Blogs on System Administration, Scripting, System Monitoring, Cloud Computing & Virtualizaton, VoIP Systems, SMS Systems and Web Applications Development.

Techniques for VoIP Calls Security


Introduction

The purpose of this article is to outline the possible solutions for fraud prevention in Call Center environment. The fraud prevention techniques for Call Center mainly includes the identification of spoofed Caller IDs, malicious behavior and legitimate callers by analyzing the full audio of phone calls via voice bio-metrics, behavioral analysis and matching the patterns with already developed database of spam users or devices.

The probability of Contact Center fraud is high for the environments where VoIP Servers has public interface which is open to internet, whereas the network closely packed with IPSec VPN tunnels with vendors and clients, have legitimate sources for VoIP traffic, which reduces the chances of fraud from any illegitimate IP Address or Device.

Description

Following are the components/techniques that can be developed from different libraries, tools and products in order to add another layer of security for our IVR/Agent Calls:

1. Identification of Caller ID’s Origin

There are many paid solutions for identifying origins of Caller IDs which can be considered as per their accuracy level whereas libphonenumber is an open source library maintained by Google and can be hosted or downloaded locally, which not only identifies the country and operator of a phone number but also returns phone number type (i.e. Landline, Mobile or VoIP), portable region, invalid number etc. The reference of these patterns can be verified from ITU’s numbering plans website. This library is originally developed in java but has wrappers in python, php and javascript etc.

2. Voice Biometrics

There are different vendors i.e. Nuance, Verint and Enacomm which provides paid solution of voice biometrics via audio transcriptions and are already under evaluation. These patterns of audio transcriptions of calls can be used for maintaining database of legitimate users.

3. VoIP Honeypot

A VoIP honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of VoIP system. It will actually be a dummy IVR Server which will be isolated from production environment and will act as valuable information or resource to attackers. The spam calls can be filtered at front end proxy level and further redirected to the VoIP honeypot.

Conclusion

The components discussed above or one stop solution for call center fraud from market; will add an extra layer of security for preventing fraud calls but will also add a little overhead while making decisions from available databases. As these decisions will have to be taken at front end proxy level then it will require another hop before IVR Servers for such scrutiny of incoming calls.

4 comments:

Please Enter your Comments Here.