Gabriele Lieser

CUSTOMER SUCCESS MANAGER

Summary

The list of security breaches and fraud incidents in the telecom industry includes a wide variety of horrors, fraudsters relentlessly test firewalls for cracks and weaknesses. Knowing about attacks before it is too late is incredibly important. This article throws lights on how crucial the factor of time and correct up-to date data is as well as illustrating International Revenue Share Fraud (IRSF) such as IP PBX / PBX hacking and roaming fraud. Especially voice fraud, as one of the top inter-carrier fraud cases, loads huge bills on subscribers and in the end, operators are forced to pay for it. With a monitoring tool for roaming and inter-connection signaling traffic, we are able to automatically detect and alert about actual ongoing threats in real-time.

The experts here at RoamsysNext are very passionate about the telecoms industry and constantly seek ways to improve the working lives of our customers with their expertise, knowledge and the industry’s most up-to-date and extensive roaming data. Working with the GSMA for many years, we have a lot of experience with developing all-in-one and easy-to-use applications and we want to be part of the community that protects you from attacks by fraudsters. Knowing about attacks before it is too late is incredibly important. Our data can help tighten up security to prevent fraud and also help investigate fraud more quickly. With a real-time monitoring tool for roaming and inter-connection signaling traffic, we are able to automatically detect and alert about actual ongoing threats in real-time. If you are able to identify the real destination operator or to find the most up-to-date point of contact, you know your enemies and gain a head start.

RoamsysNext Insights

In RoamsysNext Insights our experts share their views on extensive industry topics and possible solutions we can offer.

The top inter-carrier fraud perpetrated on mobile networks is Voice Fraud, which can be carried out by many different techniques. We would like to introduce you to the main fraud incidents that happen to MNOs on a constant basis and that costs them an immense amount of money. Welcome to the chamber of horrors!

Automatically detect and alert about actual ongoing threats

In general, the term “voice fraud” depicts several schemes that are used by fraudsters to generate illegal or abusive voice calls. Voice fraud loads huge bills on subscribers and in the end, operators are forced to pay for it. Although MNOs are investing continuously in the protection from fraudsters, most efforts concentrate on damage limitation after attacks have already taken place. Any kind of help is welcome; be it by ensuring correct configurations for various network elements, pro-active protection, and/or intelligence sharing and providing additional information for correlation and verification of information to stop current threats or provide evidence for legal teams later.

Suspicious person in hoodie

International Revenue Share Fraud (IRSF)

From a fraudsters point of view, it makes sense to look for the cracks and exploit operators’ weaknesses. Generally, criminals start with making large volumes of calls from the victim network towards International Premium Rate Numbers (IPRN) with high termination rates in a destination network that they control. Subsequently, the victim network must pay the international carriers for the traffic generated by its network towards the destination network. The provider of the IPRN and, therefore, the criminals, receive a good share of the interconnection payment made by the victim network. International Revenue Share Fraud calls often terminate at destinations with low prosecution rates for any kinds of fraud or crimes.

But how do fraudsters gain access in the first place?

IP PBX / PBX hacking

Fraudsters are specially geared to trawl the internet and look for vulnerabilities in an enterprise’s PBX (private branch exchange/phone system). Traditionally, this was through tricking the PBX into routing an inbound call out to the expensive destination through weaknesses in the PBX logic (e.g. dial into voicemail and open an outbound line), however with the onset of VoIP systems, fraudsters can find vulnerable systems more quickly and more cheaply initiate these fraudulent calls. They generate these illegal revenues as long as the connection is open, which is why attacks are often launched at night, in the early hours of the day or over the weekend.

Security Cameras

Roaming fraud

Roaming fraud is a special case where a victim’s handset is used to make exactly these expensive calls. Usually the victim is travelling, and a criminal steals the victim’s mobile phone. This phone is then excessively used until it is suspended/blocked out. In the early days of roaming, the home network had practically no chance of viewing the kinds of traffic its subscribers generated while roaming in a visited network. Back then, roaming CDRs took days, weeks, sometimes even months to arrive at the home network. It was only then that the home network had visibility. Fortunately, those days are gone. In those days of no or low roamer visibility, one of the first attempts to fight fraud was sending out “fraud reports” by the visited networks to the home network, pointing out excessive usage. Back then, calculations took a very long time, and it gave criminals many hours of time for fraudulent activities.

The GSMA Fraud Forum (now Fraud and Security Group) recognized this problem. When the NRTRDE (Near Real Time Roaming Data Exchange) format was developed and standardised, our CTO Hendrik Hoehndorf contributed substantially by leading the GSMA FSS working group which was tasked to define the new standard. This significantly shortened the time for the home network to analyze call data quickly. However, criminals still commit roaming fraud with tampered SIM cards to a large extent and use the minimum time span of 3-4 hours for call records to get back. Luckily, compared to 20 years ago, fraud managers today have practically 100% visibility of roaming traffic as they can feed their FMS with data all available in the home network. Data feeds and call records from the visited network are no longer necessary.

The factor of time and correct up-to date data is crucial

The list of security breaches and fraud incidents in the telecom industry includes a wide range, fraudsters relentlessly test firewalls for cracks and weaknesses. It becomes clear how crucial the factor of time and correct up-to date data is. Verifying numbers has never been more important, both for subscribers and MNOs. In our unique position, as custodians of data for hundreds of networks, we can help any operator at any stage of building defences – we provide the most up-to-date and correct configurations for various network elements to block any unwanted or unauthorized traffic.
Since we are experienced in developing the InfoCentre RAEX Tools application on behalf of the GSMA, our tools are fully compliant and can be most easily implemented. Talk to us, we will listen to you.

Gabriele Lieser joined RoamsysNext in 2020 as Customer Success Manager to strengthen the bonds with our increasing number of customers and to support the marketing team. Gabriele has a strong background in corporate sales. She studied at the Universities of Trier (Germany) and Manitoba (Canada) and is incorporated in the RoamsysNext Client Service team.