[asterisk-biz] fraud detection & verification like craigslist

Trixter aka Bret McDanel trixter at 0xdecafbad.com
Tue Jun 16 21:07:49 CDT 2009


On Tue, 2009-06-16 at 20:55 -0400, ContactTel Business wrote:

> Something like maxmind.com does...
> 
>  A simple callback could be easy and deters 99% of fraudsters, no hack wants
> to talk to someone when trying to screw them over.
> 

what we did at a company I worked for pushing mobile commerce was to
create a profile at setup and do voiceprint stuff on the callback.
Granted this was more for banking and they didnt want a stolen phone to
authorize a transfer, but ...   It would read a series of numbers and
you would have to repeat them back, and the voice printing software
would catch someone trying to record/playback the individual numbers.  

Of course for simple verification calling someone back and confirming
they do whatever (enter DTMF or talk to someone or whatever) does not
stop someone from getting a disposable sometimes free VoIP number, or a
prepaid disposable SIM card, answering the call, doing whatever, then
discarding the number after their fraud is done.  So if its for anything
of real value (in the craigslist case its craigslist reputation and thus
visitors, paypal is for banking type stuff ...) you may want to do more
than just a simple callback, since that only verifies they have access
to the phone at that moment in time and could make it difficult to
actually verify who is there.


-- 
Trixter http://www.0xdecafbad.com     Bret McDanel
pgp key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8AE5C721





More information about the asterisk-biz mailing list