Pando

Pindrop Security raises $11M from A16Z and others to help prevent phone fraud

By Michael Carney , written on June 19, 2013

From The News Desk

When it comes to online security, often times the greatest vulnerabilities aren’t technical, but human. Unfortunately, social engineering can be the hardest type of attack to prevent. It was the method behind the catastrophic hacking of Wired reporter Mat Honan, the exploits of the Syrian Electronic Army, and the cyber-espionage by China’s People's Liberation Army.

Three year old startup Pindrop Security has developed solutions to a specific class of these attacks, specifically phone fraud. The company uses proprietary acoustic fingerprinting technology to assist corporations and call centers in authenticating the caller on the other end of the line, and in turn limiting the chance of phone-based social engineering.

Today, the Atlanta-based company announced $11 million in Series A funding led by Andreessen Horowitz and Citi Ventures, with participation from new investors Redpoint Ventures and Felicis Ventures, as well as Pinpoint’s Seed round lead Webb Investment Network. The round brings the company’s total funding to $12 million. Andreessen Horowitz partner Scott Weiss, who was previously a director at Silver Tail Systems and an executive at Ironport, will join the company’s board of directors.

“The anti-fraud category is always attractive because it gets purchase orders,” Weiss says. “Whatever amount of fraud you can prevent goes straight to a company’s bottom line, so it’s easy for them to justify the expense. And once you get in, it’s very difficult to displace you.”

Pindrop is the result of PhD research by co-founders Vijay Balasubramaniyan and Paul Judge who spent their time at Georgia Tech investigating how easy it spoof a call’s provenance. According to the FTC, 29 percent of fraud victims are first contacted by phone. The company uses patent-pending “Phone Fingerprint” technology to analyze 137 signals within a phone call’s audio data to identify the caller’s network, geographic location – down to a region the size of France – and her device type. This information is then translated into a unique fingerprint which can then be matched against past and future calls and which is largely immune to standard masking techniques such as call rerouting. At the same time, these fingerprints can be used to quickly identify legitimate callers.

For obvious reasons, Pindrop has been a big hit in the financial services sector, which Balasubramaniyan called the company’s beachhead. Additional natural industries include healthcare, law enforcement, ecommerce, and other industries in which identity verification is a necessity. One thing that many of these industries have in common, beyond sensitivity of information, is high transaction volumes, which make it far more likely that an intruder can beat a company’s defenses.

Weiss shared that the company has already helped banks identify long-operating but previously undetected fraud rings. Importantly, although Pindrop gets better over time and with more data, the company’s technology works from the word go, detecting over 80 percent of attackers on the first call, according to its CEO. This is a claim that no other competing technology can make.

Pindrop’s’s strategy is to cast its net far and wide across the global enterprise market. According to its CEO, the company will use the latest funding to expand into Canada and Europe and will sell both to corporations and to their call center vendors. The company has grown to nearly 20 people between Atlanta, Philadelphia, and Boston and has plans to expand significantly in the sales and client support areas. New offices are also planned in San Francisco and London.

Fraud protection is a worthy goal, but the use of this technology is sure to raise some eyebrows. At a time when countless leading tech companies are accused of conspiring with the the NSA, FBI, and other governmental bodies, the idea that a company can instantly identify the source of every call gives cause for pause. The good news is that the company is not pinning location down to a specific address or set of longitude and latitude coordinates. But nonetheless, it’s a lot of power for one company to hold.

Despite these concerns, Pindrop is likely to be met with open arms in the financial services and similar industries. There is simply too much money and private data at stake not to use every tool available to combat attackers. Pindrop seems to be a technology at the bleeding edge of phone fraud protection, and has the IP protection to keep it there for some time. At the end of the day, it’s cyber-criminals, not technology competitors, that are likely to give the company’s technology the biggest run for its money. It will be Balasubramaniyan and Judge’s task to stay one step ahead.