Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Bring IRSF
under control
International Revenue Share Fraud has increased 497% since 2013.
It is now the number 1 fraud thr...
“Total fraud losses this year
= $38 Billion”
International Revenue Share
Fraud = $10.7 Billion”
“IRSF increase since 2013 ...
This is where a hacked PBX is used to inflate traffic to high-cost premium rate numbers.
Utilises Outgoing
Trunks for IRSF...
How PBX Fraud is so destructive to a Telco
o Telco typically has little control over security of a customers PBX if not ma...
This is where SIM cards are used when roaming to inflate traffic to high-cost premium rate numbers.
VISITED
OPERATOR
(VPMN...
Reduced losses by implementing FraudStrike
With
FraudStrike
Without
FraudStrike
After
48 hours
After
30 min
€2,000 lost
€5...
Reduced losses by implementing FraudStrike
With
FraudStrike
Without
FraudStrike
1000 mins
of calls
2 numbers called
were k...
Reduced losses by implementing FraudStrike
FraudStrike immediately alerts the
HPMN when a number matches in
the hotlist.
H...
Output / Actions
FraudStrike alerts the HPMN
immediately by e-mail or SMS
when a number matches in
the hotlist
HPMN invest...
The Intelligence
FraudStrike is a
combination of clever
detection methods, when
used together can prevent
and even predict...
The Intelligence
Overlapping Calls Detection
FraudStrike will automatically detect overlapping
calls and associate them wi...
The Intelligence
High Usage Detection
FraudStrike will automatically detect high usage
activity and link this with the sub...
The Intelligence
Hotlist Database
of over 250,000 test-call numbers
A unique database of IRS test call numbers that for
th...
The Intelligence
Associative Detection
(shared call patterns)
FraudStrike applies associative detection techniques
to iden...
The Intelligence
Unrivalled IRSF
Domain Knowledge
Providing strategic and operational advice to the telco
industry for ove...
Contact Us
HEADQUARTERS:
XINTEC, Textile House, 5 Johnson’s Place,
South King Street, Dublin 2, Ireland
info@xintec.com
+3...
Upcoming SlideShare
Loading in …5
×

FraudStrike

4,601 views

Published on

Tackling the telecom industry's most tenacious fraud with a simple add-on tool.

Published in: Data & Analytics
  • Be the first to comment

  • Be the first to like this

FraudStrike

  1. 1. Bring IRSF under control International Revenue Share Fraud has increased 497% since 2013. It is now the number 1 fraud threat to Telcos worldwide. Let us help you fix the problem!
  2. 2. “Total fraud losses this year = $38 Billion” International Revenue Share Fraud = $10.7 Billion” “IRSF increase since 2013 = 497%” “IRSF is now the top industry threat” The Facts IRSF is the most harmful fraud in the industry. It is enabled by international roaming and a combination of other fraud types. IRSF is hard to detect without the right tools.
  3. 3. This is where a hacked PBX is used to inflate traffic to high-cost premium rate numbers. Utilises Outgoing Trunks for IRSF calls HOME OPERATOR (Business Customer) PREMIUM RATE SERVICE PROVIDER Fraudsters rewarded by PRS provider for increased traffic Fraudsters illegally obtain access to customers PBX Traffic is then “pumped” to PRS numbers by fraudsters х DISA (Direct Inward Service Access) х Insecure Voicemail х Insecure Maintenance ports х Automated Attendant х Call divert Severity of PBX Fraud is only limited by the number of outgoing trunks. Points of compromise can include: How IRSF works – Using PBX/IP-PBX as an enabler
  4. 4. How PBX Fraud is so destructive to a Telco o Telco typically has little control over security of a customers PBX if not managed by the Telco – e.g. Voicemail o If a customer does suffer a significant IRSF attack, there will be a dispute over payment o Customer has an expectation that their carrier will identify a significant change in calling patterns o Usually IRSF through a compromised PBX will occur at night and over weekends when PBX congestion will not be noticed o Hackers have the sophisticated tools to bypass this o Only one area of compromise has to be identified by Fraudsters to access outgoing trunks o Customer will arrive at work after weekend and find they have suffered a significant IRSF attack o Imagine the completely different customer experience if they are contacted by their network provider and alerted to calls to IRSF test numbers resulting in an IRSF attack being prevented o This can be achieved by utilising the IPR Test Number Database used by FraudStrike to monitor all outward PBX calling o Automated notifications will ensure potential attacks can be actioned 24x7 o This will reduce PBX Fraud losses, become a service differentiator, enhance customer satisfaction and avoid potential brand impact if an IRSF attack was successful
  5. 5. This is where SIM cards are used when roaming to inflate traffic to high-cost premium rate numbers. VISITED OPERATOR (VPMN) HOME OPERATOR (HPMN) PREMIUM RATE SERVICE PROVIDER Fraudsters rewarded by PRS provider for increased traffic Fraudsters illegally obtain SIM cards and ship them to a roaming network Traffic is then “pumped” to PRS numbers by fraudsters х Subscription fraud х Roaming fraud х Wangiri fraud х PBX hacking Types of Fraud IRSF is usually enabled by one or more of these frauds: How IRSF works – Using Mobile device as an enabler
  6. 6. Reduced losses by implementing FraudStrike With FraudStrike Without FraudStrike After 48 hours After 30 min €2,000 lost €500,000 lost
  7. 7. Reduced losses by implementing FraudStrike With FraudStrike Without FraudStrike 1000 mins of calls 2 numbers called were known by FraudStrike 5 NRTRDE files sent 250,000mins of calls 12 numbers called were known by FraudStrike 125 NRTRDE files sent
  8. 8. Reduced losses by implementing FraudStrike FraudStrike immediately alerts the HPMN when a number matches in the hotlist. HOME OPERATOR (HPMN) Visited Called numbers (B- numbers) checked against database for matches With FraudStrike, the losses are prevented before they escalate by checking the NRTRDE records in real time against the database
  9. 9. Output / Actions FraudStrike alerts the HPMN immediately by e-mail or SMS when a number matches in the hotlist HPMN investigates subscriber profile HPMN blocks SIM (not destination range) if necessary, to prevent IRSF The above can be a managed service from XINTEC, for full automation.
  10. 10. The Intelligence FraudStrike is a combination of clever detection methods, when used together can prevent and even predict International Revenue Share Fraud (IRSF). 1 2 3 4 5Unrivalled IRSF Domain Knowledge Hotlist Database of over 250,000 test- call numbers Overlapping Calls Detection High Usage Detection Associative Detection (shared call patterns)
  11. 11. The Intelligence Overlapping Calls Detection FraudStrike will automatically detect overlapping calls and associate them with the subscriber case containing the database match. The user of the system can immediately see the link between an overlapping calls alert and an IRS test call alert in the same case, to enhance the certainty of detecting a fraudulent event. 1
  12. 12. The Intelligence High Usage Detection FraudStrike will automatically detect high usage activity and link this with the subscriber case containing other alerts for that subscriber. The user of the system can see the link between a High Usage alert with an alert as a result of a database match and/or overlapping call to enhance the certainty of a fraudulent event. 2
  13. 13. The Intelligence Hotlist Database of over 250,000 test-call numbers A unique database of IRS test call numbers that for the first time allows IRSF attacks to be detected before or during the early stages of an attack. 3
  14. 14. The Intelligence Associative Detection (shared call patterns) FraudStrike applies associative detection techniques to identify the other potential “actors” in a fraud event. For example, if the system sees a database match on prefix range (+4412345) it will search for other subscribers making calls to the same prefix (+4412345) and notify the analyst, via email, of these other suspicious IMSIs. 4
  15. 15. The Intelligence Unrivalled IRSF Domain Knowledge Providing strategic and operational advice to the telco industry for over 25 years, our team of experts offers deep domain knowledge with respect to the prevention and detection of IRSF worldwide. 5
  16. 16. Contact Us HEADQUARTERS: XINTEC, Textile House, 5 Johnson’s Place, South King Street, Dublin 2, Ireland info@xintec.com +353 (0)1 2930260 Let’s stay in touch

×