Real-Time Analysis and

Prevention of Carrier Fraud
Carrier Fraud Business Backgroud
· Fraud if one of the key reasons for carrier revenue loss
· Subex study for 2012 shows that over 6 billion USD or 3% of total business volume
is lost due to interconnect fraud
· Carriers are noticing increase of interconnect fraud
· Various fraud scenarios are often facilitated by complex environment
· Large number of interconnect carriers included in traffic transit
· Difficulties in credit risk assesment
· Evolution of new services and product offerings
· Regulatory framework
· Rate variations for same service on different level of interconnects
· Due to market competition the level of "acceptable loss¨ is practically non existing
· Carriers are focusing on quick detection and prevention of carrier fraud
Common Carrier Fraud Scenarios
Carrier own
network
SIM-box
Hacked PBX
Traffic generation
Re-filing
Tromboning
Boomeranging
False answer
Late release
Roaming fraud
Premium callback
DoS attacks
Interconnect and roaming partner networks
Typical Fraud Management Process
· Passive service
data analytics
· Active test call
generation
Analyze
· Case
management
· Clarification
· Conclusion
Evaluate
· Legal action
· Technical
blocking
Act
Delay
Action
scope
· Passive service
data analytics
· Active test call
generation
Analyze
· Case
management
· Clarification
· Conclusion
Evaluate
· Legal action
· Technical
blocking
Act
Challenges in the Process
Delay
Process Challenges - Delay
· Network elements often provide service usage data with delay
· Time needed to collect data
· Usually this data needs to move through some other processing stages (primarily
mediation) before it is available for fraud analysis
· Time required for fraud analysis
· Delay until executing technical action
· Time to resolve issue bilaterally with interconnected carrier
Process Challenges ± Scope of Action
· Legal and regulatory limitations
· Limitation of blacklisting on network elements
· Carriers causing fraud are often not connected directly
Process Challenges ± Scope of Action
Heksagon Approach
Core Network
Real-time capabilities achieved
through call control interfaces to
core network
Advanced analytical system
evaluating traffic patterns, profile
deviations, analyzing test calls
and supporting case management
I
n
t
e
g
r
a
t
e
d

a
n
a
l
y
t
i
c
a
l

a
n
d

r
e
a
l
-
t
i
m
e

s
o
l
u
t
i
o
n
Main Features
· Processing of real-time data stream from HexRT
· Combination with offline data (network elements, mediation, roaming data, IT systems)
· Constant analytical evaluation of all collected data for deviations from standard patterns,
trends and long-term averages
· Matching of collected data with out-of-the box and user defined scenarios
· Detection of potential fraud violation cases
· Case management workflow support
Graphical Fraud Scenario Designer
Processing Features
· Combination of real-time and near-real-time service usage data
· Real-time feed from HexRT (call-control and RADIUS/DIAMETER)
· Raw CDR data from switches
· xDR data from SMS-C and platforms
· Signalling information from monitoring systems
· Test call information
· Multi stage data correlation
· Stage 1: all events belonging to one session on one network elements
· Stage 2: same session across all affected network elements (call path, etc.)
· Stage 3: unrelated session but corresponding to a specific fraud scenario (e.g.
"wangiri¨)
· Evaluation of events corresponding to all active fraud scenarios
Analytical Features
· Ad-hoc analytics of events through OLAP reporting and dashboards
· Evaluation of cases according to:
· Fixed thresholds
· Deviation from average values
· Variations from traffic profiles
· Standard processed scenarios:
· From service usage data: re-filing, SIM box detection, tromboning, hacked PBX,
traffic generation, premium callback ("wangiri¨), DoS attacks, boomeranging,
roaming fraud
· Additionaly from test call data: false answer, late release
· Custom defined scenarios
Fraud Analytics
Handling of Detected Cases
· Notification and alerting in case of detected cases
· Support of evaluation and decision workflow through case management
· Manual application of updated rules to HexRT based on confirmed fraud cases
· fraud expert confirms action to apply parameters corresponding to detected case to
the real-time platform
· Automatic application of additional rules to HexRT
· for scenarios which require very fast reaction and for which detection process can
clearly identify fraud parameters (e.g. Wangiri, DoS attacks, hacked PBX)
Case Management
High Level Architecture
Call Control
Service
Quality
Measurement
Fraud
Screening
and Active
Testing
Dynamic
Routing
Management
INAP/CAMEL/SIP
DIAMETER
RADIUS
Main Features
· Module is connected to core network either using SS7 CAP/INAP or SIP protocol
· Each call is forwarded to HexRT platform which provides information how to process on
switch
· Evaluation of call parameters
· Low level evaluation of number matching, nummeration check,
nature of address control, etc.
· Complex rules defined by combination of low-level filters
· Execution of action according to detected scenario
· No interference, Call release, Call re-route, etc.
Rule Definition
Management of HexRT Rules
· Standard out-of-the-box scenarios corresponding to typical fraud types
· Re-filing of international traffic
· Dynamic scenarios automatically extended by detected cases in HexFraud system
· Hacked PBX
· Traffic generation
· Premium callback ("wangiri¨)
· DoS attack
· Custom defined rules created through user interface
· Exceptions to standard scenarios
Monitoring Console
Challenges of Described Approach
· Corresponding call control interfaces required in core network
· Increased complexity of call handling
· Risk of disturbing live traffic due to incorrect rule definition ("catastrophic¨ rules blocking
significant portions of traffic are automatically deactivated by system, but rules that
disturb regular traffic in smaller scales are allowed)
Benefits of Described Approach
· Effective combination of advanced analytical features with real-time detection and
prevention mechanism
· All operational delays reduced to minimum allowing very fast reaction
· Possibility to selectively block fraudulent traffic within wider interconnect traffic flow
· Collateral benefits:
· Better level of visibility and control of interconnect traffic
· Improved level of understanding of routing in foreign networks
· Detection of SIM boxes and gateways in foreign networks
Deployment Case
· OJSC Megafon is one of the leading telecommunication operatators in Russian
Federation currently providing services to more than 64 million subscribers
· System HexRT is deployed on international and long-distance mobile and fixed-line
network over 1 year ago
· Integration to core network is achived using CAMEL and INAP protocols
· Deployed system allows processing of more than 1000 call attempts per second
SSP
STP
Carrier
INAP/CAMEL
Core network
Management
module
rules
provisioning within
configuration MMLs
INAP/CAMEL
Carrier
Architecture
HexFraud,
HexLCR
HexRT
HexRT
Results
· Analyzed scenarios:
· Re-filing of international traffic
· Invalid national traffic
· Traffic generation to premium destinations
· Call-back schemes ("wangiri¨)
· SIM-box traffic termination
· Boomeranging
· Tromboning
· From commercial standpoint complete investment in this project was fully returned within the first
year of operation
Q & A
andraz.oblak@hex-group.com
Backup slides:
Company Introduction
· Heksagon Group ± software development company with background in designing, building and
implementing telecommunication IT systems
· Specialized in solutions for comprehensive fraud management, routing management and traffic
analysis for telecommunication operators
· Headquarters in Cyprus
· Main development site in Slovenia
· Offices in Cyprus, Slovenia, Russia, Germany
and USA
Company Introduction
· ɈȺɈ ɆɌɌ ÷ Russia
· ɈȺɈ MGTS ÷ Russia
· OAO Megafon ÷ Russia
· OAO MTS ÷ Russia
· Callax group ÷ Germany
· Dialround ÷ USA
· 010012 GmbH ÷ Germany
· CSC Telecom ÷ Estonia, Lithuania, Latvia
Selected Reference
Heksagon Products
HexLCR
Optimal Price and Routing
ManagementSystem
HexTraffic
Mediation and analytics of
network traffic data
HexRT
Real-time fraud control and
prevention
HexFraud
Detection and analysis of
carrier fraud.

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master Your Semester with a Special Offer from Scribd & The New York Times

Cancel anytime.