The company’s Oculeus Anti-Fraud System assists telecom operators to prevent revenue losses caused by telecom fraud. The system monitors a baseline of network traffic for anomalies that are typical of fraud and provides an automated framework for telcos to quickly block fraudulent traffic.
Emerging fraud threats
Telecom fraud is an ongoing problem faced by all telcos regardless of their size or market position. Telecom fraud is often associated with developing and emerging markets, although it is a problem faced by service providers in all markets.
The threats of fraud are constantly growing in their scope and sophistication. Examples of common forms of fraud that telcos are constantly fighting against include false answer supervision, SIM boxing, call stretching, CLU spoofing and more.
Today, PBX hacking is one of the most common forms of fraud. PBX hacking is especially dangerous as it effects both the telco and its enterprise customers and can lead to severe revenue losses for both.
“Fraudsters are also constantly looking for opportunities to leverage pricing arbitrage and revenue sharing schemes through trap calls and scams. The combination of PBX hacking and pricing arbitrage can be an extremely costly mix to a telco,” said Arnd Baranowski, CEO of Oculeus.
Fraud protection efforts
A telco’s fraud protection efforts can certainly be considered as part of cybersecurity management and grouped with its other cybersecurity activities.
In the past, telephony systems were isolated from other systems and only connected through specific and complex networks using physical connections that use specific operating protocols. This made it extremely difficult for a telephony system to be hacked. Physical access to the equipment as well as the direct knowledge on how the equipment operates, including the specific protocols, was required in order to manipulate the network for fraudulent purposes.
Today, telecom networks are very similar to other IT networks deployed by enterprises. Much of the telephony networking equipment is now software-based, running on general purpose hardware appliances that also use general purpose operating system.
Despite the different purposes – for instance, the fraud protection of a telco focuses on preventing revenue losses and the cybersecurity activities of an enterprise may focus on stopping the theft of sensitive corporate or customer data – the efforts are becoming more and more similar.
Despite the many layers of security solutions, telecoms networks now face the same vulnerabilities as enterprise networks. With this in mind, most fraudsters initiate their attacks by hacking into the telecom network. Networking equipment, such as PBX systems and switches, are often used as attack vectors. The means to identify and protect against these types of fraud attacks now require similar approaches used in enterprise cybersecurity. For example, traffic monitoring and anomaly detection has been used for many years in various approaches to enterprise network security and is now being applied in the telco fraud management space.
Who’s responsible for fraud protection?
There are generally two entities within a telco organization that are responsible for fraud protection. The first entity is the revenue assurance team. This team is responsible for continually reviewing traffic patterns and identifying areas of potential risk that threaten the telco’s revenue streams.
The second entity is the team of networking and switch engineers, who are responsible for implementing networking commands on the networking equipment in order to block or deny access to high risk destinations and carriers.
These two entities must work together in order for the telco to have an effective fraud protection effort. Each telco has its own organizational structure. However, account managers generally submit requests to the networking engineers that certain destinations, dial codes and even carriers be blocked.
Also, if the network engineers noticed abnormal behavior on certain destinations or carriers, they can decide to block the traffic first and then review the action with the relevant account managers.
These roles are slowly changing. Improvements in the technology used to identify fraud are driving this change and we are proud to be part of the improvements.
“Most revenue assurance managers tell us that they are satisfied with being able to identify fraudulent traffic in anywhere from 6 to 48 hours. On top of this, in current practices, time is required to send the recommendations to the networking engineers and for the networking engineers to implement the commands,” Baranowski said.
This is a wide window of time that can allow fraudsters to cause significantly damage and revenue losses. Even in half of this time, fraudsters can initiate and complete an attack even before the revenue assurance team can catch on to the fact that fraud was committed.
“Our approach, which combines traffic monitoring, anomaly detection and blocking automation, improves the response times of both teams to what can be described as near-real-time. We can position a telco to identify fraud within 60 seconds with actions to block the fraudulent traffic being fully automated,” Baranowski said.
Telco strategies to protect against revenue losses
“The challenge today is one of control. How can an operator make a profit in the business? And in that quest, the ability to control fraud has become as critical as being good at billing, pricing, routing and revenue assurance,” said Dan Baker, research director at Technology Research Institute.
There are several things that a telco can do to position itself to be protected against fraud.
First, Oculeus recommends that a telco avoid high risk traffic, such as premium number destinations like 1-900 numbers. By focusing on its core destinations, a telco can simply avoid the exposure to vulnerabilities of high risk destinations, which can cause damage to legitimate traffic.
Also, network traffic should be constantly monitored. A telco needs a baseline understanding of its traffic patterns and network behavior. Many telcos are still doing this manually and through ad-hoc processes. As an extension of this point, the responses to the identification of fraud should be automated was much as possible without the need for network engineers to manually block detected fraud. This results in a common situation in which a fraud attack has been completed and revenues have been lost even before the telco knows that there was ever an incident of fraud.
“These existing practices are creating a market opportunity for us and our approach is attracting a lot of attention. We currently can identify and block fraud traffic within minutes and expect to have this down to a few seconds in the near future,” Baranowski said.