Telecom fraud detection

VoIP is about convergence, saving money and resources. However, these types of systems also create more inroads for attack.

As VoIP has become more accessible and popular, security threats have grown as well. The most prevalent threats to today’s VoIP deployments are rooted in traditional data networking and PSTN attacks. Today, VoIP devices are the primary tools used by fraudsters. In the first half of 2012, 46% of fraudulent calls were made from VoIP phones.

What constitutes VoIP fraud?

We consider VoIP fraud to be the use of a VoIP telecommunications network with the intention of avoiding payment. In that sense, the payment may be incorrect, entirely lacking, or the attempt to force another party to pay. We consider both illegal activities and those activities which, though technically legal, may still hurt telecommunications companies by taking advantage of systems and vulnerabilities.

Whom does VoIP fraud affect?

VoIP fraud can affect any organization which uses or sells VoIP services. In most cases, the fraud target is an enterprise. Most enterprises never realize that they have been hacked, refuse to pay the fraudulent charges and threaten to switch to a different service provider. The SIP service provider has little leverage over its international long distance vendors and is left to cover the bill.

However, in some cases, service providers will demand the enterprise pay for fraudulent charges. This was the case in a 2009 when Michael Smith, a small business owner in Massachusetts, found that someone had hacked into his PBX to make $900,000 worth of calls to Somalia. AT&T attempted to sue Smith for $1.15 million to recoup the cost of the calls and interest. Though AT&T eventually dropped the charges, a spokeswoman for the company maintained that they had been entitled by law to collect the amounts owed, and that Smith should have put more safeguards in place to protect his phone system.

VoIP fraud can and does occur in any industry. Certain industries, such as banking, tend to attract more fraud than others. A recent study from Pindrop Security found that nine out of the top ten banks, and 34 of the top 50 banks had been victims of call fraud.

Where does VoIP fraud come from?

VoIP fraud comes from all over the globe. Traditionally, Africa has been a “hot continent” for telecom fraud, because the termination costs are very high and regulation is not as stringent as in other parts of the world.

However, a 2011 study from the Communications Fraud Control Association (CFCA) found that the top five countries from which fraud originates are the United States, India, the United Kingdom, Pakistan, and the Philippines. The top five fraud terminating countries were Cuba, Somalia, Sierra Leone, Zimbabwe, and Latvia.

How big of a problem is VoIP fraud?

VoIP fraud is a significant and growing problem in the telecommunications industry. Because fraudsters often attack during weekends, fraud events often go undetected for many hours. A single fraud event can easily cost a company between three and fifty thousand dollars. In many cases, this number can be even larger.

A 2009 attack on an Australian company’s VoIP PBX resulted in 11,000 international calls in just 46 hours, leaving the SIP provider with a bill in excess of $120,000. A 2011 weekend episode in South Africa resulted in a bill of over $12,000 and another in the US cost victims more than $1.4 million.

Experts have trouble estimating an aggregated global yearly loss, because calculations are often based on subjective and individual standards. However, most experts agree that total loss is somewhere between 3 and 10 percent of income. This translates to a total global losses of somewhere between 30 and 50 billion dollars per year. The CFCA’s 2011 report put the number at $40.1 billion dollars lost.

This is a problem that is only increasing. According to the CFCA report, phone fraud is growing at a rate of 29% per year. As the popularity of VoIP continues to grow, the problem of VoIP fraud will become an increasing threat to the industry.

TransNexus VoIP fraud detection solutions

TransNexus has developed a number of solutions to detect fraud in VoIP networks. NexOSS, in addition to its already industry-leading least cost routing features, effectively eliminates the problem of traffic pumping fraud for VoIP providers. The solution is to include smart monitoring features that sense when there is an unusual spike in call traffic to a specific destination. When a suspicious spike occurs, the NexOSS system simply and automatically puts a temporary block on the route, ensuring that fraud losses are kept to an absolute minimum without interrupting legitimate calls.

TransNexus solutions analyze CDRs or RADIUS records, and can identify fraud by IP address, or by group or user id. TransNexus has partnered with top industry leaders like Acme Packet, MetaSwitch, and Broadsoft to ensure that the solutions operate smoothly with any network.