Below is our client concern along with the example, please let us know how can we handle it.
When intruder, assume me, enter a 10 digit number, assume (0112 123 456) which is not my number. And since it is a 10 digit number, you directly call our APIs and ask customer to select the OTP method as
-
Mobile (07X XXX 1234)
-
Email ( xxxxxxhsara@gmail.com)
-
Voice OTP (0112 123 456)
-
Or call live agent
Since the intruder didnt get the OTP, intruder wants to enter another number.
In that scenario if intruder wants to enter another number, I want to know how our AI bot handle it.
-
Our ai chatbot is giving another session ID(or a sequence id) when I enter another number. Then how are you going to check whether he is a intruder or a legitimate customer ???
-
If you are using the same session ID from your side in every instance when intruder enter another number to identify the intruder as a user at that time, how many times our chatbot allows that illegitimate intruder to enter phone numbers with same session ID before sending that message that you showed us at UAT. (Step validation - Maximum limit retires).
-
Or is there any ai mechanism from your side to stop those attacks.