This document discusses international revenue share fraud (IRSF) and provides recommendations for mitigating the risks. It begins with two case studies of IRSF attacks, then discusses the multi-step process fraudsters use, challenges with law enforcement, and industry initiatives. Key recommendations include implementing a fraud management system with 24/7 monitoring and correlation to an IRS test number database to enable early detection. Removing call forwarding and limiting business customer PBX access are also advised to reduce vulnerabilities exploited by fraudsters.
Recently in telecommunications, several industry-wide measures have been introduced to detect and mitigate losses, yet International Revenue Share Fraud (IRSF) is increasing on a global scale.
This webinar by Colin Yates, independent consultant and advisor to multiple industry bodies and ex-Vodafone Head of Group Risk, discussed best practices for executing a strategy for the prevention of IRSF fraud.
Covered in the webinar:
- About IRSF and the extent of global fraud losses today
- What measures can be taken to mitigate fraud losses
- What controls can be put in place to predict and detect IRSF attacks
- Industry guidelines and best practice used to address IRSF
- How technology can help a CSPs Fraud detection and prevention capability
International Revenue Share Fraud has increased 497% since 2013.
It is now the number 1 fraud threat to Telcos worldwide.
Let us help you fix the problem!
Hacking PBXs for international revenue share fraudcVidya Networks
PBX Fraud is still ranked as a top emerging fraud method globally and is a big concern in all telecom operators. In the last CFCA Educational Event in Seattle, Mr. Tal Eisner, cVidya's Senior Director Product Strategy, presented a case study on the topic of “Hacking PBXs for international revenue share fraud".
As one of the most prevalent frauds, calls via the internet are sent to simboxes (machines that house 8 to 32 SIM cards) which redirect this illegal VoIP traffic onto mobile networks. Due to the difference between interconnect rates and the retail price for on-network calls; fraudsters deploy simboxes to avoid paying the official call termination free of an Operator or MVNO.
Simbox fraud is among the top 5 emerging threats to Operators and MVNOs worldwide and cost the industry over USD 3 billion per year, according to the Communications Fraud Control Association (CFCA report 2011).
XINTEC’s solution for detecting simboxes protects Operators and MVNOs against interconnect bypass fraud with a ready-made software solution that analyses event detail records (xDRs) in near-real time.
SIM Box and its linked to external frauds affecting leading operators in Cambodia in the form of falling revenues, lower QoS for for International Incoming Calls and inbound roaming services. Arguably, such activity is becoming rampant due to lack of legal framework, poor enforcement and coordination among Government Ministries and Government agencies.
Recently in telecommunications, several industry-wide measures have been introduced to detect and mitigate losses, yet International Revenue Share Fraud (IRSF) is increasing on a global scale.
This webinar by Colin Yates, independent consultant and advisor to multiple industry bodies and ex-Vodafone Head of Group Risk, discussed best practices for executing a strategy for the prevention of IRSF fraud.
Covered in the webinar:
- About IRSF and the extent of global fraud losses today
- What measures can be taken to mitigate fraud losses
- What controls can be put in place to predict and detect IRSF attacks
- Industry guidelines and best practice used to address IRSF
- How technology can help a CSPs Fraud detection and prevention capability
International Revenue Share Fraud has increased 497% since 2013.
It is now the number 1 fraud threat to Telcos worldwide.
Let us help you fix the problem!
Hacking PBXs for international revenue share fraudcVidya Networks
PBX Fraud is still ranked as a top emerging fraud method globally and is a big concern in all telecom operators. In the last CFCA Educational Event in Seattle, Mr. Tal Eisner, cVidya's Senior Director Product Strategy, presented a case study on the topic of “Hacking PBXs for international revenue share fraud".
As one of the most prevalent frauds, calls via the internet are sent to simboxes (machines that house 8 to 32 SIM cards) which redirect this illegal VoIP traffic onto mobile networks. Due to the difference between interconnect rates and the retail price for on-network calls; fraudsters deploy simboxes to avoid paying the official call termination free of an Operator or MVNO.
Simbox fraud is among the top 5 emerging threats to Operators and MVNOs worldwide and cost the industry over USD 3 billion per year, according to the Communications Fraud Control Association (CFCA report 2011).
XINTEC’s solution for detecting simboxes protects Operators and MVNOs against interconnect bypass fraud with a ready-made software solution that analyses event detail records (xDRs) in near-real time.
SIM Box and its linked to external frauds affecting leading operators in Cambodia in the form of falling revenues, lower QoS for for International Incoming Calls and inbound roaming services. Arguably, such activity is becoming rampant due to lack of legal framework, poor enforcement and coordination among Government Ministries and Government agencies.
No topic has generated as much interest, consumer complaints, and coordinated technical hurdles in telecommunications at the problem with illegal robocalling and the associated fraud.
We were astounded by the response to our “How To” webinar held in February, by far the most registrations, attendees and questions. With over 137 questions in the queue at the end of the session, we thought it best to organize a follow-up, taking time to analyze the list of questions and come up with a TOP 10 FAQ. Thanks for joining us as we work through the STIR/SHAKE Frequently Asked questions
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...cVidya Networks
Tal Eisner, Senior Director Product Strategy at cVidya and Deputy Chair of the TM Forum Fraud Management Group, presented at TM Forum's Management World 2012 in Dublin on the Fraud Management Group Activities
A telecom company named as Bad Idea is expecting for fraudsters.
They designed a weird rate plan called Praxis plan where only four calls are allowed during a day.
Bad Idea has their call logs spanning over one and half months.We are using the Naive Bayesian Classification rule to predict the fraudsters for telecom company.
Telecommunications fraud continues to plaque the industry with ever increasingly sophisticated methods and tools. From simple theft of services to international premium toll rate calling scams, stories of service providers and enterprises being stuck with thousands of dollars of fraudulent calls is a common occurrence that can be financially devastating.
How to Prevent Telecom Fraud in Real-TimeAlan Percy
Telecommunications fraud continues to plaque the industry with ever increasingly sophisticated methods and tools. From simple theft of services to international premium toll rate calling scams, stories of service providers and enterprises being stuck with thousands of dollars of fraudulent calls is a common occurrence that can be financially devastating. The Communications Fraud Control Association reports that in 2015, service providers suffered over 22 billion dollars in fraud.
During this “How To” session we will be joined by the experts from Jerasoft, showing various methods that utilize real-time billing systems and Session Border Controller software to stop fraud in its tracks!
Telecommunications fraud continues to plague the industry with ever-increasingly sophisticated methods and tools. From simple theft of services to international premium toll rate calling scams, stories of service providers and enterprises being stuck with thousands of dollars of fraudulent calls is a common occurrence that can be financially devastating. The Communications Fraud Control Association reports that in 2015, service providers suffered over 22 billion dollars in fraud.
JeraSoft team was the guest expert at “How To” session, showing together with TelcoBridges experts various methods that utilize real-time billing systems and Session Border Controller software to stop fraud in its tracks!
A short overview of content theft I presented at Sectalks Perth back in November 2017. Thanks to the sectalks crowd especially @NHardy and @s4gi_ for their assistance.
Caller-ID spoofing is problem that regulators and service providers are taking very seriously. It’s not just annoying, it can be part of a phishing campaign where seniors and others are preyed upon. What’s stopping a robo caller from identifying themselves as being the IRS or FBI? The problem is that service providers have no means to verify that the number/name being offered as the caller-ID, is actually owned by the caller. Without some means of verification, intermediary carriers have to trust that the caller-ID provided is indeed accurate.
So how does a service provider know whether a call entering their network does indeed have the correct caller-ID? A vexing problem that is addressed by STIR/SHAKEN, a collection of technologies that essentially adds a “seal of approval” to the initial call and allows carriers down the line to verify that the caller-ID has not been tampered with.
A number of regulators have agreed to standardize on STIR/SHAKEN as a solution to the spoofed caller-ID problem, and in some cases, requiring its implementation in 2019. Every service provider should understand STIR/SHAKEN and how it can be implemented within their network.
We’ve got a webinar planned with Jim Dalton, CEO at TransNexus to give some background, discuss the current legislative remedies and explain how the STIR/SHAKEN methodology will put an end to caller-ID spoofing.
No topic has generated as much interest, consumer complaints, and coordinated technical hurdles in telecommunications at the problem with illegal robocalling and the associated fraud.
We were astounded by the response to our “How To” webinar held in February, by far the most registrations, attendees and questions. With over 137 questions in the queue at the end of the session, we thought it best to organize a follow-up, taking time to analyze the list of questions and come up with a TOP 10 FAQ. Thanks for joining us as we work through the STIR/SHAKE Frequently Asked questions
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...cVidya Networks
Tal Eisner, Senior Director Product Strategy at cVidya and Deputy Chair of the TM Forum Fraud Management Group, presented at TM Forum's Management World 2012 in Dublin on the Fraud Management Group Activities
A telecom company named as Bad Idea is expecting for fraudsters.
They designed a weird rate plan called Praxis plan where only four calls are allowed during a day.
Bad Idea has their call logs spanning over one and half months.We are using the Naive Bayesian Classification rule to predict the fraudsters for telecom company.
Telecommunications fraud continues to plaque the industry with ever increasingly sophisticated methods and tools. From simple theft of services to international premium toll rate calling scams, stories of service providers and enterprises being stuck with thousands of dollars of fraudulent calls is a common occurrence that can be financially devastating.
How to Prevent Telecom Fraud in Real-TimeAlan Percy
Telecommunications fraud continues to plaque the industry with ever increasingly sophisticated methods and tools. From simple theft of services to international premium toll rate calling scams, stories of service providers and enterprises being stuck with thousands of dollars of fraudulent calls is a common occurrence that can be financially devastating. The Communications Fraud Control Association reports that in 2015, service providers suffered over 22 billion dollars in fraud.
During this “How To” session we will be joined by the experts from Jerasoft, showing various methods that utilize real-time billing systems and Session Border Controller software to stop fraud in its tracks!
Telecommunications fraud continues to plague the industry with ever-increasingly sophisticated methods and tools. From simple theft of services to international premium toll rate calling scams, stories of service providers and enterprises being stuck with thousands of dollars of fraudulent calls is a common occurrence that can be financially devastating. The Communications Fraud Control Association reports that in 2015, service providers suffered over 22 billion dollars in fraud.
JeraSoft team was the guest expert at “How To” session, showing together with TelcoBridges experts various methods that utilize real-time billing systems and Session Border Controller software to stop fraud in its tracks!
A short overview of content theft I presented at Sectalks Perth back in November 2017. Thanks to the sectalks crowd especially @NHardy and @s4gi_ for their assistance.
Caller-ID spoofing is problem that regulators and service providers are taking very seriously. It’s not just annoying, it can be part of a phishing campaign where seniors and others are preyed upon. What’s stopping a robo caller from identifying themselves as being the IRS or FBI? The problem is that service providers have no means to verify that the number/name being offered as the caller-ID, is actually owned by the caller. Without some means of verification, intermediary carriers have to trust that the caller-ID provided is indeed accurate.
So how does a service provider know whether a call entering their network does indeed have the correct caller-ID? A vexing problem that is addressed by STIR/SHAKEN, a collection of technologies that essentially adds a “seal of approval” to the initial call and allows carriers down the line to verify that the caller-ID has not been tampered with.
A number of regulators have agreed to standardize on STIR/SHAKEN as a solution to the spoofed caller-ID problem, and in some cases, requiring its implementation in 2019. Every service provider should understand STIR/SHAKEN and how it can be implemented within their network.
We’ve got a webinar planned with Jim Dalton, CEO at TransNexus to give some background, discuss the current legislative remedies and explain how the STIR/SHAKEN methodology will put an end to caller-ID spoofing.
Battling Robocall Fraud with STIR/SHAKENAlan Percy
Caller-ID spoofing is problem that regulators and service providers are taking very seriously. It’s not just annoying, it can be part of a phishing campaign where seniors and others are preyed upon. What’s stopping a robo caller from identifying themselves as being the IRS or FBI? The problem is that service providers have no means to verify that the number/name being offered as the caller-ID, is actually owned by the caller. Without some means of verification, intermediary carriers have to trust that the caller-ID provided is indeed accurate.
So how does a service provider know whether a call entering their network does indeed have the correct caller-ID? A vexing problem that is addressed by STIR/SHAKEN, a collection of technologies that essentially adds a “seal of approval” to the initial call and allows carriers down the line to verify that the caller-ID has not been tampered with.
A number of regulators have agreed to standardize on STIR/SHAKEN as a solution to the spoofed caller-ID problem, and in some cases, requiring its implementation in 2019. Every service provider should understand STIR/SHAKEN and how it can be implemented within their network.
We’ve got a webinar planned with Jim Dalton, CEO at TransNexus to give some background, discuss the current legislative remedies and explain how the STIR/SHAKEN methodology will put an end to caller-ID spoofing.
Parcus Group presentation to Pacific Islands Telecom Association (PITA) AGM & Conference 2016 on telecom revenue assurance, methodologies and considerations including steps on detection, correction and prevention.
In January of 2021, over 4 billion robocalls were placed, many were part of an international scam and designed to ensnare unwitting victims. Illegal robocalling continues to be the #1 consumer complaint to the FCC. To address this, the FCC has issued numerous orders, designed to stamp out illegal robocalling and protect US consumers from fraud and other various scams. One of these orders requires development of a robocall mitigation program at the originating service provider.
In this session, we are joined by Mike Rudolph, the CTO of YouMail, to learn about their AI-powered robocall sensor network, and show how service providers and enterprises can use YouMail along with ProSBC to quickly implement a highly-effective robocall mitigation program.
Links:
Full video: https://youtu.be/9BpuYSY4mR4
YouMail consumer call screening product: www.youmail.com
ProSBC Pricing and product information: www.prosbc.com
Implementation notes on TBwiki: https://docs.telcobridges.com/tbwiki/ProSBC:Youmail
Robocall Mitigation with YouMail and ProSBCAlan Percy
In January of 2021, over 4 billion robocalls were placed, many were part of an international scam and designed to ensnare unwitting victims. Illegal robocalling continues to be the #1 consumer complaint to the FCC. To address this, the FCC has issued numerous orders, designed to stamp out illegal robocalling and protect US consumers from fraud and other various scams. One of these orders requires development of a robocall mitigation program at the originating service provider.
In this session, we are joined by Mike Rudolph, the CTO of YouMail, to learn about their AI-powered robocall sensor network, and show how service providers and enterprises can use YouMail along with ProSBC to quickly implement a highly-effective robocall mitigation program.
Links:
Full video: https://youtu.be/9BpuYSY4mR4
YouMail consumer call screening product: www.youmail.com
ProSBC Pricing and product information: www.prosbc.com
Implementation notes on TBwiki: https://docs.telcobridges.com/tbwiki/ProSBC:Youmail
Protect roaming revenues with fraud detection and reaction in
real time. For more information, visit: http://www.starhomemach.com/solutions/active-roaming-anti-fraud/
No topic has generated as much interest, consumer complaints, and coordinated technical hurdles in telecommunications at the problem with illegal robocalling and the associated fraud.
We were astounded by the response to our “How To” webinar held in February, by far the most registrations, attendees and
How Confused.com and iovation Fight Ghost BrokingTransUnion
Ghost broking is what keeps insurance fraud managers up at night. It’s a scam whereby fraudsters purchase insurance with false details and resell the policy to the unsuspecting victim, who is then not covered if an event occurs.
Hear from Stephen Adams, Fraud Manager at Confused.com, as he shares his experience using iovation’s device intelligence solution to fight fraud, prosecute fraud rings and protect their panel of insurers. As an avid member of iovation’s insurance community, he will also share the benefits of having access to iovation’s device consortium and open community to discuss current fraud trends.
Join us to learn about:
How Confused.com uses iovation to tackle fraud
How Confused.com protects our insurer panel
The benefits of iovation’s technology and community
Prosecuting a fraud ring in conjunction with another iovation client
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. Contents
• Introduction to IRSF
• Recent case studies
• Law Enforcement action re IRSF
• Introduction to IRSF – 5 Stages
• IPR Number Resellers
• Number Misappropriation (Hijacking)
• Industry initiatives to reduce IRSF losses
• Industry’s contributing factors to IRSF
• Risk mitigation & recommendations
3. Introduction to IRSF
There are a number of definitions available to
describe IRSF. A simple description would be:
Using fraudulent access to an Operators network
to artificially inflate traffic to numbers obtained
from an International Premium Rate Number
Provider, for which payment will be received by
the Fraudster (on a revenue share basis with the
number provider) for every minute of traffic
generated into those numbers.
4. What is our view of the fraudster?
• Personality crosses all known profiles of a
Fraudster – primarily greed
• Varies from an inexperienced fraudster to
an organised crime boss to a fringe
extremist group wishing to fund terrorism
• Many of those making the calls are ‘Moles’
employed for this purpose
• The experienced IRS Fraudsters will have
teams dedicated to research, strategy and
gathering intelligence on future targets
• All have one goal, and that is to deprive
operators of as much revenue as possible
6. Case Study No. 1
USA
• Small USA network operator providing service to
SME’s
o 2 PBX’s hacked with IRSF losses of $US160,000 suffered in 30 hours
o Their carrier discovered the fraud and served immediate notice that they
required full payment within 2 days
• Carrier unable to pay and only option was to close down
• Asked for assistance and was able to provide sufficient
information to get debt reduced with time to pay
• Confirmation that IRSF will impact any operator,
irrespective of size, location or services offered, and
losses could have been significantly reduced by effective
Risk Management
7. Case Study No. 2
Barcelona - Handset Theft
• Major issue impacting many operators who have
customers roaming in Spain
o Barcelona well known as the ‘Pickpocket’ capital
o Since Jan 2013, an average of 260 mobiles per month have been stolen
and the SIM cards used for IRSF
o All 4 major Spanish networks being used, losses per SIM card can be as
high as €10,000 per hour
• Fraudsters using combination of International Call
Forward, multi party calling, and associated PBX Fraud
• Also discovered that some roamers are selling their
mobiles for €500 and then reporting them stolen later!
8. Law Enforcement action for IRSF
• We cannot rely on Law Enforcement to
investigate IRSF, prosecute fraudsters and seek
reparation for operators
• Investigating IRSF is complex, typically
• Extending across 3 or 4 international borders
• Simply determining jurisdiction will be a
challenge
• A recent USA IRSF investigation took almost 3
years to complete by an operator and Federal
agency task force
o Principals were arrested in Asia for IRSF involving tens of
millions of dollars
o Before extradition could be arranged, fraudsters were
bailed and fled to Pakistan.
9. The 5 Basic steps to IRSF
1
Access a
Network
2
Obtain
IRSF Nos.
3
Generate
the calls
4
Receive
payment
5
Determine
loss
10. Access to a Network
• Fraudster must obtain the means to make these calls
• To maximise income, preferably at no cost to
Fraudster
• Common ‘Primary Frauds’ to gain access are:
o Subscription Fraud
o SIM Cloning
o Theft of handsets or SIM cards
o PBX Hacking
o Wangiri Fraud
o Arbitrage (Requires the exploitation of a bundled or discounted
tariff offering calls at less cost than any IRS pay-out offered)
1
2
34
5
11. Obtain IRSF Numbers
• Fraudster may have existing relationship with IPRN
Provider; if not, will search Internet to find one
• Obtains a ‘Test Number’ from Reseller website
• Will chose a destination with good pay-out (Latvia €0.17c)
• Calls Test Number to confirm a call will connect
• Once confirmed, will request numbers from IPRN Provider
• Request will include an estimate of minutes to be
generated
• Will include his bank account details so that funds based
on minutes generated can be credited every 7 to 30 days
1
2
34
5
12. Generate traffic
• Once IRS numbers issued, Fraudster starts generating
calls
• To maximise revenues, Fraudster will utilise network
services to generate overlapping, simultaneous calls
• Such services will include International Call Forwarding,
Multi-Party calling, combining PBX with CFW mobile SIM
• Fraudster will continue this activity until originating
number range owner becomes aware of fraud and blocks
access
• Typically the Fraudster will then move to another
fraudulent access and continue calling additional
numbers providing by the IPR Number Provider
1
2
34
5
13. Receive payment
• In most circumstances the originating number range
holder is required to make payment for this fraudulent
traffic
o Existing Roaming or Interconnect agreement requirement
• Initial payment made to roaming or interconnect partner
• Payment continues down value chain to reach the
terminating number range owner
• Terminating operator retains his share and pays IPRN
Provider
• IPRN Provider shares this balance by paying the Fraudster
(e.g. €0.17c per minute for calls to Latvia) and retaining
the balance
1
2
34
5
14. Determining loss
• Originating Number range holder has made full payment
• In case of Subscription or other SIM based fraud, little or no
chance of recovering this from the fraudster.
• In case of PBX Fraud, typically the network provider will
attempt to recover cost of fraud from the PBX user
• In many cases this will result in a dispute, unwanted publicity
and customer churn unless network provider accepts all or
part of this loss
• PBX user will typically argue that their network provider
should have discovered such a huge increase in calling activity
• All other transit operators, IRS Number owner, number
reseller and fraudster have benefited from this fraud
1
2
34
5
15. IPR Number Resellers
• Number of Resellers continues to increase:
o 17 in 2009
o 47 in 2012
o 85 in October 2013
• 400% increase in 4 years
• Most of this increase results in those wanting to
exploit IRSF revenues
• Many now acting as Number Wholesalers
16. Number Misappropriation (Hijacking)
• Usually involves Country numbers with high
termination rates – e.g Small Island nation at $US0.65c
• Fraudsters will act in collusion with a dishonest carrier
• Advertise ‘below cost’ rates into country to attract
operators looking for Least Cost Routing (LCR)
• Calls will be routed in a certain direction to ensure that
they hit the ‘dishonest operators’ network
• Once there, they will be filtered out and ‘short-
stopped’ outside the Country to which the CC applies
• Payment follows the same value chain as the call
routing
17. Industry initiatives to
reduce IRSF losses?
• Very little industry progress to stop IRSF/Hijacking
• ITU misuse reporting is not currently being supported
• I3 Forum has published guidelines, but again, these are
not being supported by all of their membership
• BEREC have issued guidelines re with-holding payment
however these apply only to European operators and are
complex
• Continued lack of cooperation within the operator
community
• Regretfully, the Fraudsters appear to be better organised
to take full advantage of industry weaknesses
18. Industry’s ability to implement
initiatives for steps 1 – 5 of IRSF
1
Access a
Network
2
Obtain
IRSF Nos.
3
Generate
the calls
4
Receive
payment
5
Determine
loss
19. Access to a network
• Subscription Fraud and it’s variations can be reduced
with effective Fraud Management Systems
• SIM cloning can be eliminated by upgrading algorithm
• PBX Fraud can be reduced by implementing fraud
awareness programs and audits for business customers
• Arbitrage can be avoided by ensuring that risk reviews
are completed on all new products, services and tariffs
• Invest in a fraud management solution
However controls must be relative to preventing
fraud while minimising customer impact.
1
2
34
5
20. Obtaining IPR Numbers
• IPR Number Resellers have increased by 400% since 2009
• 85+ are now competing to attract fraudsters to them
• Up to 75% of fraudsters embarking on an IRS Fraud will
call a Test Number, provided by the Reseller first.
• Most of these Test Numbers are now available in a
database as an IRSF detection tool
Implement a cost effective Fraud Management
System which uses a Test Number Database as a
hotlist. This alerts a CSP to a potential IRSF incident
and has already shown benefits
1
2
34
5
21. Generate traffic
• Reduce the opportunity for fraudsters to maximise
revenues by;
o Removing International Call Forwarding and Multi Party calling from
roaming customer SIM’s
o Ensure that automated systems are in place to analyse NRTRDE
records 24x7 and refer alerts to analysts
o Ensure automated systems are in place to notify analysts 24x7 of calls
to known IRSF destinations
Up to 87% of all reported IRSF occurs between 8.00pm
Friday and 8.00am Monday. If the fraud function does
not operate during this period, alternatives must be
identified.
1
2
34
5
22. Receive Payment
• Early identification of IRSF does provide
opportunities to negotiate payment withholding by
partners
• Position is strengthened if impacted operator is able
to confirm that IRSF losses relate to a hijacked
number range
The earlier an incident is identified, the less the
fraud loss will be, so early detection is critical.
1
2
34
5
23. Determining Loss
• In most situations, it will be the originating number owner
who will suffer the loss for IRSF, and it is their responsibility to
ensure that they have systems and processes in place to
minimise these losses.
• Accurate reporting with supporting information is essential to
identify true losses, identify control weaknesses and enable
future detection/prevention to be improved
Fraud management solutions have good reporting
capabilities and will support the creation of future
intelligence in the fight against IRSF
1
2
34
5
25. PRISM
• YFCL are monitoring the IPR Number Reseller
websites and developed an IRS Test Number
Database (PRISM)
• This database currently contains over 40,000 test
numbers
o PRISM has been made available on a subscription basis to operators
since the 21 August 2013
o It is used as a ‘hot-list’ within an FMS to alert operators when a Test
Number has been called
o It has proved to be very effective at identifying IRSF
o Test Numbers are updated every 6-8 weeks to ensure that they remain
current
26. Example of IRSF Test Numbers
Date Time A Number B Number Call Duration
30/03/2013 05:17:33 XXX977860XX 23221104397 7
30/03/2013 05:32:14 XXX977860XX 23221104397 5
30/03/2013 05:57:22 XXX977860XX 23221104397 5
30/03/2013 06:03:41 XXX977860XX 23221300284 19
30/03/2013 06:13:55 XXX977860XX 23221300284 601
30/03/2013 06:13:57 XXX977860XX 23221300284 581
30/03/2013 06:13:58 XXX977860XX 23221300284 538
30/03/2013 06:13:58 XXX977860XX 23221300284 551
30/03/2013 06:14:01 XXX977860XX 23221300284 576
30/03/2013 06:14:01 XXX977860XX 23221300284 592
30/03/2013 06:14:02 XXX977860XX 23221300284 543
30/03/2013 06:14:03 XXX977860XX 23221300284 575
30/03/2013 06:14:05 XXX977860XX 23221300284 530
30/03/2013 06:14:06 XXX977860XX 23221300284 593
30/03/2013 06:14:07 XXX977860XX 23221300284 498
30/03/2013 06:14:07 XXX977860XX 23221300284 588
30/03/2013 06:14:08 XXX977860XX 23221300284 545
Sierra Leone 23221341844 https://www.reaxxxxxxxxts.com/
Sierra Leone 23221104397 https://www.reaxxxxxxxxts.com/
Sierra Leone 23221201721 https://www.reaxxxxxxxxts.com/
Sierra Leone 23221341838 https://www.reaxxxxxxxxts.com/
Sierra Leone 23221104344 https://www.reaxxxxxxxxts.com/
Sierra Leone 23221201740 https://www.reaxxxxxxxxts.com/
Calls to a Test Number in
Sierra Leone. 3 Calls all
short duration. (Duration
in seconds).
IRSF commences 46
minutes after calls to Test
Number.
This fraud continued for 4
hours with a loss to the
carrier of over $US 52,000.
Could this have been
avoided or reduced if an
alert had been generated
once the Test Number was
called?
Sierra Leone Test
Numbers available
on number reseller’s
website in March
2013.
Sierra Leone Test
Numbers from the
same website in July
2013. Note changes.
28. Risk Mitigation
and recommendations
Considerations
• IRSF and associated fraud will be around
for the foreseeable future
• The lack of Industry progress means
operators must implement strong
prevention and detection controls
• Law Enforcement action is no deterrent
• Operators who have experienced IRSF are
strengthening their controls, fraudsters are
constantly searching for soft targets.
• What you spend now to implement
controls will be significantly less than you
will lose in an IRSF attack
• IRS Fraudsters do not differentiate
between Prepaid or Post-paid, both are at
risk.
29. Risk Mitigation
and recommendations
Advice
• Question whether you have strong or
sufficient controls in place to prevent or
detect an IRSF attack?
• Remove International Call Forwarding
and multi-party calling capability from
roaming SIM cards
• Encourage mobile users to implement
SIM pin-lock
• Ensure all Business customers have
been advised to check their PBX
security – change default Passwords,
remove DISA facility if not required etc
30. Risk Mitigation
and recommendations
T
• Early detection of likely IRSF activity is essential
losses are likely to increase at €10,000 per hour
• Install an automated Fraud Management
System capable of providing you with 24x7
monitoring and correlation to a Test Number
database.
• Consider expansion in FM coverage to look at
the primary frauds
• Subscription Fraud
• SIM Cloning
• Theft of handsets or SIM cards
• PBX Hacking
• Wangiri Fraud
Tools
31. For more information please contact:
info@xintec.com
XINTEC| Whelan House | South County Business Park | Leopardstown |
Dublin 18 | Ireland