Speaker: Daniel Clement @ AWS Community Day Hong Kong 2025
Summary by Amazon Nova
https://www.youtube.com/watch?v=5hEG4VFo8dc
Recent Trends and Challenges
Increase in Online Transactions
Rising reliance on phones for transactions in regions like West Africa, China, and Hong Kong
Estimated annual online transactions to reach one trillion by 2027
Rise in Payment Scams
1.5 billion dollars lost to fraud as of 2023
47% of fraud involves transactions (online, physical, voice)
Industry Responses
Implementation of anti-fraud systems
Enhanced two-factor authentications
Behavioral analytical checks
Risk engines to track patterns
Limitations of Pattern-Based Protection
Provides only a certain level of protection
Need for more comprehensive security measures
Tokenization and Detokenization
Encrypting requests to secure transactions
Decrypting upon receipt to ensure secure delivery
Current practice in many financial companies
Fraud Detection and Prevention Challenges
Security Intelligence Gaps
Telecom industries struggle to keep up with new fraud attacks
Constant emergence of new backdoors in security systems
Balancing Security and User Experience
Challenge of securing systems while ensuring legitimate traffic is not blocked
Concern about how to maintain security without hindering customer experience
Monitoring and Detection Limitations
Traditional allow/deny rules are insufficient against modern threats
New attacks often bypass rule-based systems
AWS Tools for Enhanced Identification
- Utilization of AWS tools to identify and mitigate new threats
Traditional vs. Modern Security Methods
Traditional Methods
Allow or deny rules
Two-step authentication
Network VLANs with set IP addresses
Limitations of Traditional Methods
Ineffective against advanced AI and machine learning-driven attacks
Create more loopholes in the system
Evolution of Deceptive Vectors
Modern Attack Techniques
Focus on voice-based scams
Social engineering to deceive users into transactions they didn’t initiate
Need for AI and Machine Learning
Addressing the worry and need for advanced solutions
Solution to counteract contemporary fraud methods
Historic Flaws with Contemporary Delivery Methods
SS7 Protocol
Used in 2G, 3G, and 4G networks
Designed to prevent interception of communication
Signaling System No. 7 (SS7) is a globally recognized set of telecommunication protocols that provides the signaling and control for most of the world's public switched telephone network (PSTN) calls. It uses a separate, dedicated network to exchange the control information needed to set up, manage, and release voice calls and enable advanced services like SMS and caller ID.
SS7 was designed in the 1970s and 1980s as a closed
This lack of security makes it vulnerable to exploits, allowing malicious actors with access to an SS7 network to:
Track Location: Pinpoint a user's location anywhere in the world by querying location databases.
Intercept Communications: Eavesdrop on calls and read SMS messages, including sensitive information like two-factor authentication (2FA) codes for online banking and other services.
Facilitate Fraud: Reroute calls, perform SIM swap attacks, or conduct other fraudulent activities.
Launch Denial of Service (DoS) Attacks: Overload signaling channels, causing network disruptions.
4G and 5G networks primarily use the more secure Diameter protocol for signaling, SS7 is still widely used to support global roaming, interconnect with legacy 2G/3G networks, and deliver SMS messages.
Ongoing Threats
Despite the buildup of 4G and 5G, 2G and 3G networks are still in use
Hackers exploit SS7 protocol flaws to intercept communications
Continuous threat due to the reliance on older network technologies in some regions
Benefits of Using AI in Telecom Security
AI as an Enabler
Trains machines to detect deceptive conversations
Identifies "scammy" language in conversations
Differentiates between legitimate and fraudulent interactions
Continuous Learning
AI adapts to new attacks with new solutions
Ensures up-to-date protection against evolving threats
Economic Implications
Prevents revenue leakage and company bankruptcy
Maintains customer trust as a valuable asset
Ensures secure systems to retain customer confidence and investment
Solution Overview
Integration with Existing Systems
Addresses both cloud-based and on-premises legacy systems
Minimizes latency for 5G-based technologies
Ensures compatibility with older network technologies
Flow of the Solution
[ 1 ] Call Initiation
Calls made via radio waves, satellites, or IP addresses
[ 2 ] Routing
Calls routed to towers
[ 3 ] Conversion
Calls converted at a media converter before translation into the secure environment
Suspicious Voice Detection
Transcriber captures suspicious voices during calls
Custom Keyword Check:
Keywords like "give me your pin" or "we need your bank details" are flagged
Ensures secure handling of sensitive information within conversations
Detailed Solution Workflow
Preloaded Keywords
System is preloaded with keywords indicative of potential fraud (e.g., "give me your pin")
These keywords are the first point of call for identifying suspicious conversations
AWS Comprehend
Analyzes the tone, haste, and sentiment of the conversation
Identifies scammy language and unusual conversational patterns
AWS SageMaker
Utilizes custom models for partial, real-time model training
During a phone call, the system identifies suspicious patterns and sends a fraud alert to the user
Users can choose to end the call if fraud is detected
Event Bridge and Lambda Functions
Event Bridge signifies custom fraud logic
Lambda functions handle different detection scenarios (neutral, non-neutral, fraudulent)
Triggers user notifications based on detection outcomes
Retraining Bucket
Conversations not initially checked are saved in an S3 bucket for retraining
Enables unsupervised learning, allowing the system to learn from past conversations
System Visibility and Compliance
Artifacts for compliance
CloudWatch for log monitoring
GuardDuty for identifying model behavior changes and security injections
AWS Crawler for static analysis of configurations (automatically scans and discovers data in various sources like Amazon S3, DynamoDB, and relational databases to populate the central AWS Glue Data Catalog)
AWS Config for key management
Managing Personally Identifiable Information (PII)
Data Sensitivity and Encryption
Ensures data remains secure, either on the telecom side or within the cloud
Full cloud implementation available, with options for telecom users to choose their preferred method
Demo and Implementation Details
Simple demonstration showing ongoing conversations and identification of suspicious patterns
Real-time fraud detection and user alerts
Recorded Conversations
Demonstration includes various voice recordings
Distinction between non-phishing and phishing voice recordings
Terraform for Deployment
Utilization of Terraform for infrastructure deployment
Sample code provided for Lambda function deployment
Lambda Function
SNS topic triggered by events
Keywords for detection: "to reset your PIN", "confirm your account", "last four digits", "confirm your account number"
Suspicious margin set at 0.5; 0.85 indicates fraud
Mitigation Framework
Policy as Code with AI
Importance of defining policy as code, incorporating AI
AI assists in understanding and updating complex code beyond human capability
Structured Code Deployment
Treat code deployment as peer review with a proper structure
Attach security risk implementations and unit tests
Ensure protection through continuous model behavioral monitoring with AWS GuardDuty
Natural Language Processing (NLP)
Addition of NLP to identify patterns and sentiments in telecommunications and radio waves
Enhance detection of fraudulent, neutral, or safe communications
Global Fraud Prevention
Real-Time Risk Management
Focus on preventing fraud in real-time on a global scale
Ensure secure systems through continuous monitoring and adaptation
Conclusion
- Emphasis on proactive fraud prevention rather than reactive measures
Team:
Top comments (0)