A frightening story about wangiri fraud

Operator-X is an operator in Asia who provides services to both Post-pay and Pre-pay customers, predominantly Pre-pay. During the previous 9 months, constant complaints have been received from Pre-Pay customers that their credit balances have been reduced to $0 following the return of 1 missed call, or by responding to a number sent to them via a text message. Investigation in to these complaints identified large numbers of Wangiri Fraud attacks, typically hundreds of simultaneous attacks occurring 7 days a week. This activity had been ongoing for about 9 months, with over 2000 unique numbers being used by the fraudsters as ‘call back’ numbers.

The volume of customer complaints has been such that a special team have been established within Customer Operations to manage these. Operator-X has taken the stance that most other Operators would also take in respect of Wangiri Fraud. Each customer who has become a victim of this fraud has originated a call to a number they are not familiar with, so under the customer terms and conditions, they are responsible for the cost of that call, and no credit would be given. While Operator-X has suffered no direct financial loss as a result of these ongoing fraud attacks, there are considerable intangible costs associated with increased customer operations costs, an increase in churn by disgruntled customers, and negative brand implications associated with the poor media attention this issue is attracting.

The Fraud team at Operator-X were tasked with finding a solution that would help the business with early warnings of future Wangiri fraud attacks. There is very little budget available to help fund a solution. The Fraud Team were aware of the success PRISM was having in identifying IRSF, so turned to the PRISM developers for help. The 2,000 plus Wangiri Fraud numbers involved in the Operator-X fraud incidents were provided to the PRISM developers, however only a small number of these were identical to numbers within the PRISM database as it was at that time. (At this time the PRISM database contained around 20,000 IPR Test Numbers).

The PRISM developers recognised that the International Premium Rate numbers used by number resellers were generally held in number blocks of up to 100 sequential numbers. They then developed a second database, using the existing PRISM numbers as a baseline, and replaced the last 2 digits of each number with wildcards. The 2000 plus Wangiri numbers from Operator-X were again analysed using the Wangiri Wildcard database, which now contained over 1 million numbers. This Wildcard database successfully identified 53% of the numbers used during these Wangiri attacks.

Operator-X (and other PRISM customers) are now using the PRISM Wildcard database as a key defence against Wangiri Fraud. Now that the PRISM database contains over 44,000 IRSF Test Numbers, the Wildcard database has now increased to over 2 million numbers. The simple rules that are applied in the FMS in respect of the Wildcard Database are related to both inbound and outbound calls. Inbound call alerts are generated when >10 incoming calls are identified from PRISM wildcard numbers to one or more customers within a 5 minute period. Or, for outbound calls, alerts are generated when 5 or more calls from 1 or more customers are identified to PRISM Wildcard numbers within a 15 minute period. Either of these alerts will warn Operator-X to a likely Wangiri Fraud attack, and if confirmed, allows them to block the Wangiri numbers or take other action to protect their customers.

Access to both the PRISM and the PRISM Wildcard database has proven to be an effective, inexpensive and easily accessible early warning tool for both IRSF and Wangiri Fraud. With updates every 6 to 8 weeks to the database numbers, users can be assured that the contents are current and up to date with new numbers added by the IPRN Resellers.