Network Fraud - Bypass/Premium Rate Number - IRS
Upcoming SlideShare
Loading in...5
×
 

Network Fraud - Bypass/Premium Rate Number - IRS

on

  • 338 views

Author: Tom Wilson ...

Author: Tom Wilson
Bypass fraud along with IRSF has proven they are highly costly types of network fraud in the modern telecommunications environment. The menace of telecom fraud has made the telecom operators and the regulators face staggering annual revenues losses numbering in the multiple billions in US Dollars.

Statistics

Views

Total Views
338
Views on SlideShare
333
Embed Views
5

Actions

Likes
1
Downloads
20
Comments
0

1 Embed 5

http://www.slideee.com 5

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Network Fraud - Bypass/Premium Rate Number - IRS Network Fraud - Bypass/Premium Rate Number - IRS Document Transcript

  •         TERALIGHT   NETWORK  FRAUD  –  BYPASS/PREMIUM  RATE  NUMBER  –  IRS         Author:  Tom  Wilson    
  •     1  |  P a g e   w w w . t e r a l i g h t . c o m   -­‐   T L T   + 9 7 1 . 5 0 . 4 5 9 . 7 2 1 7     Contents   Executive  Summary  ..............................................................................................................................................................................     Introduction  .......................................................................................................................................................................................  2   Bypass  ...........................................................................................................................................................................................  2   IRSF  ...............................................................................................................................................................................................  2   Who  is  affected?  ................................................................................................................................................................................  5   How  bypass  fraud  works?  ..................................................................................................................................................................  5   Legal  Call  Termination  ...................................................................................................................................................................  5   Illegal  Call  Termination  .................................................................................................................................................................  5   On-­‐Net  Fraud  ...........................................................................................................................................................................  6   Off-­‐Net  Fraud  ...........................................................................................................................................................................  6   IRSF  -­‐  Premium  Number  Fraud  .................................................................................................................................................  6   Fraud  Prevention  ...............................................................................................................................................................................  7   Bypass  Route  Detection  ................................................................................................................................................................  7   SIM  Box  Detection  using  Fraud  Management  Systems  ................................................................................................................  7   IRSF  -­‐  Premium  Number  Fraud  Prevention  ...................................................................................................................................  9   Conclusion  ..........................................................................................................................................................................................  9       Executive  Summary   Bypass   fraud   along   with   IRSF   has   proven   they   are   highly   costly   types   of   network   fraud   in   the   modern   telecommunications  environment.  The  menace  of  telecom  fraud  has  made  the  telecom  operators  and  the  regulators   face  staggering  annual  revenues  losses  numbering  in  the  multiple  billions  in  US  Dollars.   Bypass  fraud  is  more  predominant  in  countries  where  the  cost  of  terminating  international  call  is  much  higher  than  the   cost  of  a   national  call  by  a  substantial  margin  or  the  countries  where  government  carriers  monopolize  international   gateways.   These   fraud   committers   (fraudsters),   who   can   be   both   individuals   and   organizations,   through   the   use   of   various  bypass  contrivances,  sell  capacity  to  terminate  calls  cheaply  in  these  countries,  either  on  the  open  market  or  via   direct  connections  with  interconnect  operators.  Operators  sending  outbound  international  traffic  are  then  attracted  by   these  interconnect  operators  with  lower  interconnect  rates,  usually  with  lower  quality  and  no  delivery  of  CLI.  This  leads   to  loss  of  revenue  for  terminating  network  operators  as  well  as  causing  potential  social  harm  to  society.   Premium  rate  services  have  been  hit  with  IRSF  (international  Revenue  Share  Fraud)  that  exploits  the  interconnection  of   premium  rate  services.  The  major  way  to  commit  IRSF  is  by  significantly  increasing  the  number  of  calls  to  a  premium   number  in  a  variety  of  ways  to  increase  the  revenue.  These  are  two  types  of  international  fraud  which  account  for  a   major  portion  of  operator’s  network  fraud  losses.   The  purpose  of  this  paper  is  to  discuss  comprehensive  and  best  in  class  solutions  to  combat  bypass  fraud  and  premium   number  hijacking.    
  •     2  |  P a g e   w w w . t e r a l i g h t . c o m   -­‐   T L T   + 9 7 1 . 5 0 . 4 5 9 . 7 2 1 7           Introduction   This  paper  discusses  two  distinctly  different  types  of  telecom  network  fraud.  One  is  commonly  called   international  network  bypass  fraud  (bypass)  and  the  other  is  called  international  revenue  sharing  fraud   (IRSF).  Both  are  considered  to  be  costing  operators  and  governments  billions  USD  in  losses.   Bypass   Bypass   fraud   is   also   known   as   “Grey   routing”,   ‘SIM   Boxing’   and   ‘Leaky   PABX’,   is   a   widespread   and   problematic  telecom  risk.       Bypass  Fraud  is  prevalent  in  countries  where  there  is  a  big  difference  between  the  national  retail  calling   rates/national  interconnect  rates  and  international  terminating  rates.  This  is  set  either  by  the  regulator   in  the  country  or  by  individual  (or  group  of)  operators  (unregulated).  It  is  also  popular  in  countries  where   government   operators   monopolize   international   gateways.   The   difference   in   rates   ensures   there   are   enough  profit  margins  for  bypass  service  providers  to  construct  their  networks  and  even  handle  certain   amounts  of  losses  due  to  discovery  of  their  routes  and  business  practices  to  elude  detection.     Countries  where  the  international  to  national  terminating  charge  margins  are  low,  nil  or  negative,  the   Bypass  fraud  either  doesn’t  exist  or  is  conducted  on  a  low  scale,  or  is  considered  insider  billing  fraud.   According   to   surveys   of   CFCA,   ACFE   and   ETNO   the   potential   commercial   loss   due   to   fraud   in   telecommunication  networks  equates  to  0.5%  to  5%  of  operator’s  revenue.   Additionally,  bypass  fraud  consumes  a  substantial  amount  of  signaling  and  voice  bandwidth  as  well  as   the   resources   of   individual   network   elements   (i.e.   STPs,   switches,   databases).   In   order   to   properly   identify  By-­‐Pass  Fraud  one  needs  to  understand  the  issues  around  this  fraud.       IRSF   Premium-­‐rate  numbers  provide  certain  services  for  prices  higher  than  normal  calls.  Unlike  a  normal  call,   a  part  of  the  call  charge  is  paid  to  the  service  provider,  enabling  businesses  to  be  funded  via  them.  While   the  billing  is  different,  calls  are  usually  routed  the  same  way  they  are  for  a  toll-­‐free  telephone  number.   These  telephone  numbers  are  usually  allocated  from  a  national  telephone  numbering  plan  in  a  way  that   they  are  distinguishable  from  other  numbers.  In  many  cases  of  premium  rate  calls,  the  transmission  of   the  call  goes  through  multiple  operator  networks.  Most  involve  the  use  of  GSM  SIM  cards,  being  taken   across   international   borders   to   originate   calls   on   effected   originator   networks,   utilizing   the   roaming   capability   of   the   SIM   cards.   IRSF   fraud   is   very   difficult   to   nail   down,   given   the   multiple   operators   involved,   the   complexity   of   networks   and   BSS   systems   involved   and   the   lack   of   total   end-­‐to-­‐end   cooperation   of   all   stakeholders   to   assist   in   elimination   of   these   types   of   fraud.   Origination   operator   networks  are  left  hanging  with  the  invoice  for  these  high  cost  calls,  either  on  a  premium-­‐rate  number   call  or  on  a  call  to  a  high  cost  per  minute  destination  country.     View slide
  •     3  |  P a g e   w w w . t e r a l i g h t . c o m   -­‐   T L T   + 9 7 1 . 5 0 . 4 5 9 . 7 2 1 7     IRSF  has  many  different  types  of  perpetrators.  Normal  callers  can  also  become  unwitting  contributors  to   IRSF,  where  they  want  specific  content  that  is  derived  from  premium  rate  number  content  providers.   However  in  some  cases,  the  content  provider  is  the  same  party  (individual  or  group  of  individuals  or   company  in  some  cases)  as  the  fraudsters  forcing  high  volumes  of  calls  to  those  illicit  content  premium   number  services.     Premium-­‐rate   numbers   have   also   been   used   to   defraud   unsuspecting   users.   One   scheme   involves   inducing   users   to   download   a   program   known   as   a   dialer.   This   surreptitiously   dials   a   premium-­‐rate   number,  accumulating  charges  on  the  user's  phone  bill  without  their  knowledge.  Another  premium-­‐rate   scam  involves  television  programming.  This  induces  young  children  to  dial  the  number,  banking  on  the   notion  that  they  will  be  unaware  of  the  incurred  charges.  In  other  cases,  newer  version  of  smart  phones   have   the   capacity   to   make   six   calls   to   each   conference   call   they   make   and   thus   six   calls   at   a   time   increasing   call   volumes   quickly.   This   is   done   to   elude   blockage   induced   by   some   of   the   telecoms   software   fraud   detection   systems,   which   can   detect   high   volume   suspicious   call   traffic   patterns   to   premium   rate   numbers   and   or   long   call   duration   (usually   up   to   59.9   minutes)   to   the   same   type   of   numbers.   Briefly  summarizing  IRSF  -­‐  Premium  Rate  Service  fraud;  this  type  of  fraud  occurs  when  a  person,  group   of   persons,   or   a   company   or   group   of   companies   scheme   with   either   the   content   provider   or   the   international   network   providing   the   content   to   find   different   measures   to   falsely   increase   the   total   number  of  calls  significantly  and  or  enacting  methods  to  increase  falsely  generate  longer  call/billing  time   to  increase  the  revenue  generated  by  the  use  of  the  premium  rate  number.  The  various  parties  to  the   call   share   this   revenue;   if   a   part   of   IRSF,   some   of   the   parties   are   traditional   network   operators   transmitting  the  calls  and  some  parties  who  are  a  part  of  the  fraud  itself.  The  premium  rate  numbers  are   easy  to  obtain,  and  very  blatantly,  these  companies  and  the  content  generators  advertise  publicly  for   persons  to  find  ways  to  earn  money  by  generation  of  call  traffic  to  these  premium  rate  numbers.  Again,   IRSF   can   be   either   via   the   use   of   Premium   Rate   Numbers   or   simply   high   rate   termination   country   termination  numbers.       View slide
  •     4  |  P a g e   w w w . t e r a l i g h t . c o m   -­‐   T L T   + 9 7 1 . 5 0 . 4 5 9 . 7 2 1 7       Pirated  Mobile  GSM  SIM  chips  in  a  Roaming  Scenario  generating  IRSF  “Fraud”     The  content  provider  or  the  final  network  providing  the  internalonal  premium  number  service  may  be  in  cahoots  with  the  fraudsters  to   generate  higher  volumes  of  calls  to  the  premium  number  or  make  amempts  to  lengthen  calls  to  generate  higher  call  revenues.     *  the  call  costs  and  rates  are  merely  examples  for  purpose  of  this  illustralon   The  Premium  Number  owner  passes  through  the  revenue  to  the  Internalonal  Revenue  Share  Number  provider  which  is  usually  (not   always)  the  same  enlty  as  the  content  porovider.  The  revenue  of  $1.46  being  passed  through  to  the  IRSN   If  the  final  network  which  owns  or  leases  the  Premium  number  from  an   Number  range  owner,  does  not  own  the  content,  they  will  keep  example  of   $1.00  and  pay  to  content  holder  $.46.   The  Internalonal  Revenue  Share  Number  Network  will  terminate  the  call  to   the  premium  number  called.   Operator  C  tansits  the  call.  Receives  the  call  from  Operator  B   Operator  C  collects  $1.71  from  Operator  B  and  will  keep  $.25.   Operator  C  sends  the  call  to  an  enlty  "owning  the  Premium  Number   Range".  Operator  C  pays  the  PNRO  pass  thorugh  $1.46.   Operator  B  transits  the  call.  Receives  the  call  from  Operator  A     Operator  B  collects  $1.91  from  Operator  A  and  will  keep  $.20.   Operator  B  sends  the  call  to  Operator  C  and  pays  Operator  C  $1.71.   Operator  A  transits  the  call.  Receives  the  call  from  network  where  call  originates  from.   Operator  A  collects  from  originalng  network  operators  $2.16,  and  will  keep   $.25.   Operator  A  sends  the  call  to  Operator  B  and  pays  the  receiving  operator   $1.91.   Call  is  generated  in  this  visled  country,  where  the  home  of  the  SIM  chip  operator  wil  pay  $2.50   The  network  where  the  call  is  made,  gets  to  retain  $.34.   This  operator,  where  the  call  is  actually  made,  pays  $2.16  to  the  carrier  next   in  line  to  handle  the  call.   Illegal  fraud  generated  usually  by  generalon  of  high  volume  of  calls  to  a  Premium  Rate  Number  vis  a  vis  pirated  GSM  SIM  chips  taken  to   another  country  to  roam  call  traffic   Home  market  for  SIM  chip   SIM  chip(s)  taken  to  another  country  to  roam  originalon  of  call  from.  The   SIM  home  country  operator  is  not  PAID  for  cost  of  Premium  Rate  Number   Call.  Example  $2.50.  
  •     5  |  P a g e   w w w . t e r a l i g h t . c o m   -­‐   T L T   + 9 7 1 . 5 0 . 4 5 9 . 7 2 1 7     Who  is  affected?     Bypass  fraud  or  grey  telephony  is  a  serious  issue  for:   Telecom  Operators  -­‐  Telecom  Regulators  –  Subscribers   Bypass  fraud  can  have  the  following  adverse  effects:   *   Revenue  loss  to  government  treasuries.  Especially  in  emerging  markets,  where  the  state  entity   has  equity  in  the  operators.  Regulators,  both  national  and  regional  such  as  Berec,  PTA,  STRA,  JTRC  and   others  have  taken  a  real  serious  look  at  these  types  of  network  fraud.   *   Bypass  fraud  disturbs  planned  and  predicted  revenue  streams  of  telecom  operators  who  have   invested  millions  of  dollars.  The  investment  may  be  in  form  of  license  fees,  deployment  of  infrastructure   and  other  government  charges.   *   Foreign  investment  in  telecom  sector  is  reduced  as  a  result  of  lack  of  investor  confidence  in  the   market,  especially  in  developing  countries  where  a  large  portion  of  the  national  GDP  is  from  telecoms.   *   Social  anxiety  where  people  do  not  wish  to  answer  non  CLI  (generally  indicative  of  a  grey  route   being  used  to  terminate  the  call)  low  quality  network  calls,  due  to  passage  over  very  low  quality,  highly   compressed  and  congested  IP  routes  with  no  network  management  whatsoever.     *   Social  safety  where  people  may  only  answer  those  calls  where  the  called  party  receives  CLI  and   is  able  to  identify  the  calling  party.  It  has  happened,  where  a  non  CLI  call  is  ignored,  due  to  general   knowledge  of  low  quality  calls  and  the  called  party  is  unsuspecting  of  the  nature  of  the  call,  where  it   may  be  a  family  emergency  but  they  don’t  know  it,  for  the  CLI  is  not  passed  on  most  bypass  routes.   How  bypass  fraud  works?   Bypass  fraud  has  different  forms  –  international  vs.  national,  incoming  vs.  outgoing,  border  bypass  etc.  –   but  the  idea  is  simple:  bypassing  interconnect  points  via  cheaper  routes  such  as  the  Internet.     Legal  Call  Termination   Call   termination,   also   known   as   voice   termination,   refers   to   the   routing   of   telephone   calls   from   one   Telephone  Company  to  another.  The  terminating  point  is  the  called  party  or  end  point.  The  originating   point  is  the  calling  party  who  initiates  the  call.   This  term  often  applies  to  calls  while  using  voice  over  Internet  protocol  (VoIP):  a  call  initiated  as  a  VoIP   call   is   terminated   using   the   public   switched   telephone   network   (PSTN).   In   such   cases,   termination   services  may  be  sold  as  a  separate  commodity.  The  opposite  of  call  termination  is  call  origination,  in   which  a  call  initiated  from  the  PSTN  is  terminated  using  VoIP.  Thus,  in  "origination"  a  call  originates  from   PSTN  and  goes  to  VoIP,  while  in  "termination"  a  call  originates  in  VoIP  and  terminates  to  the  PSTN.   Illegal  Call  Termination   Illegal  call  termination  utilizes  least  cost  call  termination  techniques  such  as  GSM  Gateway  SIM  Boxes  to   bypass  the  legal  call  interconnection.  This  diverts  international  incoming  calls  to  either  on-­‐network  or   off-­‐network   GSM/CDMA/Fixed   calls   through   the   use   of   VoIP   or   Satellite   gateway.   Doing   this   evades   revenue  for  international  call  termination  which  operators  and  government  regulators  are  entitled  to.  
  •     6  |  P a g e   w w w . t e r a l i g h t . c o m   -­‐   T L T   + 9 7 1 . 5 0 . 4 5 9 . 7 2 1 7           On-­‐Net  Fraud   For  an  operator,  if  the  person  committing  fraud  uses  their  own  network’s  connections  to  terminate  the   bypassed  calls,  it  is  identified  as  On-­‐Net  Bypass  Fraud.  On-­‐net  calls  are  expected  to  provide  the  least   national  calling  rates.  Lot  of  modern  Bypass  equipment  (GSM  Gateway  SIM  Boxes,  computer  programs   etc.)   scan   the   terminating   party   numbers   and   re-­‐originate   calls   only   from   those   connections   which   belong  to  the  same  operator’s  network  as  the  terminating  party.     For  On-­‐Network  terminating  calls  (connections  used  for  Bypass  Fraud  belong  to  the  home  operator),  the   revenue   loss   per   call   is   directly   related   to   the   difference   between   the   international   interconnect   termination  price  and  the  retail  price  of  on-­‐network  call.   Off-­‐Net  Fraud   If  the  fraud  committer  uses  competitor’s  connections  or  any  other  means  for  termination,  it  is  identified   as  Off-­‐Net  Bypass  Fraud.     In   regions,   where   the   off-­‐network   call   rates   are   equal   to   the   on-­‐network   calls,   national   calls   may   be   originated  from  off-­‐network  number  to  conduct  the  Bypass  fraud  which  means  that  numbers  can  be   from  other  networks  as  well.     For   Off-­‐Network   terminating   calls   (connections   used   for   Bypass   Fraud   belong   to   competitor),   the   revenue   loss   per   call   is   directly   related   to   the   difference   between   the   international   interconnect   termination  price  and  the  local  interconnect  termination  price  of  off-­‐network  calls.   IRSF  -­‐  Premium  Number  Fraud   Premium   rate   services   have   attracted   multiple   types   of   fraud   that   exploit   the   interconnection   of   premium   rate   services.   The   basic   scheme   is   that   the   fraud   committer   contracts   with   a   terminating   operator   to   provide   a   premium   rate   service   and   then   separately   subscribes   for   several   lines   with   an   originating  operator,  normally  not  the  same  operator  as  the  terminating  operator.    
  •     7  |  P a g e   w w w . t e r a l i g h t . c o m   -­‐   T L T   + 9 7 1 . 5 0 . 4 5 9 . 7 2 1 7       The  fraud  committer  then  runs  auto  dialers  on  the  subscriber  lines  and  calls  the  premium  rate  numbers   continually  running  up  very  large  invoices,  where  the  fraudster  is  usually  able  to  share  a  part  of  this   fraudulent  revenue.  This  is  just  one  example  of  how  the  fraud  is  generated.  There  are  many  ways  to   falsely   generate   high   volumes   of   calls   from   one   country   to   another   to   the   Premium   Rate   Numbers,   which  are  commonly;  magnets  for  this  type  of  fraud.  Fraudsters  generate  calls  by  new  technology,  by   paying  people  to  make  calls  upon  calls  to  these  termination  numbers,  which  sometimes  simply  go  to  an   answering   machine,   or   a   constantly   cycled   message   recorder.   The   fraudsters   attempt   anyway   to   generate  the  highest  number  of  calls  and  longest  calls  possible  to  create  as  high  of  a  billing  charge  to  the   originating  operator  network  the  calls  first  arrive  on.   Another  variant  uses  the  computers  of  existing  subscribers  as  the  callers.  The  fraud  committer  contracts   for  a  premium  rate  service  and  then  distributes  viruses  or  other  types  of  programs  through  email  or  web   sites  that  become  resident  in  the  computers  of  legitimate  subscribers.  If  the  subscribers  have  a  modem   connected  to  their  computer  for  Internet  access,  the  programs  control  the  modem  to  dial  the  premium   rate  numbers.  Some  programs  work  during  or  immediately  after  an  Internet  dial-­‐up  access  session.   Fraud  Prevention   Bypass  Route  Detection   Bypass  route  detection  can  be  performed  via  multiple  methods.  One  measure  that  is  definitive  in  nature   providing   real   evidence   with   regard   to   Bypass   Fraud   is   the   use   of   non-­‐passive   forced   network   call   generation.   In   this   method   third   party   service   providers   generate   traffic   to   operator   networks   from   remote  points  and  then  analyze  the  traffic  actually  received  (non  published  non  active  call  to  numbers,   mobile  or  fixed)  to  identify  instances  where  what  should  be  showing  as  inbound  international  traffic  as   actually  showing  as  on-­‐net  traffic  or  traffic  from  another  local  network.     These   systems   can   be   very   different   vendor   by   vendor.   The   software   developed   to   operate   these   systems  needs  to  be  flexible,  user  definable  and  automated  with  regard  to  “detecting”  where  bypass   fraud  may  be  most  relevant  via  origination  market.  This  in  itself,  creates  the  ability  to  self  manage  call   origination,  which  provides  the  quickest  route  to  bypass  number  detection.     In   many   cases,   operators   can   create   an   environment   that   integrates   such   systems   together,   via   API   software  instruction  sets  which  automatically  or  via  a  manual  selected  method,  validates  the  numbers   detected  and  then  “shuts  down”  or  suspends  detected  numbers.     Reporting  is  very  important  to  operators;  where  they  are  looking  to  reduce  international  revenue  losses   by  the  minute  with  near  real  time  notification  systems  and  other  very  progressive  call  management  and   monitoring  capabilities.   SIM  Box  Detection  using  Fraud  Management  Systems   Another  method  to  detect  harmful  inbound  international  bypass  traffic  to  revenues  is  through  passive   software   trending   and   analysis   systems,   generally   referred   to   as   fraud   management   systems   (FMS).   These  systems  work  by  collecting  the  total  CDR  activity  of  the  operator  and  applying  analytics  against   the  CDR  data  (generally  collected  via  a  middle  ware  software  feature)  that  produce  unwarranted  call   traffic  patterns  of  multiple  types.    
  •     8  |  P a g e   w w w . t e r a l i g h t . c o m   -­‐   T L T   + 9 7 1 . 5 0 . 4 5 9 . 7 2 1 7       Operators   make   use   of   their   fraud   management   systems   (‘FMS’)   to   identify   suspect   devices   on   the   network.  Examples  of  some  of  the  markers  monitored  include:   ! Unusual  traffic  flows  and  volumes   ! Mobile  Origination  to  Mobile  Termination  ratio     ! Unusual  called  number  spreads     ! A-­‐typical  traffic  peaks  for  on-­‐net  traffic     ! Many  SIM  card  identities  (IMSIs)  to  a  single  equipment  identity  (IMEI)     ! Use  of  only  one  cell  site     ! An  absence  of  SMS,  data  or  roaming  service  use   Non-­‐passive  systems  are  intelligent  and  become  more  effective  over  time,  for  trends  are  detected  and   all   stakeholders   involved   in   the   detection   process   gain   better   understanding   of   where   call   traffic   originates  and  terminates  that  has  a  higher  probability  of  bypass  routes  being  used.  In  addition,  other   types  of  fraud  can  be  detected,  such  as  false  answer  supervision;  where  billing  mechanisms  are  used  to   alter  answer  supervision  traits  of  calls,  such  as  true  call  origination  times  versus  billing  start  times,  as   well  as  the  true  call  termination  times  versus  call  cutoff/termination  times.  Hybrid  analysis  is  effective,   where  both  passive,  non-­‐passive  (active)  and  other  fraud  management  systems  collaborate  to  merge   their  alerts  in  order  to  more  efficiently  detect  instances  of  bypass  fraud.      
  •     9  |  P a g e   w w w . t e r a l i g h t . c o m   -­‐   T L T   + 9 7 1 . 5 0 . 4 5 9 . 7 2 1 7     IRSF  -­‐  Premium  Number  Fraud  Prevention     The  following  steps  can  be  taken  to  prevent  premium  number  fraud.   • Monitor  calls  going  to  suspicious  number  ranges  or  premium  numbers  prefixes  or  high   termination  cost  destinations   • Enlisting  the  services  of  black  listed  number  databases,  which  operators  can  use  to  help  monitor   network  termination  usage  and  help  block  calls  to  suspicious  number  ranges  or  premium   number  ranges   • Call  trending  software  management  systems  which  can  track  calls  and  monitor  the  types  of   numbers  they  connect  to,  limiting  length  of  calls  and  also  velocity  of  calls  to  specific  numbers   designated  by  the  user  defined  systems   • Education  support  to  clients,  customers  and  operators  on  various  security  procedures  related  to   these  types  of  fraud  and  collectively  working  together  operator  to  operator  to  help  reduce  the   money  in  the  system.  If  the  money  is  removed,  the  fraud  will  disappear.   • Reform  Policy  and  Regulation  to  assist  in  setting  progressive  rules  helping  to  create  an   environment  in  which  fosters  more  secure  network  usage.   • Develop  systems  that  share  “billing  data”  as  close  to  real  time  as  possible  in  an  inter-­‐operator   ecosystem,  thus  helping  reduce  risk.   • Monitor  calls  to  hot  number  lists  like     o GSMA  Hot  B  Number  list   o CFCA  Hot  B  Number  list   o Commercial  Suppliers  in  this  space  also  have  blacklist  databases   Conclusion     There  are  multiple  dimensions  and  types  of  telecoms  fraud.  In  this  effort,  two  of  these,  being  IRSF  and   Bypass  fraud  are  addressed,  due  to  the  propensity  for  very  high  losses  to  revenue  of  the  operators.  The   operators  are  annually  investing  in  infrastructure  technology,  such  as  LTE,  FTTX  and  other  high  speed   broadband  enablers  and  the  loss  in  above  the  line  revenues  and  profits  effect  investment  capability.   Bypass   fraud   is   an   international,   multi-­‐billion   dollar   criminal   environment   and   a   major   threat   to   enterprises,  as  it  can  inflict  monetary  damages  of  hundreds  of  thousands  of  dollars  almost  overnight.   These  frauds  are  among  the  top  5  emerging  threats  to  CSPs  worldwide,  and  cost  the  industry  over  USD  3   billion  per  year  according  to  the  Communications  Fraud  Control  Association  (CFCA  report  2011).     On-­‐Net,   Off-­‐Net   and   IRSF   -­‐   Premium   hijacking   fraud   are   causing   severe   losses   to   telecommunication   network  operators  worldwide.  Advanced  well  thought  out  solutions  need  to  be  implemented  depending   upon   requirements   of   the   network   and   the   type   of   fraud   taking   place.   This   paper   has   discussed   the   repercussions  of  telecom  fraud  as  well  as  several  potential  measures  that  can  be  taken  to  reduce  the   risk  of  revenue  losses.  Most  undoubtedly,  the  best  way  to  truly  attack  this  disease  of  revenue  shifting,  is   for  the  network  operators  to  find  the  means  to  momentarily  put  aside  their  kindred  competitive  spirit   and  work  collectively  together  sharing  data  and  information,  along  with  contributing  to  international   databases  (as  near  real  time  basis  as  possible)  jointly.