When it comes to flagging fraud, telecoms data is certainly effective, adding a valuable layer of identity verification. This is exactly how we use it at Callsign.
Helping to prevent fraudulent activity using third-party data sources
Telecoms (or mobile network operator (MNO)) intelligence is one of the third-party sources we use, with a view to checking that someone really is who they say they are. Take SIM Swap, call divert, APP fraud, and SS7 vulnerabilities, these are just some of the tactic’s fraudsters are utilizing that pose a real threat to customers and organizational security. Using MNO intelligence can help flag these fraud types before it’s too late.
How Callsign uses Telecoms data
During an interaction or transaction, we cross-reference information provided by the user with live telecoms data. It’s a way of flagging potentially fraudulent activity and preventing fraudsters from committing account takeover. All without the need for any extra resource. We are looking for things like:
- SIM Swap - has this taken place recently?
- Call divert - has this been put in-place on the number associated with this account?
- Fraud checks - has the phone has been cloned or reported lost / stolen?
- Is the phone number used associated with the account?
- Is roaming in place?
This information is enriched with additional data collected in the Intelligence Engine to deliver added confidence that the user is who they say they are. This ongoing approach to verification and authentication means friction can be removed for the end user, without compromising security, as appropriate checks are being carried out in the background.
Protecting Data Privacy
Naturally, the use of telecoms in an identity solution raises a data privacy question. The good news is that, on the Callsign platform, telecoms intelligence simply uses yes/no validation. All we’re doing is comparing the information provided by the user with existing telecoms operator data. If the technology suspects fraud, additional authentication checks can be delivered.
Telecoms Intelligence can helps tackle some of the most common fraud types
SIM Swap is a type of phishing fraud where a fraudster sources a customer’s personal information through various means such as looking through their mail, hacking emails, stalking them on social media, or even buying the data from areas such as the dark web.
Once they have enough information on an individual, they contact the mobile network operator, posing as the victim. The fraudster tricks the MNO into setting up a SIM Swap by cancelling the victim’s SIM card and reactivating the victims telephone number to a new SIM card that is in the fraudster’s possession. As a result, all calls and messages to the victim’s telephone number are routed to the fraudster’s phone.
Call divert is SIM Swap's twin sibling. Here the fraudster mines information about their victims and uses it to trick the MNO into setting up a call divert - a phone feature that can forward or redirect incoming calls to an alternate number (which can be a landline or mobile number). As a result, all calls to the victim’s telephone number are routed to the fraudsters phone, creating the same issues as a SIM Swap.
Organizations often use a customer’s telephone to send one-time passwords (OTP) via a phone calls and SMS. By setting up either a SIM Swap or call divert, the fraudster can potentially gain access to one-time passwords and is able to access the account or verify payments.
SS7 is an international telecommunications standard used by MNOs to exchange information when passing calls and text messages between each other, such as when you are roaming.
Once a fraudster has a customer’s credentials and has attempted to login to their target’s account, SMS or outbound calling authentication should, in theory, stop them in their tracks. However, fraudsters have found a way to intercept these messages with SS7 being the gateway. By accessing SS7, they are able to see the data being sent between networks, meaning they can simply get these messages and calls sent to a SIM of their choice by setting up a misdirection of the legitimate customer’s SMS or outbound verification call. Callsign's use of telecoms intelligence can help to prevent these risks.
Interested in learning more about our Telecoms Intelligence
Take the time to talk to our sales team today and get a hands on demo.
Find out more about our other modules
Decisioning, Journey Mapping & Orchestration
Tasks such as decisioning, orchestration and policy management are all taken care of in one central location. Using our easy to use dashboard, teams from across the organization can build and test natural language policies that adapt in real time to contextual intelligence.Learn more
Artificial Intelligence powered Real-Time Analytics
Our intelligence engine uses multiple data points across device, location & behavior to deliver one confidence score, telling you how likely it is that someone is who they say they are. If the confidence score is high, you can safely reduce friction – and if it’s not, authentication is dynamically adjusted.Learn more
Identify users with multifactor authentication
We deliver multifactor authentication that is fit for both security and compliance needs. Using both active and passive data points to identify users our technology typically reduces authentication steps by over 90%.Learn more