I have a question regarding the handling of calls from automated systems. Following scenario:
I am on a website that requires a second level security. So, I want them to send me a voice token to my phone number. This is typically automated, the call comes from a computer, and the computer will not understand ivr prompts. Is there a way to hand the call to a voicemail box as soon as there is a response that is not one of the IVR options?
I am thinking that the IVR picks up the phone and starts with the announcements, but the other side just starts to talk. That would be a pretty good sign that the caller is an automated system and my system would simply hand it to a voicemail box that I set up for just that occasion. Would also possibly handle those pesky cold calls from someone who want to sell me snake oil …
Can that be done?
Unfortunately, many of those systems require you to press a key to hear the code; automating that could be difficult.
Most systems allow you to receive an SMS instead of the voice call. With proper processing of the message, you can copy/paste the code into the login page.
Otherwise, consider using a Call Flow Control to temporarily redirect the incoming call to your extension. You can program a line key or softkey on your phone to toggle the flow control.
Another thought: When such a call fails, look at the caller ID, set up to route calls from that number to your extension and request a new code. After a while, most of these calls will come through on the first try.
I would go this route instead. Identify the Caller ID and set an inbound route to direct it to the relevant extension
Thanks for the tips, but I think they won’t work. Redirecting the call probably won’t work, as the extensions don’t ring as long as the IVR is active, so it is unclear when to redirect the call.
Setting up a new incoming route for every number that could try to send a verification code seems unpractical to me, as 2FA is now quite common, and every time someone sets up a login for some website, it would mean they have to find out what the phone number could be (probably not possible via the website they are trying to set up a login for), and then contact me to set up a specific inbound route for that number, and only then they could continue with their registration procedure.
I am wondering if this could be done with timing. Could I set up system that starts the IVR, announces the options, and then only waits for, say, 5 sec, then hand the call to an extension for that? I see a lot of timeout options in the IVR setup. I’d have to play with that.
Another option might be the “Invalid” options, but I am not sure if this only reacts to those tones created by the phone, or also to voice responses.
In my experience, sites using this type of 2FA offer SMS and/or email as alternative ways to verify. In the rare case that a voice call is mandatory, just let it fail once, then look at the CDR to learn the caller ID.
The only site I remember using with voice 2FA provides a code on the web site, and expects it to be keyed into the phone, as DTMF.
Yes, this can be handled in freepbx. A common approach is to set the IVR with a short timeout or invalid response route that sent the call directly to a dedicated voicemail box for unattended or automated calls.
Thanks. I did set that up, and I think it works, but now I have to wait for one of those calls. Follow-up question: Is it possible to disable the standard responses (“Please leave a message …”), for one mailbox only? I know that I can disable them in Voicemail Admin, but that is a global setting and I’d rather not disable those for all mailboxes.
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.