ANI trolling (also known as ANI trawling) is an emerging fraud vector that involves fraudsters running thousands of spoofed phone numbers through a business’s IVR (interactive voice response) system in order to identify which numbers belong to customers of that business. Once the hackers have identified which numbers belong to customers, they launch targeted SMS phishing or smishing attacks on the individuals who own those numbers.
How ANI trolling/ANI trawling works:
When a consumer dials into a call center, it’s common for a call center to try and recognize/match the ANI (automatic number identification) of the caller. If the ANI is recognized, indicating that the number is on file as belonging to a customer, the caller can be given a “green path/fast lane”. If not recognized, the caller is taken down another, more generic path (typically security questions).
Armed with the knowledge about how this works, fraudsters will run thousands of numbers through a given IVR. In the process of doing that, they can identify which numbers belong to customers (based on the path that each number is routed through). When they’ve identified the numbers that belong to customers, they can then take those numbers and buy personal data (name, address, SSN, DOB, etc.) on the black market for them in order to run targeted smishing attacks.
How Payfone helps protect IVRs against ANI trolling/ANI trawling:
Instead of using ANI matching as a decision point, call centers can use Payfone’s ANI match + call authentication to detect whether a call is being spoofed. Then they can set up the decision path such that spoofed calls always go down the generic path, regardless of whether the ANI is matched or not. That way, fraudsters can’t identify which numbers belong to customers/account holders, and therefore cannot carry out SMS phishing attacks on those individuals.
Payfone is a proud sponsor of the 2020 Hack@CEWIT hackathon at Stony Brook! Hosted by the Center of Excellence in Wireless and Information Technology (CEWIT), this year’s hackathon will see over 150 regional hackers battle it out for over $5K in prizes for the most innovative security, health-care, machine learning, A.I., blockchain, social impact, and IoT projects. The hackathon takes place February 14-16, and is open to college undergrad and grad students.
The event will also be open to the public on Sunday, Feb. 16 from 10:30am – 12pm, so come by and say hello! Visit the CEWIT site to register.
Heading to Washington, D.C. for Health Datapalooza 2020? Join our VP of Healthcare Strategy, Mike Bechtel, as he takes the stage to share insights about how healthcare organizations can increase contactability and engagement in a HIPAA-compliant, privacy-first manner through Payfone’s tokenized identity solutions.
HDP Rapid Fire: Ensuring Data Privacy and Security
Session: Stop the Tug of War between Delivering Great Member Experiences, Privacy and Security
Speaker: Mike Bechtel, MHSA, FACHE, Payfone
Date: Tuesday, February 11, 2020
Location: Marriott Marquis, Washington, D.C.
At this point, the bank has a decision to make: every year millions of their customers actually do forget their password and need help. These processes are now automated so that call centers can focus on higher value services for customers. But of course, the OPEX savings and better customer experience don’t outweigh heavy fraud losses due to SIM swaps. So what do the Tier 1 banks do?
(3) The bank pings Payfone’s patented SIM swap technology, and in real time, Payfone is able to tell the bank whether a SIM swap has occurred in the last few hours. Payfone does this by checking the “born on date” of the SIM. If the SIM was recently changed (via a port-out or device swap) then the born-date would be a smoking gun.*
* The likelihood of a high-risk event such as password reset happening at the same time as a SIM change warrants further vetting, so the bank does not send an SMS with a password reset code to the customer/possible fraudster, and instead steps up the transaction.
Simple and powerful, Payfone protects the leading banks, insurers, fintechs and cryptocurrency wallets from SIM swap attacks in real-time for over 100M US consumers. In a recent case, a Tier 1 US bank saw SIM swap fraud drop significantly in real-time after launching Payfone.
We also recently expanded this capability to UK banks as part of a global roll-out.
NEW YORK, Nov. 8, 2019 /PRNewswire/ — Payfone, a leader in digital identity authentication announced it has been named to Deloitte’s Technology Fast 500™, a ranking of the 500 fastest growing technology, media, telecommunications, life sciences and energy tech companies in North America now in its 25th year.
“It is an honor to be recognized for a third consecutive year by Deloitte on their prestigious 2019 Technology Fast 500™ list,” said Rodger Desai, CEO of Payfone. “The fear of identity fraud and cyberattacks holds the digital economy back from its full potential. This fear overtakes the desire to deliver great user experiences and creates a “Trust Gap” whereby most companies can only ‘pass’ ~40% of customers during digital interactions, which is significantly lower than in-person approvals. Payfone allows billions of additional consumers to safely access digital services and experience the best possible user experiences without sacrificing security.”
Deloitte today celebrated the 25th anniversary and release of its “North America Technology Fast 500,” an annual ranking of the fastest-growing North American companies in the technology, media, telecommunications, life sciences, and energy tech sectors.
Technology Fast 500 awardees are selected based on percentage fiscal year revenue growth from 2015 to 2018. Over the past quarter century, the Fast 500 program has honored nearly 6,000 companies across North America.
During the last week of October, Payfone was onstage multiple times at Money 2020, one of the largest conferences where the financial services industry congregates to connect and create the future of money. During the event, we had a chance to engage with our customers, meet with partners and new prospects, and take part in key industry conversations. Payfone’s CEO, Rodger Desai spoke with industry leaders in two fireside chats about relevant topics – the customer experience, Pass Rates and Trust Scores.
Rodger joined Carol Juel, Synchrony’s EVP and CIO, to discuss the merging of physical and digital worlds to ensure fast and easy payments and the new ways the transformation of the payments industry will have on consumers and businesses. The discussion revolved around how trust is at the core of delivering fast, easy and secure customer experiences and the importance of pass rates. During this chat, Carol referenced Synchrony’s partnership with Payfone with complimentary shout-outs “Payfone is a shining example of how work gets done” and “the opportunity to work with Payfone brings trust to another level.” Thank you, Carol!
Rodger was joined onstage for a fireside chat with Mastercard’s Rob Carter, Director, Product Development & Innovation, Cyber & Intelligence Solutions, about “The Trust Gap” whereby approval rates of card not present transactions are 25% lower than card present transactions. The discussion revolved around this phenomenon that hinders the customer experience, stunts revenue and increases operating costs. Practices that enterprises can follow to reverse this Trust Gap were discussed.
Here’s how Tearsheet describes their Fintech Toolkit and why they started it:
Heading to HLTH this month? Come by booth #203 to meet the Payfone Healthcare team and learn how our digital trust solutions can transform your member/patient experience and supercharge engagement.
Who?: The Payfone Healthcare team & you
What?: Key digital transformation use cases such as password-less login, identity authentication for telehealth services, online portal registration, and call center authentication
Where?: Booth #203 at HLTH at the MGM Grand in Las Vegas
When?: October 27-30
Why?: Learn from Payfone’s digital identity “sherpas” who can guide your digital authentication and verification strategies to enhance member/patient experiences and engagement while protecting privacy. See how Payfone’s patented Trust Score can significantly increase your percentage of members/patients that can interact with you frictionlessly, and try our demo to get your own Trust Score.
SIM swap attacks continue to make headlines, with Twitter CEO Jack Dorsey becoming one of the most famous victims to date when his mobile phone number was taken over last month. Similar scams are rapidly increasing in frequency, impacting high-profile CEOs, Hollywood celebrities, cryptocurrency communities, and everyday people, as criminals take advantage of security loopholes and the vulnerabilities of 2FA (two-factor authentication) to hijack social media accounts or steal money and cryptocurrency by taking over victims’ mobile phone numbers.
This week, we announced that we are taking a stand and extending our SIM swap detection algorithms to even more consumers to protect them from a fast-growing fraud scheme that easily breaks 2FA, costing them millions in lost dollars and personal data.