Beruflich Dokumente
Kultur Dokumente
www.purgefraud.com
TELECOM FRAUD INTRODUCTION, TYPES, & SOLUTIONS
In recent years, there has been a substantial Within the telecommunications industry,
rise in the development of ubiquitous fraud is an ever-increasing and most prolific
cellular network technologies, with many of threat. Telecom fraud has become more
these new developments helping to fuel a pervasive and sophisticated as additional
revolution in the telecommunication means of communication have been
industry. Unfortunately, however, this introduced, while the implementation of
phenomenal growth has brought with it, an these modern forms of communication has
increase in variety and complexity of promised greater revenue. Within the
fraudulent activities on mobile networks. telecommunication industry, the
Interconnect Bypass Fraud and exponentially growing issue of fraud has
International Revenue Sharing Fraud become an encumbrance for network
(IRSF) are considered the most relentless operators. It has created severe international
and threatening frauds today and both problems for GSM and PSTN service
continue to challenge telecom operators and providers and its annual impact has been
cause gigantic revenue losses per annum. observed to be billions of US dollars.
2|Page
TELECOM FRAUD INTRODUCTION, TYPES, & SOLUTIONS
3|Page
TELECOM FRAUD INTRODUCTION, TYPES, & SOLUTIONS
lowest national calling rates. For this reason, the terminating party. For on-net termination
contemporary bypass equipment such as of calls, the revenue loss per call is directly
GSM gateway SIM boxes are employed to related to the difference between the
examine the terminating party numbers and international interconnect termination fee
re-initiate calls only from those connections and the retail price of the on-net call.
which fit in the home operators network as
4|Page
TELECOM FRAUD INTRODUCTION, TYPES & SOLUTIONS
distant locations. The function of the SIM Ways Telecom pirates Attempt to
box is to make and terminate calls. Avoid Detection
any IP-PSTN Gateway or Digital gateway. CLI Deletion is another type of telecom
Working of Hardware fraud in which telecom pirates remove the
CLI of the incoming call. In this way, the
The SIM Box operator usually bypasses the telephone number of the originating party
call routing by buying large numbers of will not be shown on the Caller ID Box.
Subscriber Identity Module (SIM) cards; Accordingly, the immediate affected parties
then installing these into ordinary hardware are: the operators, end users, and regulators.
to link to the cellular network, hence making
Emulating Traffic Stats and Usage
it function like a SIM box. At the next step, Patterns (Rotating of SIMs)
the fraudulent service provider routes a call
by means of VoIP to the GSM SIM box in Today, telecom pirates use human
the recipient region so that the delivered call behavioral software tools and traffic
can be terminated as local. As a patterns, which allow the SIM box operator
consequence, the original carrier operators to emulate the behavior of network
are deprived of their right to receive call subscribers. On the basis of this, they can
termination charges. determine which calls are coming from real
subscribers and which are coming from test
6|Page
TELECOM FRAUD INTRODUCTION, TYPES & SOLUTIONS
call generation systems. Telecom pirates use rotated between calls. By doing this, the
new technological innovations like SIM traffic volume, which is dependent on any
servers to have control of SIM boxes sitting one SIM card, is abridged to the extent
anywhere around the world. To avoid where it falls off the usage pattern analysis
detection, they tend to virtualize SIM cards radar.
so that SIMs can be assigned to modems and
Called Number
Calling Number + 971 12 543 7865
(USA) Cellular
1-602-218-5011 Legal Route Network
Dialed International
IP Gateway Calling Number
Cloud/SS7 (Local Number)
+971 89 4135559
International
IP Gateway MSC
IP
1-602-218-5011 0092-1-602-2185
Telecom pirates
Network
Telecom pirates can change their SIM box In this scenario, the telecom pirate clones
operator destination in places where their (copying the identity of one mobile to the
SIM cards can influence multiple cell sites. other) an existing SIM card. Commercially
Another method telecom pirates utilize is the available software is used to clone SIMs,
delivery of artificial SMS messages or the IMSIs (International Mobile Subscriber
acceptance of a few incoming calls. For this Identity), and IMEIs (International Mobile
reason, moving vehicles can be used to Equipment Identity) associated with the
make their broadband connections. mobile subscriber network type, number,
and mobile handset. They may use physical
means to clone SIM cards with the help of a
5|Page
TELECOM FRAUD INTRODUCTION, TYPES & SOLUTIONS
PC and a card reader. In this manner, the outgoing calls and retrieving voice mail
subscribers receive a frequent number of messages, while incoming calls constantly
wrong calls, experience difficulty in placing receive busy signals or increased billings.
Dialed International
IP Gateway No received
Cloud/SS7 CLI
International
Gateway MSC
IP IP
1-602-218-5011 No Caller ID
6|Page
TELECOM FRAUD INTRODUCTION, TYPES & SOLUTIONS
share' service numbers while capitalizing on utilizing them to call international revenue
the roaming ability of SIM cards. It often share (IRS) numbers either in roaming or
requires 24 to 36 hours for those call records international areas. Again, the call records
to return to the home network. will reach the home network in 24 to 36
hours, leaving ample time for telecom
Thus, the telecom pirates are given the pirates to make as many calls as possible,
opportunity to dial as many IRSF numbers thus maximizing monetary gains.
as they can before the home network
becomes aware of the traffic and initiates Free Conference Call Services
termination of the SIM card. An
Today, telecom pirates implement access
International Revenue Sharing Fraud
stimulation (also known as traffic pumping)
scenario is provided below.
in order to intensify traffic by illegal means.
Types This occurs when a local carrier with a high
access charge comes into an agreement with
Premium Rate Traffic Stuffing
another service providing company
Premium Rate Number Service Fraud occurs delivering high volume operations, such as
when fraudulent telephone calls are placed free conference calls, etc. This stimulates
to phone numbers with premium rates massive call traffic into the local carriers
(higher than normal national call rates). This service provider area. As in the agreement,
fraud takes place when the organized groups the local carrier must share a portion of its
or companies coordinate with the content increased access revenue with the free
service provider in sending inflated volumes conference call service provider. Again, the
of traffic to the aforementioned premium terminating party or free service provider
numbers. Normal subscribers can also fall will be deprived of its access fee share due
prey to premium rate fraud unknowingly. In to this additional traffic generation.
this case, they require certain content, which Actual Pay-per-Call Fraudulent
is extracted from premium rate number Services
content providers. However, in several
cases, the content provider may belong to In this fraudulent service, normal
the same group to which telecom pirates are, subscribers become victim unsuspectingly.
thus generating a greater number of calls to Sometimes they may want to get
those illegitimate content premium number information on different services offered by
services. These numbers are deliberately the service providers like entertainment,
available and for this reason encourages the weather, business, etc. In this way, the
international premium number aggregators fraudulent service providers pervert the
to hire persons to bring larger call traffic. services offered by them. The perpetrators
ploy customers into dialing pay-per-call
SIM Chip Theft and Call Generation services by following directions to expose a
personal activation code (PAC), which
Telecom pirates can commit IRSF fraud by
essentially links them to a pay-per-call line.
procuring SIMs from stolen phones and
6|Page
TELECOM FRAUD INTRODUCTION, TYPES & SOLUTIONS
Therefore, they are forced to pay for this represents the working flow of IRSF.
unintentionally. The following diagram
Telecom pirates acquire pirated GSM SIM chips to create a false valid customer
With the help of pirated IDs, a telecom pirate from country 'A' illegally obtains subscription in
country 'B'
Telecom pirates acquire these SIM cards in country B for roaming services.
With the aid of these subscriptions, calls are made to PRNs in country 'C'.
Home Public Line Mobile Network (PLMN) charges customer for making PRNs calls which are actually
generated by the fraud committers.
In country 'C', fixed line operator charges visited PLMN as connecting cost.
In country 'C', IRS provider company generates revenue from premium rate numbers.
Revenues are then collected by the fraud committers and the networks are left with unpaid invoices
and settlement of roaming charges.
Ways telecom pirates Use to Avoid to avoid the new obstacles that come in their
Detection way. For example, the introduction of the
smart phone has allowed them to avoid
With every introduction of new technology, detection from fraud management systems.
the telecom pirates are equipping themselves
7|Page
TELECOM FRAUD INTRODUCTION, TYPES & SOLUTIONS
6|Page
TELECOM FRAUD INTRODUCTION, TYPES & SOLUTIONS
With the identification of SIM Box fraud Base Controller Unit to execute
recognition, test call generation has proven automated calls
to be an effective method for pinpointing Customer Data Record (CDR) report
grey routes and fraudulent numbers. The importer, detailing the type of fraud
primary goal in generating test calls is to for reported numbers to the
identify grey calls in a specific network corresponding operator CDRs
where found in excess. Calls are then Supporting algorithms for generation
initiated to those numbers from various of different CDR formats according
countries; by means of different interconnect to operator CDRs.
voice routes worldwide. With this Integrated system for the evaluation
procedure, the grey routes origination and of CDR independently.
the paths followed to reach the SIM Boxes Global Presence
in the home country are realized.
Test Call Systems exist globally, which keep
TCG is a probabilistic method in which the check on the billing records of the
number of fraudulent SIM Boxes identified subscribers service usage within the
increases as more calls using more routes operational network. These services are
are generated. The routes identified with a entirely programmed and under the
higher volume of SIM Box terminations are regulation of the groups who corroborate the
then further communicated to operators for billing process and measure the quality of
action. This technique has been successful; service. Although these methods are
however, telecom pirates have discovered relatively new to network operators, an
new ways to elude detection. understanding of these methods is the key to
managing revenue assurance.
7|Page
TELECOM FRAUD INTRODUCTION, TYPES & SOLUTIONS
blacklisting those numbers that are coming customer call data is recorded on to a local
from test call generation systems. hard disk drive at the end of the call, which
contains various fields stored in a text file
B. CDR Analysis and Analytics
format. This information is analyzed further
Whats Involved using pattern analyzers and the essential data
is loaded into the fraud detection framework
Call detail records take account of necessary of the operator for required action.
information relating to the important
characteristics of each call. CDRs are used C. Hardware Probes Installed in the
to identify fraudulent activity through Networks and Related Services Such
extensive analysis while performing as DPI
analytics on fraud indicators by comparing With the rapid transition of the telecom
different fields of the CDR such as time,
industry towards more data consumption
duration, mobile originating and terminating and IP services, telecom pirates have
numbers and country codes, call type, IMEI, switched their vehicles of action and are
IMSI, LAC-CID (Location Area Code- now looking for opportunities towards IP
Calling Line Identity), account age and data related fraud. Tethering is the illegal
customer segment. In SIM box detection, the connection of multiple devices using a
Fraud Management System (FMS) uses single internet access point. This negatively
CDRs to create user-based profiling that affects operator planning and causes
distinguish between fraudulent SIMs overloads by forcing operators to expend
installed in SIM boxes and legitimate
more on the service. One of the dominant
subscriber SIMs. methods for detecting IP based fraud is to
The current systems of fraud identification use unconventional data sources such as
include extensive CDR analysis by Deep Packet Inspection (DPI). Instead of
comparing the function field relating to the analyzing headers or volumes of traffic, DPI
corresponding application. With differential analyzes the contents of data traffic and
analysis, user behavior patterns are network protocols from layer 2 to layer 7 of
examined by comparing the most recent the OSI model and identifies abnormal
activities to the historic activities of the user. activity. In the case of illegal mobile access,
As a result if there are anomalies in the user abusers try to invade restrictions and deprive
calling pattern, the activity is then estimated operators from charging premium rates for
and timely reports are generated. This bundled data services. With the help of DPI
ensures that the billing and subscriber we can eliminate the abuse of proxy servers
records are reconciled. that mask the users original IP address. This
will encourage operators to make deals with
Hardware and Software Needed over the top (OTT) services providers to
boost data consumption.
Hardware components and software is
essentially required for CDR analysis. All
8|Page
TELECOM FRAUD INTRODUCTION, TYPES & SOLUTIONS
VI. Who Benefits from Fraud delivered services via legally allocated
Detection and Elimination? routes.
Safety
Consumer insights are the mainstream
Consumers will feel secure moving around reflection of any service provider business.
their desired networks. In this way, Customers rather associate such fraudulent
consumers will experience legal calls with activities with the service operator brand.
no interference of eavesdroppers, denial of Therefore, unnecessary billings and the
service (DoS) attackers, caller ID theft, or absence of desired services can affect
SIM cloning through authorized GSM branding and image maintenance. Not just
gateways during short and long distance call the present service but other services or
services. products may be affected as well. However,
the quicker the fraud is detected, the more
B. Operators likely the desired services can be provided
to the consumer.
Revenue Generation
Quality of Calls
By underpinning the detection and
elimination techniques, revenue can be The number of incoming calls made by
recovered effectively. The different perpetrators is often greater than the number
techniques involved would make sure that of outgoing calls. The network may become
the mobile operators bandwidth resources congested due to a large number of calls
are not being used fraudulently, thus being sent using VoIP routes. As a
enabling subscribers to fully utilize the consequence, the call failure rate increases
9|Page
TELECOM FRAUD INTRODUCTION, TYPES & SOLUTIONS
and thus overall quality of calls degrades. mobile network in becoming vulnerable to
By effectively recognizing and eliminating fraudulent activities. A well-structured
these grey routes, poor quality calls can be detection and elimination system will allow
mitigated and the quality of calls can be regulators to manage revenue effectively
restored by re-routing these calls using without compromise in regards to customer
original GSM gateways. protection. In this way, better detection will
help mobile financial services recover
Improved Relationship Management
revenues from committed frauds.
To gain a competitive advantage, detection
Proper Fees and Taxation Compliance
of abusive activities is necessary. The
operators, who have a comparatively better With the implementation of a fraud
understanding of detection techniques, have detection and management system, the non-
the edge in improving customer relations. In taxpayers who are deceiving the policies
fact, such carriers have effective solutions, enforced by the regulators can be identified.
which enable them to respond as quickly as Therefore, revenues can be incurred by
possible. This will focus them towards regularly peer reviewing compliance
future marketing and sales campaigns. The statements, thereby mitigating fraud.
operators can improve relationship
Conclusion
management, reduce customer churn, and
more efficiently acquire and retain It is evident that the volume and versatility
customers through improved service quality. of new network technologies have created
C. Governments (Regulators and many opportunities for telecom pirates and
Ministries) in order to combat the telecom pirates.
Telecom operators must stay one step ahead.
Safety Support There is an immense need to boost research
awareness, and devise prudent fraud
If a system is plagued with a specific and
management systems to detect such frauds,
persistent type of fraud, regulators or
which impose irreplaceable harm to the
stakeholders (ministers) will be hesitant to
telecom industry.
invest due to a fear of loss. Implementing
fraud detection and elimination techniques
better enable stakeholders to incur the
required investments in network financial
services.
Revenue Management
10 | P a g e
TELECOM FRAUD INTRODUCTION, TYPES & SOLUTIONS
CONTACT DETAILS:
Dubai, UAE
#402, Alfa Building,
Knowledge Village
P.O. Box: 500759 Dubai, UAE
Tel: +971-4-375-1313
Fax: +971-4-420-5416
Islamabad, Pakistan
#104, 1st Floor, Green Trust Tower,
Blue Area. Islamabad.
Postal Code: 44000-Pakistan
Tel: +92-51-2813081-86
Fax: +92-51-281-3085
11 | P a g e