Pierre Demarche, VP Product and Marketing, TeleSign Session is divided into 3 parts, based on use cases: Registration fraud. Identifying fake users, preventing bulk account creation, etc. ATO (Account TakeOver). Preventing ATO fraud through phone hijacking attacks like SIM Swap, Porting attacks, call forwarding, etc. IRSF (International Revenue Sharing Fraud) attacks on enterprises. Registration to SIP trunking.

1. Identity, Authentication and Programmable Telecoms
Pierre Demarche
VP Products

2. EVOLUTION OF TELESIGN
PHONE NUMBER VERIFICATION
LAUNCH OF DATA SERVICES
PhoneID & Score
• Registration Fraud
PREVENTING FRAUDS, ENABLE
TRUST & PROTECTING USERS
New Data Services
• Identity Verification
• Credit Risk Prevention
• Account Takeover Protection
• Payment Frauds Prevention
• Communication Context
EXTENDED COMMUNICATION APIS
• Voice APIs
• Messaging APIs
• Engagement (2 Way SMS, Omnichannel)
• ARN (Acknowledgement, Receipts,
Notifications)
© 2019 TeleSign 2

3. ADDRESSING
MARKET CHALLENGES

4. DATA
BREACHE
S
Usernames & passwords continue to be the
prevailing method for securing online accounts.
However, the volume of data breaches has hit record
highs, with new data breaches being reported
regularly. Essentially every username/password
combination is now available for sale somewhere.
Because of this, it’s impossible to know who is really
logging into a website/app; is it the legitimate user or
a fraudster with stolen credentials?
© 2019 TeleSign

5. STOP
FRAUDSTERS
FROM
CREATING
ACCOUNTS
5
Websites/apps have huge problems with
fake accounts
Using bots, fraudsters have created millions of social
media, email, and other accounts
Fraudsters create fake accounts to:
• Spam
• Phish
• Post fake reviews
• Increase number of followers
• Etc.
Phone Number based verification adds
a layer of protection
• However, fraudsters continue to find new ways to
creat bulk fake accounts

6. BURNER
PHONE NUMBERS
• Websites/apps introduced phone verification into
their signup flow to help with these challenges
- Fraudsters now needed a valid phone number
to create a new account
- Phone verification was initially very helpful in
stopping fraud
• However, fraudsters eventually learned how to
obtain anonymous VOIP numbers to use for
phone verification
• There are various places to obtain these numbers:
- Pinger
- Burner App
• Using these VOIP numbers, fraudsters were able to
automate their creation of new accounts again
© 2019 TeleSign

7. FARMING
Cheap/free mobile numbers are typically obtained by activating new prepaid SIM cards, often as part of a SIM or
phone farm. Each of these data points helps to distinguish these “farmed” numbers from legitimate subscribers.
To continue to create fake accounts, fraudsters have realized
that they need access to thousands of mobile numbers.
Fraud is a business, so these mobile numbers must be
anonymous and cheap/free for their business model to work.
© 2019 TeleSign

8. 50%
OF INTERNET USERS
ARE FALSIFYING THE DATA
AT ONBOARDING
Phone number: 27%
Date of birth: 17%
Email address: 16%
Home address: 15%
Name: 14%
Age: 14%
© 2019 TeleSign 8

9. RECYCLED PHONE NUMBERS
© 2018 TeleSign 9
Phone verification during new account registration has become
extremely popular. Websites and apps now rely heavily on their
user’s verified phone numbers for both 2FA and password reset
as previously described, and also for many communications use
cases such as account alerting, anonymous communications
between users, etc.
Because of this, it’s extremely important that websites can trust that their
users’ phone numbers have not changed ownership. Otherwise, the
website/app could be communicating with the wrong subscriber,
causing frustration and annoyance.

10. SIM SWAP:
HOW IT WORKS
© 2019 TeleSign 10
• One way to hijack a user’s phone
number is via SIM swap
• The attack works like this:
- The fraudster identifies the victim’s phone number and
phone carrier
- He then poses as the legitimate user to the carrier, either
in-store, on the phone, or online
- The fraudster asks the carrier to transfer his (the
victim’s) phone number to a new SIM card because he
lost his phone, etc.
- The carrier transfers the phone number
- The fraudster now has access to this phone number and
receives the victim’s 2FA codes when logging in online

11. IRSF FRAUD
• International Revenue Share Fraud
• With IRSF, attackers use fraudulent access to a
network to artificially inflate traffic to numbers
• Fraudsters then receive payment (on a revenue
share basis with the number provider)
• If they enable automation of voice calls to these
numbers from an Internet site or application,
they can obtain a lot of money in a very short
period of time (hours or minutes).
© 2019 TeleSign 11

12. Lead Generation Registration Login Transactions Manage Account
(Recovery, Password reset, etc)
Interactions (P2P,
Customer
support, etc)
Incomplete Profiles of leads
Changing Profiles of leads
Prospect
Profiling/Segmentation
• Demographics
• Preferences
• Lifestyle
• Interests
Fraud Risk
• Trust
• Bulk Account Creation
• Fake Accounts
• Spam users
• Recycled numbers
• Promo Abuse
Identity Fraud
• Synthetic identity
Compliance (Reg Tech)
• KYC
• Communication Compliance
(TCPA, DND, etc.)
Communication Fraud
• IRSF
Operational
• Duplicate account creation
Profiling
• Gauge customer LTV
Account Take Over
• SIM Swap
• Port Fraud
• Recycled phone Number
• Lifecycle changes
• Identity thefts
Account Take Over
• SIM Swap
• Port Fraud
• Recycled phone Number
• Lifecycle changes
• Identity thefts
Transaction Frauds
• Payment frauds
• Charge back
Fraud/Refund Fraud
• Stolen Identity
Account Take Over
• SIM Swap
• Port Fraud
• Recycled phone Number
• Lifecycle changes
• Identity thefts
Account Take Over
• SIM Swap
• Port Fraud
• Recycled phone Number
• Lifecycle changes
• Identity thefts
Fraud Risk
• Trust
• Identity Fraud
Communication Fraud
• Inbound Context
• Spam
• Good User
• CLI Spoofing
• Outbound
• IRSF
Communication Compliance
• Communication
Compliance (TCPA, DND,
etc.)

13. HOW WE HELP FIGHT FRAUDS

14. Onboarding
PHONE NUMBER
Login
Account Recovery
Marketplace
Interactions
Payments
Trust Fraud Compliance
Customer Support
PROTECT ONLINE EXPERIENCES GLOBALLY
USING COMMUNICATION DATA

15. 15
500 MILLION
Fraudulent transactions detected for
our customers!
THERE IS A LOT OF FRAUD!

16. THE GLOBAL FRAUD INTELLIGENCE
SOLUTION
16
TeleSign Score
• Fraud risk assessment API
• Reputation scoring based on:
- Phone number intelligence
- Traffic patterns
- Machine learning
- Global data consortium
- Customer-provided data inputs
• Integrates into existing account
security workflows
Score Risk Level Recommendation
801-1000 High Block
601-800 Medium-high Block
401-600 Medium Flag
201-400 Medium-low Allow
0-200 Low Allow
N/A Neutral N/A
Score Recommendations
© 2019 TeleSign

17. REAL-TIME PHONE NUMBER INTELLIGENCE
Industry-Leading Fraud Risk Assessment & High-Quality Data
TeleSign delivers valuable
information associated with the
phone number, which improves
SMS delivery.
TeleSign evaluates fraud risk by
using machine learning to uncover
hidden insights and predict future
events.
Phone Number Traffic Patterns & Usage Velocity
Status of Phone Subscriber’s contact details
Phone Type, Telecom Carrier, Account
and Device ID
Customer-Provided
Data Inputs:
IP Address, Email Address, Account
ID, Device ID, etc.
History of Fraud –
Global Data Consortium
Knowledge
Engineering
Customized machine
learning models
VoiP Detection
© 2019 TeleSign 17

18. COMMUNICATION DATA CLASSIFICATION
Strong co-relation with online frauds
MOBILE
NUMBER
New Dimensions
Behavior
No of outgoing/incoming calls/messages
Velocity
Diversity of called numbers, countries, operators
Diversity of receiving numbers, countries, operators
Duration of calls
Tenure of numbers
Length of messages
No of countries roamed
Mobile data usage
Failed call attempts
Failed messages
Failed signaling
Type of carriers
- Tier 1,2,3,4 VOIP
Risky destinations
Premium calls
Spam content
Calling Number
Called Number Roaming Number
Sender SMS Receiver SMS
Customer Supplier
Origination Country/Operator Destination Country/Operator
Trillions of Global
communication
transactions
Tokenized Privacy
Compliant Platform

19. CLASSIFICATION OF PHONE NUMBERS BASED ON BEHAVIOR
Velocity histogram (bar = day) Velocity histogram (bar =
hour)
Call duration histogram (bar = sec)
Application
Traffic
Robocalls

20. HUMAN VS MACHINE TRAFFIC
20
Legitimate traffic VOIP Numbers used
for A2P use cases
VOIP Numbers used
for Robocalling
© 2019 TeleSign
Call duration distributions on sample of 1000 subscribers

21. LEGITIMATE TRAFFIC EXAMPLES
© 2019 TeleSign 21
node = phone number; edge = transaction(s); direction = from A to B number;
node color = in (blue) vs out (red) degree (i.e. number of distinct B vs A neighboring nodes);
node size = total degree (total number of neighbors);
number correlated to the edge = velocity; edge thickness = call duration.
Legitimate Graph Components

22. SUMMARY

23. DATA PLATFORM
ENABLING COMMUNICATIONS &
PROTECTING ONLINE EXPERIENCES
Lead
Scoring
Registration
Risk
Score
Identity
Verification
Score
Credit Risk
Score
Account Take
Over Score
Payment
Transaction Risk
Score
Communication
Context Score
GLOBAL COMMUNICATION PLATFORM

24. @TeleSign
pdemarche@telesign.com