Telecoms fraud is big business for criminals, with monetary damages more than double that of credit card fraud. And the rapid growth in cloud telephony and SIP trunking offers a major opportunity for crooks as they look to take advantage of these more open telephone networks. As Voice over IP (VoIP) services expand, criminals are becoming more sophisticated and the types of fraud being perpetrated are on the increase whilst also becoming more difficult to detect and prevent.
To combat fraud, one of the common approaches has been to cap call spend. Other methods include blacklisting certain numbers and destinations. From a provider's perspective, blacklisting is a blunt instrument and the cap means there is never a big bill to be paid, but nonetheless the nature of a cap concedes that fraudulent activity will happen.
For the end customer, blacklisted numbers or a cap on spend can lead to a block on calls. If the cap is exceeded they might arrive at the office on a Monday morning unable to make any outgoing calls since the carrier has blocked their PBX to protect them from more fraud. There is then a great deal of activity required to get everything working again quickly without disrupting normal business.
The challenge is that smart fraudsters evolve their methods; and for spend caps, they have found a workaround. Traditionally each fraud attack costs around £12k. High volume calls and costs attract the attention of the existing fraud management tools. The criminals have realised that if they take smaller amounts over longer periods of time, say during weekends and non-business hours, they do not hit the spend caps and set off the alarms. They can repeat this “pick pocketing” of calls without being noticed for many weeks and by doing so go undetected. By the time the activity is discovered, the hacker may have racked up many thousands of pounds in fraudulent calls.
So who pays? In the past, the customer was ultimately responsible for ensuring their premise-based PBX telephone system was secure and they largely took responsibility for the cost of fraudulent activities and bad debts. However, with cloud telephony, the customer now looks to their resellers and service providers to protect them from fraud and underwrite any costs. Customers no longer see the responsibility as entirely theirs. The reality is that customers need to work with their providers and this needs to be a joint responsibility to ensure that relevant security controls are in place for their organisation.
Analytics is a powerful countermeasure, based on the wealth of information and big data that is accessible via cloud telephony. In addition to visibility of what is happening on a network relating to the performance of features or functions, this vast intelligence can be used to monitor activity in real-time and detect fraud.
The ongoing review of call patterns and trends, call destinations, blacklisted numbers, behavioural patterns and rules alongside predictive analytics enable users to see what can be done effectively across the network to prevent the likelihood of fraud in the future. And in the unlikely event that fraud still happens, then credit and spend capping becomes the full and final gatekeeper in the process. Capping can even be taken one step further to become “smart capping”, resulting in just the specific traffic being targeted for fraud being cut-off, rather than the complete phone system being shut down.
Real-time analytics delivers the capability to “stop and block activity” with immediate effect – even during a call. Alerts and notifications triggered when rules are breached enable different actions to be initiated depending on the severity of the breach, which keeps both the user and the provider in the loop.
Collaboration, self-learning functionality and dynamic updates are the key to a future-proof analytical fraud and credit management solution that evolves in line with new methods of fraudulent activity. Customers and providers alike need to work together in this ongoing challenge of fraud detection and prevention.
Contributed by Carl Boraman, commercial director, Tollring
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.