Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Keeping Denial of Service and
Financial Fraud Out of Your
Contact Center
Mark Collier, Chief Technology Officer
SecureLogi...
About SecureLogix
SecureLogix:
•UC security and management solution company
•Security solutions for UC and TDM
•Solutions ...
State of Security Report
http://www.securelogix.com/sos/
SecureLogix
UC Security Overview
SecureLogix
Negative Value Calls
SecureLogix
Low/High/No Value/Negative Value Calls
SecureLogix
Example Impact/ROI
Revenue: $30BN (Annual)
Employees: 30,000
Call Count: 9,750,000
Cost per Call: $3.00
Negative Value Cal...
Telephony Denial of Service (TDoS)
for fraud, extortion, and disruption
SecureLogix
TDoS Bulletins from DHS and FBI
2013 Public TDoS & Voice Attack
Warnings Issued by:
•DHS – Department of Homeland Security...
TDoS Taxonomy
SecureLogix
Call Pumping
SecureLogix
Call Pumping Example
SecureLogix
Manually Generated TDoS
SecureLogix
Social Networking TDoS
SecureLogix
Social Networking TDoS – Examples
SecureLogix
Simple Automated TDoS
SecureLogix
Simple Automated TDoS Example
SecureLogix
Complex Automated TDoS
SecureLogix
Complex Automated TDoS – Turnkey
Tool
SecureLogix
Distributed/Complex Automated
TDoS
SecureLogix
Financial Fraud
SecureLogix
Financial Fraud/Social Engineering
SecureLogix
Financial Fraud
• An issue for all enterprises with financial contact centers
• Attackers take over individual’s accounts ...
Financial Fraud
• Attackers use anonymous numbers and burner phones
• Spoofing the number is also common
• Attackers disgu...
Solutions
SecureLogix
SecureLogix Solution
SecureLogix
System Architecture - SIP
Service
Provider
SIP Trunk
CUBENetwork Tap
ENUM
Request
Request
ENUM
Appliance
SIP/RTP
Probe
Web...
System Architecture – TDM or SIP
SecureLogix
Call Risk Scoring and Filtering
SecureLogix
Policy Hub
SecureLogix
Questions?
?
SecureLogix
Thank-you for participating
Questions/Comments
Mark Collier, CTO, SecureLogix
Mark.collier@securelogix.com
Joe Gerard, Vic...
Upcoming SlideShare
Loading in …5
×

Keeping Denial of Service and Financial Fraud out of Your Contact Center

1,575 views

Published on

Transactions and customer interactions flowing through your contact center and other customer support lines are the financial lifeblood of your enterprise. Unfortunately, security threats such as Telephony Denial of Service (TDoS) attacks and fraudulent social engineering schemes are dramatically increasing and becoming more difficult to detect and prevent. These and other threatening, negative value calls are having a significant, operational impact on many financial, heath care, retail, emergency response, and other organizations across North America.

Published in: Business
  • Be the first to comment

Keeping Denial of Service and Financial Fraud out of Your Contact Center

  1. 1. Keeping Denial of Service and Financial Fraud Out of Your Contact Center Mark Collier, Chief Technology Officer SecureLogix Corporation
  2. 2. About SecureLogix SecureLogix: •UC security and management solution company •Security solutions for UC and TDM •Solutions integrated on Cisco ISR/ASRs •www.securelogix.com Mark Collier: •Author of Hacking Exposed: UC and VoIP •Author of many SIP/RTP attack tools •Conducted many security assessments •www.voipsecurityblog.com •markcollier46 on twitter and Google+ SecureLogix
  3. 3. State of Security Report http://www.securelogix.com/sos/ SecureLogix
  4. 4. UC Security Overview SecureLogix
  5. 5. Negative Value Calls SecureLogix
  6. 6. Low/High/No Value/Negative Value Calls SecureLogix
  7. 7. Example Impact/ROI Revenue: $30BN (Annual) Employees: 30,000 Call Count: 9,750,000 Cost per Call: $3.00 Negative Value Calls: 477,750 (5%) Customer LLR: $62.15 ------------------------------------------------------ NVC Cost: $1,433,250 Lost Revenue: $4,500,000 Efficiency Impact: $5,593,500 ------------------------------------------------------ Total Annual Loss: $11,526,750 SecureLogix
  8. 8. Telephony Denial of Service (TDoS) for fraud, extortion, and disruption SecureLogix
  9. 9. TDoS Bulletins from DHS and FBI 2013 Public TDoS & Voice Attack Warnings Issued by: •DHS – Department of Homeland Security • Initial Alert in March 2013 • Latest TDoS Alert issued from DHS on Oct 17, 2013 •FBI – Federal Bureau of Investigations • Private Industry Notification on TDoS – July 2, 2014 • Call Pumping Alert - Oct 25, 2013 • Original announcement – May, 2010 •NENA 911 – National Emergency Number Assoc. •APCO International – Assoc. of Public- Safety Communications Officials •Several U.S. state agencies SecureLogix
  10. 10. TDoS Taxonomy SecureLogix
  11. 11. Call Pumping SecureLogix
  12. 12. Call Pumping Example SecureLogix
  13. 13. Manually Generated TDoS SecureLogix
  14. 14. Social Networking TDoS SecureLogix
  15. 15. Social Networking TDoS – Examples SecureLogix
  16. 16. Simple Automated TDoS SecureLogix
  17. 17. Simple Automated TDoS Example SecureLogix
  18. 18. Complex Automated TDoS SecureLogix
  19. 19. Complex Automated TDoS – Turnkey Tool SecureLogix
  20. 20. Distributed/Complex Automated TDoS SecureLogix
  21. 21. Financial Fraud SecureLogix
  22. 22. Financial Fraud/Social Engineering SecureLogix
  23. 23. Financial Fraud • An issue for all enterprises with financial contact centers • Attackers take over individual’s accounts (ATO) • A growing threat – arguably easier than Internet/mobile • Typical targets are consumer accounts - credit, debit, HELC • Knowledge Based Authentication (KBA) is ineffective • Attackers know limits and corresponding authentication SecureLogix
  24. 24. Financial Fraud • Attackers use anonymous numbers and burner phones • Spoofing the number is also common • Attackers disguise their voice, use distortion/noise • Easy to get PI via the Internet, phishing, black market, etc. • Attackers can also get PI through the IVR • Attackers may also intercept verification calls • It usually takes multiple calls to get the money SecureLogix
  25. 25. Solutions SecureLogix
  26. 26. SecureLogix Solution SecureLogix
  27. 27. System Architecture - SIP Service Provider SIP Trunk CUBENetwork Tap ENUM Request Request ENUM Appliance SIP/RTP Probe Web Interface System Console Managed Service Reports Dashboards Mediation/ Management Database Server Cache/Audio Processor IP PBX/IVR/CC SecureLogix
  28. 28. System Architecture – TDM or SIP SecureLogix
  29. 29. Call Risk Scoring and Filtering SecureLogix
  30. 30. Policy Hub SecureLogix
  31. 31. Questions? ? SecureLogix
  32. 32. Thank-you for participating Questions/Comments Mark Collier, CTO, SecureLogix Mark.collier@securelogix.com Joe Gerard, Vice President Marketing and Sales, i-Sight j.gerard@i-sight.com SecureLogix

×