Auraya Blog

How Voice Biometrics Can Help Mitigate the Risks of Vishing

Angelo Gajo | July 8, 2021  | 4 minutes


During the pandemic, there has been a significant increase in scam calls. One example of a scam call is when a victim receives a call from a person pretending to be from the taxation office. This scam call could involve the fraudster asking the victim for personal information and demanding that they pay overdue taxes. Unfortunately, too many unsuspecting people fall for this trap and have their personal information stolen and used for fraudulent purposes, which can result in monetary losses and identity theft. This type of activity is called Voice Phishing, or Vishing for short.

Fraudsters that use vishing attacks usually mask their Caller ID to make it seem official as they leave voice messages demanding the victim to provide personal information. These fraudsters record the call to save any information the victim has said. The recording can also be used in a form of a playback attack where the fraudster assumes the identity of its victim by playing back the audio of the victim stating their personal information.

This method can be effective against insecure systems as it can thwart security questions asked by unsuspecting call center agents or even insecure automated IVR bots. Fraudsters can simply playback the corrected recorded audio when they are asked for specific information that the victim would only know. However, with voice biometrics, organizations can mitigate the risks of vishing and recorded playback attacks.

With Auraya’s EVA voice biometric technology, organizations can screen every call and flag any suspicious or known fraudsters. Random phrase challenges can also be utilized to defend against recorded playback attacks as fraudsters would then be required to say an utterance that they most likely would not have a recording of. This could involve the agent or the IVR bot asking the person to say a set of random digits. EVA can then determine whether the correct digits were said in the right order and using the right voice. This multi-step security helps bolster the organization’s security system against possible recorded playback attacks. This also helps mitigate the risk and reduce the rate of vishing attacks as fraudsters will need more than just the victim’s personal information and a recording of their voice.

Organizations can deploy EVA today as part of their security solution to help improve privacy and security and offer a more delightful user experience. EVA can be deployed on digital or telephony solutions such as on the Amazon Connect cloud contact center or even as a part of a 2-Factor authentication on chat, messaging apps, or browsers using identity access management platforms such as Auth0, Okta, or Ping Identity.


sign up to our mailing list