SlideShare ist ein Scribd-Unternehmen logo

International Revenue Share Fraud webinar

Als PPTX, PDF herunterladen
XINTEC
XINTEC

Recently in telecommunications, several industry-wide measures have been introduced to detect and mitigate losses, yet International Revenue Share Fraud (IRSF) is increasing on a global scale. This webinar by Colin Yates, independent consultant and advisor to multiple industry bodies and ex-Vodafone Head of Group Risk, discussed best practices for executing a strategy for the prevention of IRSF fraud. Covered in the webinar: - About IRSF and the extent of global fraud losses today - What measures can be taken to mitigate fraud losses - What controls can be put in place to predict and detect IRSF attacks - Industry guidelines and best practice used to address IRSF - How technology can help a CSPs Fraud detection and prevention capability

TechnologieBusiness
1 von 32
International Revenue Share Fraud Webinar Colin Yates Yates Fraud Consulting Ltd. Roaming and IRSF Webinar – 3 December 2013
Webinar Agenda • Introduction to IRSF • Recent case studies • Law Enforcement action re IRSF • Introduction to IRSF – 5 Stages • IPR Number Resellers • Number Misappropriation (Hijacking) • Industry initiatives to reduce IRSF losses • Industry’s contributing factors to IRSF • Risk mitigation & recommendations • Q & A
Introduction to IRSF • There are a number of definitions available to describe IRSF A simple description would be: ‘Using fraudulent access to an Operators network to artificially inflate traffic to numbers obtained from an International Premium Rate Number Provider, for which payment will be received by the Fraudster (on a revenue share basis with the number provider) for every minute of traffic generated into those numbers.’
IRSF What is our view of the fraudster?
Recent Case Studies USA & Barcelona
Case Study No. 1 USA • Small USA network operator providing service to SME’s – 2 PBX’s hacked with IRSF losses of $US160,000 suffered over a 30 hour period – Their carrier discovered fraud and served immediate notice that they required full payment within 48 hours • Carrier unable to pay and only option was to close down • Asked for my assistance and was able to provide sufficient information to get debt reduced with time to pay • Confirmation that IRSF will impact any operator, irrespective of size, location or services offered, and losses could have been significantly reduced by effective Risk Mgt
Case Study No. 2 Handset Theft - Barcelona • Major issue impacting many operators who have customers roaming in Spain – Barcelona well known as the ‘Pickpocket’ capital – Since Jan 2013, an average of 260 mobiles per month have been stolen and the Simcards used for IRSF – All 4 Spanish networks being used, losses per Simcard are averaging €10,000 per hour • Fraudsters using combination of International Call Forward, multi party calling, and associated PBX Fraud • Also discovered that some roamers are selling their mobiles for €500 and then reporting them stolen later!
Law Enforcement action for IRSF • We cannot rely of Law Enforcement to investigate IRSF, prosecute fraudsters and seek reparation for operators • Investigating IRSF is complex, typically extending across 3 or 4 international borders • Simply determining jurisdiction will be a challenge • A recent USA IRSF investigation took almost 3 years to complete by an operator and federal agency task force • Principals were arrested in Malaysia for IRSF involving tens of millions of dollars • Before extradition could be arranged, fraudsters were bailed and fled to Pakistan.
The 5 Basic steps to IRSF 1 Access a Network 2 Obtain IRSF numbers 3 Generate the calls 4 Receive payment 5 Determine loss
1. Access to a Network • Fraudster must obtain the means to make these calls • To maximise income, preferably at no cost to Fraudster • Common ‘Primary Frauds’ to gain access are; – Subscription Fraud – SIM Cloning – Theft of handsets or SIM cards – PBX Hacking – Wangiri Fraud – Arbitrage (Requires the exploitation of a bundled or discounted tariff offering calls at less cost than any IRS pay-out offered)
2. Obtain IRSF Numbers • Fraudster may have existing relationship with IPRN Provider • If not, will search Internet to find one • Obtains a ‘Test Number’ from Reseller website • Will chose a destination with good pay-out (Latvia €0.17c) • Calls Test Number to confirm a call will connect • Once confirmed, will request numbers from IPRN Provider • Request will include an estimate of minutes to be generated • Will include his bank account details so that funds based on minutes generated can be credited every 7 to 30 days
3. Generate traffic • Once IRS numbers issued, Fraudster starts generating calls • To maximise revenues, Fraudster will utilise network services to generate overlapping, simultaneous calls • Such services will include International Call Forwarding, Multi-Party calling, combining PBX with C/Fwd mobile Sim • Fraudster will continue this activity until originating number range owner becomes aware of fraud and blocks access • Typically the Fraudster will then move to another fraudulent access and continue calling additional numbers providing by the IPR Number Provider
4. Receive payment • In most circumstances the originating number range holder is required to make payment for this fraudulent traffic – Existing Roaming or Interconnect agreement requirement • Initial payment made to roaming or interconnect partner • Payment continues down value chain to reach the terminating number range owner • Terminating operator retains his share and pays IPRN Provider • IPRN Provider shares this balance by paying the Fraudster (e.g. €0.17c per minute for calls to Latvia) and retaining the balance.
5. Determining loss • Originating Number range holder has made full payment • In case of Subscription or other SIM based fraud, little or no chance of recovering this from the fraudster. • In case of PBX Fraud, typically the network provider will attempt to recover cost of fraud from the PBX user • In many cases this will result in a dispute, unwanted publicity and customer churn unless network provider accepts all or part of this loss • PBX user will typically argue that their network provider should have discovered such a huge increase in calling activity • All other transit operators, IRS Number owner, number reseller and fraudster have benefited from this fraud
IPR Number Resellers • Number of Resellers continues to increase: – 17 in 2009 – 47 in 2012 – 85 in October 2013 • 400% increase in 4 years • Most of this increase results in those wanting to exploit IRSF revenues • Many now acting as Number Wholesalers
Number Misappropriation (Hijacking) • Usually involves Country numbers with high termination rates – e.g Small Island nation at $US0.65c • Fraudsters will act in collusion with a dishonest carrier • Advertise ‘below cost’ rates into country to attract operators looking for Least Cost Routing (LCR) • Calls will be routed in a certain direction to ensure that they hit the ‘dishonest operators’ network • Once there, they will be filtered out and ‘short-stopped’ outside the • Payment follows the same value chain as the call routing
Industry initiatives to reduce IRSF losses • Very little industry progress to stop IRSF/Hijacking • ITU misuse reporting is not being supported • I3 Forum has published guidelines, but again, these are not being supported by all of their membership • BEREC have issued guidelines re with-holding payment however these apply only to European operators and are complex • Continued lack of cooperation within the operator community • Regretfully, the Fraudsters appear to be better organised to take full advantage of industry weaknesses
Industry’s ability to implement initiatives for steps 1 – 5 of IRSF 1 Access a Network 2 Obtain IRSF numbers 3 Generate the calls 4 Receive payment 5 Determine loss
1 – Access to a network  Subscription Fraud and it’s variations can be reduced with effective Fraud Management Systems  SIM cloning can be eliminated by upgrading algorithm  PBX Fraud can be reduced by implementing fraud awareness programs and audits for business customers  Arbitrage can be avoided by ensuring that risk reviews are completed on all new products, services and tariffs  Invest in a fraud management solution However controls must be relative to preventing fraud while minimising customer impact.
2 – Obtaining IPR Numbers  IPR Number Resellers have increased by 400% since 2009  85+ are now competing to attract fraudsters to them  Up to 75% of fraudsters embarking on an IRS Fraud will call a Test Number, provided by the Reseller first.  Most of these Test Numbers are now available in a database as an IRSF detection tool Implement a cost effective Fraud Management System which uses a Test Number Database as a hotlist. This alerts a CSP to a potential IRSF incident and has already shown benefits.
3 – Generate traffic  Reduce the opportunity for fraudsters to maximise revenues by; – Removing International Call Forwarding and Multi Party calling from roaming customer SIM’s – Ensure that automated systems are in place to analyse NRTRDE records 24x7 and refer alerts to analysts – Ensure automated systems are in place to notify analysts 24x7 of calls to known IRSF destinations Up to 87% of all reported IRSF occurs between 8.00pm Friday and 8.00am Monday. If the fraud function does not operate during this period, alternatives must be identified.
4 – Receive Payment  Early identification of IRSF does provide opportunities to negotiate payment withholding by partners  Position is strengthened if impacted operator is able to confirm that IRSF losses relate to a hijacked number range The earlier an incident is identified, the less the fraud loss will be, so early detection is critical.
5 – Determining Loss  In most situations, it will be the originating number owner who will suffer the loss for IRSF, and it is their responsibility to ensure that they have systems and processes in place to minimise these losses.  Accurate reporting with evidential information is essential to identifying true losses, enabling future accurate detection/prevention through knowledge transfer. Fraud management solutions have good reporting capabilities and will support the creation of future intelligence in the fight against IRSF.
IRS Test Number Database (PRISM)
IRS Test Number Database (PRISM) • YFCL are monitoring the IPR Number Reseller websites and developed an IRS Test Number Database (PRISM) • This database currently contains over 25,500 test numbers – PRISM has been made available on a subscription basis to operators since the 21 August 2013 – It is used as a ‘hot-list’ within an FMS to alert operators when a Test Number has been called – It has proved to be very effective at identifying IRSF • Xintec are the only FMS Provider licenced to offer PRISM free as a hot list within their FMSevolution product.
Example of IRSF Test Numbers Date Time A Number B Number Call Duration 30/03/2013 05:17:33 XXX977860XX 23221104397 7 30/03/2013 05:32:14 XXX977860XX 23221104397 5 30/03/2013 05:57:22 XXX977860XX 23221104397 5 30/03/2013 06:03:41 XXX977860XX 23221300284 19 30/03/2013 06:13:55 XXX977860XX 23221300284 601 30/03/2013 06:13:57 XXX977860XX 23221300284 581 30/03/2013 06:13:58 XXX977860XX 23221300284 538 30/03/2013 06:13:58 XXX977860XX 23221300284 551 30/03/2013 06:14:01 XXX977860XX 23221300284 576 30/03/2013 06:14:01 XXX977860XX 23221300284 592 30/03/2013 06:14:02 XXX977860XX 23221300284 543 30/03/2013 06:14:03 XXX977860XX 23221300284 575 30/03/2013 06:14:05 XXX977860XX 23221300284 530 30/03/2013 06:14:06 XXX977860XX 23221300284 593 30/03/2013 06:14:07 XXX977860XX 23221300284 498 30/03/2013 06:14:07 XXX977860XX 23221300284 588 30/03/2013 06:14:08 XXX977860XX 23221300284 545 Sierra Leone 23221341844 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221104397 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221201721 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221341838 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221104344 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221201740 https://www.reaxxxxxxxxts.com/ Calls to a Test Number in Sierra Leone. 3 Calls all short duration. (Duration in seconds). IRSF commences 46 minutes after calls to Test Number. This fraud continued for 4 hours with a loss to the carrier of over $US 52,000. Could this have been avoided or reduced if an alert had been generated once the Test Number was called? Sierra Leone Test Numbers available on number reseller’s website in March 2013. Sierra Leone Test Numbers from the same website in July 2013. Note changes.
Risk Mitigation and Recommendations
Risk Mitigation and recommendations Considerations • IRSF and associated fraud will be around for foreseeable future • The lack of Industry progress means operators to implement strong prevention and detection • Law Enforcement action is no deterrent • Operators who have experienced IRSF are strengthening their controls, fraudsters are constantly searching for soft targets. • What you spend now to implement controls will be significantly less than you will lose in an IRSF attack • IRS Fraudsters do not differentiate between Prepaid or Post-paid, both are at risk.
Risk Mitigation and recommendations Advice • Question whether you have strong or sufficient controls in place to prevent or detect an IRSF attack? • Remove International Call Forwarding and multi-party calling capability from roaming SIM cards • Encourage mobile users to implement SIM pin-lock • Ensure all Business customers have been advised to check their PBX security – change default Passwords, remove DISA facility if not required etc
Risk Mitigation and recommendations Tools • Early detection of likely IRSF activity is essential losses are likely to increase at €10,000 per hour • Install an automated Fraud Management System capable of providing you with 24x7 monitoring and correlation to a Test Number database. • Consider expansion in FM coverage to look at the primary frauds • Subscription Fraud • SIM Cloning • Theft of handsets or SIM cards • PBX Hacking • Wangiri Fraud
COLIN YATES FRAUD RISK CONSULTANT EMAIL: COLIN@YATESFRAUDCONSULTING.COM PHONE: +64-21 1084447 (NZ) OR +44-7920 870852 (UK) WWW.YATESFRAUDCONSULTING.COM Thank You!

Empfohlen

Identity Theft ppt
Identity Theft pptIdentity Theft ppt
Identity Theft pptAngela Lawson
 
Computer crimes and criminals
Computer crimes and criminalsComputer crimes and criminals
Computer crimes and criminalsOnline
 
Rfm analysis
Rfm analysisRfm analysis
Rfm analysischintan desai
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
An Executive Guide on How to Use Machine Learning and AI for AML Compliance
An Executive Guide on How to Use Machine Learning and AI for AML ComplianceAn Executive Guide on How to Use Machine Learning and AI for AML Compliance
An Executive Guide on How to Use Machine Learning and AI for AML ComplianceAlessa
 
4 way recon solution for ATM,POS,Recyclers,Mobile banking, Internet banking,etc
4 way recon solution for ATM,POS,Recyclers,Mobile banking, Internet banking,etc4 way recon solution for ATM,POS,Recyclers,Mobile banking, Internet banking,etc
4 way recon solution for ATM,POS,Recyclers,Mobile banking, Internet banking,etcPratap Parab
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 

Empfohlen

Identity Theft ppt
Identity Theft pptIdentity Theft ppt
Identity Theft pptAngela Lawson
 
Computer crimes and criminals
Computer crimes and criminalsComputer crimes and criminals
Computer crimes and criminalsOnline
 
Rfm analysis
Rfm analysisRfm analysis
Rfm analysischintan desai
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
An Executive Guide on How to Use Machine Learning and AI for AML Compliance
An Executive Guide on How to Use Machine Learning and AI for AML ComplianceAn Executive Guide on How to Use Machine Learning and AI for AML Compliance
An Executive Guide on How to Use Machine Learning and AI for AML ComplianceAlessa
 
4 way recon solution for ATM,POS,Recyclers,Mobile banking, Internet banking,etc
4 way recon solution for ATM,POS,Recyclers,Mobile banking, Internet banking,etc4 way recon solution for ATM,POS,Recyclers,Mobile banking, Internet banking,etc
4 way recon solution for ATM,POS,Recyclers,Mobile banking, Internet banking,etcPratap Parab
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
Database forensics
Database forensicsDatabase forensics
Database forensicsDenys A. Flores, PhD
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
Identity Theft
Identity Theft Identity Theft
Identity Theft Fairfax County
 
Qr codes
Qr codesQr codes
Qr codesRonan Dunne, CEH, SSCP
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigationedwardbel
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
RFM Segmentation
RFM SegmentationRFM Segmentation
RFM SegmentationKamil Bartocha
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyharpinderkaur123
 
Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniDr Raghu Khimani
 
Cryptography and authentication
Cryptography and authenticationCryptography and authentication
Cryptography and authenticationmbadhi
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service AttackDhrumil Panchal
 
What is Hacking? AND Types of Hackers
What is Hacking? AND Types of HackersWhat is Hacking? AND Types of Hackers
What is Hacking? AND Types of Hackersinfosavvy
 
Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime InvestigationHarshita Ved
 
Crime Analytics: Analysis of crimes through news paper articles
Crime Analytics: Analysis of crimes through news paper articlesCrime Analytics: Analysis of crimes through news paper articles
Crime Analytics: Analysis of crimes through news paper articlesChamath Sajeewa
 
Identity theft
Identity theftIdentity theft
Identity theftEqhball Ghazizadeh
 
Biometrics based key generation
Biometrics based key generationBiometrics based key generation
Biometrics based key generationPiyush Rochwani
 
Deep Web & Dark Web
Deep Web & Dark WebDeep Web & Dark Web
Deep Web & Dark WebPaolo Vedorin
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicNovizul Evendi
 
IRSF
IRSFIRSF
IRSFAkhil Singh Rawat
 
FraudStrike Bringing IRSF Under Control
FraudStrike Bringing IRSF Under ControlFraudStrike Bringing IRSF Under Control
FraudStrike Bringing IRSF Under ControlRichard Hickson
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigationedwardbel
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniDr Raghu Khimani
 
Cryptography and authentication
Cryptography and authenticationCryptography and authentication
Cryptography and authenticationmbadhi
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service AttackDhrumil Panchal
 
What is Hacking? AND Types of Hackers
What is Hacking? AND Types of HackersWhat is Hacking? AND Types of Hackers
What is Hacking? AND Types of Hackersinfosavvy
 
Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime InvestigationHarshita Ved
 
Crime Analytics: Analysis of crimes through news paper articles
Crime Analytics: Analysis of crimes through news paper articlesCrime Analytics: Analysis of crimes through news paper articles
Crime Analytics: Analysis of crimes through news paper articlesChamath Sajeewa
 
Biometrics based key generation
Biometrics based key generationBiometrics based key generation
Biometrics based key generationPiyush Rochwani
 

Was ist angesagt? (20)

Database forensics
Database forensicsDatabase forensics
Database forensics
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
 
Identity Theft
Identity Theft Identity Theft
Identity Theft
 
Qr codes
Qr codesQr codes
Qr codes
 
Phishing
PhishingPhishing
Phishing
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigation
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
RFM Segmentation
RFM SegmentationRFM Segmentation
RFM Segmentation
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu Khimani
 
Cryptography and authentication
Cryptography and authenticationCryptography and authentication
Cryptography and authentication
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
 
What is Hacking? AND Types of Hackers
What is Hacking? AND Types of HackersWhat is Hacking? AND Types of Hackers
What is Hacking? AND Types of Hackers
 
Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime Investigation
 
Crime Analytics: Analysis of crimes through news paper articles
Crime Analytics: Analysis of crimes through news paper articlesCrime Analytics: Analysis of crimes through news paper articles
Crime Analytics: Analysis of crimes through news paper articles
 
Identity theft
Identity theftIdentity theft
Identity theft
 
Biometrics based key generation
Biometrics based key generationBiometrics based key generation
Biometrics based key generation
 
Deep Web & Dark Web
Deep Web & Dark WebDeep Web & Dark Web
Deep Web & Dark Web
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 

Andere mochten auch

FraudStrike Bringing IRSF Under Control
FraudStrike Bringing IRSF Under ControlFraudStrike Bringing IRSF Under Control
FraudStrike Bringing IRSF Under ControlRichard Hickson
 
Telecom Fraud Detection
Telecom Fraud DetectionTelecom Fraud Detection
Telecom Fraud DetectionPunit Kishore
 
Valutazione Delle Capacità Predittive di un FMS
Valutazione Delle Capacità Predittive di un FMSValutazione Delle Capacità Predittive di un FMS
Valutazione Delle Capacità Predittive di un FMSScattareggia
 
Implementare il paradigma Software-Defined Networking utilizzando OpenFlow sw...
Implementare il paradigma Software-Defined Networking utilizzando OpenFlow sw...Implementare il paradigma Software-Defined Networking utilizzando OpenFlow sw...
Implementare il paradigma Software-Defined Networking utilizzando OpenFlow sw...Francesco Ciclosi
 
Fraud Management System - ISACA
Fraud Management System - ISACAFraud Management System - ISACA
Fraud Management System - ISACAScattareggia
 
IRSF Protection with PRISM
IRSF Protection with PRISMIRSF Protection with PRISM
IRSF Protection with PRISMXINTEC
 
Sim box fraud
Sim box fraudSim box fraud
Sim box fraudXINTEC
 
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...cVidya Networks
 
Risques de fraudes et de pertes de revenus
Risques de fraudes et de pertes de revenusRisques de fraudes et de pertes de revenus
Risques de fraudes et de pertes de revenusEric Pradel-Lepage
 
Roaming International - Stratégies
Roaming International - StratégiesRoaming International - Stratégies
Roaming International - StratégiesKEY Dolce
 
Formation Fraud & Revenue Assurance
Formation Fraud & Revenue AssuranceFormation Fraud & Revenue Assurance
Formation Fraud & Revenue AssuranceJean-Marie Gandois
 

Andere mochten auch (15)

IRSF
IRSFIRSF
IRSF
 
FraudStrike Bringing IRSF Under Control
FraudStrike Bringing IRSF Under ControlFraudStrike Bringing IRSF Under Control
FraudStrike Bringing IRSF Under Control
 
Telecom Fraud Detection
Telecom Fraud DetectionTelecom Fraud Detection
Telecom Fraud Detection
 
Valutazione Delle Capacità Predittive di un FMS
Valutazione Delle Capacità Predittive di un FMSValutazione Delle Capacità Predittive di un FMS
Valutazione Delle Capacità Predittive di un FMS
 
Implementare il paradigma Software-Defined Networking utilizzando OpenFlow sw...
Implementare il paradigma Software-Defined Networking utilizzando OpenFlow sw...Implementare il paradigma Software-Defined Networking utilizzando OpenFlow sw...
Implementare il paradigma Software-Defined Networking utilizzando OpenFlow sw...
 
Fraud Management System - ISACA
Fraud Management System - ISACAFraud Management System - ISACA
Fraud Management System - ISACA
 
IRSF Protection with PRISM
IRSF Protection with PRISMIRSF Protection with PRISM
IRSF Protection with PRISM
 
Ff46 45 irsf_ic_283762
Ff46 45 irsf_ic_283762Ff46 45 irsf_ic_283762
Ff46 45 irsf_ic_283762
 
Sim box fraud
Sim box fraudSim box fraud
Sim box fraud
 
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
 
Fraud in Telecoms
Fraud in TelecomsFraud in Telecoms
Fraud in Telecoms
 
Risques de fraudes et de pertes de revenus
Risques de fraudes et de pertes de revenusRisques de fraudes et de pertes de revenus
Risques de fraudes et de pertes de revenus
 
Roaming International - Stratégies
Roaming International - StratégiesRoaming International - Stratégies
Roaming International - Stratégies
 
Formation Fraud & Revenue Assurance
Formation Fraud & Revenue AssuranceFormation Fraud & Revenue Assurance
Formation Fraud & Revenue Assurance
 
Comprendre la fraude irsf
Comprendre la fraude irsfComprendre la fraude irsf
Comprendre la fraude irsf
 

Ähnlich wie International Revenue Share Fraud webinar

FraudStrike
FraudStrike FraudStrike
FraudStrike XINTEC
 
How to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeHow to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeTelcoBridges Inc.
 
How to Prevent Telecom Fraud
How to Prevent Telecom FraudHow to Prevent Telecom Fraud
How to Prevent Telecom FraudJeraSoft
 
How to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeHow to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeAlan Percy
 
Telecom Revenue Assurance Workshop
Telecom Revenue Assurance WorkshopTelecom Revenue Assurance Workshop
Telecom Revenue Assurance WorkshopParcus Group
 
Fraud Management Industry Update Webinar
Fraud Management Industry Update WebinarFraud Management Industry Update Webinar
Fraud Management Industry Update WebinarcVidya Networks
 
Battling Robocall Fraud with STIR/SHAKEN
Battling Robocall Fraud with STIR/SHAKENBattling Robocall Fraud with STIR/SHAKEN
Battling Robocall Fraud with STIR/SHAKENTelcoBridges Inc.
 
Battling Robocall Fraud with STIR/SHAKEN
Battling Robocall Fraud with STIR/SHAKENBattling Robocall Fraud with STIR/SHAKEN
Battling Robocall Fraud with STIR/SHAKENAlan Percy
 
Payments 2015 01-29
Payments 2015 01-29Payments 2015 01-29
Payments 2015 01-29Infor
 
Ibm odm fraud detection & management system
Ibm odm fraud detection & management systemIbm odm fraud detection & management system
Ibm odm fraud detection & management systemsflynn073
 
Faudalert_Data_Sheet
Faudalert_Data_SheetFaudalert_Data_Sheet
Faudalert_Data_SheetJuan Illidge
 
Contemporary Frauds.pptx
Contemporary Frauds.pptxContemporary Frauds.pptx
Contemporary Frauds.pptxZiaullahShah9
 
STIR-SHAKEN Top 10 FAQ
STIR-SHAKEN Top 10 FAQSTIR-SHAKEN Top 10 FAQ
STIR-SHAKEN Top 10 FAQAlan Percy
 
The enterprise of subscription tv piracy
The enterprise of subscription tv piracyThe enterprise of subscription tv piracy
The enterprise of subscription tv piracySabastion Forward
 
Occupational Fraud and Electronic Evidence Investigations
Occupational Fraud and Electronic Evidence InvestigationsOccupational Fraud and Electronic Evidence Investigations
Occupational Fraud and Electronic Evidence Investigationsgppcpa
 
Hacking PBXs for international revenue share fraud
Hacking PBXs for international revenue share fraudHacking PBXs for international revenue share fraud
Hacking PBXs for international revenue share fraudcVidya Networks
 
Robocall Mitigation with YouMail and ProSBC
Robocall Mitigation with YouMail and ProSBCRobocall Mitigation with YouMail and ProSBC
Robocall Mitigation with YouMail and ProSBCAlan Percy
 
Robocall Mitigation with YouMail and ProSBC
Robocall Mitigation with YouMail and ProSBCRobocall Mitigation with YouMail and ProSBC
Robocall Mitigation with YouMail and ProSBCTelcoBridges Inc.
 
Fraud Management Industry Update Webinar by cVidya
Fraud Management Industry Update Webinar by cVidyaFraud Management Industry Update Webinar by cVidya
Fraud Management Industry Update Webinar by cVidyacVidya Networks
 

Ähnlich wie International Revenue Share Fraud webinar (20)

FraudStrike
FraudStrike FraudStrike
FraudStrike
 
How to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeHow to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-Time
 
How to Prevent Telecom Fraud
How to Prevent Telecom FraudHow to Prevent Telecom Fraud
How to Prevent Telecom Fraud
 
How to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeHow to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-Time
 
Telecom Revenue Assurance Workshop
Telecom Revenue Assurance WorkshopTelecom Revenue Assurance Workshop
Telecom Revenue Assurance Workshop
 
Fraud Management Industry Update Webinar
Fraud Management Industry Update WebinarFraud Management Industry Update Webinar
Fraud Management Industry Update Webinar
 
Battling Robocall Fraud with STIR/SHAKEN
Battling Robocall Fraud with STIR/SHAKENBattling Robocall Fraud with STIR/SHAKEN
Battling Robocall Fraud with STIR/SHAKEN
 
Battling Robocall Fraud with STIR/SHAKEN
Battling Robocall Fraud with STIR/SHAKENBattling Robocall Fraud with STIR/SHAKEN
Battling Robocall Fraud with STIR/SHAKEN
 
Payments 2015 01-29
Payments 2015 01-29Payments 2015 01-29
Payments 2015 01-29
 
Ibm odm fraud detection & management system
Ibm odm fraud detection & management systemIbm odm fraud detection & management system
Ibm odm fraud detection & management system
 
STIR-SHAKEN Top 10 FAQ
STIR-SHAKEN Top 10 FAQSTIR-SHAKEN Top 10 FAQ
STIR-SHAKEN Top 10 FAQ
 
Faudalert_Data_Sheet
Faudalert_Data_SheetFaudalert_Data_Sheet
Faudalert_Data_Sheet
 
Contemporary Frauds.pptx
Contemporary Frauds.pptxContemporary Frauds.pptx
Contemporary Frauds.pptx
 
STIR-SHAKEN Top 10 FAQ
STIR-SHAKEN Top 10 FAQSTIR-SHAKEN Top 10 FAQ
STIR-SHAKEN Top 10 FAQ
 
The enterprise of subscription tv piracy
The enterprise of subscription tv piracyThe enterprise of subscription tv piracy
The enterprise of subscription tv piracy
 
Occupational Fraud and Electronic Evidence Investigations
Occupational Fraud and Electronic Evidence InvestigationsOccupational Fraud and Electronic Evidence Investigations
Occupational Fraud and Electronic Evidence Investigations
 
Hacking PBXs for international revenue share fraud
Hacking PBXs for international revenue share fraudHacking PBXs for international revenue share fraud
Hacking PBXs for international revenue share fraud
 
Robocall Mitigation with YouMail and ProSBC
Robocall Mitigation with YouMail and ProSBCRobocall Mitigation with YouMail and ProSBC
Robocall Mitigation with YouMail and ProSBC
 
Robocall Mitigation with YouMail and ProSBC
Robocall Mitigation with YouMail and ProSBCRobocall Mitigation with YouMail and ProSBC
Robocall Mitigation with YouMail and ProSBC
 
Fraud Management Industry Update Webinar by cVidya
Fraud Management Industry Update Webinar by cVidyaFraud Management Industry Update Webinar by cVidya
Fraud Management Industry Update Webinar by cVidya
 

Kürzlich hochgeladen

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 

Kürzlich hochgeladen (20)

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 

International Revenue Share Fraud webinar

  • 1. International Revenue Share Fraud Webinar Colin Yates Yates Fraud Consulting Ltd. Roaming and IRSF Webinar – 3 December 2013
  • 2. Webinar Agenda • Introduction to IRSF • Recent case studies • Law Enforcement action re IRSF • Introduction to IRSF – 5 Stages • IPR Number Resellers • Number Misappropriation (Hijacking) • Industry initiatives to reduce IRSF losses • Industry’s contributing factors to IRSF • Risk mitigation & recommendations • Q & A
  • 3. Introduction to IRSF • There are a number of definitions available to describe IRSF A simple description would be: ‘Using fraudulent access to an Operators network to artificially inflate traffic to numbers obtained from an International Premium Rate Number Provider, for which payment will be received by the Fraudster (on a revenue share basis with the number provider) for every minute of traffic generated into those numbers.’
  • 4. IRSF What is our view of the fraudster?
  • 6. Case Study No. 1 USA • Small USA network operator providing service to SME’s – 2 PBX’s hacked with IRSF losses of $US160,000 suffered over a 30 hour period – Their carrier discovered fraud and served immediate notice that they required full payment within 48 hours • Carrier unable to pay and only option was to close down • Asked for my assistance and was able to provide sufficient information to get debt reduced with time to pay • Confirmation that IRSF will impact any operator, irrespective of size, location or services offered, and losses could have been significantly reduced by effective Risk Mgt
  • 7. Case Study No. 2 Handset Theft - Barcelona • Major issue impacting many operators who have customers roaming in Spain – Barcelona well known as the ‘Pickpocket’ capital – Since Jan 2013, an average of 260 mobiles per month have been stolen and the Simcards used for IRSF – All 4 Spanish networks being used, losses per Simcard are averaging €10,000 per hour • Fraudsters using combination of International Call Forward, multi party calling, and associated PBX Fraud • Also discovered that some roamers are selling their mobiles for €500 and then reporting them stolen later!
  • 8. Law Enforcement action for IRSF • We cannot rely of Law Enforcement to investigate IRSF, prosecute fraudsters and seek reparation for operators • Investigating IRSF is complex, typically extending across 3 or 4 international borders • Simply determining jurisdiction will be a challenge • A recent USA IRSF investigation took almost 3 years to complete by an operator and federal agency task force • Principals were arrested in Malaysia for IRSF involving tens of millions of dollars • Before extradition could be arranged, fraudsters were bailed and fled to Pakistan.
  • 9. The 5 Basic steps to IRSF 1 Access a Network 2 Obtain IRSF numbers 3 Generate the calls 4 Receive payment 5 Determine loss
  • 10. 1. Access to a Network • Fraudster must obtain the means to make these calls • To maximise income, preferably at no cost to Fraudster • Common ‘Primary Frauds’ to gain access are; – Subscription Fraud – SIM Cloning – Theft of handsets or SIM cards – PBX Hacking – Wangiri Fraud – Arbitrage (Requires the exploitation of a bundled or discounted tariff offering calls at less cost than any IRS pay-out offered)
  • 11. 2. Obtain IRSF Numbers • Fraudster may have existing relationship with IPRN Provider • If not, will search Internet to find one • Obtains a ‘Test Number’ from Reseller website • Will chose a destination with good pay-out (Latvia €0.17c) • Calls Test Number to confirm a call will connect • Once confirmed, will request numbers from IPRN Provider • Request will include an estimate of minutes to be generated • Will include his bank account details so that funds based on minutes generated can be credited every 7 to 30 days
  • 12. 3. Generate traffic • Once IRS numbers issued, Fraudster starts generating calls • To maximise revenues, Fraudster will utilise network services to generate overlapping, simultaneous calls • Such services will include International Call Forwarding, Multi-Party calling, combining PBX with C/Fwd mobile Sim • Fraudster will continue this activity until originating number range owner becomes aware of fraud and blocks access • Typically the Fraudster will then move to another fraudulent access and continue calling additional numbers providing by the IPR Number Provider
  • 13. 4. Receive payment • In most circumstances the originating number range holder is required to make payment for this fraudulent traffic – Existing Roaming or Interconnect agreement requirement • Initial payment made to roaming or interconnect partner • Payment continues down value chain to reach the terminating number range owner • Terminating operator retains his share and pays IPRN Provider • IPRN Provider shares this balance by paying the Fraudster (e.g. €0.17c per minute for calls to Latvia) and retaining the balance.
  • 14. 5. Determining loss • Originating Number range holder has made full payment • In case of Subscription or other SIM based fraud, little or no chance of recovering this from the fraudster. • In case of PBX Fraud, typically the network provider will attempt to recover cost of fraud from the PBX user • In many cases this will result in a dispute, unwanted publicity and customer churn unless network provider accepts all or part of this loss • PBX user will typically argue that their network provider should have discovered such a huge increase in calling activity • All other transit operators, IRS Number owner, number reseller and fraudster have benefited from this fraud
  • 15. IPR Number Resellers • Number of Resellers continues to increase: – 17 in 2009 – 47 in 2012 – 85 in October 2013 • 400% increase in 4 years • Most of this increase results in those wanting to exploit IRSF revenues • Many now acting as Number Wholesalers
  • 16. Number Misappropriation (Hijacking) • Usually involves Country numbers with high termination rates – e.g Small Island nation at $US0.65c • Fraudsters will act in collusion with a dishonest carrier • Advertise ‘below cost’ rates into country to attract operators looking for Least Cost Routing (LCR) • Calls will be routed in a certain direction to ensure that they hit the ‘dishonest operators’ network • Once there, they will be filtered out and ‘short-stopped’ outside the • Payment follows the same value chain as the call routing
  • 17. Industry initiatives to reduce IRSF losses • Very little industry progress to stop IRSF/Hijacking • ITU misuse reporting is not being supported • I3 Forum has published guidelines, but again, these are not being supported by all of their membership • BEREC have issued guidelines re with-holding payment however these apply only to European operators and are complex • Continued lack of cooperation within the operator community • Regretfully, the Fraudsters appear to be better organised to take full advantage of industry weaknesses
  • 18. Industry’s ability to implement initiatives for steps 1 – 5 of IRSF 1 Access a Network 2 Obtain IRSF numbers 3 Generate the calls 4 Receive payment 5 Determine loss
  • 19. 1 – Access to a network  Subscription Fraud and it’s variations can be reduced with effective Fraud Management Systems  SIM cloning can be eliminated by upgrading algorithm  PBX Fraud can be reduced by implementing fraud awareness programs and audits for business customers  Arbitrage can be avoided by ensuring that risk reviews are completed on all new products, services and tariffs  Invest in a fraud management solution However controls must be relative to preventing fraud while minimising customer impact.
  • 20. 2 – Obtaining IPR Numbers  IPR Number Resellers have increased by 400% since 2009  85+ are now competing to attract fraudsters to them  Up to 75% of fraudsters embarking on an IRS Fraud will call a Test Number, provided by the Reseller first.  Most of these Test Numbers are now available in a database as an IRSF detection tool Implement a cost effective Fraud Management System which uses a Test Number Database as a hotlist. This alerts a CSP to a potential IRSF incident and has already shown benefits.
  • 21. 3 – Generate traffic  Reduce the opportunity for fraudsters to maximise revenues by; – Removing International Call Forwarding and Multi Party calling from roaming customer SIM’s – Ensure that automated systems are in place to analyse NRTRDE records 24x7 and refer alerts to analysts – Ensure automated systems are in place to notify analysts 24x7 of calls to known IRSF destinations Up to 87% of all reported IRSF occurs between 8.00pm Friday and 8.00am Monday. If the fraud function does not operate during this period, alternatives must be identified.
  • 22. 4 – Receive Payment  Early identification of IRSF does provide opportunities to negotiate payment withholding by partners  Position is strengthened if impacted operator is able to confirm that IRSF losses relate to a hijacked number range The earlier an incident is identified, the less the fraud loss will be, so early detection is critical.
  • 23. 5 – Determining Loss  In most situations, it will be the originating number owner who will suffer the loss for IRSF, and it is their responsibility to ensure that they have systems and processes in place to minimise these losses.  Accurate reporting with evidential information is essential to identifying true losses, enabling future accurate detection/prevention through knowledge transfer. Fraud management solutions have good reporting capabilities and will support the creation of future intelligence in the fight against IRSF.
  • 24. IRS Test Number Database (PRISM)
  • 25. IRS Test Number Database (PRISM) • YFCL are monitoring the IPR Number Reseller websites and developed an IRS Test Number Database (PRISM) • This database currently contains over 25,500 test numbers – PRISM has been made available on a subscription basis to operators since the 21 August 2013 – It is used as a ‘hot-list’ within an FMS to alert operators when a Test Number has been called – It has proved to be very effective at identifying IRSF • Xintec are the only FMS Provider licenced to offer PRISM free as a hot list within their FMSevolution product.
  • 26. Example of IRSF Test Numbers Date Time A Number B Number Call Duration 30/03/2013 05:17:33 XXX977860XX 23221104397 7 30/03/2013 05:32:14 XXX977860XX 23221104397 5 30/03/2013 05:57:22 XXX977860XX 23221104397 5 30/03/2013 06:03:41 XXX977860XX 23221300284 19 30/03/2013 06:13:55 XXX977860XX 23221300284 601 30/03/2013 06:13:57 XXX977860XX 23221300284 581 30/03/2013 06:13:58 XXX977860XX 23221300284 538 30/03/2013 06:13:58 XXX977860XX 23221300284 551 30/03/2013 06:14:01 XXX977860XX 23221300284 576 30/03/2013 06:14:01 XXX977860XX 23221300284 592 30/03/2013 06:14:02 XXX977860XX 23221300284 543 30/03/2013 06:14:03 XXX977860XX 23221300284 575 30/03/2013 06:14:05 XXX977860XX 23221300284 530 30/03/2013 06:14:06 XXX977860XX 23221300284 593 30/03/2013 06:14:07 XXX977860XX 23221300284 498 30/03/2013 06:14:07 XXX977860XX 23221300284 588 30/03/2013 06:14:08 XXX977860XX 23221300284 545 Sierra Leone 23221341844 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221104397 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221201721 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221341838 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221104344 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221201740 https://www.reaxxxxxxxxts.com/ Calls to a Test Number in Sierra Leone. 3 Calls all short duration. (Duration in seconds). IRSF commences 46 minutes after calls to Test Number. This fraud continued for 4 hours with a loss to the carrier of over $US 52,000. Could this have been avoided or reduced if an alert had been generated once the Test Number was called? Sierra Leone Test Numbers available on number reseller’s website in March 2013. Sierra Leone Test Numbers from the same website in July 2013. Note changes.
  • 28. Risk Mitigation and recommendations Considerations • IRSF and associated fraud will be around for foreseeable future • The lack of Industry progress means operators to implement strong prevention and detection • Law Enforcement action is no deterrent • Operators who have experienced IRSF are strengthening their controls, fraudsters are constantly searching for soft targets. • What you spend now to implement controls will be significantly less than you will lose in an IRSF attack • IRS Fraudsters do not differentiate between Prepaid or Post-paid, both are at risk.
  • 29. Risk Mitigation and recommendations Advice • Question whether you have strong or sufficient controls in place to prevent or detect an IRSF attack? • Remove International Call Forwarding and multi-party calling capability from roaming SIM cards • Encourage mobile users to implement SIM pin-lock • Ensure all Business customers have been advised to check their PBX security – change default Passwords, remove DISA facility if not required etc
  • 30. Risk Mitigation and recommendations Tools • Early detection of likely IRSF activity is essential losses are likely to increase at €10,000 per hour • Install an automated Fraud Management System capable of providing you with 24x7 monitoring and correlation to a Test Number database. • Consider expansion in FM coverage to look at the primary frauds • Subscription Fraud • SIM Cloning • Theft of handsets or SIM cards • PBX Hacking • Wangiri Fraud
  • 31.
  • 32. COLIN YATES FRAUD RISK CONSULTANT EMAIL: COLIN@YATESFRAUDCONSULTING.COM PHONE: +64-21 1084447 (NZ) OR +44-7920 870852 (UK) WWW.YATESFRAUDCONSULTING.COM Thank You!