SlideShare une entreprise Scribd logo

IRSF Protection with PRISM

Télécharger en tant que PPTX, PDF
XINTEC
XINTEC

This document discusses international revenue share fraud (IRSF) and provides recommendations for mitigating the risks. It begins with two case studies of IRSF attacks, then discusses the multi-step process fraudsters use, challenges with law enforcement, and industry initiatives. Key recommendations include implementing a fraud management system with 24/7 monitoring and correlation to an IRS test number database to enable early detection. Removing call forwarding and limiting business customer PBX access are also advised to reduce vulnerabilities exploited by fraudsters.

TechnologieBusiness
1  sur  31
IRSF Detection and Protection with “PRISM”
Contents • Introduction to IRSF • Recent case studies • Law Enforcement action re IRSF • Introduction to IRSF – 5 Stages • IPR Number Resellers • Number Misappropriation (Hijacking) • Industry initiatives to reduce IRSF losses • Industry’s contributing factors to IRSF • Risk mitigation & recommendations
Introduction to IRSF There are a number of definitions available to describe IRSF. A simple description would be: Using fraudulent access to an Operators network to artificially inflate traffic to numbers obtained from an International Premium Rate Number Provider, for which payment will be received by the Fraudster (on a revenue share basis with the number provider) for every minute of traffic generated into those numbers.
What is our view of the fraudster? • Personality crosses all known profiles of a Fraudster – primarily greed • Varies from an inexperienced fraudster to an organised crime boss to a fringe extremist group wishing to fund terrorism • Many of those making the calls are ‘Moles’ employed for this purpose • The experienced IRS Fraudsters will have teams dedicated to research, strategy and gathering intelligence on future targets • All have one goal, and that is to deprive operators of as much revenue as possible
Recent Case Studies USA & Barcelona
Case Study No. 1 USA • Small USA network operator providing service to SME’s o 2 PBX’s hacked with IRSF losses of $US160,000 suffered in 30 hours o Their carrier discovered the fraud and served immediate notice that they required full payment within 2 days • Carrier unable to pay and only option was to close down • Asked for assistance and was able to provide sufficient information to get debt reduced with time to pay • Confirmation that IRSF will impact any operator, irrespective of size, location or services offered, and losses could have been significantly reduced by effective Risk Management
Case Study No. 2 Barcelona - Handset Theft • Major issue impacting many operators who have customers roaming in Spain o Barcelona well known as the ‘Pickpocket’ capital o Since Jan 2013, an average of 260 mobiles per month have been stolen and the SIM cards used for IRSF o All 4 major Spanish networks being used, losses per SIM card can be as high as €10,000 per hour • Fraudsters using combination of International Call Forward, multi party calling, and associated PBX Fraud • Also discovered that some roamers are selling their mobiles for €500 and then reporting them stolen later!
Law Enforcement action for IRSF • We cannot rely on Law Enforcement to investigate IRSF, prosecute fraudsters and seek reparation for operators • Investigating IRSF is complex, typically • Extending across 3 or 4 international borders • Simply determining jurisdiction will be a challenge • A recent USA IRSF investigation took almost 3 years to complete by an operator and Federal agency task force o Principals were arrested in Asia for IRSF involving tens of millions of dollars o Before extradition could be arranged, fraudsters were bailed and fled to Pakistan.
The 5 Basic steps to IRSF 1 Access a Network 2 Obtain IRSF Nos. 3 Generate the calls 4 Receive payment 5 Determine loss
Access to a Network • Fraudster must obtain the means to make these calls • To maximise income, preferably at no cost to Fraudster • Common ‘Primary Frauds’ to gain access are: o Subscription Fraud o SIM Cloning o Theft of handsets or SIM cards o PBX Hacking o Wangiri Fraud o Arbitrage (Requires the exploitation of a bundled or discounted tariff offering calls at less cost than any IRS pay-out offered) 1 2 34 5
Obtain IRSF Numbers • Fraudster may have existing relationship with IPRN Provider; if not, will search Internet to find one • Obtains a ‘Test Number’ from Reseller website • Will chose a destination with good pay-out (Latvia €0.17c) • Calls Test Number to confirm a call will connect • Once confirmed, will request numbers from IPRN Provider • Request will include an estimate of minutes to be generated • Will include his bank account details so that funds based on minutes generated can be credited every 7 to 30 days 1 2 34 5
Generate traffic • Once IRS numbers issued, Fraudster starts generating calls • To maximise revenues, Fraudster will utilise network services to generate overlapping, simultaneous calls • Such services will include International Call Forwarding, Multi-Party calling, combining PBX with CFW mobile SIM • Fraudster will continue this activity until originating number range owner becomes aware of fraud and blocks access • Typically the Fraudster will then move to another fraudulent access and continue calling additional numbers providing by the IPR Number Provider 1 2 34 5
Receive payment • In most circumstances the originating number range holder is required to make payment for this fraudulent traffic o Existing Roaming or Interconnect agreement requirement • Initial payment made to roaming or interconnect partner • Payment continues down value chain to reach the terminating number range owner • Terminating operator retains his share and pays IPRN Provider • IPRN Provider shares this balance by paying the Fraudster (e.g. €0.17c per minute for calls to Latvia) and retaining the balance 1 2 34 5
Determining loss • Originating Number range holder has made full payment • In case of Subscription or other SIM based fraud, little or no chance of recovering this from the fraudster. • In case of PBX Fraud, typically the network provider will attempt to recover cost of fraud from the PBX user • In many cases this will result in a dispute, unwanted publicity and customer churn unless network provider accepts all or part of this loss • PBX user will typically argue that their network provider should have discovered such a huge increase in calling activity • All other transit operators, IRS Number owner, number reseller and fraudster have benefited from this fraud 1 2 34 5
IPR Number Resellers • Number of Resellers continues to increase: o 17 in 2009 o 47 in 2012 o 85 in October 2013 • 400% increase in 4 years • Most of this increase results in those wanting to exploit IRSF revenues • Many now acting as Number Wholesalers
Number Misappropriation (Hijacking) • Usually involves Country numbers with high termination rates – e.g Small Island nation at $US0.65c • Fraudsters will act in collusion with a dishonest carrier • Advertise ‘below cost’ rates into country to attract operators looking for Least Cost Routing (LCR) • Calls will be routed in a certain direction to ensure that they hit the ‘dishonest operators’ network • Once there, they will be filtered out and ‘short- stopped’ outside the Country to which the CC applies • Payment follows the same value chain as the call routing
Industry initiatives to reduce IRSF losses? • Very little industry progress to stop IRSF/Hijacking • ITU misuse reporting is not currently being supported • I3 Forum has published guidelines, but again, these are not being supported by all of their membership • BEREC have issued guidelines re with-holding payment however these apply only to European operators and are complex • Continued lack of cooperation within the operator community • Regretfully, the Fraudsters appear to be better organised to take full advantage of industry weaknesses
Industry’s ability to implement initiatives for steps 1 – 5 of IRSF 1 Access a Network 2 Obtain IRSF Nos. 3 Generate the calls 4 Receive payment 5 Determine loss
Access to a network • Subscription Fraud and it’s variations can be reduced with effective Fraud Management Systems • SIM cloning can be eliminated by upgrading algorithm • PBX Fraud can be reduced by implementing fraud awareness programs and audits for business customers • Arbitrage can be avoided by ensuring that risk reviews are completed on all new products, services and tariffs • Invest in a fraud management solution However controls must be relative to preventing fraud while minimising customer impact. 1 2 34 5
Obtaining IPR Numbers • IPR Number Resellers have increased by 400% since 2009 • 85+ are now competing to attract fraudsters to them • Up to 75% of fraudsters embarking on an IRS Fraud will call a Test Number, provided by the Reseller first. • Most of these Test Numbers are now available in a database as an IRSF detection tool Implement a cost effective Fraud Management System which uses a Test Number Database as a hotlist. This alerts a CSP to a potential IRSF incident and has already shown benefits 1 2 34 5
Generate traffic • Reduce the opportunity for fraudsters to maximise revenues by; o Removing International Call Forwarding and Multi Party calling from roaming customer SIM’s o Ensure that automated systems are in place to analyse NRTRDE records 24x7 and refer alerts to analysts o Ensure automated systems are in place to notify analysts 24x7 of calls to known IRSF destinations Up to 87% of all reported IRSF occurs between 8.00pm Friday and 8.00am Monday. If the fraud function does not operate during this period, alternatives must be identified. 1 2 34 5
Receive Payment • Early identification of IRSF does provide opportunities to negotiate payment withholding by partners • Position is strengthened if impacted operator is able to confirm that IRSF losses relate to a hijacked number range The earlier an incident is identified, the less the fraud loss will be, so early detection is critical. 1 2 34 5
Determining Loss • In most situations, it will be the originating number owner who will suffer the loss for IRSF, and it is their responsibility to ensure that they have systems and processes in place to minimise these losses. • Accurate reporting with supporting information is essential to identify true losses, identify control weaknesses and enable future detection/prevention to be improved Fraud management solutions have good reporting capabilities and will support the creation of future intelligence in the fight against IRSF 1 2 34 5
PRISM IRS Test Number Database
PRISM • YFCL are monitoring the IPR Number Reseller websites and developed an IRS Test Number Database (PRISM) • This database currently contains over 40,000 test numbers o PRISM has been made available on a subscription basis to operators since the 21 August 2013 o It is used as a ‘hot-list’ within an FMS to alert operators when a Test Number has been called o It has proved to be very effective at identifying IRSF o Test Numbers are updated every 6-8 weeks to ensure that they remain current
Example of IRSF Test Numbers Date Time A Number B Number Call Duration 30/03/2013 05:17:33 XXX977860XX 23221104397 7 30/03/2013 05:32:14 XXX977860XX 23221104397 5 30/03/2013 05:57:22 XXX977860XX 23221104397 5 30/03/2013 06:03:41 XXX977860XX 23221300284 19 30/03/2013 06:13:55 XXX977860XX 23221300284 601 30/03/2013 06:13:57 XXX977860XX 23221300284 581 30/03/2013 06:13:58 XXX977860XX 23221300284 538 30/03/2013 06:13:58 XXX977860XX 23221300284 551 30/03/2013 06:14:01 XXX977860XX 23221300284 576 30/03/2013 06:14:01 XXX977860XX 23221300284 592 30/03/2013 06:14:02 XXX977860XX 23221300284 543 30/03/2013 06:14:03 XXX977860XX 23221300284 575 30/03/2013 06:14:05 XXX977860XX 23221300284 530 30/03/2013 06:14:06 XXX977860XX 23221300284 593 30/03/2013 06:14:07 XXX977860XX 23221300284 498 30/03/2013 06:14:07 XXX977860XX 23221300284 588 30/03/2013 06:14:08 XXX977860XX 23221300284 545 Sierra Leone 23221341844 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221104397 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221201721 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221341838 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221104344 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221201740 https://www.reaxxxxxxxxts.com/ Calls to a Test Number in Sierra Leone. 3 Calls all short duration. (Duration in seconds). IRSF commences 46 minutes after calls to Test Number. This fraud continued for 4 hours with a loss to the carrier of over $US 52,000. Could this have been avoided or reduced if an alert had been generated once the Test Number was called? Sierra Leone Test Numbers available on number reseller’s website in March 2013. Sierra Leone Test Numbers from the same website in July 2013. Note changes.
Risk Mitigation and Recommendations
Risk Mitigation and recommendations Considerations • IRSF and associated fraud will be around for the foreseeable future • The lack of Industry progress means operators must implement strong prevention and detection controls • Law Enforcement action is no deterrent • Operators who have experienced IRSF are strengthening their controls, fraudsters are constantly searching for soft targets. • What you spend now to implement controls will be significantly less than you will lose in an IRSF attack • IRS Fraudsters do not differentiate between Prepaid or Post-paid, both are at risk.
Risk Mitigation and recommendations Advice • Question whether you have strong or sufficient controls in place to prevent or detect an IRSF attack? • Remove International Call Forwarding and multi-party calling capability from roaming SIM cards • Encourage mobile users to implement SIM pin-lock • Ensure all Business customers have been advised to check their PBX security – change default Passwords, remove DISA facility if not required etc
Risk Mitigation and recommendations T • Early detection of likely IRSF activity is essential losses are likely to increase at €10,000 per hour • Install an automated Fraud Management System capable of providing you with 24x7 monitoring and correlation to a Test Number database. • Consider expansion in FM coverage to look at the primary frauds • Subscription Fraud • SIM Cloning • Theft of handsets or SIM cards • PBX Hacking • Wangiri Fraud Tools
For more information please contact: info@xintec.com XINTEC| Whelan House | South County Business Park | Leopardstown | Dublin 18 | Ireland

Recommandé

International Revenue Share Fraud webinar
International Revenue Share Fraud webinarInternational Revenue Share Fraud webinar
International Revenue Share Fraud webinar
XINTEC
 
FraudStrike Bringing IRSF Under Control
FraudStrike Bringing IRSF Under ControlFraudStrike Bringing IRSF Under Control
FraudStrike Bringing IRSF Under Control
Richard Hickson
 
FraudStrike
FraudStrike FraudStrike
FraudStrike
XINTEC
 
Hacking PBXs for international revenue share fraud
Hacking PBXs for international revenue share fraudHacking PBXs for international revenue share fraud
Hacking PBXs for international revenue share fraud
cVidya Networks
 
IRSF
IRSFIRSF
IRSF
Akhil Singh Rawat
 
Sim box fraud
Sim box fraudSim box fraud
Sim box fraud
XINTEC
 
Telecom Cambodia - SIM Box Issue 2013
Telecom Cambodia - SIM Box Issue 2013Telecom Cambodia - SIM Box Issue 2013
Telecom Cambodia - SIM Box Issue 2013
Firdaus Fadzil
 
Sim box
Sim boxSim box
Sim box
Akhil Singh Rawat
 

Recommandé

International Revenue Share Fraud webinar
International Revenue Share Fraud webinarInternational Revenue Share Fraud webinar
International Revenue Share Fraud webinar
XINTEC
 
FraudStrike Bringing IRSF Under Control
FraudStrike Bringing IRSF Under ControlFraudStrike Bringing IRSF Under Control
FraudStrike Bringing IRSF Under Control
Richard Hickson
 
FraudStrike
FraudStrike FraudStrike
FraudStrike
XINTEC
 
Hacking PBXs for international revenue share fraud
Hacking PBXs for international revenue share fraudHacking PBXs for international revenue share fraud
Hacking PBXs for international revenue share fraud
cVidya Networks
 
IRSF
IRSFIRSF
IRSF
Akhil Singh Rawat
 
Sim box fraud
Sim box fraudSim box fraud
Sim box fraud
XINTEC
 
Telecom Cambodia - SIM Box Issue 2013
Telecom Cambodia - SIM Box Issue 2013Telecom Cambodia - SIM Box Issue 2013
Telecom Cambodia - SIM Box Issue 2013
Firdaus Fadzil
 
Sim box
Sim boxSim box
Sim box
Akhil Singh Rawat
 
Presentation antrax 30.10.13
Presentation antrax 30.10.13Presentation antrax 30.10.13
Presentation antrax 30.10.13
Olya Saiko
 
Pabx fraud
Pabx fraudPabx fraud
Pabx fraud
Neadus Callus Fire & Security
 
STIR-SHAKEN Top 10 FAQ
STIR-SHAKEN Top 10 FAQSTIR-SHAKEN Top 10 FAQ
STIR-SHAKEN Top 10 FAQ
Alan Percy
 
VoIP Threat and Security - I
VoIP Threat and Security - IVoIP Threat and Security - I
VoIP Threat and Security - I
Mithilesh Kumar - AWS, VCP,ITIL,SSCA
 
Alternative Finance & Payments stream - Stuart Sykes slides
Alternative Finance & Payments stream - Stuart Sykes slidesAlternative Finance & Payments stream - Stuart Sykes slides
Alternative Finance & Payments stream - Stuart Sykes slides
Callcredit123
 
European Online Gaming
European Online GamingEuropean Online Gaming
European Online Gaming
C5Live
 
Sonitrol Presentation
Sonitrol PresentationSonitrol Presentation
Sonitrol Presentation
Tpratt61
 
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP SecurityPLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PROIDEA
 
Risques de fraudes et de pertes de revenus
Risques de fraudes et de pertes de revenusRisques de fraudes et de pertes de revenus
Risques de fraudes et de pertes de revenus
Eric Pradel-Lepage
 
Comprendre la fraude irsf
Comprendre la fraude irsfComprendre la fraude irsf
Comprendre la fraude irsf
Jean-Marie Gandois
 
Ff46 45 irsf_ic_283762
Ff46 45 irsf_ic_283762Ff46 45 irsf_ic_283762
Ff46 45 irsf_ic_283762
Alaghappan madasamy
 
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
cVidya Networks
 
Telecom Fraud Detection
Telecom Fraud DetectionTelecom Fraud Detection
Telecom Fraud Detection
Punit Kishore
 
Roaming International - Stratégies
Roaming International - StratégiesRoaming International - Stratégies
Roaming International - Stratégies
KEY Dolce
 
Formation Fraud & Revenue Assurance
Formation Fraud & Revenue AssuranceFormation Fraud & Revenue Assurance
Formation Fraud & Revenue Assurance
Jean-Marie Gandois
 
How to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeHow to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-Time
TelcoBridges Inc.
 
How to Prevent Telecom Fraud
How to Prevent Telecom FraudHow to Prevent Telecom Fraud
How to Prevent Telecom Fraud
JeraSoft
 
How to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeHow to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-Time
Alan Percy
 
The enterprise of subscription tv piracy
The enterprise of subscription tv piracyThe enterprise of subscription tv piracy
The enterprise of subscription tv piracy
Sabastion Forward
 
Battling Robocall Fraud with STIR/SHAKEN
Battling Robocall Fraud with STIR/SHAKENBattling Robocall Fraud with STIR/SHAKEN
Battling Robocall Fraud with STIR/SHAKEN
TelcoBridges Inc.
 
Fraud Management Industry Update Webinar
Fraud Management Industry Update WebinarFraud Management Industry Update Webinar
Fraud Management Industry Update Webinar
cVidya Networks
 
Payments 2015 01-29
Payments 2015 01-29Payments 2015 01-29
Payments 2015 01-29
Infor
 

Contenu connexe

Tendances

Presentation antrax 30.10.13
Presentation antrax 30.10.13Presentation antrax 30.10.13
Presentation antrax 30.10.13
Olya Saiko
 

Tendances (8)

Presentation antrax 30.10.13
Presentation antrax 30.10.13Presentation antrax 30.10.13
Presentation antrax 30.10.13
 
Pabx fraud
Pabx fraudPabx fraud
Pabx fraud
 
STIR-SHAKEN Top 10 FAQ
STIR-SHAKEN Top 10 FAQSTIR-SHAKEN Top 10 FAQ
STIR-SHAKEN Top 10 FAQ
 
VoIP Threat and Security - I
VoIP Threat and Security - IVoIP Threat and Security - I
VoIP Threat and Security - I
 
Alternative Finance & Payments stream - Stuart Sykes slides
Alternative Finance & Payments stream - Stuart Sykes slidesAlternative Finance & Payments stream - Stuart Sykes slides
Alternative Finance & Payments stream - Stuart Sykes slides
 
European Online Gaming
European Online GamingEuropean Online Gaming
European Online Gaming
 
Sonitrol Presentation
Sonitrol PresentationSonitrol Presentation
Sonitrol Presentation
 
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP SecurityPLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
 

En vedette

Risques de fraudes et de pertes de revenus
Risques de fraudes et de pertes de revenusRisques de fraudes et de pertes de revenus
Risques de fraudes et de pertes de revenus
Eric Pradel-Lepage
 

En vedette (7)

Risques de fraudes et de pertes de revenus
Risques de fraudes et de pertes de revenusRisques de fraudes et de pertes de revenus
Risques de fraudes et de pertes de revenus
 
Comprendre la fraude irsf
Comprendre la fraude irsfComprendre la fraude irsf
Comprendre la fraude irsf
 
Ff46 45 irsf_ic_283762
Ff46 45 irsf_ic_283762Ff46 45 irsf_ic_283762
Ff46 45 irsf_ic_283762
 
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
 
Telecom Fraud Detection
Telecom Fraud DetectionTelecom Fraud Detection
Telecom Fraud Detection
 
Roaming International - Stratégies
Roaming International - StratégiesRoaming International - Stratégies
Roaming International - Stratégies
 
Formation Fraud & Revenue Assurance
Formation Fraud & Revenue AssuranceFormation Fraud & Revenue Assurance
Formation Fraud & Revenue Assurance
 

Similaire à IRSF Protection with PRISM

Battling Robocall Fraud with STIR/SHAKEN
Battling Robocall Fraud with STIR/SHAKENBattling Robocall Fraud with STIR/SHAKEN
Battling Robocall Fraud with STIR/SHAKEN
TelcoBridges Inc.
 
Battling Robocall Fraud with STIR/SHAKEN
Battling Robocall Fraud with STIR/SHAKENBattling Robocall Fraud with STIR/SHAKEN
Battling Robocall Fraud with STIR/SHAKEN
Alan Percy
 
Faudalert_Data_Sheet
Faudalert_Data_SheetFaudalert_Data_Sheet
Faudalert_Data_Sheet
Juan Illidge
 
Robocall Mitigation with YouMail and ProSBC
Robocall Mitigation with YouMail and ProSBCRobocall Mitigation with YouMail and ProSBC
Robocall Mitigation with YouMail and ProSBC
Alan Percy
 
Robocall Mitigation with YouMail and ProSBC
Robocall Mitigation with YouMail and ProSBCRobocall Mitigation with YouMail and ProSBC
Robocall Mitigation with YouMail and ProSBC
TelcoBridges Inc.
 
Ict2005 fms
Ict2005 fmsIct2005 fms
Ict2005 fms
kkvences
 
Mr SIM Swap Gone Phishing
Mr SIM Swap Gone PhishingMr SIM Swap Gone Phishing
Mr SIM Swap Gone Phishing
Jacqueline Fick
 
How Confused.com and iovation Fight Ghost Broking
How Confused.com and iovation Fight Ghost BrokingHow Confused.com and iovation Fight Ghost Broking
How Confused.com and iovation Fight Ghost Broking
TransUnion
 

Similaire à IRSF Protection with PRISM (20)

How to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeHow to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-Time
 
How to Prevent Telecom Fraud
How to Prevent Telecom FraudHow to Prevent Telecom Fraud
How to Prevent Telecom Fraud
 
How to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeHow to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-Time
 
The enterprise of subscription tv piracy
The enterprise of subscription tv piracyThe enterprise of subscription tv piracy
The enterprise of subscription tv piracy
 
Battling Robocall Fraud with STIR/SHAKEN
Battling Robocall Fraud with STIR/SHAKENBattling Robocall Fraud with STIR/SHAKEN
Battling Robocall Fraud with STIR/SHAKEN
 
Fraud Management Industry Update Webinar
Fraud Management Industry Update WebinarFraud Management Industry Update Webinar
Fraud Management Industry Update Webinar
 
Payments 2015 01-29
Payments 2015 01-29Payments 2015 01-29
Payments 2015 01-29
 
Battling Robocall Fraud with STIR/SHAKEN
Battling Robocall Fraud with STIR/SHAKENBattling Robocall Fraud with STIR/SHAKEN
Battling Robocall Fraud with STIR/SHAKEN
 
Faudalert_Data_Sheet
Faudalert_Data_SheetFaudalert_Data_Sheet
Faudalert_Data_Sheet
 
Telecom Revenue Assurance Workshop
Telecom Revenue Assurance WorkshopTelecom Revenue Assurance Workshop
Telecom Revenue Assurance Workshop
 
Robocall Mitigation with YouMail and ProSBC
Robocall Mitigation with YouMail and ProSBCRobocall Mitigation with YouMail and ProSBC
Robocall Mitigation with YouMail and ProSBC
 
Robocall Mitigation with YouMail and ProSBC
Robocall Mitigation with YouMail and ProSBCRobocall Mitigation with YouMail and ProSBC
Robocall Mitigation with YouMail and ProSBC
 
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
 
Ict2005 fms
Ict2005 fmsIct2005 fms
Ict2005 fms
 
Active roaming anti fraud
Active roaming anti fraudActive roaming anti fraud
Active roaming anti fraud
 
Cell phone cloning seminar
Cell phone cloning seminarCell phone cloning seminar
Cell phone cloning seminar
 
STIR-SHAKEN Top 10 FAQ
STIR-SHAKEN Top 10 FAQSTIR-SHAKEN Top 10 FAQ
STIR-SHAKEN Top 10 FAQ
 
Phone cloning
Phone cloning Phone cloning
Phone cloning
 
Mr SIM Swap Gone Phishing
Mr SIM Swap Gone PhishingMr SIM Swap Gone Phishing
Mr SIM Swap Gone Phishing
 
How Confused.com and iovation Fight Ghost Broking
How Confused.com and iovation Fight Ghost BrokingHow Confused.com and iovation Fight Ghost Broking
How Confused.com and iovation Fight Ghost Broking
 

Dernier

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Dernier (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

IRSF Protection with PRISM

  • 1. IRSF Detection and Protection with “PRISM”
  • 2. Contents • Introduction to IRSF • Recent case studies • Law Enforcement action re IRSF • Introduction to IRSF – 5 Stages • IPR Number Resellers • Number Misappropriation (Hijacking) • Industry initiatives to reduce IRSF losses • Industry’s contributing factors to IRSF • Risk mitigation & recommendations
  • 3. Introduction to IRSF There are a number of definitions available to describe IRSF. A simple description would be: Using fraudulent access to an Operators network to artificially inflate traffic to numbers obtained from an International Premium Rate Number Provider, for which payment will be received by the Fraudster (on a revenue share basis with the number provider) for every minute of traffic generated into those numbers.
  • 4. What is our view of the fraudster? • Personality crosses all known profiles of a Fraudster – primarily greed • Varies from an inexperienced fraudster to an organised crime boss to a fringe extremist group wishing to fund terrorism • Many of those making the calls are ‘Moles’ employed for this purpose • The experienced IRS Fraudsters will have teams dedicated to research, strategy and gathering intelligence on future targets • All have one goal, and that is to deprive operators of as much revenue as possible
  • 6. Case Study No. 1 USA • Small USA network operator providing service to SME’s o 2 PBX’s hacked with IRSF losses of $US160,000 suffered in 30 hours o Their carrier discovered the fraud and served immediate notice that they required full payment within 2 days • Carrier unable to pay and only option was to close down • Asked for assistance and was able to provide sufficient information to get debt reduced with time to pay • Confirmation that IRSF will impact any operator, irrespective of size, location or services offered, and losses could have been significantly reduced by effective Risk Management
  • 7. Case Study No. 2 Barcelona - Handset Theft • Major issue impacting many operators who have customers roaming in Spain o Barcelona well known as the ‘Pickpocket’ capital o Since Jan 2013, an average of 260 mobiles per month have been stolen and the SIM cards used for IRSF o All 4 major Spanish networks being used, losses per SIM card can be as high as €10,000 per hour • Fraudsters using combination of International Call Forward, multi party calling, and associated PBX Fraud • Also discovered that some roamers are selling their mobiles for €500 and then reporting them stolen later!
  • 8. Law Enforcement action for IRSF • We cannot rely on Law Enforcement to investigate IRSF, prosecute fraudsters and seek reparation for operators • Investigating IRSF is complex, typically • Extending across 3 or 4 international borders • Simply determining jurisdiction will be a challenge • A recent USA IRSF investigation took almost 3 years to complete by an operator and Federal agency task force o Principals were arrested in Asia for IRSF involving tens of millions of dollars o Before extradition could be arranged, fraudsters were bailed and fled to Pakistan.
  • 9. The 5 Basic steps to IRSF 1 Access a Network 2 Obtain IRSF Nos. 3 Generate the calls 4 Receive payment 5 Determine loss
  • 10. Access to a Network • Fraudster must obtain the means to make these calls • To maximise income, preferably at no cost to Fraudster • Common ‘Primary Frauds’ to gain access are: o Subscription Fraud o SIM Cloning o Theft of handsets or SIM cards o PBX Hacking o Wangiri Fraud o Arbitrage (Requires the exploitation of a bundled or discounted tariff offering calls at less cost than any IRS pay-out offered) 1 2 34 5
  • 11. Obtain IRSF Numbers • Fraudster may have existing relationship with IPRN Provider; if not, will search Internet to find one • Obtains a ‘Test Number’ from Reseller website • Will chose a destination with good pay-out (Latvia €0.17c) • Calls Test Number to confirm a call will connect • Once confirmed, will request numbers from IPRN Provider • Request will include an estimate of minutes to be generated • Will include his bank account details so that funds based on minutes generated can be credited every 7 to 30 days 1 2 34 5
  • 12. Generate traffic • Once IRS numbers issued, Fraudster starts generating calls • To maximise revenues, Fraudster will utilise network services to generate overlapping, simultaneous calls • Such services will include International Call Forwarding, Multi-Party calling, combining PBX with CFW mobile SIM • Fraudster will continue this activity until originating number range owner becomes aware of fraud and blocks access • Typically the Fraudster will then move to another fraudulent access and continue calling additional numbers providing by the IPR Number Provider 1 2 34 5
  • 13. Receive payment • In most circumstances the originating number range holder is required to make payment for this fraudulent traffic o Existing Roaming or Interconnect agreement requirement • Initial payment made to roaming or interconnect partner • Payment continues down value chain to reach the terminating number range owner • Terminating operator retains his share and pays IPRN Provider • IPRN Provider shares this balance by paying the Fraudster (e.g. €0.17c per minute for calls to Latvia) and retaining the balance 1 2 34 5
  • 14. Determining loss • Originating Number range holder has made full payment • In case of Subscription or other SIM based fraud, little or no chance of recovering this from the fraudster. • In case of PBX Fraud, typically the network provider will attempt to recover cost of fraud from the PBX user • In many cases this will result in a dispute, unwanted publicity and customer churn unless network provider accepts all or part of this loss • PBX user will typically argue that their network provider should have discovered such a huge increase in calling activity • All other transit operators, IRS Number owner, number reseller and fraudster have benefited from this fraud 1 2 34 5
  • 15. IPR Number Resellers • Number of Resellers continues to increase: o 17 in 2009 o 47 in 2012 o 85 in October 2013 • 400% increase in 4 years • Most of this increase results in those wanting to exploit IRSF revenues • Many now acting as Number Wholesalers
  • 16. Number Misappropriation (Hijacking) • Usually involves Country numbers with high termination rates – e.g Small Island nation at $US0.65c • Fraudsters will act in collusion with a dishonest carrier • Advertise ‘below cost’ rates into country to attract operators looking for Least Cost Routing (LCR) • Calls will be routed in a certain direction to ensure that they hit the ‘dishonest operators’ network • Once there, they will be filtered out and ‘short- stopped’ outside the Country to which the CC applies • Payment follows the same value chain as the call routing
  • 17. Industry initiatives to reduce IRSF losses? • Very little industry progress to stop IRSF/Hijacking • ITU misuse reporting is not currently being supported • I3 Forum has published guidelines, but again, these are not being supported by all of their membership • BEREC have issued guidelines re with-holding payment however these apply only to European operators and are complex • Continued lack of cooperation within the operator community • Regretfully, the Fraudsters appear to be better organised to take full advantage of industry weaknesses
  • 18. Industry’s ability to implement initiatives for steps 1 – 5 of IRSF 1 Access a Network 2 Obtain IRSF Nos. 3 Generate the calls 4 Receive payment 5 Determine loss
  • 19. Access to a network • Subscription Fraud and it’s variations can be reduced with effective Fraud Management Systems • SIM cloning can be eliminated by upgrading algorithm • PBX Fraud can be reduced by implementing fraud awareness programs and audits for business customers • Arbitrage can be avoided by ensuring that risk reviews are completed on all new products, services and tariffs • Invest in a fraud management solution However controls must be relative to preventing fraud while minimising customer impact. 1 2 34 5
  • 20. Obtaining IPR Numbers • IPR Number Resellers have increased by 400% since 2009 • 85+ are now competing to attract fraudsters to them • Up to 75% of fraudsters embarking on an IRS Fraud will call a Test Number, provided by the Reseller first. • Most of these Test Numbers are now available in a database as an IRSF detection tool Implement a cost effective Fraud Management System which uses a Test Number Database as a hotlist. This alerts a CSP to a potential IRSF incident and has already shown benefits 1 2 34 5
  • 21. Generate traffic • Reduce the opportunity for fraudsters to maximise revenues by; o Removing International Call Forwarding and Multi Party calling from roaming customer SIM’s o Ensure that automated systems are in place to analyse NRTRDE records 24x7 and refer alerts to analysts o Ensure automated systems are in place to notify analysts 24x7 of calls to known IRSF destinations Up to 87% of all reported IRSF occurs between 8.00pm Friday and 8.00am Monday. If the fraud function does not operate during this period, alternatives must be identified. 1 2 34 5
  • 22. Receive Payment • Early identification of IRSF does provide opportunities to negotiate payment withholding by partners • Position is strengthened if impacted operator is able to confirm that IRSF losses relate to a hijacked number range The earlier an incident is identified, the less the fraud loss will be, so early detection is critical. 1 2 34 5
  • 23. Determining Loss • In most situations, it will be the originating number owner who will suffer the loss for IRSF, and it is their responsibility to ensure that they have systems and processes in place to minimise these losses. • Accurate reporting with supporting information is essential to identify true losses, identify control weaknesses and enable future detection/prevention to be improved Fraud management solutions have good reporting capabilities and will support the creation of future intelligence in the fight against IRSF 1 2 34 5
  • 25. PRISM • YFCL are monitoring the IPR Number Reseller websites and developed an IRS Test Number Database (PRISM) • This database currently contains over 40,000 test numbers o PRISM has been made available on a subscription basis to operators since the 21 August 2013 o It is used as a ‘hot-list’ within an FMS to alert operators when a Test Number has been called o It has proved to be very effective at identifying IRSF o Test Numbers are updated every 6-8 weeks to ensure that they remain current
  • 26. Example of IRSF Test Numbers Date Time A Number B Number Call Duration 30/03/2013 05:17:33 XXX977860XX 23221104397 7 30/03/2013 05:32:14 XXX977860XX 23221104397 5 30/03/2013 05:57:22 XXX977860XX 23221104397 5 30/03/2013 06:03:41 XXX977860XX 23221300284 19 30/03/2013 06:13:55 XXX977860XX 23221300284 601 30/03/2013 06:13:57 XXX977860XX 23221300284 581 30/03/2013 06:13:58 XXX977860XX 23221300284 538 30/03/2013 06:13:58 XXX977860XX 23221300284 551 30/03/2013 06:14:01 XXX977860XX 23221300284 576 30/03/2013 06:14:01 XXX977860XX 23221300284 592 30/03/2013 06:14:02 XXX977860XX 23221300284 543 30/03/2013 06:14:03 XXX977860XX 23221300284 575 30/03/2013 06:14:05 XXX977860XX 23221300284 530 30/03/2013 06:14:06 XXX977860XX 23221300284 593 30/03/2013 06:14:07 XXX977860XX 23221300284 498 30/03/2013 06:14:07 XXX977860XX 23221300284 588 30/03/2013 06:14:08 XXX977860XX 23221300284 545 Sierra Leone 23221341844 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221104397 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221201721 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221341838 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221104344 https://www.reaxxxxxxxxts.com/ Sierra Leone 23221201740 https://www.reaxxxxxxxxts.com/ Calls to a Test Number in Sierra Leone. 3 Calls all short duration. (Duration in seconds). IRSF commences 46 minutes after calls to Test Number. This fraud continued for 4 hours with a loss to the carrier of over $US 52,000. Could this have been avoided or reduced if an alert had been generated once the Test Number was called? Sierra Leone Test Numbers available on number reseller’s website in March 2013. Sierra Leone Test Numbers from the same website in July 2013. Note changes.
  • 28. Risk Mitigation and recommendations Considerations • IRSF and associated fraud will be around for the foreseeable future • The lack of Industry progress means operators must implement strong prevention and detection controls • Law Enforcement action is no deterrent • Operators who have experienced IRSF are strengthening their controls, fraudsters are constantly searching for soft targets. • What you spend now to implement controls will be significantly less than you will lose in an IRSF attack • IRS Fraudsters do not differentiate between Prepaid or Post-paid, both are at risk.
  • 29. Risk Mitigation and recommendations Advice • Question whether you have strong or sufficient controls in place to prevent or detect an IRSF attack? • Remove International Call Forwarding and multi-party calling capability from roaming SIM cards • Encourage mobile users to implement SIM pin-lock • Ensure all Business customers have been advised to check their PBX security – change default Passwords, remove DISA facility if not required etc
  • 30. Risk Mitigation and recommendations T • Early detection of likely IRSF activity is essential losses are likely to increase at €10,000 per hour • Install an automated Fraud Management System capable of providing you with 24x7 monitoring and correlation to a Test Number database. • Consider expansion in FM coverage to look at the primary frauds • Subscription Fraud • SIM Cloning • Theft of handsets or SIM cards • PBX Hacking • Wangiri Fraud Tools
  • 31. For more information please contact: info@xintec.com XINTEC| Whelan House | South County Business Park | Leopardstown | Dublin 18 | Ireland