VoIP vulnerable to telephony denial of service attacks

Posted on: October 27th, 2016 by Art Barger

Voice over Internet Protocol (VoIP) is one way banks communicate with customers to provide better service at lower costs. But like the denial of service (DoS) attacks that recently shut down websites Twitter and Spotify, VoIP can be vulnerable to similar telephony DoS (TDoS) attacks, which can lead to contact center disruptions and even outages.

In the article, “Denial of service attacks on VoIP systems,” companies that utilize VoIP systems to interact with their customers need to be aware of the impact TDoS attacks have on their customer experience and business relationships.

What makes VoIP susceptible to telephony DoS attacks is the caller’s ability to control and manipulate Caller ID and ANI. When the caller can configure whatever phone number they want without requiring the service provider to validate the information, it breaks the trust between callers and telephone agents. Caller ID and ANI spoofing creates a false trust that impostors need to perpetrate any number of different fraud scams over the telephone channel, including TDoS.

When the sacred bond between a bank and its customers is broken, it runs much deeper than the telephone channel – it can impact profitable bank-customer relationships and business profits.

To block repeated fraudulent calls intended to overwhelm a telephone system, call centers need to identify each call upstream. Relying on knowledge-based information to verify inbound calls after the phone is picked up gives impostors the upper hand. Once they’ve been routed to a live operator, today’s sophisticated social engineers can defeat knowledge-based authentication (KBA) methods that include personal questions such as your mother’s maiden name, date of birth and the color of your first car.

The TRUSTID® Physical Caller Authentication solution automatically identifies every call as the phone is still ringing. Based on a bank’s business rules, spoofed and other high-risk calls don’t make it into the telephone system, so there’s no need for agents to interrogate customers over the telephone. Only validated calls from legitimate customers are allowed in.

Using telephone caller forensics, TRUSTID instantly and invisibly identifies the location of the calling device without interrupting the customer experience. This allows banks to review the risk of each call and block spoofed ANI and Caller IDs before they are answered. Within seconds, bad calls are automatically removed from the telephone system in real-time without the fraudster’s knowledge, eliminating repeated TDoS attacks aimed at overloading, and ultimately shutting down, your telephone channel.