AWS Partner Network (APN) Blog

Vonage Fraud Protection for Defense in Depth through Telecom APIs as a Service on AWS

By Chris Tankersley, Staff Developer Advocate – Vonage
By Marcel van der Vliet, Senior Solutions Architect – AWS

Vonage part of Ericsson

In the competitive landscape of today’s digital economy, businesses are laser-focused on delivering exceptional products and services. Developers and product owners are creating new, innovative solutions and are mindful of the resources that they do have, ensuring that the product they deliver is paramount. Every application has functionality to take care of outside their core product, including how to detect and handle fraud. Fraud is growing rapidly. Threat actors have become smarter, and target vulnerable e-commerce businesses, with new, fraudulent schemes that inflict more financial and reputational harm than ever before. Mastercard estimates online payment fraud could exceed a staggering $343 billion by 2027.

Even with cybersecurity as a top priority, businesses struggle to keep up with the evolving fraud landscape. This is because traditional fraud solutions, while comprehensive, can have a critical blind spot: the telecom network, which fraudsters leverage to carry out cyberattacks.

It is simple to spot a stolen compromised API key, but what if a threat actor gains access through customer service channels? Or worse, hijacks a mobile account to bypass one-time passwords? These are the new frontiers of fraud, and they are catching companies off-guard.

In this blog, we’ll discuss how Vonage’s Fraud Protection Solution (VFPS) helps companies protect themselves and their customers against this type of fraud.

Business needs and opportunities

A key tenet of a good security solution is Defense in Depth (DiD). As malicious actors continually innovate to disrupt the financial space, businesses must also evolve their defenses. Basic security scanning and compromise detection are just one layer of the defense strategy. Organizations need additional layers to truly safeguard their data, finances, and customers.

However, implementing comprehensive security is cumbersome and resource intensive, distracting business from their core objectives. Businesses lack access to specialized security services within the telecom domain. Exposing these services through standard APIs eliminates undifferentiated heavy lifting, and allows developers to integrate additional levels of security into their applications.

Solution overview

To help combat fraud, VFPS allows companies to add security layers to their applications. The solution includes a range of capabilities available through straightforward APIs, like:

You can further enhance your security posture by using AWS services, and implement more advanced fraud protection, like:

Integrating Vonage and AWS

Figure 1: Integrating Vonage APIs and additional security features with AWS

The VFPS communications APIs and network APIs offer modular security layers that let customers choose which layers to implement first, and expand protection over time by adding more features.

At the base level, VFPS includes Vonage’s Number Insight API, which provides details on a user’s telephone number, including network and porting information. It now includes the ability to assess the risk associated with a phone number using SIM swapping status and Fraud Score. By checking a phone number against Vonage’s Fraud Score API, customers discover the likeliness of the number’s involvement in fraud. Backend services generate a score on a scale from 0 to 100. The higher the score, the more likely it has been involved in fraud.

A common type of identity theft in the telecom domain is performed through SIM swapping. Here, a threat actor convinces a mobile provider’s customer service agent to port the telephone number of the victim to a new SIM card. Once a number has been moved to a new SIM, the threat actor can gain access to one-time passwords that are sent through text or voice to the mobile device. Vonage’s SIM Swap API alerts if the SIM card assigned to a phone number has recently been installed on a new device. Businesses can then take appropriate actions before sending a one-time password.

Vonage’s Verify API offers a pre-packaged solution for multi-factor authentication (MFA), which sends authentication codes through various channels, including Silent Authentication.

Silent Authentication proves a user’s identity by checking information from their SIM against their carrier’s records to verify that their phone number is active and genuine. When Silent Authentication is selected, but the user is roaming on a non-supported cellular carrier, it can then fall back to use SMS, WhatsApp, Voice, or email to make sure that a customer can receive a two-factor authentication PIN code.

“Due to the increased threat of fraud within gaming communities, it has become necessary to quickly and simply authenticate true customers for selective, legitimate participation in games. Vonage’s two-factor authentication protects customers from fraud, builds trust, and increases customer loyalty.”

– Krafton, Inc.

Vonage also has a suite of real-time monitoring, alerting, and blocking tools through its Fraud Defender Decision API. As threats are identified, you can block numbers to help prevent suspicious activity on voice and messaging products. Number information is augmented with data from Vonage, helping customers immediately update their rule base.

The Vonage API

VFPS is a suite of APIs that a developer can use and implement in server-side and/or client-side applications. While it is encouraged to use all of the API features to provide broad coverage, developers can choose which of the fraud protection features make the most sense for each situation.

When a developer signs up for VFPS, they gain access to the Vonage Communications Platform as a Service (CPaaS) APIs through a Vonage account. They then use Vonage’s existing SDKs and developer documentation to integrate the APIs into their applications. The SDKs and tools help develop new applications and seamlessly integrate with existing applications.

When a user interacts with an application, such as during new account creation, the backend application sends a series of API requests to Vonage to determine what actions to take. The backend application determines if there are existing rules to outright block the attempt, and if not, check for fraud scores. Prior to sending an MFA request, the application determines if the SIM card has been swapped, indicating potential identity theft.

These functions can be accessed through Vonage’s SDKs or through HTTP calls to Vonage’s REST APIs.

“Vonage documentation is highly detailed and it was very easy to quickly integrate the Vonage APIs into our platform and ensure that user identities are verified, secure and safe. Vonage has helped to reduce fraudulent activity by 67% by Q4 2020, and we have seen a drastic reduction in the number of user tickets since implementing the Verify and SMS APIs.”

– Ketan Mujumdar, Director of Engineering, Carousell

Enhanced fraud protection with AWS Services

As VFPS is a series of APIs, information retrieved through these APIs can be stored in the customer’s AWS account. Additional features can then be built leveraging this data.

For example, the failure output from a new client that failed multiple MFA attempts can be fed into an Amazon Simple Storage Service (Amazon S3) bucket in the customer’s AWS Account. S3 bucket events can then trigger an AWS Step Functions workflow to take the further actions, e.g. by using AWS Lambda Functions.

Another example is the use of Artificial Intelligence (AI) to help build real-time rules to block threat actors. Using a service like Amazon Bedrock, you can combine related rules together with the collective data of a variety of transactions. By feeding an AI large language model (LLM) with the appropriate prompt, a decision is made if a given interaction warrants blocking in the future. The model can then be used to generate new blocking rules automatically. This reduces the amount of human effort required to make these decisions and update configuration files. For example, when a customer provides a phone number that results in a high fraud score, Amazon Bedrock can help craft a rule in JSON format for use with the Fraud Defender API so that number doesn’t reach your application in the future. Read this blog to learn more.

What about biometric fraud attempts? Onfido’s 2024 Identity Fraud Report shows that there was a 31-fold increase in the number of deepfake exploits in 2023 compared to 2022. As an AWS customer, you can integrate additional layers to your security suite through AWS services like Amazon Rekognition. Amazon Rekognition includes face liveness tests to help combat biometric fraud attempts, verifying that the device belongs to the user with biometric information matching.

Get Started

To get started, please visit the Vonage Fraud Protection Solution listing in AWS Marketplace. The Vonage team offers a demo at no additional cost and consultation to select the right fraud defense package for your use case. Let us work together to safeguard your customer’s assets and uphold a strong brand reputation. Visit the Vonage and AWS solution page for more information.

Vonage – AWS Partner Spotlight

Vonage is an Amazon Web Services (AWS) Advanced Tier ISV Partner specializing in Artificial Intelligence (AI) and Machine Learning (ML). Vonage helps businesses accelerate digital transformation. The Vonage Communications Platform allows for integration of communications APIs into products, workflows and systems. Vonage is fully programmable unified communications, contact center and conversational commerce applications are built to empower companies to create meaningful engagements.

Contact Vonage | Partner Overview | AWS Marketplace