Bring IRSF under control

International Revenue Share Fraud has increased 497% since 2013.

It is now the number 1 fraud threat to Telcos worldwide.Let us help you fix the problem!

“Total fraud losses this year = $38

Billion”

International Revenue Share Fraud = $10.7

Billion”

“IRSF increase since 2013 = 497%”

“IRSF is now the top industry threat”

The Facts

IRSF is the most harmful fraud in the industry. It is enabled by international roaming and a combination of other fraud types. IRSF is hard to detect without the right tools.

This is where a hacked PBX is used to inflate traffic to high-cost premium rate numbers.

Utilises Outgoing Trunks for IRSF

calls

HOME OPERATOR

(Business Customer)

PREMIUM RATESERVICE PROVIDER

Fraudsters rewarded by PRS

provider for increased traffic

Fraudsters illegally obtain access to customers PBX

Traffic is then “pumped” to PRS numbers by fraudsters

х DISA (Direct Inward Service Access)

х Insecure Voicemailх Insecure Maintenance portsх Automated Attendantх Call divert

Severity of PBX Fraud is only limited by the number of outgoing trunks. Points of compromise can include:

How IRSF works – Using PBX/IP-PBX as an enabler

How PBX Fraud is so destructive to a Telcoo Telco typically has little control over security of a customers PBX if not managed

by the Telco – e.g. Voicemail o If a customer does suffer a significant IRSF attack, there will be a dispute over

paymento Customer has an expectation that their carrier will identify a significant change in

calling patternso Usually IRSF through a compromised PBX will occur at night and over weekends

when PBX congestion will not be noticedo Hackers have the sophisticated tools to bypass thiso Only one area of compromise has to be identified by Fraudsters to access

outgoing trunkso Customer will arrive at work after weekend and find they have suffered a

significant IRSF attacko Imagine the completely different customer experience if they are contacted by

their network provider and alerted to calls to IRSF test numbers resulting in an IRSF attack being prevented

o This can be achieved by utilising the IPR Test Number Database used by FraudStrike to monitor all outward PBX calling

o Automated notifications will ensure potential attacks can be actioned 24x7o This will reduce PBX Fraud losses, become a service differentiator, enhance

customer satisfaction and avoid potential brand impact if an IRSF attack was successful

This is where SIM cards are used when roaming to inflate traffic to high-cost premium rate numbers.

VISITED OPERATOR

(VPMN)

HOME OPERATOR

(HPMN)

PREMIUM RATESERVICE PROVIDER

Fraudsters rewarded by PRS

provider for increased traffic

Fraudsters illegally obtain SIM cards and ship them to a roaming network

Traffic is then “pumped” to PRS numbers by fraudsters

х Subscription fraudх Roaming fraudх Wangiri fraudх PBX hacking

Types of FraudIRSF is usually enabled by one or more of these frauds:

How IRSF works – Using Mobile device as an enabler

Reduced losses by implementing FraudStrike

WithFraudStrike

WithoutFraudStrike

After 48 hours

After30 min

€2,000 lost

€500,000 lost

Reduced losses by implementing FraudStrike

WithFraudStrike

WithoutFraudStrike

1000 mins

of calls

2 numbers called were known by

FraudStrike

5 NRTRDE files sent

250,000mins

of calls

12 numbers called were known by

FraudStrike

125 NRTRDE files sent

Reduced losses by implementing FraudStrike

FraudStrike immediately alerts the HPMN when a number matches in the

hotlist. HOME OPERATOR

(HPMN)

Visited Called numbers (B-numbers) checked against database for

matches

With FraudStrike, the losses are prevented before they escalate by checking the NRTRDE records in real time against the database

Output / Actions

FraudStrike alerts the HPMN immediately by e-

mail or SMS when a number matches in the

hotlist

HPMN investigates subscriber profile

HPMN blocks SIM (not destination range) if

necessary, to prevent IRSF

The above can be a managed service from XINTEC, for full automation.

The IntelligenceFraudStrike is a combination of clever detection methods, when used together can prevent and even predict International Revenue Share Fraud (IRSF).

1 2

3

4

5Unrivalled IRSF

Domain Knowledge

Hotlist Database of over 250,000 test-call numbers

Overlapping Calls Detection High Usage

Detection

Associative Detection (shared call patterns)

The Intelligence

Overlapping Calls Detection

FraudStrike will automatically detect overlapping calls and associate them with the subscriber case containing the database match. The user of the system can immediately see the link between an overlapping calls alert and an IRS test call alert in the same case, to enhance the certainty of detecting a fraudulent event.

1

The Intelligence

High Usage Detection

FraudStrike will automatically detect high usage activity and link this with the subscriber case containing other alerts for that subscriber. The user of the system can see the link between a High Usage alert with an alert as a result of a database match and/or overlapping call to enhance the certainty of a fraudulent event.

2

The Intelligence

Hotlist Database of over 250,000 test-call numbers

A unique database of IRS test call numbers that for the first time allows IRSF attacks to be detected before or during the early stages of an attack.

3

The Intelligence

Associative Detection (shared call patterns)

FraudStrike applies associative detection techniques to identify the other potential “actors” in a fraud event. For example, if the system sees a database match on prefix range (+4412345) it will search for other subscribers making calls to the same prefix (+4412345) and notify the analyst, via email, of these other suspicious IMSIs.

4

The Intelligence

Unrivalled IRSFDomain Knowledge

Providing strategic and operational advice to the telco industry for over 25 years, our team of experts offers deep domain knowledge with respect to the prevention and detection of IRSF worldwide.

5

Contact Us

HEADQUARTERS:XINTEC, Textile House, 5 Johnson’s Place, South King Street, Dublin 2, Ireland

info@xintec.com

+353 (0)1 2930260

Let’s stay in touch