Upload
xintec
View
1.361
Download
0
Embed Size (px)
Citation preview
Bring IRSF under control
International Revenue Share Fraud has increased 497% since 2013.
It is now the number 1 fraud threat to Telcos worldwide.Let us help you fix the problem!
“Total fraud losses this year = $38
Billion”
International Revenue Share Fraud = $10.7
Billion”
“IRSF increase since 2013 = 497%”
“IRSF is now the top industry threat”
The Facts
IRSF is the most harmful fraud in the industry. It is enabled by international roaming and a combination of other fraud types. IRSF is hard to detect without the right tools.
This is where a hacked PBX is used to inflate traffic to high-cost premium rate numbers.
Utilises Outgoing Trunks for IRSF
calls
HOME OPERATOR
(Business Customer)
PREMIUM RATESERVICE PROVIDER
Fraudsters rewarded by PRS
provider for increased traffic
Fraudsters illegally obtain access to customers PBX
Traffic is then “pumped” to PRS numbers by fraudsters
х DISA (Direct Inward Service Access)
х Insecure Voicemailх Insecure Maintenance portsх Automated Attendantх Call divert
Severity of PBX Fraud is only limited by the number of outgoing trunks. Points of compromise can include:
How IRSF works – Using PBX/IP-PBX as an enabler
How PBX Fraud is so destructive to a Telcoo Telco typically has little control over security of a customers PBX if not managed
by the Telco – e.g. Voicemail o If a customer does suffer a significant IRSF attack, there will be a dispute over
paymento Customer has an expectation that their carrier will identify a significant change in
calling patternso Usually IRSF through a compromised PBX will occur at night and over weekends
when PBX congestion will not be noticedo Hackers have the sophisticated tools to bypass thiso Only one area of compromise has to be identified by Fraudsters to access
outgoing trunkso Customer will arrive at work after weekend and find they have suffered a
significant IRSF attacko Imagine the completely different customer experience if they are contacted by
their network provider and alerted to calls to IRSF test numbers resulting in an IRSF attack being prevented
o This can be achieved by utilising the IPR Test Number Database used by FraudStrike to monitor all outward PBX calling
o Automated notifications will ensure potential attacks can be actioned 24x7o This will reduce PBX Fraud losses, become a service differentiator, enhance
customer satisfaction and avoid potential brand impact if an IRSF attack was successful
This is where SIM cards are used when roaming to inflate traffic to high-cost premium rate numbers.
VISITED OPERATOR
(VPMN)
HOME OPERATOR
(HPMN)
PREMIUM RATESERVICE PROVIDER
Fraudsters rewarded by PRS
provider for increased traffic
Fraudsters illegally obtain SIM cards and ship them to a roaming network
Traffic is then “pumped” to PRS numbers by fraudsters
х Subscription fraudх Roaming fraudх Wangiri fraudх PBX hacking
Types of FraudIRSF is usually enabled by one or more of these frauds:
How IRSF works – Using Mobile device as an enabler
Reduced losses by implementing FraudStrike
WithFraudStrike
WithoutFraudStrike
After 48 hours
After30 min
€2,000 lost
€500,000 lost
Reduced losses by implementing FraudStrike
WithFraudStrike
WithoutFraudStrike
1000 mins
of calls
2 numbers called were known by
FraudStrike
5 NRTRDE files sent
250,000mins
of calls
12 numbers called were known by
FraudStrike
125 NRTRDE files sent
Reduced losses by implementing FraudStrike
FraudStrike immediately alerts the HPMN when a number matches in the
hotlist. HOME OPERATOR
(HPMN)
Visited Called numbers (B-numbers) checked against database for
matches
With FraudStrike, the losses are prevented before they escalate by checking the NRTRDE records in real time against the database
Output / Actions
FraudStrike alerts the HPMN immediately by e-
mail or SMS when a number matches in the
hotlist
HPMN investigates subscriber profile
HPMN blocks SIM (not destination range) if
necessary, to prevent IRSF
The above can be a managed service from XINTEC, for full automation.
The IntelligenceFraudStrike is a combination of clever detection methods, when used together can prevent and even predict International Revenue Share Fraud (IRSF).
1 2
3
4
5Unrivalled IRSF
Domain Knowledge
Hotlist Database of over 250,000 test-call numbers
Overlapping Calls Detection High Usage
Detection
Associative Detection (shared call patterns)
The Intelligence
Overlapping Calls Detection
FraudStrike will automatically detect overlapping calls and associate them with the subscriber case containing the database match. The user of the system can immediately see the link between an overlapping calls alert and an IRS test call alert in the same case, to enhance the certainty of detecting a fraudulent event.
1
The Intelligence
High Usage Detection
FraudStrike will automatically detect high usage activity and link this with the subscriber case containing other alerts for that subscriber. The user of the system can see the link between a High Usage alert with an alert as a result of a database match and/or overlapping call to enhance the certainty of a fraudulent event.
2
The Intelligence
Hotlist Database of over 250,000 test-call numbers
A unique database of IRS test call numbers that for the first time allows IRSF attacks to be detected before or during the early stages of an attack.
3
The Intelligence
Associative Detection (shared call patterns)
FraudStrike applies associative detection techniques to identify the other potential “actors” in a fraud event. For example, if the system sees a database match on prefix range (+4412345) it will search for other subscribers making calls to the same prefix (+4412345) and notify the analyst, via email, of these other suspicious IMSIs.
4
The Intelligence
Unrivalled IRSFDomain Knowledge
Providing strategic and operational advice to the telco industry for over 25 years, our team of experts offers deep domain knowledge with respect to the prevention and detection of IRSF worldwide.
5
Contact Us
HEADQUARTERS:XINTEC, Textile House, 5 Johnson’s Place, South King Street, Dublin 2, Ireland
+353 (0)1 2930260
Let’s stay in touch