INTEGRATION GUIDE AWS Connect Pindrop Integration Guide AMAZON CONNECT PINDROP Users should be familiar with Amazon Connect and Amazon Web Services (AWS) prior to leveraging the Pindrop service. Please refer to the Amazon Connect User Guide and the AWS Lambda Developer Guide for detailed information on both services. Pindrop has created an integration with AWS Connect that enables customers to detect risky behavior on every incoming call. Before integrating, please contact Pindrop for pricing information and access to the service via an API key. ARCHITECTURE Figure 1. Dataflow diagram of Pindrop architecture within Amazon Connect CONFIGURING SERVICE USING THE CLOUD FORMATION TEMPLATE The AWS CloudFormation template for Pindrop service simplifies provisioning and management on AWS. The Pindrop template can be used to easily configure Pindrop Service within Amazon Connect. Two values are required to configure Pindrop service using the CloudFormation template:
1. An API Key to include in the API calls to Pindrop 2. The Pindrop API endpoint Both of these values can be furnished to customers after completing the new customer registration process with Pindrop at https://www.pindrop.com/pindrop-amazonconnect/. CONFIGURING SERVICE MANUALLY STEP 1 - NOTIFY PINDROP OF CALL The Pindrop service requires a notification as soon as the call starts to initiate the fraud analysis process. A notification to Pindrop can be made by invoking an AWS Lambda function via the Contact Flow Editor. Prior to modifying the Contact Flow - create a new AWS Lambda function with a Node.js runtime. The CreateCall.js Lambda function can be found in Appendix A. Within the Lambda UI, the Lambda function role defines the permissions for the CreateCall.js Lambda function. The role should be set according to your own security policies - however, note that the script requires outbound HTTP access. Figure 3. Invoke AWS Lambda function connected to the call entry point Edit the new function with the information found in Figure 4 below. To invoke the proper Lambda function, enter the Amazon Resource Name of the Create Call Lambda function under the Function ARN section. The Call Start function requires two input parameters, an API key (ApiToken) and the destination URL (BaseUrl) for the API requests. Pindrop will provide both of these inputs at the time of integration. Once the function is created, return to the AWS Connect service and drag and drop the Invoke AWS Lambda Function box into the contact flow (Figure 2) and connect it to the Entry point (Figure 3) Figure 2. Invoke AWS Lambda function within the AWS Connect Contact Flow Editor Figure 4. Invoking the Call Start Lambda function pindrop.com 866.245.4045 1
STEP 2 - RETRIEVE RISK SCORE During a caller s interaction with the contact center, Pindrop can assess the risk of the caller via an API request to the Pindrop cloud. The API call to identify risky behavior is typically executed at key transitions, for example, after answering a KBA, or before transferring to speak to an agent. API requests should be made further along in the IVR workflow - allowing Pindrop to analyze as much of the call as possible to provide better risk detection results. During the integration process, Pindrop Solutions Architects can work with your staff to identify the best points within the call flow to initiate the API requests. STEP 3 - OPERATIONALIZING THE RISK SCORE Once the Pindrop service returns the risk score for a caller, the contact flow can be modified to handle the caller based on the risk score, including showing the risk score to an agent via the Amazon Connect Contact Control Panel (CCP). To action off of the risk results, the output from the Lambda function needs to be set as a usable variable within the Contact Flow Editor. Drag and drop the Set contact attributes box into the contact flow and connect it to the Fetch Risk Lambda function (Figure 5). API requests to the Pindrop cloud are made directly from Lambda function calls within the Contact Flow Editor. The FetchRisk.js Lambda function can be found in Appendix B. Similar to the Create Call function in Step 1 - users are required to create the Lambda function, and keep note of the Function ARN to reference within the Contact Flow Editor. The same fields in Figure 4 will be required when invoking the Fetch Risk Lambda function. Connect must be granted the permission to invoke each lambda function. aws lambda add-permission --function-name function:{name of Function} \ --statement-id 1 --principal connect.amazonaws.com --action lambda:invokefunction \ --source-arn {ARN of Amazon Connect} \ --source-account {Account Number} Figure 5. Processing the risk score By default, the Lambda function returns the risk score of a caller into a RiskScore attribute and a flag to indicate a high risk caller (IsHighRisk). Modify the new Set contact attributes to store the results of the RiskScore into a new Destination Key. In our example (Figures 6 & 7), we will store the risk score into a RiskScore variable and the high risk flag into the IsHighRisk variable. Example: aws lambda add-permission --function-name function:callstart \ --statement-id 1 --principal connect.amazonaws.com --action lambda:invokefunction \ --source-arn arn:aws:connect:us-east- 1:123456789012:instance/def1a4fc-ac9d-11e6-b582-06a0be38cccf \ --source-account 123456789012 One must use the Amazon CLI to grant this permission. For more information, see http://docs.aws.amazon.com/ connect/latest/adminguide/connect-lambda-functions. html Figure 6. Setting the RiskScore attribute Drag and drop a second Set contact attributes box into the contact flow and connect it to the previous Set contact attributes (Figure 5) to take action on if a caller is flagged as high risk. Similar to setting the RiskScore attribute, repeat 2 pindrop.com 866.245.4045
the process for IsHighRisk (Figure 7). Figure 7. Setting the IsHighRisk attribute To specifically condition off of the results of the IsHighRisk attribute, drag and drop a Check contact attributes function into the Contact Flow Editor (Figure 5). Modify the Check contact attributes function to check the condition of the IsHighRisk attribute (Figure 8). Note: A high risk caller, by default, is any caller with a risk score greater than 0.50. To configure the risk weights, please reach out to Pindrop to access the API Reference Guide whitepaper. The RiskScore attribute may also be conditioned off of rather than the ishighrisk attribute. ABOUT PINDROP Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction. Pindrop solutions protect some of the biggest banks, insurers, and retailers in the world using patented technology that extracts an unrivaled amount of intelligence from every call encountered. Pindrop solutions help detect fraudsters and authenticate callers, reducing fraud and operational costs, while improving customer experience and protecting brand reputation. Pindrop, a privately held company, headquartered in Atlanta, GA, was founded in 2011 and is venture-backed by Andreessen Horowitz, Citi Ventures, Felicis Ventures, CapitalG, GV, and IVP. For more information, please visit pindrop.com. Copyright 2017 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon s trademarks and trade dress may not be used in connection with any product or service that is not Amazon s, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. Figure 8. Checking if a caller was flagged as High Risk The output of the Check contact attributes function can then be leveraged to route the caller appropriately. In Figure 5 above, our example plays a prompt to the caller if the IsHighRisk result equaled true, and transfers the caller to a queue if the IsHighRisk flag was false. As mentioned above, the IsHighRisk flag as well as the raw RiskScore can be shown to an agent via the Amazon Connect CCP. pindrop.com 866.245.4045 3
APPENDIX A - CALL START Copy and paste the following Node.js code into the Call Start Lambda function. APPENDIX B - FETCH RISK Copy and paste the following Node.js code into the Fetch Risk Lambda function. const util = require( util ); var https = require( https ); exports.handler = (event, context, callback) => { console.log( Fetching risk score, invoked with + util. inspect(event, {showhidden: false, depth: null})); var apitoken = event.details.parameters.apitoken; var contactid = event.details.contactdata.contactid; https.get({ hostname: event.details.parameters.baseurl, path: /v1/interaction/ + contactid + /risk, headers: { Authorization: Bearer + apitoken, function(res) { var responsestr = ; res.on( data, function (chunk) { responsestr = responsestr + chunk; res.on( end, function() { console.log( Got status code + res.statuscode +, body + responsestr); r = JSON.parse(responseStr); callback(undefined, { RiskScore : r.data.risk_score, IsHighRisk : r.data.is_high_risk, RiskReasons : r.data. risk_reasons }).on( error, function(e) { console.log( Got error: + e.message); callback(undefined, { }; const util = require( util ); var https = require( https ); exports.handler = (event, context, callback) => { console.log( Creating call, invoked with + util. inspect(event, {showhidden: false, depth: null})); var apitoken = event.details.parameters.apitoken; var contactid = event.details.contactdata.contactid; var source = event.details.contactdata. CustomerEndpoint.Address; var destination = event.details.contactdata. SystemEndpoint.Address; var now = new Date().toISOString(); var req = https.request({ hostname: event.details.parameters.baseurl, method: PUT, path: /v1/interaction/ + contactid +?event=call_ start., headers: { Authorization: Bearer + apitoken, function(res) { console.log( Got response: + res.statuscode); res.on( data, function (chunk) { console.log( BODY: + chunk); res.on( end, function() { console.log( END ); callback(undefined, { }).on( error, function(e) { console.log( Got error: + e.message); callback(undefined, { req.on( error, function(e) { console.log( problem with request: + e.message); callback(undefined, { req.write(json.stringify({ interaction_id: contactid, source: source, destination: destination, start_utc: now. substring(0, now.length - 1), end_utc: now.substring(0, now.length - 1)})); req.end(); }; 4 pindrop.com 866.245.4045