I'm looking for some ideas for current Attendant designers and/or platform admins for how robocalls can best be blocked.  The goal is to prevent AI systems from attempting to make multiple calls into an IVR, so as to enter multiple iterations of member ID/SSN/DOB, etc and prevent it from making a hit and getting user-identifiable information.  As of now, we're looking to see what can be accomplished in the platform by using Attendant/Handler logic.  We'd prefer to not use a 3rd party solution at this time, unless it's determined to be the only way to accomplish getting to the end state.

I welcome all suggestions - Thanks!



#ArchitectureandDesign
#Handlers
#Routing(ACD/IVR)
#SystemAdministration

------------------------------
Barry Farrington
PureConnect Administrator
Long Term Care Partners, LLC
------------------------------

Before implementing any protective changes, it would be critical to understand the profile of "good" calls coming into the system and utilizing a self-service IVR.

How often would it be expected to receive a call from the same phone number?
How many calls are expected to utilize this system on an average day?
How many times is a caller allowed to retry to provide authentication information?

There are problem many other questions that could be asked to help narrow down the criteria to help differentiate a valid call from a malicious call.

Once you clearly understand what a good call looks like, you can begin to build rules to help weed out bad calls. Perhaps multiple simultaneous calls from the same phone number would not be allowed. Or perhaps a flag or block could be set on an account after a certain number of access attempts that would redirect to an agent for assistance. Perhaps calls from certain locations (country codes, for example) would be blocked or allowed. The difficult part is that you don't want to hinder valid callers from accessing the information they need to.

Adding 2-factor authentication is always a good idea (perhaps a code sent to the phone number of record on the caller's account or to the registered email address).

------------------------------
David Currier
cpi.solutions
------------------------------

Original Message:
Sent: 05-15-2020 14:05
From: Barry Farrington
Subject: Security Check Ideas for Attendant IVR Apps

I'm looking for some ideas for current Attendant designers and/or platform admins for how robocalls can best be blocked.  The goal is to prevent AI systems from attempting to make multiple calls into an IVR, so as to enter multiple iterations of member ID/SSN/DOB, etc and prevent it from making a hit and getting user-identifiable information.  As of now, we're looking to see what can be accomplished in the platform by using Attendant/Handler logic.  We'd prefer to not use a 3rd party solution at this time, unless it's determined to be the only way to accomplish getting to the end state.

I welcome all suggestions - Thanks!



#ArchitectureandDesign
#Handlers
#Routing(ACD/IVR)
#SystemAdministration

------------------------------
Barry Farrington
PureConnect Administrator
Long Term Care Partners, LLC
------------------------------