A method and an apparatus for detecting an abnormality of a caller are provided. The method includes at the beginning of a call, acquiring, by a terminal device, real voice/video data of a call object who needs abnormality detection and a corresponding pre-trained multi-stage neural network detection model, during the call, collecting, by the terminal device, call data according to a preset data collection policy, for each call object, inputting the currently collected call data and the real voice/video data of the call object into the model of the call object, and determining whether the call object is abnormal according to a detection result output by the model, in which the call data includes image data and/or voice data, and an identification manner adopted by the model includes face identification, voiceprint identification, limb movement identification, and/or lip language identification. By adopting the disclosure, the abnormality of the caller may be accurately detected, and the voice forgery and the video forgery mimicked by AI during a call may be accurately identified.

One example method of operation may include receiving a call message associated with a call, determining a service provider network identifier based on a telephone number of a call origination device, identifying, from the call message, an identity header with a link to a public certificate repository storing a public certificate assigned to a service provider network hosting the call origination device, retrieving a service provider code assigned to the service provider network from the public certificate, and determining whether the service provider code matches the service provider network identifier as identified from a verification table.

Embodiments described herein provide for a fraud detection engine for detecting various types of fraud at a call center and a fraud importance engine for tailoring the fraud detection operations to relative importance of fraud events. Fraud importance engine determines which fraud events are comparative more important than others. The fraud detection engine comprises machine-learning models that consume contact data and fraud importance information for various anti-fraud processes. The fraud importance engine calculates importance scores for fraud events based on user-customized attributes, such as fraud-type or fraud activity. The fraud importance scores are used in various processes, such as model training, model selection, and selecting weights or hyper-parameters for the ML models, among others. The fraud detection engine uses the importance scores to prioritize fraud alerts for review. The fraud importance engine receives detection feedback, which contacts involved false negatives, where fraud events were undetected but should have been detected.

A method for protecting user data during an audio interaction includes various operations performed by a processing system including at least one processor. In one example, the operations include detecting an audio signal that is part of an interaction between a user and another party, converting the audio signal into a string of text, detecting that the interaction is likely to put sensitive data of the user at risk, based on a comparison of the string of text to a library of interactions that are known to put sensitive data at risk, and sending an alert to notify the user that the interaction is likely to put the sensitive data of the user at risk, wherein the alert is sent to prevent the user from providing the sensitive data to the another party, and wherein the method is performed contemporaneously with an occurrence of the interaction.

A computer-implemented method for proactive fraudster exposure in a customer service center according to content analysis and voice biometrics analysis, is provided herein. The computer-implemented method includes: (i) performing a first type analysis to cluster the call interactions into ranked clusters and storing the ranked clusters in a clusters database; (ii) performing a second type analysis on a predefined amount of the highest ranked clusters, into ranked clusters and storing the ranked clusters; the first type analysis is a content analysis and the second type analysis is a voice biometrics analysis, or vice versa; (iii) retrieving from the ranked clusters, a list of fraudsters; and (iv) transmitting the list of potential fraudsters to an application to display to a user said list of potential fraudsters via a display unit.

Verification of the identities of parties participating in network-based communication, such as telephone communication, including SMS/text communication, email communication and the like is provided. Communication identifiers (IDs) (e.g., telephone numbers, email addresses or the like) are verified as being associated with one or more communication parties and, in response, a verified communication (ID) database is established. The verified communication ID database is relied upon when a user/communication is selecting a communication ID as an address for an impending communication or receiving a communication for determining whether the communication ID is verifiably associated with a known communication party. If the communication ID is determined to be verifiably associated with a known communication party, a visual or audible output may be provided on the user's device or within the communication that indicates that the communication ID is verifiably associated with the known communication party.

There is a growing problem in correctional facility telecommunications systems in which parties on a voice call may connect inmate callers with restricted parties. Prison communication systems monitor calls to prevent such activity, but in Voice over Internet Protocol (VoIP) environments such systems may fail to detect this activity. The present disclosure provides details of a system and method for using SIP messages common in VoIP environments to detect illicit activity initiated by a party on a voice call within a controlled environment. Scenarios are detected in which a called party connects an inmate caller to a restricted party via three-way call conferencing, call forwarding, or other call features. Corrective actions are then taken when such activity is detected, such as call blocking or alerting officials illicit activity is occurring.

Systems and methods for call detail record (CDR) analysis to determine a risk score for a call and identify fraudulent activity and for fraud detection in Interactive Voice Response (IVR) systems. An example method may store information extracted from received calls. Queries of the stored information may be performed to select data using keys, wherein each key relates to one of the received calls, and wherein the queries are parallelized. The selected data may be transformed into feature vectors, wherein each feature vector relates to one of the received calls and includes a velocity feature and at least one of a behavior feature or a reputation feature. A risk score for the call may be generated during the call based on the feature vectors.

Controlled-environment communication systems are increasingly using voice over internet protocol (VoIP) to serve their users. VoIP allows voice to be sent in packetized form, where audio is encoded using one of several codecs. Because of bandwidth constraints, particularly during peak call times, codecs may be used which sacrifice audio quality for bandwidth efficiency. As a result, several features of communication systems, including critical security features. The present disclosure provides details for systems and methods by which a controlled-environment communication system may shift between codecs to perform security-related features or to alleviate bandwidth considerations. This involves the special formatting of control-signaling messages, including session initiation protocol (SIP) and session description protocol (SDP) messaging.

Disclosed is an electronic apparatus. The electronic apparatus includes a communicator comprising communication circuitry, and a processor configured to control the electronic apparatus to, in response to a call request being received through the communicator, transmit CAPTCHA information to an external device that requests the call, and in response to receiving response information about the CAPTCHA information from the external device, identify a counterpart that requests the call based on whether the response information is matched with the CAPTCHA information, and provide information on the identified counterpart.