I'd like tap the collective knowledge here for some fraud prevention and detection resources. Anyone have any information they can share on common fraudulent calls (i.e. Countries and associated digit strings) What metrics have worked best to match to detect fraud before it becomes a significant cost? What platforms have people used to analyze the raw data? Links or RTFM pointers appreciated :). Nicholas Vermeer (ph) +1.212.282.2512 (fax) +1.212.282.2668 (email) nvermeer at rgts.com<mailto:nvermeer at rgts.com> Rockefeller Group Technology Solutions, Inc. 1221 Avenue of the Americas New York, NY 10020-1095
On Fri, 23 Oct 2009, Nick Vermeer wrote:
I'd like tap the collective knowledge here for some fraud prevention and detection resources.
Anyone have any information they can share on common fraudulent calls (i.e. Countries and associated digit strings) What metrics have worked best to match to detect fraud before it becomes a significant cost? What platforms have people used to analyze the raw data?
Links or RTFM pointers appreciated :).
Nigeria and Romania are the biggest (+232 and +40). Any time a call is made to either of those destinations we are notified. We also get notified when people spend more than $10 our cost in termination, anywhere, in a period of time. --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman at angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------
I haven't had much trouble with Nigeria and Romania as destinations, but special services numbers in the UK, Germany, Netherlands etc have all been a magnet for IRSF. I think your dollar notification is on the right path though since ultimately that is what matters, with the destination being a moving target. Some tips I can offer: Collect CDR's in as near to real-time as possible. If possible use radius from your SBC or a live feed from the softswitch. Get actual CDR's that show start and stop events for calls, not just billing records that are cut at the completion of a call. It is useless to be told after the fact that you just got burned on a series of 6 hour calls. Limit calls per Customer/IP/AOR to something reasonable. This prevents one exploited customer from nailing up 300 calls to high dollar destinations. You will need to feel this out in your own business model. Limit call length, and do it somewhere that it cannot be circumvented. This will prevent the guy that does manage to nail up a few dozen calls on an exploited account to Liberia from keeping them up for 12+ hours while you snooze away blissfully ignorant of your bank account emptying. I typically go for 3-4 hour limits but your customer base will make this determination. Finally, monitor your CDR's, constantly. Even a script that crawls your radius logs every few minutes looking for open calls to high dollar destinations and takes preventative measures (notification etc) when the potential cost of the call breaches a limit can save you tons of heartache. Obviously you will need to determine for yourself what is normal and what is not. There are of course dozens of other places to implement preventative measures, and the best approach is a multi-tiered one where you guard at the access side to your network (IPsec, locked down devices etc etc), core (methods described above), and even at the ordering process (filter as many fishy customers out before they are customers). All measures taken in the switch should be considered "last resort" since the fraudulent calls only get there if everything else fails, and once they do there is no way they wont cost you money. Though at this point it would be worth discussing we collectively maintain a list of confirmed toll-fraud destinations. I have some ranges I have just black-holed since the offenders were quite persistent, and I am certain you all do too and a place where we could all share that information would be great. On Fri, 2009-10-23 at 14:29 -0400, Peter Beckman wrote:
On Fri, 23 Oct 2009, Nick Vermeer wrote:
I'd like tap the collective knowledge here for some fraud prevention and detection resources.
Anyone have any information they can share on common fraudulent calls (i.e. Countries and associated digit strings) What metrics have worked best to match to detect fraud before it becomes a significant cost? What platforms have people used to analyze the raw data?
Links or RTFM pointers appreciated :).
Nigeria and Romania are the biggest (+232 and +40). Any time a call is made to either of those destinations we are notified.
We also get notified when people spend more than $10 our cost in termination, anywhere, in a period of time.
--------------------------------------------------------------------------- Peter Beckman Internet Guy beckman at angryox.com http://www.angryox.com/ --------------------------------------------------------------------------- _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
In my experience CUBA. Nick Vermeer wrote:
I?d like tap the collective knowledge here for some fraud prevention and detection resources.
Anyone have any information they can share on common fraudulent calls (i.e. Countries and associated digit strings)
What metrics have worked best to match to detect fraud before it becomes a significant cost?
What platforms have people used to analyze the raw data?
Links or RTFM pointers appreciated J.
*Nicholas Vermeer*
(ph) +1.212.282.2512
(fax) +1.212.282.2668
(email) _nvermeer at rgts.com <mailto:nvermeer at rgts.com>_
*Rockefeller Group Technology Solutions, Inc.*
*1221 Avenue of the Americas*
*New York, NY 10020-1095*
------------------------------------------------------------------------
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
I second Cuba. we're are implementing Equinox (www.equinoxis.com) as a fraud detection platform. Phillip Kim M5 Networks, Inc. t: +1 646 230 5008 tel f: +1 646 792 4060 fax phillip at m5net.com ________________________________________ From: voiceops-bounces at voiceops.org [voiceops-bounces at voiceops.org] On Behalf Of Seth Justice [sethj at rockynet.com] Sent: Friday, October 23, 2009 2:31 PM To: VoiceOps at voiceops.org Subject: Re: [VoiceOps] Toll Fraud In my experience CUBA. Nick Vermeer wrote:
I?d like tap the collective knowledge here for some fraud prevention and detection resources.
Anyone have any information they can share on common fraudulent calls (i.e. Countries and associated digit strings)
What metrics have worked best to match to detect fraud before it becomes a significant cost?
What platforms have people used to analyze the raw data?
Links or RTFM pointers appreciated J.
*Nicholas Vermeer*
(ph) +1.212.282.2512
(fax) +1.212.282.2668
(email) _nvermeer at rgts.com <mailto:nvermeer at rgts.com>_
*Rockefeller Group Technology Solutions, Inc.*
*1221 Avenue of the Americas*
*New York, NY 10020-1095*
------------------------------------------------------------------------
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Hi Nick, Great thread. As a UK network I'd say +4487, +4490, +4470. These are UK Premium/Special/Personal numbers and there is a tonne of international traffic seeking these out. We continually advise customers not to touch it unless it is organic UK retail traffic as there is no need for anyone outside the UK to dial them. Traffic will typically be repeated 1-4 second calls to the same number on which the perpetrator is receiving an outpayment. They exploit the fact that there are hundreds of ranges, all billed differently and that somebody somewhere in the supply chain might not be current. We typically see those customers who ignore our advice forgetting about the connection charge and making a whacking loss as a consequence on what seemed too good to be true. We ourselves are exposed when we don't keep up with tariff changes on established number ranges or, dare I say it, we aren't informed. So, keep in mind, these are domestic numbers and any international volume to them is fishy however good it looks. Simon Keep up with the latest news from Simwood: http://feeds.simwood.com/SimwoodNews On Fri, Oct 23, 2009 at 6:18 PM, Nick Vermeer <nvermeer at rgts.com> wrote:
I?d like tap the collective knowledge here for some fraud prevention and detection resources.
Anyone have any information they can share on common fraudulent calls (i.e. Countries and associated digit strings)
What metrics have worked best to match to detect fraud before it becomes a significant cost?
What platforms have people used to analyze the raw data?
Links or RTFM pointers appreciated J.
*Nicholas Vermeer*
(ph) +1.212.282.2512
(fax) +1.212.282.2668
(email) *nvermeer at rgts.com*
*Rockefeller Group Technology Solutions, Inc.*
*1221 Avenue of the Americas*
*New York, NY 10020-1095*
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
-- ***** Email confidentiality notice ***** This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. Simwood eSMS Limited is a limited company registered in England and Wales. Registered number: 03379831. Registered office: c/o HW Chartered Accountants, Keepers Lane, The Wergs, Wolverhampton, WV6 8UA. Trading address: Falcon Drive, Cardiff Bay, Cardiff, CF10 4RU.
participants (6)
-
anorexicpoodle@gmail.com -
beckman@angryox.com -
nvermeer@rgts.com -
phillip@m5net.com -
sethj@rockynet.com -
simon.woodhead@simwood.com