Introduction
Fraud attacks continue to rise and increase in sophistication - and these events cost businesses financially and can severely impact brand and reputation. As more services and transactions expand online, businesses need tools to validate that their users are well-meaning human beings and not malicious bots or fraudsters.
To help make it easier to combat fraud, Vonage has released a Fraud Protection solution on the AWS Marketplace. AWS customers can now subscribe to and use this solution as part of their AWS Cloud bill while still getting access to powerful Fraud Protection APIs provided by Vonage.
The fraud protection solution includes a range of Vonage capabilities providing easy-to-use APIs around omnichannel 2FA tools, global number and "SIM Swap" checking, and communications fraud monitoring, alerting, and blocking and can be augmented by the use of Amazon Rekognition and generative AI capabilities for advanced fraud protection and feedback.
What is the Vonage Fraud Protection Solution?
Vonage's Fraud Protection solution consists of existing Vonage APIs and newer generation Network APIs that Vonage is rolling out in conjunction with our network partners. This includes our Number Insight API that gives you details about a user's telephone number, including network and porting information, and now includes the ability to check for both SIM swapping status and Fraud Score. SIM swap status lets you know if the SIM card assigned to a phone number has recently been installed onto a new device. The Fraud Score is based on metrics about a number's history. For example, has it previously been reported as sending SPAM voice calls or SMS?
Vonage's Verify API is a pre-packaged two-factor authentication API that can send authentication codes across multiple channels, including Silent Authentication which can be used to verify a user's device on the cellular network. Vonage Verify includes automatic failover in case a selected channel is not available. For example, in the case Silent Authentication is selected but the user is roaming on a non-supported cellular carrier —you can fall back to SMS, WhatsApp, or Voice to make sure that your two-factor authentication PIN is delivered to the customer.
We have also made available our Fraud Defender tools so that you can implement real-time monitoring, alerting, and blocking rules to help stop suspicious activity on voice and messaging products that you use. You can also use this with feedback from other AWS tools like Amazon Bedrock to help determine and build rules to refine traffic blocking rules.
If you are already in the AWS space, you can also take advantage of additional AWS products like Amazon Rekognition for biometric and face recognition applications to enhance security further. Not only can you make sure the device belongs to the user, but you can match their biometric information to ensure they are who they say they are.
All of this is backed by outstanding developer documentation to help you integrate these tools directly into your application, whether it is a web application, mobile application, or anything else. As a Vonage customer, you'll get access to the full suite of communication APIs making it easy to add messaging, voice, and video to whatever product you are building.
How It Works
The Vonage Fraud Protection solution is a suite of APIs that a developer can use and implement in their server-side applications or client-side mobile applications and sites. While we encourage you to use all of the layers to provide a breadth of coverage, developers can pick and choose which of the fraud protection tools make the most sense for their situations.
The ability to check and block numbers in real time using Vonage's Fraud Defender tool.
Evaluate the legitimacy of a number based on its history with the Vonage Fraud Score API.
Check for potential identity theft with the Vonage SIM Swap API.
Know that a legitimate request is coming from the user's device with Vonage Silent Authentication powered by Vonage’s Verify API.
Add in any other security features like Amazon Rekognition or voice biometrics with Amazon Connect Voice ID.
Create a feedback loop with historical data, Amazon Bedrock, and the Vonage Fraud Enforcer API.
Vonage CPaaS APIs
Since 2016, Vonage has been a leader in the Communication Platform as a Service (CPaaS) space through its acquisition of Nexmo, which had been providing CPaaS services since 2010. In the intervening years, Vonage has expanded its CPaaS offerings from basic SMS and Voice channels to multiple over-the-top services, "know your customer" services, multi-factor authentication, and more.
Today, Vonage offers the Fraud Defender tool that can be used to set up rules to not only automatically block incoming voice and SMS messages but can be augmented to allow server-side applications to directly check those blocking rules. When a user logs in or signs up, you can check the Fraud Defender rules to see if you already have a hard block against a number, prefix, or entire region:
const resp = await fetch('https://api.nexmo.com/v0.1/fraud-defender/check', {
body: JSON.stringify({
from: data.phone,
to: data.to,
product: 'voice',
}),
headers: {
'Authorization': await this.vonage.credentials.createBasicHeader(),
'Content-Type': 'application/json'
},
method: 'POST'
})
.then(async (resp) => await resp.json())
This provides a quick short-circuit so you no longer have to waste resources attempting to verify a user that you have already blocked or a region that you do not service.
If you have a new customer and they pass the first layer of fraud detection, you can then elect to get a fraud score associated with their telephone number. Vonage uses a variety of resources and historical data to determine if a number has been used in fraud previously, or is exhibiting signs of fraudulent activity.
// Using the Vonage Node SDK
const client = new NumberInsightV2(this.vonage.credentials);
const resp = await client.checkForFraud({
phone: data.phone,
type: 'phone',
insights: [
Insight.FRAUD_SCORE
]
});
This will return a numerical score about the likelihood that a number has been previously used in fraud. This is a great indicator to use in other business rules to determine which further action your application may take, such as more stringent multi-factor authentication or internal alerts about an account.
GSMA Open Gateway via Vonage Network APIs
In February 2024, Vonage announced that we were making available our Vonage Network APIs.
These APIs empower a diverse ecosystem of developers to leverage specific properties of CSP networks, including security APIs, number verification, and SIM swap functionalities. By exposing and providing aggregation to these network capabilities, developers can create innovative use cases, driving value for businesses and fostering innovation. Our network APIs adhere to the CAMARA standards, providing developers with a familiar interface for seamless integration and development.
Vonage simplifies the developer's workload when implementing CAMARA services, and streamlines the process of bridging multiple CSPs simultaneously. With Vonage, you can easily interface with leading providers such as Deutsche Telekom, O2 Telefónica, Vodafone, Orange, and Telefónica, spanning Germany and Spain. Developers no longer have to construct individual systems for each CSP; instead, they can create a unified system that operates seamlessly across all. Furthermore, as new CSPs come online, the reach and capabilities of the platform will expand even further.
By evolving CPaaS into a network platform that also provides network APIs, service providers can capitalize on opportunities to monetize their network investments and empower millions of developers and enterprises to effortlessly create advanced applications and services. Vonage’s Number Verification API facilitates the seamless authentication of mobile devices by leveraging the mobile network, while Vonage’s Silent Authentication offers an additional failover mechanism in case of authentication failure. Vonage offers this supplementary feature as an integrated add-on value to our platform. This solution enhances the verification experience for end-users. Additionally, CAMARA's Number Verification API also enables seamless authentication of mobile devices through the mobile network.
Imagine a scenario where a developer harnesses the power of Vonage's network API to safeguard against SIM swap attacks and fraud. By utilizing the SIM Swap and Number Insight Network API, developers can proactively check for any signs of a SIM swap attack, a notorious form of identity theft. This nefarious scheme typically involves a social engineering ploy, wherein an impostor manipulates a mobile operator into transferring the victim's account to a SIM card under the impostor's control.
Our Number Insight v2 API can be used to assess if a SIM was issued for an account within the last seven days. If true, this could be indicative of a SIM swap attack, though it does not rule out that the user purchased a new device and legitimately swapped their SIM.
// Using the Vonage Node SDK
const client = new NumberInsightV2(this.vonage.credentials);
const resp = await client.checkForFraud({
phone: data.phone,
type: 'phone',
insights: [
Insight.SIM_SWAP
]
});
Vonage has exposed the CAMARA Number Verification API through our Verify API. We can make sure that the device the user is logging in from is the device that is registered to their mobile carrier. If you are using a mobile application, you can force the device to make a network connection via the cellular data connection to verify the SIM against the known registered device.
// Using the Silent Auth Android SDK
import com.vonage.silentauth.VGSilentAuthClient
// instantiate the sdk during app startup
VGSilentAuthClient.initializeSdk(this.applicationContext)
val resp: JSONObject = GSilentAuthClient.getInstance().openWithDataCellular(URL(endpoint), false)
if (resp.optString("error") != "") {
// error
} else {
val status = resp.optInt("http_status")
if (status == 200) {
// 200 OK
} else {
// error
}
}
CAMARA Number Verification and the Verify API can help add additional layers of security through multiple factors of authentication.
AI using Amazon Bedrock
All of the data from the customer interaction can then be stored and used to make decisions in the future. This collective data can then be used to help generate new blocking rules. Since we want to reduce the amount of human effort required to make these decisions, we can feed them into an AI model with the appropriate prompt to decide if a given interaction warrants blocking in the future.
For example, we may have a result from a user login with the following information:
{
"date": "2024-02-01 11:15:22",
"from": <customer number="">,
"to": <vonage virtual="" number="">,
"success": false,
"results": {
{ stage: "enforcerDecision", status: 0 },
{ stage: "simSwap", status: 0 },
{ stage: "mfa", status: -1, retryAttempts: 3 },
}
}
</vonage></customer>
On its own, this may not trigger any additional rules. Just because a user fails to enter their MFA PIN does not necessarily mean that fraud is taking place. If we combine the above with a later result:
{
"date": "2024-02-02 15:10:43",
"from": <customer number="">,
"to": <vonage virtual="" number="">,
"success": false,
"results": {
{ stage: "enforcerDecision", status: 0 },
{ stage: "simSwap", status: -1, message: "SIM recently swapped" },
{ stage: "mfa", status: 0, retryAttempts: 0 },
}
}
</vonage></customer>
Could this be the result of a SIM swap attack? The previous day the user could not log in, but now after a SIM swap, they can log in right away. There is a good chance that the previous day the attacker did not know the PIN was sent via SMS, but after some social engineering, they were successful in getting the SIM swapped to their device, allowing them to impersonate their target and log in.
We can combine related rules that can be fed into Amazon Bedrock to build a prompt that asks Bedrock if a series of events warrants a new block rule, and to generate the JSON needed to create such a rule. The results of that customized prompt can then be used to create a new rule using the Fraud Defender Enforcer API.
All Wrapped in a Single Package
While the Fraud Protection Solution is a suite of Vonage APIs, we have also made it available for developers to use as a Node.js library to provide an interface for determining which rules you would like to use, as well as generate output that would be useable in other systems like Amazon Bedrock.
const client = new fraudProtection({
apiKey: '<vonage api="" key="">',
apiSecret: '<vonage api="" secret="">',
applicationId: '<vonage application="" id="">',
privateKey: '<vonage private="" key="">'
});
client.add(new FraudDefenderDecision());
client.add(new FraudScore({ maxScore: 60 }));
client.add(new SimSwap());
client.add(new TFA({ sendPin: true, from: '18005556666' }));
const existingContext = req.session.context || {};
const data = req.session.data || {phone: '15556661234', to: '18005556666'};
const context = await client.run(data, existingContext);
</vonage></vonage></vonage></vonage>
This library will allow users to define what parts of the Fraud Protection Solution they would like to use, the order, and rules around what constitutes passes and failures. It can even be used to run a user through multiple times with updated information. For example, you may require a two-factor authentication step involving a PIN. On the first attempt, the user would fail as the PIN hasn't been sent, but the PIN can be added later and the failing steps re-run.
Full information about using this library is available on our GitHub.
Get Started
If you want to get started with Vonage's Fraud Protection Solution through AWS today, head on over to our Marketplace Listing for more information, or contact our AWS sales at awssales@vonage.com. Our sales team can help you create the right package for your needs and get you set up to start your billing through AWS.
Initially, this solution will only be available in select markets, so contact our AWS sales department for more information.
Wrap-up
Watch out for more updates as we bring new features to the product in the coming months. Meanwhile, please feel free to check out our product page and blogs as well.
Join me on our Vonage Community Slack or send us a message on X, formerly known as Twitter.
Chris is the Senior PHP Developer Advocate and Server SDK Initiative Lead. He has been programming for more than 15 years across various languages and types of projects from client work all the way up to big-data, large scale systems. He lives in Ohio, spending his time with his family and playing video and TTRPG games.