Authentication of telephone calls which are claimed to be destined to automatic bank transaction processing systems e.g., 'Interactive Voice Response System'
Publication Date: 2013-Aug-13
The IP.com Prior Art Database
In recent past, it is observed that the names of eminent banks, finance companies are fraudulently being used to steal consumer’s personal information. The scammers involved in such type of phishing attacks are making use of SMS and telephone services. At present there is no process to authenticate originator of such calls/SMSs. Also, when we make a call to banks, financial organizations for the purpose of transaction via phone banking, we are asked for personal details (e.g., date of birth, bank account no., CVV no. etc.) for verification purposes. Most of the time we are not sure about whether the details are shared with the genuine party or not. Sometimes, this may lead to misuse of such sensitive data shared with unauthorized party and thus can cause any kind of harm. This can include financial loss, for example.
Page 01 of 2
Authentication of telephone calls which are claimed to be destined to automatic bank transaction processing systems e .g., 'Interactive Voice Response System '
In this article, we are securing the sharing of personal information by authenticating the destination system of a call. With this proposed disclosure, we are providing a method to avoid loss which could have happened because of sharing sensitive personal information with an un-authorized party.
The article aims at using "Two Factor Authentication" process to authenticate such telephone calls which are destined to banking system (e.g., 'Interactive Voice Response System ').
The example solution will consist of
- "RSA Secure ID" server, generating unique number at stipulated intervals. This server will be maintained at bank or with some trusted service provider.
- "RSA token device", given to the bank customer
Whenever there will be a need for a user to make any transaction via phone banking, user will call the number provided by bank. After the call is initiated, the unique number is generated by the "RSA Secure ID" server and this unique number (valid at that moment for that particular call) is shared with the customer. Now, the customers will look for a number displayed on his/her RSA token and proceed with the transaction only if the number generated on the device matches with the unique number mentioned by banking system (e.g., 'Interactive Voice Response System '). Otherwise, the call is a fake call....