2023 Call Centre Security Report: Identifying Red Flags through Telephone Network Data

Matt Smallman: Now, I, I’ve been working in this field for, for a long time, and.

There’s a paucity of real actionable data. There’s lots of anecdotes about what’s right and wrong with call center security everywhere, but having actionable data about who’s calling, why they’re calling, and what’s suspicious is quite rare, which is why I’m delighted that Smart Numbers have published their 2023 contact center security reports, which you’ll get a link to shortly in the chat features.

And I’m here this afternoon to talk to Abhinav Anand, who is just here, the Chief Product Officer from, Smart Numbers, who will be, taking us through a little bit more of the detail and also explaining about where this came from. So, quick introductions, as I said, my name is Matt Smallman, I’m the, author of this book, just tactfully positioned under my shou over my shoulder, Unlock Your Call Center, and the founder of, SymNex. I work with organizations across the world to help them improve the usability, efficiency, and security of their call center security experiences, and I founded the Modern Security Community to bring together practitioners, whether they be end users or with technology firms, to help understand this problem better, to educate people and help the transition towards modern security.

My personal objective is to to eradicate those kind of pointless and ridiculous mother’s maiden name, inside dog leg measurement questions that we all get asked, that we know add no security value, but that organizations continue to ask. And I’m delighted to welcome Abhinav on board this afternoon.

Abhinav, to give us a quick introduction whilst I post the link to the report in the chats?

Introducing Abhinav Anand

Abhinav Anand: Yeah, sure. Good afternoon, everyone. My name is Abhinav. As Matt said, I’m the Chief Product Officer at SmartNumbers. For those who don’t know SmartNumbers, we are a network authentication service. We help contact centers globally to detect fraud and to improve caller experience.

I’m very excited to be here with Matt and share our learnings and insight with you.

Matt Smallman: So, so, so let’s, let’s jump in. Uh, first off, um, I’ve got a kind of full, full disclosure. Um, you were very, kind in allowing me to be part of this study. And I think I hopefully brought, um, some independent and external perspective to what you guys have, which is an enormous amount of data.

So first off, um, thanks, for doing that and thanks for contributing this. Uh, a, a decent data set into the public domain that we can all, make use of. For the benefit of our audience, just want to explain who Smart Numbers are and just how you managed to, obtain all this insight.

Survey Context

Abhinav Anand: Yeah, sure. Uh, so Smart Numbers, as I said, we are a network authentication service.

Uh, we work with some of the largest contact centers around the world and in the UK. And, we’ve derived this data from hundreds of millions of calls that we’ve been, handling over the last year in the UK. So every year our customers, are using our service to risk score each of these calls. So we’ve got visibility of these calls.

We also have the privileged position as a carrier, which gives us deeper insight into the call data. As an example, when a fraudster is trying to withhold their CLI or their caller ID when they call into the call center, we can still see it and correlate it to previous fraudulent calls. So this report has come out of analyzing 12 months of that data, and we’ve tried to share the most valuable insights we could derive from the data with the community.

How many calls originate from Mobile Phones?

Matt Smallman: Thanks so much. And I think before we dive into the security aspects, which are, which are really, really relevant and some of the big takeaways from there, I just wanted to touch on one of the findings that I kind of, that kind of hit me smack in the face when we’re looking at the data, which was this fact that 80 percent now of inbound calls to call centers are coming from mobile phones.

And I, and I think, I think if I’m right, that’s kind of up 10 percent year on year. Uh, and I, I think that’s that. Mark’s a kind of significant shift. I don’t know how you’ve been tracking that over the last few years. What’s your perspective on that?

Abhinav Anand: Well, we, because of our history as a carrier, we’ve been tracking this transition for quite a long time.

Uh, actually in 2012, the tipping point was, there between mobile and fixed lines. So 2012 was the first year where mobile consumers used more mobile minutes than fixed lines, and what you’re seeing now in say 2023, it’s. More than 80 percent of consumer calls are made on mobile. I mean, you look at it from the other side, which is what we’re doing here, on the calls coming into the contact center.

Obviously, we find the same thing that, 80 percent or more of the calls are coming in from mobiles into the contact center. Um, it’s quite interesting from our perspective as well.

Matt Smallman: That’s awesome. And for me as well, I think we’re going to talk about security, but, but just from an identification perspective, and I, I talk at the start about my mission about removing pointless questions.

Yeah. Like if 80 percent of callers are calling from their mobile, um. And you’re a modern organization, you probably have their mobile on file. So why do we still need to ask people for their account number or reference number? Yes, there are security concerns, and security is about identification and authentication.

But from an identification perspective, we know a lot about these people already, and we can start to make decisions about what the most appropriate authentication method is, what the most appropriate route for them to take is, just by using that insight at the start of the call. Yes, we need to be worried about, we need to be concerned about its providence.

And we’ll dig into that a lot during this conversation. But that, that for me is just a kind of a huge, huge change. I think, and maybe a bit of a mindset change from people who’ve been working in the call and contact center space for a while, I think it was 2012 when I looked at this data for an organization I was working for and it was like, yeah, it’s not really worth using the mobile number.

Now people are swapping them so much. But not all of our calls come from them, a lot of them are withheld, and, and that really has shifted over the last 10 years to the state where it is a, it is a valid universal identifier almost in, in many interactions. Um, so that for me was a, a big finding.

What is a suspicous call?

Matt Smallman: So just before we delve into the report, the report talks a lot about what we’ve called suspicious calls.

I think that that doesn’t necessarily mean they’re fraudsters, but I think it’s worth just kind of explaining what you mean by suspicious before we look at the findings in a bit more detail.

Abhinav Anand: Yeah, sure. So, suspicious for us is… It’s based on a few factors, on analyzing the call signaling information.

So we look at the call signaling information, we look at a few other factors like, watch lists and, our consortium data, and all of that together give, gives us a risk of protocol. Uh, we use that risk score, highlighted to our customers for the call, and the customers ultimately give us feedback data on whether, you know, the risk score was accurate, how accurate our model was.

Generally, we found, we’re pretty good on, from an ROI perspective, we’re doing quite well there. But yes, from a suspicious perspective, we’re looking at factors within the call, which indicate that the call might be from a fraudster and should be treated differently.

Matt Smallman: And I think, I think that’s an important distinction because what we’re not saying is that fraud happened.

Well, we might be saying that fraud could have happened on each of those calls, but in terms of an event, it wasn’t a point of loss necessarily. And I think that’s really important as we think about the implications on call center security.

How many calls to a call centre are suspicious?

Matt Smallman: And that leads us on to the kind of the big finding from the session. One in 500 calls to a contact center are suspicious. Now. Everyone who joined us today is invariably asking that question, like, um… So how do I figure out which one of those calls is suspicious and what do I do about it? And this is where the report breaks down, um, those calls into, into four buckets. And we’ll, we’ve got a summary slide at the end, but we tried to keep this kind of PowerPoint light today.

So we’ll, we’re going to dig into each of those buckets and we’re going to follow. Really kind of, a quite pragmatic and actionable set of steps that anyone who’s listening to the call today can take to identify and mitigate against some of those. Each is progressively harder and more complex and we’ll explain a little bit about how, how we found them in a bit.

What are the easiest suspicious calls to detect?

Matt Smallman: But I think the first category, And, and this really speaks to kind of just how, how simple it is and easy it is to stop some of these cats. It is the stuff that’s hiding in plain sight, but because it’s not really hiding, it’s what I think you call in your report frequent flyers. So these are callers who call your organization, many times purporting to be many different customers, in order to extract information, in order to find out how your processes work.

Um, do you want to just talk a little bit about those, Abenav and what we, what we could do to mitigate those?

Abhinav Anand: Yeah, sure. Uh, so yeah, frequent flyers are called, um, are fraudsters or suspicious callers who are not really taking a lot of, making a lot of effort to hide themselves. And they normally depend on, poor technology or poor process to get through to the contact center.

So, something at the minimum that a contact center can do is maintain watch lists and maintain good technology and good. Workflows and processes around maintaining watchlists and using those if they can in real time to decide what to do with the call. So, I think at the minimum you’d expect that they can do, um, to protect themselves from these frequent flyers.

Matt Smallman: And no disrespect to Smartnumbers, you don’t need any of Abhinav’s technology to do this, yeah? Like, the number is there sitting in your call logs, in your CRM or wherever the caller ID is stored.

And when you see the same phone number come up against two… Customer claims, then that’s, that’s a little bit suspicious. When the same phone number comes up against four or five of them, then you should really start to be thinking about, is this a genuine call, or is this something more suspicious? Uh, and, and then you have some actions. As, as, as Abhinav said, you, you could build a watch list. You could just have a very, the simplest database lookup of all, like, is the number calling us today in the list of the bad numbers?

And if so, do something different with it. Uh, and, and, 24 percent of all the suspicious calls we found in this study ended up in this bucket. So imagine that, that’s almost a quarter of the risk here is in low hanging fruit. So not a lot of challenge to do something about that. And if you’re not doing that today, not necessarily live in real time, but in post call analytics, then you really are missing a trick.

So I definitely encourage you to look at that right now.

How to detect fraudsters using withheld numbers?

Matt Smallman: The second category is a little bit more challenging though. And these are. These are fraudsters taking that incredibly sophisticated step of withholding their number. Uh, and again, this accounts for about 24%, 25 percent of, of those suspicious callers.

Um, but, the, the finding for me in this study was like… Only about 3 percent of calls to contact centers are in the withheld category. And 58 percent of all suspicious calls exist in this category. Um, so by, even by definition, withheld numbers are, are, are a signal that there is a higher risk associated with this call.

That it is just not a behavior we, we see a lot of legitimate customers do. I don’t know, Abhinav, do you want to add anything to that and potentially how, how to mitigate those, these callers?

Abhinav Anand: Yeah, I think this has been a good one for us generally with our customers because, we, we get access to the witheld numbers and we can actually protect customers from it.

Um, most customers, if their telco is willing, they could actually work with the telco to try and block some of the fraudsters calling from Videl numbers. But I think it’s quite difficult to work with some of the large telcos to do that. Um, and so. It’s difficult to protect yourself from this category unless you have, um, you know, more flexible technology, um, like Smartnumbers or another one, if there’s anyone else there.

Matt Smallman: I always like this analogy, like, the phone company makes sure they always get paid. Yep. They know where the call came from. Um, it’s, there were just some regulations that prevent them from telling the, for, for decent, good privacy reasons that present prevent them from telling the end, terminating, receiving, organization, where that call originated from, when the customer expresses that preference.

However, for legitimate causes like preventing frauds, you have a, you have a right to access that data. You need to negotiate that with your carrier, and, and organizations like Smartnumbers, because of their role in the telephone network, get to see that data, even if you don’t, initially. So, um, the, the data is there.

Uh, and again, this is not particularly sophisticated fraud.. This is just the same person with the same phone claiming to be many different customers and calling a lot. Uh, and by looking at, even looking at patterns in that, even anonymized patterns in that, it’s possible to identify these suspicious callers who are trying to extract information about your customers, who are trying to figure out how your processes work, who are trying to socially engineer your agents.

So that’s the second category. Uh, again, something you can do something about.

How does sharing between organisations prevent fraud?

Matt Smallman: Now, now the third category, um. is, is also really interesting because it kind of, um, in the, in the same way that these callers are keep calling you on the same numbers, those, those act, those bad actors are calling your peers and organizations in other, um, other, other domains, other verticals, and they’re using those same numbers, and I think smart numbers has been able to identify that, um, there’s quite a significant overlap.

I can’t remember the exact number. I’m sure Abhinav is going to remind me, uh. of identified fraudsters in some organizations actually are also identified by others. Just remind me of the exact sat story.

Abhinav Anand: Yeah. So, what we have seen is quite, mind blowing that we, we see that 52 percent of fraudsters that have been identified by one organization has, have actually targeted another organization within a consortium.

And it’s quite, quite staggering, um, and shows you the power of community and how, you know, If an organization within the platform is sharing their insights into the platform, other customers can benefit in real time from it.

Matt Smallman: So just, just to, just to I’m going to put that into English, no disrespect obviously, but the, um, but what that means is that these numbers are not particularly well hidden.

They’re just a set of numbers that you could share with your peers. In many industries there exists fraud sharing communities already where you could share this numbers between your peers. There’s an overhead which comes with the mechanics of actually doing that, but in the same way you would seek to block the same person calling you dozens of times, if you can get that list of numbers off your peers, then you can also do the same for them.

Now, how frequently it’s updated, et cetera, are all issues that are, um, worth talking about. But again, I think in the survey, this was at 17 percent of suspicious calls, um, were kind of seen by one organization, but had already been identified by other organizations as suspicious because of some of these other mechanisms.

How does fraudsters calling behaviour give them away?

Matt Smallman: The final category to, to dig into is, is, is I think a little bit more, um, sophisticated and this like, there is only so much you can tell from the number and looking at that history of it, um, because sometimes a new number appears and you might not know nothing about what it, what it did before.

So it’s not necessarily about on, on that specific call what it’s doing. It’s about the, the history and the behavior of that call over time. Now. It’s possible that you can write some rules about some of these things. So if you see a number for the first time, then that is likely to be more suspicious than a number that’s been calling you many times and is always incorrectly authenticated against the same customer.

But in practice, these Fraudsters evolve their tactics, over time, and can quickly figure out the kind of rules that, um, are preventing them achieving their objectives, so will adapt their tactics, accordingly. Um, but Abhinav, you were trying to tell us about this big chunk. This is about a third of all suspicious calls were identified as a result of the behavior, that you observed rather than any specific kind of known bad numbers.

Do you want to dig into that a little bit more?

Abhinav Anand: Yeah, yeah, definitely. So I think this is the sort of ML AI part of it. So what we’re doing here is we’re looking at the call signaling data, we’re looking at the CLI, we’re looking at the behavior of the call in terms of, you know, how many times the number is called within an hour, within a day, we’re looking at, um, Who, the number range from which the call is coming from, who is it allocated to, when was that number range allocated, who’s the operator behind it.

So we were taking other data sources, merging it into the ML model, and all of that with the feedback data from our customers is what sort of then resulting in the prediction of whether a call is likely to be fraud or not. Um, so it’s. I think there’s two parts to it. One is like looking at all the data, putting it through a model, but the other part is then training the model with actual confirmed or not confirmed fraud to the feedback data from the, from, from, from your actual other systems where you finally the cashout happens.

So when the cashout happens, you need to feedback that data, which helps us, improve the model and improve the, improve the detection in this model.

Matt Smallman: And I think that leads on to the, to another stat I think that came from you, which was, um, that on average a fraudster is making about 26 calls before the frauds are actually committed.

So by looking at some of these signals, whether that just be the, the list of bad numbers or more sophisticated behavior analytics, um, it’s possible to identify these. at risk, risky callers well in advance of the actual point of loss and take corrective action at that point. Whether that’s locking down the accounts that they’re attempting to access, whether that’s denying them service or access at all, whether that’s additional security measures to figure out exactly what it is they’re trying to do and kind of catch them in, catch them in the act, will depend on your unique context.

But getting these early warning signs, is, is a huge, um, huge bonus.

Putting all the categories together

Matt Smallman: Just to summarize that we have a, we have a, we have a graph here that I think kind of brings, brings together what I call the, the steps of this process. So the kind of, if we’ve got a one in 500 calls are suspicious here on the, on the right hand side of our chart, and you look at the steps it would take to kind of identify all of those and take whatever corrective or mitigating action you want.

You can see that about a quarter of all of those are easily identifiable because the same number keeps calling you and the number is available to you in your call logs today. Another quarter of those callers are identifiable because even though their numbers withheld, they’re the same numbers calling you time and time again, and if you can get access to the Carrier’s data in those cases, then you’ll be able to interdict those or mitigate those.

Another 17 percent of that, those steps, is as a result of collaboration with your peers. If you can figure, if you can share the data with your peers, then you can stop another 17 percent of those. And the final, about a third, 34%, is as a result of behavioural analysis. Looking at what the caller is doing over time and during the call in order to figure out Whether they are suspicious and all the other signals that, that Abhinav mentioned.

Um, so. You can read the report in a, in a lot more depth in, in the links that are in both of the chats and that you’ll get on the email, um, after this session concludes. Um, but thank you so much for putting this in the public domain. I think it really kind of sheds a light on, on A, the, the 1 in 500 number.

That, that’s a lot. That’s a lot more than I think most people suspect, but also what you can do about it. There, there are some easy actionable steps that every organization could take today. Now, as we’ll discuss in a minute, I, I think some of that will evolve as we get better.

Is number spoofing a big issue?

Matt Smallman: Uh, and we’re going to move on and, and, and talk about what, what might be happening in the future in, in this field.

And one of the other stats that, that came out of the, the survey was this, the fact that, I’m just going to check my notes. Yeah. Uh, only three in 10, 000 calls to a call center, or the call centers in your, in your sample were spoofed. That is the, the, The, the number being displayed wasn’t actually the originating number.

Uh, and I think when we listen to the popular press, and some of our own experiences as consumers, that seems really, really low. Uh, Abhinav, have you got any thoughts on, on why that, why that is? I have a few, which we’ll come back to, but I’m just interested in yours.

Abhinav Anand: Yeah, sure. Uh, so yeah, I, I think there’s, things happening.

Uh, all the time from a change in technology to change in regulations, which is actually impacting all of this, um, the numbers all the time. Uh, for example, this number is a tenth of… What we saw, last year when there were, there were a lot more, spoofing was a much bigger problem before July 2022, when some regulatory changes came into play where operators stopped, stopped, UK numbers being sent in on international route, but they only stopped landline numbers, for example, they didn’t stop mobile numbers, but there’s again, changes happening in the future, which would help with Stopping mobile numbers being spoofed from internationals.

Spoofing overall, um, you know, it’s getting more sophisticated as barriers are being, as you’d expect, as more and more barriers are being put from a technology and regulatory point of view, it gets more and more sophisticated. And really to detect spoofing, you need some sort of machine learning type analysis behind the scenes to…

Find those really suspicious spoofing calls. But overall, I think the problem is a lot less than what it was a year

Matt Smallman: ago. I think my, my, my counter to that is that there’s also not a huge incentive right now for, for fraudsters to do that. Like a lot of the technical means for spoofing still, still exist.

And there are, there are plenty of holes and plenty of unscrupulous providers, um, out there. But today, um, As we talked about at the start, actually not a lot of organizations are relying on the phone number that they receive to do any form of identification or authentication. So there’s just very little incentive for a fraudster to, to spoof that today.

Now, I think as we, as we evolve our security practices and we start to place Great dependence on the phone number, which is absolutely the right thing to do from a kind of customer experience perspective. I think we definitely will see an increase in attempted spoofing and we will have an absolute need to have anti spoofing detective measures.

How will changes in regulation and technology impact fraud prevention?

Matt Smallman: But, but as we, as we, as we think about that, I know in the US, for example, there’s a, a set of technologies known as StirShaker and, and Ofcom is consulting in the UK as to how that similar set of technologies should be implemented here. And that purports really to, um, using cryptography to authenticate, the source of calls, um, to the receiving party such that they have a degree of confidence that the number is the number it claims to be.

Um, now. Surely that kind of moves from being a probabilistic analysis that you might do with machine learning to a kind of simple, simple, yes, no. Does that, does that put you out of business?

Abhinav Anand: Uh, probably in five, six years, we’ll get to a state where U. S. is now. So if you look at where U. S. is now with Starshaking, U.

S. rolled out Starshaking in June, 2021, and it’s been about two years. And what we’re seeing and what we’re learning from there is that, um, Strategic N has this categorization of how authenticated a call is. Is it A, which is like the strongest authentication level, B, or C? And what’s happened in the U. S.

is most of the scam and spam calls have moved from unsigned calls, which was where there’s no stir shaking, to B and C category, which are sort of lower level of authentication, but allow the scan and spam calls to go through. And so the only real benefit U. S. would have seen, is in those. Type A calls, or our customers and contact centers can see is in those Type A calls, which are about 20 percent in the U.

S. right now. Um, so that’s, we, and we are about in the UK, we are about five years behind the U. S. So I think we’ll see 20 percent of the call more deterministically authenticated. Probably five years from now.

Matt Smallman: Okay. So, so what, what you’re expecting really is that the, the kind of the, the risky pool is gonna shrink a little bit.

Uh, but actually the risky pool, the stuff you need to, to, to worry about is still gonna be quite significant in terms of, spoofing, which is the, kinda the major barrier to using ideas a, using phone number as a, as.

Before we move on, I’d just encourage anyone who’s got any comments or questions to put them in the respective chat features. I don’t see any coming up yet, but I’m sure we’ll have a few in a second for Abhinav and I. The final thing I wanted to touch on, and in fact I wrote in the week, is harking back to that 80 percent of calls coming from mobiles, like Your mobile phone is not a dumb device.

Yeah. It sits there at the, at the end of a incredibly expensive network, as we know, because we’re paying our airtime bills every month. Uh, at the, I don’t think you, can you get a new iPhone for less than a thousand pounds? I’m not sure you can. Um, so, so it’s an incredibly sophisticated piece of technology connected to a very technically, um, mature network.

Yet, um, we don’t get to use any of that data to, authenticate the caller, to make sure that they are who they claim to be. Uh, that strikes me as just… Kind of mad, madness. Um, what, what, what, what, what’s your thoughts on that space and how could we be doing better? It’s 80 percent of calls. Yeah.

Abhinav Anand: Yeah, absolutely.

I think that sort of brings it to light. Doesn’t it? Like 80 percent of the calls you could benefit from some sort of authentication on the mobile side. Now there’s been, I mean, you wrote about this as well, a few days ago, but there’s been technology that the mobile operators are releasing. Uh, Through APIs, which help enterprises, customers, our customers benefit a lot more from the insight from mobile networks of who’s calling them and use it for some sort of fraud detection or identity identification capabilities.

We’ve experimented, we are experimenting with some of those. I think a lot of these capabilities right now are being positioned, the use cases that are being positioned for our digital use cases. So, I think it’s the, you know, as new capability comes to the market, it looks at, well, where’s the biggest market?

Let me target this at those. Let me target everything at those. And I think they’ve gone, um, initially for the digital, space, and But we’re seeing now that some of these capabilities are very applicable to the contact center space and calls coming to the contact center can benefit from these APIs and from this information.

I think the challenge right now is more of a commercial challenge and mobile operators sort of catering to use cases in the contact center space as well. So the data is there, the technology is there. It’s just more about catering for these use cases and the interest in catering for these use cases. So, we’re trying to bridge that gap for our customers, and trying to experiment with them with some of these capabilities, definitely.

Matt Smallman: Yeah, it does remind me of, um, the situation where with some other technologies or almost a decade ago, like the technology’s mature and everyone understands how it works, but we kind of haven’t bridged the gap between kind of the data and it’s the tech, the, the, the raw technology and, and its application in business processes and, and its acceptance by customers, which I think is the the

market’s also pretty fragmented, right? So like there were. Four major carriers or three major carriers in the UK, three in the US, plus a million and one, kind of virtual network operators, pulling all of that together and then figuring out what to do with the small proportion, admittedly, but probably still important to you at 20 percent landlines that are appearing on there or the calls coming from overseas.

Even if you can get the date, like, it’s not, you can’t solve 100 percent of the problem with one contract to one mobile provider. It’s a, it’s an aggregation and analytics, challenge. I, I am really hopeful that we, we can solve it, but, um, and I think that will, will transform, I think, many. Uh, call center security experiences, particularly where the, the value at risk is pretty low.

Like there’s still, there were still risks with the mobile. Yeah, it could be stolen. Uh, it could be compromised. Your, a related party could get access to it. But for, for many use cases where today we’re asking for mother’s maiden name or the fourth and fifth letter of your. 25 digit alphanumeric password.

Uh, it’s a, it’s a great, it’s a great replacement. So I’m pretty hopeful about that, but I always underestimate the timeline taking for this. So you’re saying five years, I’m, I’m probably, it’ll be six to seven or Maybe, maybe longer before we do it, but I think it’s important that, and particularly on, on today, there’ll be some organizations who have use cases today that it might be worth starting the exploration with, and that they will blaze the path for others to follow.

Somebody has to start this and figure out what works from a commercial perspective, from a technical perspective, and importantly, from a customer perspective. So I’m hopeful that, that somebody on this call will be, um, or. We’ll be, we’ll be starting that journey in the near future. So, with that, we’re at 30 minutes or so, and we’re coming to the end of our session.

Question: How do you evaluate the risks of calls coming in from overseas and international sources?

Matt Smallman: I’m just going to do a check for questions on the line right now. And I think the only one I can see is really about spoofing from overseas and how to handle safely overseas numbers. People have call centers perhaps that are dealing with, emergencies and, kind of, not, I was gonna say international rescue, this is not Thunderbirds, but international assistance, services, um, that people might need, in emergencies.

How, how do you cover international calls in your model?

Abhinav Anand: Yeah, so, I think international calls right now by default won’t get flagged as high risk unless we see. Something about them which shows that they might be spoofed or they might be using some sort of a shady route rather than coming through a genuine route.

Um, I think going forward, um, with some of the initiatives that are going in the carrier networks, with the telecom operators. Um, I think spoofing from international networks is going to reduce, initially, and so hopefully it helps us, detect that, um, detect it more easily, when, when, sort of things change again.

But, at this time, um, Only if you, it’ll only get, um, risk scored as high if you’ve got, some sort of a suspicious route that’s been taken by the call. And these genuine calls for assistance or, you know, if someone’s card is blocked and they’re traveling abroad, they, they come through, legitimate routes.

Question: How applicable is this approach to markets outside the UK?

Matt Smallman: Cool. Uh, and just one more has just come into the chat as well. I think we’ve, um, we’ve, we’ve talked a lot about the, the UK in this example, how, how applicable are some of these challenges both to the US market, which I think is where this question came from, but I guess also to, to continental Europe and, where some of our other viewers may be based.

Abhinav Anand: Yeah, I think it’s similar, across, so the data in the report is largely UK driven right now, but it’s, from discussions with other customers and what we’re seeing from a data perspective on some of the customers we’re working in other countries where they’re facing similar challenges. I think that the, the, the challenge will be, the distribution of the calls might be slightly different based on the regulat, regulations that are in place, and the technology that is, in place in different countries.

So where they are with the sip and s rollout, where shaking, um, and, um, you know, what sort of restrictions, is the regulated. Or putting on invalid CLIs or spoofed CLIs. I think all of that, that makes an impact on how we deal with this. In terms of sort of behavior and, you know, fraudsters attacking a call center, that’s pretty much sort of, you can lift and drop it in any country and it just works.

It’s the spoofing aspect and, which, which, which changes based on regulation and technology that’s applicable in the country.

Conclusion

Matt Smallman: Interesting. Interesting. Yeah, it’d be great to see a kind of a 2024 version that includes the kind of the international comparisons. I’m always reminded that, um, fraudsters and fraudster behavior varies quite a lot by culture and country.

So it’d be interesting to see how that changes as you move. And with that, I’d like to thank you very much, Abhinav, for joining us this afternoon. Just to kind of wrap up where we got to today. So. This report’s fascinating. I recommend everyone has a skim read, if not an in depth read. It gives a real snapshot of what’s happening in call centers in the UK today.

And really, we often talk about the fraud iceberg, like the bit that’s under the water of the iceberg. All of those calls that are enabling different bits of the fraud cycle, whether that be reconnaissance or… Preparation or setup for the, for the actual loss event. So it’s a fascinating kind of view on that, but also some quite actionable steps.

Uh, and just to remind you of those kind of four buckets that we talked about, there’s a, there’s a bunch of people who are just using the same number to pretend to be lots of different customers of yours, and to find holes in your security processes and to, to get into your. Get to social engineer agents and to test the data they’ve got.

Uh, and, and they’re an easy win. Yep, you should be able to stop those now or identify those now. There’s a harder set of wins that are associated with the same people, but just doing that really simple thing of withholding their number. Uh, but also most withhold numbers are. More withheld numbers than none withheld numbers are suspicious.

So maybe your security treatment should vary by those. Then there’s also collaboration and sharing with your peers, sharing those lists of numbers of those people that are pretending to be more than one, but doing that quickly enough that you can capture people before they churn and get a new new SIM card or a new device to call you from.

And then finally, a slightly more Or a significantly deeper and more challenging area around analytics and behavior analytics and looking at the behavior of that number, its source of origin, the network it’s coming from, the frequency of calling, and all of those other things to identify those, those frauds, those, um, suspicious calls and identify those callers before they can do any harm, before they can get the information they need from you, or before they can defraud your, your customers and clients.

So I’d like to thank, Abhinav and the team at Smartnumbers for putting this report together. You’ll get a copy of it, uh… In, in the link, in a link in the email when we send that out, probably on Monday or Tuesday next week. Uh, and, I’d just like to ask everyone to look forward to our next session, which is going to be on the 19th of October, where we have, Brett Berenik from Nuance, now Microsoft.

Uh, he’ll be joining us to talk about some of the challenges, and some Perception changes, that I think are necessary in the world of voice biometrics. Uh, so we look forward to that session. I hope to see you there. Uh, thank you very much for your time and contribution this afternoon. Uh, and we will see you all soon.

Thank you.

Abhinav Anand: Thank you, Matt. Thank you very much for having me.