Tech,Space,Gaming, and Science Fiction News to wet your whistle
What Call Center Fraud Can Teach Us about Insider Threats
Call centers are often the weakest link in otherwise robust corporate security networks, because of the human dimension. They are staffed by people who make mistakes and are prey to scams and blackmail. Call centers are also vulnerable to malicious employees with an ax to grind or those willing to commit fraud for monetary gain.
Consider this fictional example of call center fraud. A caller contacts a U.S. bank and informs the customer service representative (CSR) that he/she wants to do an electronic funds transfer to pay their child's college tuition bill for a school in France.
The caller says he/she needs to send the money urgently, explaining they tried unsuccessfully a number of times to perform the transaction online, and need help. The CSR asks the caller a battery of security questions to authenticate their identity. Without missing a beat, the caller provides the correct account number, physical address, the last four digits of the social security number on file, etc.
Eager to help 'the long-time customer,' the CSR approves the funds transfer and schedules the transaction for the next business day. Since the caller provided all the correct answers, the CSR has no way of knowing he/she was a fraudster.
Since personally identifiable information (PII) has and continues to be stolen in an endless stream of data breaches, most of the details required to carry these type of attacks are available for purchase on the dark web. However, the fraudster could also be working with a malicious insider who has provided the necessary PII required to compromise the target account.
Three Ways to Reduce Call Center FraudUse the Cloud
Instead of relying on call center employees to handle sensitive personal information, some organizations employ a secure, cloud platform to process payments. Employees can see that transactions are taking place but they have no visibility into sensitive customer data and card numbers.
Increasingly, companies are abandoning crude forms of authentication like passwords which are too easily breached, copied or shared. Instead, they are supplementing knowledge- based questions with advanced authentication methods such as biometrics and one-time passwords. Some banks and credit card companies use one-time passwords to verify the identity of an account holder before a CSR can perform any requested transactions.
Fraud Behavior Analytics
To automate fraud detection, an increasing number of organizations are turning to behavior-based security and fraud analytics. These analytics engines ingest and process enormous amounts of data from disparate systems — and then use machine learning models to pinpoint anomalous activity.
In the call center fraud scenario described above, data from the ticketing system would show that the account password was changed a few days earlier. Meanwhile, data from the core banking solution would identify that the destination foreign account for the funds was recently created. In addition, phone system records would show that the time of day of the (fraud) call is inconsistent with previous calls associated with the account. And finally, data from public records would show that the real account holder is childless.
By correlating data from different information "silos" behavior- based fraud behavior analytics could predict the risk and prevent the funds transfer.
Detecting and preventing call center fraud embodies many of the same challenges associated with fighting insider threats, since the attacker in both cases is authenticated to perform sensitive transactions. As a result, the advanced security measures described above, especially enhanced authentication and security analytics, can be used to predict and prevent fraud and data exfiltration by both insiders and outsiders.
About the author: Saryu Nayyar is CEO of Gurucul, a provider of behavior based security and fraud analytics technology. She is a recognized expert in information security, identity and risk management, and author.
Pre-loaded cartridges of cannabis concentrate are currently among the most popular means of consumption, and for good reason. They're discreet to use and easy to handle, a far cry from the dark days of 2016 when we had to dribble hash oil or load wax into narrow-mouthed vape pens by hand. But, frustratingly, an ever increasing number of oil cartridge manufacturers employ one-off design standards so that their products won't work with those of their competitors, thereby locking customers into proprietary ecosystems.We've already seen this with nicotine vaporizers -- which has a seen a massive rise in "pod systems" in the last few years, each outfitted with a unique canister and battery built to be incompatible with those of their competition. Is it too late for the burgeoning cannabis industry to set a universal standard for their product designs?This unfortunately is not a unique occurence. Companies have long sought to retain customers by ensuring that what they…
By Liam McCabeThis post was done in partnership with Wirecutter. When readers choose to buy Wirecutter's independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here. After six summers of researching, testing, and recommending window air conditioners, we've learned that quiet and affordable ACs make most people the happiest—and we think the LG LW8016ER will fit the bill in most rooms.This 8,000 Btu unit cools as efficiently and effectively as any model with an equal Btu rating, and runs at a lower volume and deeper pitch than others at this price. Little extra features like a fresh-air vent, two-axis fan blades, and a removable drain plug help set it apart, too. The LG LW8016ERis a top choice for an office or den, and some people will find it quiet enough for a bedroom, too.If our main pick is sold out, grab the Frigidaire FFRE0833S1. It's a little bit louder and higher-pitched than our new pick, but it's an …
What is VMware Horizon Virtualization Pack for Skype for Business? As many customers are using Skype for Business as part of their Office365 subscriptions, they are looking to get a rich user experience and at the same time minimize the number of resources that audio or video calling consumes in their VDI or RDSH environments. […]This post VMware Horizon Virtualization Pack for Skype for Business reporting Fallback mode appeared first on vClouds.