Gabriele Lieser



Voice fraud is known as one of the top inter-carrier fraud cases, and in order to expose them, time and reliable data is crucial. Interconnect Bypass, SIM Box fraud, Refiling, False Answer Supervision (FAS) cause a lot of problems, and prevention is key to make sure that legitimate traffic is not obstructed. Wouldn’t it be nice if there was an innovative application able to deal with fraud issues and security threats in a fraction of time? Stay tuned!

Telecom fraud not only affects MNOs and their residential and commercial subscribers, it impacts everyone in the industry. Especially voice fraud burdens subscribers with huge bills and, at the end of the day, operators have to pay for it.
In our previous blog, we introduced you to International Revenue Share Fraud (IRSF), IP PBX/ PBX hacking and roaming fraud. Especially with roaming fraud, the GSMA found ways to improve the situation remarkably. When the NRTRDE (Near Real Time Roaming Data Exchange) format was developed and standardized, our CTO Hendrik Hoehndorf contributed substantially by leading the GSMA FSS working group which was tasked to define the new standard. While NRTRDE certainly proved to be very beneficial, it still gives fraudsters a few hours’ window to act undetected. And this is an unsatisfactory situation for all fraud managers. This means there is still a lot of work to do, and fortunately, a lot of innovation is going on. Stay curious for our insights regarding newest developments in this field.

RoamsysNext Insights

In RoamsysNext Insights our experts share their views on extensive industry topics and possible solutions we can offer.

Let us first take a look at more dangerous fraud incidents that happen to MNOs on a constant basis. These schemes are used to generate illegal or abusive voice calls such as Interconnect Bypass, SIM Box fraud, Refiling and False Answer Supervision (FAS). How is it still possible that fraudsters cost the industry such an immense amount of money? Follow us around the “chamber of horrors”, and also see, what we can do to make lives easier.

Interconnect Bypass

With interconnect bypass fraud, the criminal exploits the difference between high international interconnect rates and low retail prices for on-net and off-net calls. As soon as a call travels through various networks before it reaches the end user, a portion of the per minute fee is paid by the operator to each of the networks that the call is passing through. Bypass techniques are designed to take advantage of this differentiation in routes and prices, and in some cases fraudulently pretend the call is delivered to the end-point. Interconnect Bypass Fraud accounts for 4.27 billion USD of revenue losses worldwide (CFCA 2017 survey). Interconnect bypass schemes include SIM Box fraud and Refiling, so let’s have a closer look at this.

Bypass Road

SIM Box fraud

Criminals exploit a local tariff of on-net to on-net calls by acquiring SIM cards in a country and using these in SIM Boxes to terminate calls to subscribers of the network from international routes, usually by advertising a low-cost route into that country on international interconnects. Thus, fraudsters only pay the subscription fee and the local tariff (usually free minutes are included with a SIM) and stand to make large profits. This is mostly seen in countries with high international termination and low tariff packages that bundle free calls. The criminal usually has access to large volumes of SIM cards from an operator through connections with an agent of the operator.

Telecom fraud impacts everyone in the industry!


Refiling, A-party Refiling, A-Party Caller Spoofing and other terms describe the method where carriers, such as transit carriers or clearinghouses who are entitled to terminate traffic to an operator, falsify the CLIs (Calling Line Identity) of calls to a network. They profit from terminating international traffic that masquerades as national traffic or as international traffic with a lower rate from particular sources. Detecting and protecting against this fraud requires careful monitoring of inbound calls, and, most specifically the route taken to arrive onto the network.

Security Camera

False Answer Supervision (FAS)

Another irritating fraud scheme that is particularly difficult to detect, especially because in many cases this is only applied to a small percentage of traffic. False Answer Supervision means that the call is actually answered but this is not indicated back to the caller, thus driving up the minutes and cost of the call. Two variants of this fraud occur: the answer signal is already returned when the ringing starts and not when the customer answers, or the signal is rerouted to a recorded message that starts with a ringing tone and a message or background noise that triggers the caller to stay on the line as long as possible. Increased length of a call increases costs.

Deal with it in a fraction of time

The list of fraud incidents is long, and as usual, it exposes the crucial factor of time and reliable data. Verifying numbers has never been more important, both for subscribers and MNOs. A lot of work would already be done if correct configurations for various network elements were ensured as well as pro-active protection. Already today, our tools simplify tremendously the initial and ongoing correct configuration of every roaming relevant network element, helping you to block any unwanted or unauthorized traffic with very little effort.

As the shortage in human resources calls for an easy-to-use application to increase efficiency, transparency, and optimize resource management, we continuously optimize our applications to serve you even better. In addition, we are increasingly keeping an eye on upgrading security aspects. That’s how you can leave analysts/ investigators with the most relevant cases to review. Since we are experienced in developing the InfoCentre RAEX Tools application on behalf of the GSMA, our tools are fully compliant and can be most easily implemented and aligned to your specific requirements. Talk to us, we will listen to you

Gabriele Lieser joined RoamsysNext in 2020 as Customer Success Manager to strengthen the bonds with our increasing number of customers and to support the marketing team. Gabriele has a strong background in corporate sales. She studied at the Universities of Trier (Germany) and Manitoba (Canada) and is incorporated in the RoamsysNext Client Service team.

We’re in this together

In the second part of our interview with Alexandre De Oliveira, POST Luxembourg Cyberforce, he highlights major pain points in fraud detection and stresses the importance of global information sharing via the GSMA T-ISAC initiative.

Mastering today’s Fraud Landscape

Learn how Alexandre De Oliveira’s team at POST Luxembourg Cyberforce is mastering today’s fraud landscape with penetration tests, security assessments, the Telecom Intrusion Detection System (TIDS) and the Telecom Security Scanner (TSS).

How to avoid configuration errors

Hardening the network is a good way to get configuration errors under control. Introducing smart firewall rules and consistently updating these rules can be very time-consuming, but it’s a crucial measure to be taken.

  • RoamsysNext Insights 9: Interview with Hendrik Hoehndorf

Making a Stand against Fraud

In an insightful interview, our CTO, Hendrik Hoehndorf, speaks about further GSMA initiatives on fraud detection and prevention such as the MISP (Malware Information Sharing Platform) and T-ISAC (Telecommunication Information Sharing and Analysis Centre).

  • RoamsysNext Insights

Let’s talk about data quality

Most fraud and security issues are caused by misconfigured network nodes. This article shows, how RoamsysNext treats this problem on their quest for data quality.