<br><div class="gmail_quote">On Sat, Apr 16, 2011 at 12:57 PM, Kamen Petrov <span dir="ltr"><<a href="mailto:kamen.petrov@gmail.com">kamen.petrov@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
While we are on that matter.. I want to hear your opinion guys.<div>Despite it is opensips or something else, the fraud calls are a huge issue now days... especially in the pinless scenarios.<br><div><br></div><div>Here is the problem: the DID provider sends the call in -> the call is authenticated by caller id -> the call is processed</div>
<div>In that scenario the DID provider sends fake caller ID.</div><div><br></div><div>To handle that issue, one of my customers wants to implement this:</div><div><a href="http://www.trustid.com/solutions/" target="_blank">http://www.trustid.com/solutions/</a></div>
<div><br></div><div><a href="http://www.trustid.com/solutions/" target="_blank"></a>Looking trough their demo, this sounds too much like science fiction to me. As far as someone is working with caller IDs all over the world, there is no any good way to determinate if the caller id is real or not. Up to my knowledge, the only really secured way is to receive the incoming calls directly trough PSTN rather than VoIP. </div>
<div><br></div><div>Do you feel like me this company cannot provide what they sell or you have any vision different than mine? Please share your opinion :)<br><font class="Apple-style-span" color="#666666"><i><br></i></font></div>
</div></blockquote><div><br></div><div>I can imagine some ways this may be possible with some fancy SS7 queries, but not entirely sure. Owning the DID and the PSTN connectivity is a decent way to ensure that the BTN and CID match. But even that isn't terribly accurate. The best way is simply to not use any fields that customers can set on their own to identify a client. ANI authentication is a big mistake in my opinion. I certainly understand why people want it, but it's asking for someone to hack it.</div>
<div><br></div><div>For what it's worth it's reasonably obscure. Which is really the only security you've got. Security by means of obscurity is really mediocre at best. </div><div>-Brett</div><div><br></div>
<div>
<br></div><div>-Brett</div><div><br></div></div>