Many service providers are looking for more efficient and comprehensive ways of detecting and combating attacks before they proliferate.
Forward-looking service providers are implementing next-generation fraud detection and prevention systems that are capable of identifying and thwarting a wide range of sophisticated attacks before revenue is lost. Developed from the ground up with VoIP in mind, next-generation systems are designed to detect and stop fraud incidents in near real-time.
Unlike conventional CDR analysis solutions, which simply examine switch call records after the fact, next-generation fraud detection and prevention systems use passive network probes to proactively and continuously analyze network traffic in real-time. Probes can take the form of standalone devices, or they can be embedded into other network elements such as session border controllers (SBCs). For ultimate protection, probes are installed in both the enterprise and service-provider network to detect attacks aimed at either the business or the carrier infrastructure. Once an attack is detected, the fraud management system may instruct SBCs or other network elements to drop or block suspicious calls.
While fraud attacks have different faces, the symptoms tend to be the same, namely a deviation in a user or user group’s normal behavior. Common attack symptoms include:
Best-of-breed fraud management systems provide flexible rules and scoring systems that enable administrators to set policies, customize actions and weed out false positives. By analyzing network calls over time and learning the behavioral patterns of individual users as well as user groups, next-generation fraud management systems are able to detect the unusual calling patterns that are symptomatic of telecom scams. And since they collect and analyze data over time, the longer they are installed, the more accurate and effective they become.
Information sharing between service providers can facilitate a form of fraud prevention known as blacklisting. Attackers locating holes in telecommunications infrastructure and fraudsters abusing the system may not be the same person. Stolen account information is sold over the Internet to fraudsters who design and execute scams. An enterprise or service provider may be hit by fraud without seeing fraud precursors such as scanning activity from the same source before. This makes information sharing between service providers much more relevant. Adding small bits of information from multiple providers helps to paint a bigger picture and prevent fraud before it happens. Information worth sharing includes source IP addresses of attackers, phone numbers dialed during the reconnaissance phase or technical details such as the client software used to initiate calls. In a blacklist approach this information can be incorporated into a fraud detection and prevention system (FDP) to identify and block known scams.
Communications fraud costs service providers billions of dollars per year. Today’s VoIP networks are subject to increasingly sophisticated and costly attacks that cannot be mitigated in a timely fashion using traditional fraud monitoring techniques. Forward-looking providers are turning to next-generation FDPs to proactively identify and suppress attacks. By quickly isolating and containing scams, next-generation fraud management systems help service providers avoid service theft, prevent revenue loss and reduce customer dissatisfaction and subscriber churn.