.

According to the article, “Why hackers want your phone number,” the Snapchat data hack compromised 4.6 million account usernames and phone numbers. While the breach exploited vulnerabilities in the popular photo messaging application, it also showed how telephone numbers are used by criminals to sidestep security defenses. Adam Levin, co-founder of the online security company Identity Theft 911, said crooks can use phone numbers to spoof their caller ID, social engineer businesses and send spammed text messages.

“Phone numbers are a building block for hackers. Smartphones are not just communication devices. They are data storage devices.”

With people freely sharing their telephone digits with Google, Facebook and other networking websites, security experts say criminals can type a number into Facebook and find the owner and other personal data. By gathering personally identifiable information (PII), thieves can create profiles to defeat call center authentication processes that rely heavily on PII to identify customers over the phone.

This is where knowledge-based authentication (KBA) solutions fall short. When financial institutions use PII-based authentication strategies to authenticate customers over the telephone channel, they are at a significant disadvantage to criminals armed with stolen information to correctly answer challenge questions.

Banks that use the TRUSTID® Physical Caller Authentication solution to identify customers don’t run into that problem because it doesn’t rely on non-predictive PII to verify the risk of the call. Using powerful telephone network forensics to proactively verify the caller ID and ANI pre-answer, contact center agents don’t have to bother interrogating callers who have already been authentication before they picked up the phone. In fact, when a known spoofed call is automatically identified in real-time, the call doesn’t get routed into the phone system.

As a result, financial institutions don’t waste valuable time and resources interrogating customers over the phone. And when the good ones are validated, bank reps can begin addressing their needs the moment they pick up the call for a better overall customer experience.