🦄 Making great presentations more accessible.
This project aims to enhances multilingual accessibility and discoverability while maintaining the integrity of original content. Detailed transcriptions and keyframes preserve the nuances and technical insights that make each session compelling.
Overview
📖 AWS re:Invent 2025 - Seamless Network-based Fraud Protection for FinTech & Digital Business (SEC216)
In this video, Oscar Rodriguez from Vonage presents network-based fraud protection for FinTech and digital businesses. He explains how fraud has become productized with attacks costing just cents to execute, and that 70% of breaches start with social engineering targeting phone numbers. Rodriguez demonstrates the Vonage Protection Suite, including the Verify API with silent authentication, Identity Insights API with SIM swap detection, and branded communication capabilities. A case study shows Lydia neobank reduced authentication times by 50% while eliminating SMS-based attacks. The demo reveals how Identity Insights API provides real-time signals on carrier type, SIM swap timestamps, subscriber match, and location verification in milliseconds, helping prevent the average $4.4 million data breach cost.
; This article is entirely auto-generated while preserving the original presentation content as much as possible. Please note that there may be typos or inaccuracies.
Main Part
The Industrialization of Fraud: Why Traditional Defenses Are No Longer Enough
Good morning everyone. Thank you for joining me as I talk to you about seamless network-based fraud protection in FinTech and digital business. I'm Oscar Rodriguez, Senior Director of Global Partner Solutions at Vonage, and today we're going to look at how the mobile network can help stop fraud before it ever reaches your business. Now FinTech and digital platforms are under constant pressure to balance security with user experience, and attackers are getting faster, cheaper, and more automated. I'll walk you through how network-based intelligence, silent authentication, and branded communication can create a seamless layer of protection that improves trust, strengthens conversions, and lowers cost. So let's jump in.
First of all, let me take a moment to ground us into who Vonage is today as part of Ericsson. We are an end-to-end communications provider that serves more than 100,000 enterprise customers across more than 100 countries. Our platform supports over 1.7 million registered developers and is powered by a global team of over 2,500 employees, including over 900 in product and technology. On the left side you can see the full suite that makes this possible. We combined unified communications, contact center capabilities, and our full range of communication APIs covering voice, video, messaging, and social channels. Then on the right half of the wheel you'll see the next generation of network-powered solutions.
This includes mobile identity tools like Verify with silent authentication and identity insights, Fraud Defender services, and new capabilities for location, network insights, and connectivity experience. Together this creates a complete ecosystem that lets businesses engage, authenticate, and protect their customers using both traditional channels and intelligence from the mobile network. It is a foundation that enables everything we are talking about today, especially the next wave of fraud prevention powered by network APIs.
One of the problems that we're seeing now is that fraud is no longer a manual one-off effort. It has become productized. Entire attack chains are packaged as easy-to-use services that anyone can buy. Criminals no longer need technical skills. They can subscribe to a five-dollar voice cloning SaaS, spin up a drag-and-drop phishing kit with built-in support, or even purchase SIM swap as a service. Now these tools make it simple to launch attacks at a massive scale. The cost to run these attacks has collapsed as well. What used to take time, skill, and resources can now be executed for just cents. AI and automation are doing the heavy lifting, which means more attacks launched faster and by more people. The barrier to entry has never been lower. What once required a sophisticated hacker can now be done by a script kiddy with a credit card. This is why defenses need to evolve. Fraud has become industrial, and our protection strategy has to match that level of scale and automation.
Fraud is exploding across every channel. The average data breach now costs 4.4 million dollars and nearly one in four US adults have experienced some type of account takeover or fraud just last year. Has anybody in the audience experienced any type of account fraud or takeover? Maybe you know somebody that has. You're not alone. Even the most secure of organizations get hit. In fact, in January 2024, the SEC's official Twitter account was hacked. A single fake post about Bitcoin ETF approval sent markets surging before the breach was confirmed. So what does that tell us? If the SEC can be compromised, anyone can. The SEC hack wasn't a technical exploit. It was done through social engineering, and this is the same pattern we see across industries. That's where fraudsters pretend to be customers or employees. They use SIM swaps to take over numbers, phishing for credentials, and spamming users with multi-factor prompts until somebody finally gives in.
All of these attacks start with one weak link. Anybody guess what that weak link is? It's the phone number. Everybody has a mobile device with a phone number attached to it, even a wearable that has a phone number attached to it, and we rely on it for many things.
Let's imagine a contact center scenario where an agent gets a call. The phone number presented in the caller ID matches that of a customer record, and the name provided by the caller also matches that customer record. But in reality, the caller is a hacker or fraudster that took over that SIM an hour ago. Without trust signals that Vonage can provide, the agent might help reset the account or approve a large transfer in a banking scenario, which could drain somebody's life savings, ruining lives and brand reputation.
Every incident like this erodes trust and brand loyalty. Since 70% of breaches start with social engineering, prevention must happen in real time. Next generation fraud protection is now possible because it taps directly into the mobile network. This gives businesses a way to stop fraud before it ever reaches their systems, and it does this without slowing down or inconveniencing legitimate users.
Network-Powered Protection: How Mobile Intelligence Stops Fraud Across the Customer Journey
The mobile network quietly verifies who is on the other end of a phone number. It confirms that the device is real, that the subscriber is authentic, and that nothing suspicious is happening behind the scenes. During account creation, login, or high value actions like large transfers, real customers move through with no extra steps because the checks are happening invisibly in the background.
This same intelligence can block a wide range of threats in real time. Fake accounts, account takeovers, refund abuse, social engineering attempts, phishing and smishing, and even traffic pumping all become detectable because the network can see signals that apps and browsers alone simply cannot. If something looks off, it is flagged before it even becomes fraud. If everything checks out, the user continues without any friction.
This creates a protection layer that sits under your business and your customers. It is always on and always verifying. Customers never notice it, but it is constantly shielding them from account and communications fraud. It reinforces the entire fraud prevention stack while keeping every trusted interaction smooth and seamless.
When you look at the full customer journey, fraud is not isolated to just one stage. It can show up anywhere from the moment the user first signs up to the interactions they have months or even years later. What is powerful about the mobile network intelligence is that it gives you protection at every point without changing the customer experience.
At the very beginning during account creation, the mobile network can confirm that the person actually possesses the phone number that they are using. This happens instantly and invisibly using silent authentication and helps prevent fake or automated account creation without forcing the user through extra verification steps. When the user logs in or performs any sensitive action, the network can silently verify that the device and subscriber match what you would expect. If someone has hijacked an account or is trying to break in, the access can be blocked right away.
During account recovery, which is one of the biggest points of vulnerability.
The network can detect SIM swap activity. Since SIM swaps are often used as a precursor to fraud, catching that signal early protects both the user and the business during the reset process. Even in day-to-day interactions like customer service calls or outbound outreach, the network adds trust. Branded calls and messages ensure that the customer knows the communication is legitimate, which helps eliminate spoofing and impersonation attempts.
Across onboarding, authentication, recovery, and engagement, the mobile network acts as a continuous and invisible shield. It strengthens security at every step while keeping the experience simple and smooth for real customers. The Vonage Protection Suite is our umbrella set of capabilities for mobile identity and fraud prevention, all powered by the intelligence of the mobile network.
The first piece is our Verify API with silent authentication. This is our network-powered two-factor authentication solution. It confirms possession of the phone number directly with the mobile network, which makes it harder to spoof and far more reliable than traditional SMS-based OTPs. Next is our Identity Insights API with SIM swap. This brings network-level intelligence into your fraud and risk models. It gives you real-time signals about the status of the device and subscriber, helping you strengthen decisions around onboarding, login, and high-value actions.
Remember our earlier example where the agent could have approved a large transfer? If he had known that the SIM was swapped, he would have blocked that. Then we have branded communication. This allows businesses to send trusted branded messages and calls that are hard to spoof. It helps customers know that the message or call they are receiving is truly coming from you, the brand, which reduces scams and social engineering attempts.
Identity Insights API in Action: Demo and Real-World Results with Lydia
Together, these solutions form a comprehensive protection layer that helps secure accounts, reduce fraud, and build trust across every customer interaction. Now I'm going to switch over to a quick demo. Let me walk you through this short demo. Notice that for this particular request, we're using our Identity Insights API. The payload in this case includes insights for format, SIM swap, subscriber match, and current and original carrier, all of which are now generally available for all US major carriers through Vonage.
Location verification, subscriber match, roaming, and reachability insights are planned in future releases. As you can see, current carrier gives us the type of line. In this case, it's a mobile line. We're using this UK number, and being a mobile line means that we can get additional insights on that phone number from the network. Next is format. The format insight tells us the country the number belongs to, including the country code and regional time zones, and of course, country-specific formatting as well. As an example, in North America we use parentheses around the area code.
Next, we have original carrier. If the original carrier differs from the current carrier, you can derive that the number was ported. If it was ported and you combine that with a SIM swap signal, that can be a clue that there might be some type of account takeover. SIM swap not only tells us if the SIM was swapped, but it also gives us a timestamp of when it was swapped last. You can actually include a parameter in the request indicating a period that you want to check. So if you wanted to check the last hour up to the last 100 days to see if a SIM was swapped within that period of time.
For subscriber match, you basically provide us any information that you have on this particular user and phone number. So if you have their name, for example, a date of birth, and even an address, we'll go ahead and check that with the mobile network records.
and provide you with a match on that. In this case, you can see that the first name and last name match exactly. The date of birth had a partial match. Location verification allows us to check if the device associated with the phone number is within a certain radius of a location, such as where a transaction or a login attempt is expected to take place. Roaming will return true or false depending on whether the user is roaming and also return which country the user is roaming in. Reachability will determine if the device is connected to the network through SMS or a data channel.
That was a very simple demo of our Identity Insights API. It's a quick API that takes milliseconds to execute, but it could really save what I say is $4.4 million, the average data breach cost, for an API call that costs just cents. Let me finish with a real world example of silent authentication at scale. Lydia is one of Europe's fastest growing neobanks, serving more than 8 million users. They were looking for a way to strengthen security without slowing anyone down, so they moved to Vonage Verify and silent authentication.
The impact was immediate. Authentication times dropped by 50%, giving users a faster and smoother login experience. When silent authentication is used, they also eliminated SMS-based social engineering attacks entirely because silent authentication removes the need for one-time codes that can be intercepted or phished. On top of that, they were able to lower their total cost of ownership compared to their previous solution, since silent authentication reduces reliance on SMS while improving conversion rates. This is a great example of how network-powered authentication can protect users, improve performance, and optimize cost all at the same time.
That has been my presentation. Thank you for your time. If you want to book a meeting with me, scan the QR code, connect with me on LinkedIn, or reach me out on the show floor. Thank you very much, everyone.
; This article is entirely auto-generated using Amazon Bedrock.
Top comments (0)