25th June 2018 

Tango, Luxembourg’s number one alternative telecom operator, has signed a new three-year deal with XINTEC, the global fraud solutions agency, to leverage the latter’s leading-edge Revenue Assurance software suite – RAevolution. 

XINTEC’s revenue assurance solution has been protecting Tango from unwanted financial losses since 2013; losses which can amount to 5% of an operator’s gross annual revenues according to top industry sources. By implementing XINTEC software, telecom operators are ensuring that every call event across their network is accurately billed.

Commenting on the deal, Sean Killeen, CEO of XINTEC said, “We are delighted to continue our partnership with Tango, delivering revenue assurance controls across its network streams with our increasingly sophisticated, lightweight software platform. Revenue leakage is as prevalent as ever, and telecom operators need a supplier that can scale and adapt its solutions to meet the ever-changing risk to this industry. We are unique in our ability to deliver this type of value add service at a particularly attractive cost point, which translates directly into significant measureable value for our customers.”  

Patrick Verdingh, Tango’s CFO, added, “Since implementing the XINTEC solution, we have enhanced our revenue assurance department. XINTEC’s robust software suite and reliable, experienced team prove them to be a trusted partner and we look forward to building further on this relationship in the years to come.”

XINTEC’s RAevolution software proactively monitors all profit impacting data which it correlates and compares against potential revenue loss. The simple graphical user interface allows for super-fast analysis by novice system administrators and seasoned RA professionals alike. RAevolution enables telecom operators to grow and mature their RA competency by continually identifying opportunities for RA improvement within their business.

SIM Box Detection and Interconnect Bypass prevention

Vodafone Ghana is one of the latest additions to the Vodafone Group, the world’s leading mobile telecommunications company.

Vodafone Ghana recently deployed the XINTEC SIM Box Detector solution to monitor and prevent interconnect bypass traffic, SIM Gateways, or SIM boxing from causing potentially heavy financial losses to their network.

The Challenge

SIM boxes are particularly prevalent in countries where high charges apply to terminating calls on networks, but where cheap on-net calls are offered instead. This creates the conditions for fraudsters to exploit the price differential using clandestine voice over IP (VoIP) equipment to bypass the traditional interconnect charging points. Vodafone in particular has worked closely with the police to tackle the problem, seizing dozens of SIM boxes and witnessing many arrests.

The Solution

Vodafone Ghana recently deployed the XINTEC SIM Box Detector solution to monitor and prevent interconnect bypass traffic, SIM Gateways, or SIM boxing from causing potentially heavy financial losses to their network.

SIM Box Detector processes 100% of roaming – both national and international – and domestic event detail records (xDRs) to analyse the traffic generated by each active SIM card on the network.
Detecting the presence of SIM boxes is carried about by clever proprietary analytics and the real-time use of over 20 configurable correlation and profiling techniques and decision models that minimise the number of false positive alerts.

The Result

As much as 80% of the alerts generated by SIM Box detector were shown to be genuine bypass cases, as opposed to the typical high incidences of “false positives” known to be associated with this type of detection technique.

The results are displayed visually on a colourful and interactive user-friendly GUI. The presence of the MSISDN in the alerts generated on SIM Box Detector greatly simplifies the life of the analyst, as he/she can easily deactivate SIMs at the click of a button.

SIM Box detector is standalone software solution that can be installed on-site on your network within just days. It can reside alongside an existing FMS, or indeed can be combined with modules of the award-winning XINTEC FMSevolution fraud management system.

For a demo or trial of SIM Box detector on your network contact XINTEC now.


Telecom Cook Islands uses XINTEC FMSevolution as a cost effective solution to manage their fraud and revenue risk.

“FMSevolution enables us to respond quickly to potential fraud alerts, protecting our revenue stream. This means we can safely expand our products and services to benefit customers.” – Jules Maher, CEO, TCI

The Challenge

Telecom Cook Islands Ltd (TCI) are the sole provider of fixed-line, mobile and broadband services to the Cook Islands. Although a small telecom provider, TCI are regarded in the Pacific as innovative, and are constantly investing in state-of-the-art infrastructure to ensure their customers are receiving world class services. To protect their revenues against high risk fraud such as IRSF, Roaming and others to enable this continued investment, TCI decided to identify a suitable Fraud Management System to suit their budget and provide them with the protection they required.

The Solution

As part of their search for a suitable revenue protection tool, TCI evaluated the XINTEC FMSevolution product, then known as FMSlite. This was perfect for them. It was quick to deploy, low-cost and a solution that was already proven in CSP’s of a similar and larger size to TCI. XINTEC were able to offer a managed service which involved XINTEC analysing TCI’s NRTRDE and other call records for any fraud or high usage indicators. This service was funded from Opex, allowing TCI to retain their Capex for other important network investment that would benefit their customers.

The Result

Once this decision was made by TCI, the XINTEC solution was deployed within days. TCI opted for XINTEC’s Cloud-based solution monitored by XINTEC. Each hour, XINTEC emails usage and hotlist reports to the TCI staff member responsible for fraud management. FMSevolution generates high usage and hot-listed number alarms on receipt of TCI NRTRDE files significantly minimizing their exposure to fraud. With limited resources available, TCI can now be assured that fraud management is one function that will not be overlooked by busy staff with a range of different accountabilities.


Virgin Mobile (France) chooses XINTEC to implement a solution to detect and prevent any irregular or fraudulent activity that could potentially result in a loss of service quality or financial losses to the company.

“Having immediate visibility of our customer data to rapidly identify and eliminate any fraudulent usage in near-real time is essential to the quality of service on our network as we strive to consistently exceed customer expectations.”  – Telecoms Manager, Virgin Mobile France

The Challenge

Virgin Mobile is the largest MVNO in France, providing services to almost 2 million subscribers. Virgin Mobile prides itself on a host of innovative, differentiated and attractive no-strings-attached offerings in a drive to offer more freedom and flexibility to its subscribers. To ensure that customers enjoy an optimal experience when connecting to and using their network, it was necessary for Virgin Mobile to deploy a tool to automatically process and monitor call activity to detect the likes of SMS Spam, Sim Gateways and other network frauds.

The Solution

Virgin Mobile (France), aware that to ensure their customers continued to enjoy an optimal experience of their services end-to-end, they would have to identify a Fraud Management System supplier with a suite of products that would allow them to continue their rapid growth without any reduction in the customer experience they were famous for. Early discussions with XINTEC confirmed that XINTEC’s FMSevolution, along with the Sim Box Detector and SMS Anti-Spamming modules would be a perfect fit for their requirements.

The Result

Once the decision to use XINTEC was confirmed, XINTEC engineers ensured that the solutions provided were a perfect fit for a fast growing and innovative MVNO like Virgin Mobile. Within weeks of receiving this confirmation from Virgin Mobile, FMSevolution and the additional modules were implemented, tested and operational. Virgin Mobile are now proceeding with their strategic priorities in the knowledge that any financial risk associated with their rapid growth is being managed.


Operator-X is an operator in Asia who provides services to both Post-pay and Pre-pay customers, predominantly Pre-pay. During the previous 9 months, constant complaints have been received from Pre-Pay customers that their credit balances have been reduced to $0 following the return of 1 missed call, or by responding to a number sent to them via a text message. Investigation in to these complaints identified large numbers of Wangiri Fraud attacks, typically hundreds of simultaneous attacks occurring 7 days a week. This activity had been ongoing for about 9 months, with over 2000 unique numbers being used by the fraudsters as ‘call back’ numbers.

The volume of customer complaints has been such that a special team have been established within Customer Operations to manage these. Operator-X has taken the stance that most other Operators would also take in respect of Wangiri Fraud. Each customer who has become a victim of this fraud has originated a call to a number they are not familiar with, so under the customer terms and conditions, they are responsible for the cost of that call, and no credit would be given. While Operator-X has suffered no direct financial loss as a result of these ongoing fraud attacks, there are considerable intangible costs associated with increased customer operations costs, an increase in churn by disgruntled customers, and negative brand implications associated with the poor media attention this issue is attracting.

The Fraud team at Operator-X were tasked with finding a solution that would help the business with early warnings of future Wangiri fraud attacks. There is very little budget available to help fund a solution. The Fraud Team were aware of the success PRISM was having in identifying IRSF, so turned to the PRISM developers for help. The 2,000 plus Wangiri Fraud numbers involved in the Operator-X fraud incidents were provided to the PRISM developers, however only a small number of these were identical to numbers within the PRISM database as it was at that time. (At this time the PRISM database contained around 20,000 IPR Test Numbers).

The PRISM developers recognised that the International Premium Rate numbers used by number resellers were generally held in number blocks of up to 100 sequential numbers. They then developed a second database, using the existing PRISM numbers as a baseline, and replaced the last 2 digits of each number with wildcards. The 2000 plus Wangiri numbers from Operator-X were again analysed using the Wangiri Wildcard database, which now contained over 1 million numbers. This Wildcard database successfully identified 53% of the numbers used during these Wangiri attacks.

Operator-X (and other PRISM customers) are now using the PRISM Wildcard database as a key defence against Wangiri Fraud. Now that the PRISM database contains over 44,000 IRSF Test Numbers, the Wildcard database has now increased to over 2 million numbers. The simple rules that are applied in the FMS in respect of the Wildcard Database are related to both inbound and outbound calls. Inbound call alerts are generated when >10 incoming calls are identified from PRISM wildcard numbers to one or more customers within a 5 minute period. Or, for outbound calls, alerts are generated when 5 or more calls from 1 or more customers are identified to PRISM Wildcard numbers within a 15 minute period. Either of these alerts will warn Operator-X to a likely Wangiri Fraud attack, and if confirmed, allows them to block the Wangiri numbers or take other action to protect their customers.

Access to both the PRISM and the PRISM Wildcard database has proven to be an effective, inexpensive and easily accessible early warning tool for both IRSF and Wangiri Fraud. With updates every 6 to 8 weeks to the database numbers, users can be assured that the contents are current and up to date with new numbers added by the IPRN Resellers.



International Revenue Share Fraud (IRSF) has been responsible for hundreds of millions of dollars’ worth of fraud losses to the telecommunications industry over many years. Despite a lot of work by Carriers and supporting organisations over the past 8 or 9 years, the problem remains, and is likely to remain for at least a few more years before there is some agreement within the industry to take what actions are required to prevent a carriers revenue from finding its way into fraudsters pockets.

There have been a number of initiatives which have been successful at reducing the impact (value) of individual incidents of IRSF, such as NRTRDE and ‘Hot number range databases’, however the incidents of IRSF continue to grow, mainly with a shorter timeframe but still with significant fraud losses. The number of International Revenue Share number resellers also continues to grow, and we are aware of over 115 of these currently, which is a +500% increase since 2009. It is important to state that not all number resellers are fraudsters. Some are legitimate businesses offering numbers for content services, tele-voting etc, and these provide a reasonably safe revenue stream. However there are many others who openly encourage fraud and will provide their numbers to anyone with little concern about how these callers are going to pump traffic into them.

Most International Revenue Share number resellers will provide a schedule of ‘Test Numbers’ on their websites, some available for a visitor to their website to access, and others requiring a visitor to complete a registration process before these test numbers can be viewed. Typically, if a potential customer (or fraudster) wishes to do business with a number reseller, he must first confirm that the country and number range he wishes to call is accessible from the country he is calling from, and from the device he intends to use. This may for example be a stolen GSM handset with a UK Simcard roaming in Spain and wanting to call Somalia, or a compromised PBX in the Philippines through which he wishes to transfer calls to Gambia.

This potential customer (or fraudster) will use one of the number providers test numbers to confirm the routing he requires is possible. Once confirmed, the customer (or fraudster) will then make application to the number provider for 1 or more revenue share numbers at that location which he can use on a revenue share basis. Generally, this will not be the test number, as this goes back to the number providers Test or Rate Card for use by the next person looking for access to that country. Many number providers will change these test numbers frequently, often at least every few months. The numbers may not be discarded, but handed back to the number providers ‘wholesaler’ who may re-issue the test numbers to another of their resellers.

There is often a time lapse of 15 minutes to 3 hours between the time the first call to a test number is made and the IRSF actually commences. This allows the fraudster to make contact with the Number Reseller, obtain revenue share numbers at that location, check that this number works, set up call diverts or international call forwarding etc. He may also want to allow time for other members of his criminal gang to get to different parts of the city so that their use of multiple SIMs may not be obvious from one cell site.

The time lapse between these test numbers being called and a full scale IRSF attack commencing provides a great opportunity for fraud detection, assuming that these test numbers are known.

These test calls are generally easy to identify when analysing call records from an IRSF attack. They will be short calls, between 1 and 10 to the same or similar numbers, before the traffic inflation starts. Often there will be further test calls during an IRSF attack, and these will be terminated to test that a new number range the fraudster wishes to use is also available from their location and calling device.


Mobile Phone Theft Cap – a new opportunity for Fraudsters?

“A cap on mobile phone bills run up by thieves after handsets are stolen will bring relief to millions of consumers, campaigners say.

Five service providers – EE, O2, Three, Virgin Media and Vodafone – say the £100 cap will be activated providing the phone is reported lost or stolen within 24 hours of it going missing.”

Following a certain amount of pressure from Government and Community Groups such as Citizens Advice and others, five UK Service Providers have now agreed to a £100 cap on charges customers are responsible for if their phones are stolen and used fraudulently, providing the phone is reported stolen within 24 hours of the theft being discovered.

This announcement was made through the UK media on Sunday 22 March 2015, but what seems unclear, is when the ‘clock starts ticking’ in respect of the 24 hour period a customer has to report their mobile stolen to their home network. Many hours can pass between the time a first fraudulent call is made from stolen handset, and the customer actually becoming aware that the phone has been stolen. There is no doubt that Government and Consumer Protection groups will insist that this 24 hour period starts from when the customer discovers that the phone has been stolen. Even assuming that all customers who are victims of theft will be honest when providing the date and time a theft was discovered, it is reasonable to assume that the time between a handset theft occurring, and the theft being reported, could increase to 36 hours or more.

What is clear from the announcement is that this provides yet another opportunity for the fraudsters. We are already well aware that some tourists in Barcelona are being offered up to €500.00 for their mobile phones on the condition that they report them stolen when they get back to their home country. Obviously there was a certain amount of risk associated with this for the tourist, who may find their mobile provider expects them to pay for any fraudulent charges incurred after the phone was ‘stolen’. Now they know that provided they are with a CSP who is a signatory to this agreement, their liability will not be capped at £100.00.


PBX Services Limited* (PSL) has been operating for a number of years providing PBX services to small to medium businesses. They are a small business but have been reasonably successful in providing their services to an established group of customers. PSL Management are aware of the fraud risks associated with PBX’s, however have never been a victim of any significant fraud, and because they are a small company, did not expect that they were likely to be targeted by organised fraudsters.

During a long weekend in Q3 of 2013, the CEO of PSL received a phone call from his Account Manager at his Wholesale Carrier. He was advised that over the previous 30+ hours, 18,000 calls had originated from his PBX’s to destinations such as Gambia, Bosnia, Serbia, Latvia, East Timor and others. The value of these calls was around $US120,000, and his Wholesale Carrier, recognising that PSL may struggle to repay this debt, demanded payment in full within 48 hours, or their Network Services would be withdrawn. PSL had been the victim of PBX Hacking and International Revenue Share Fraud (IRSF). Despite the fact that the PSL average monthly spend on international calls up to that point was around $US100, and such a huge increase in calling should have been identified through fraud monitoring, PSL was contractually obliged to make this payment. PSL did not have the cash reserves to make this payment as required by their Wholesale Provider, and without a Network Carrier, they could not remain in business.

PSL was not a PRISM customer, however was aware of the services provided by the PRISM developer in the area of fraud investigation (The Investigator). The Investigator was contacted and offered to help, receiving full details of the 18,000 fraudulent calls that were made.

Within these 18,000 calls almost 750 unique numbers were identified, and 261 hits were confirmed.

Many of these 261 numbers were called within the first 1,000 calls associated with this fraud, and had PRISM been used as a hotlist by either PSL or their Wholesale Carrier, 261 fraud alerts would have been raised.

The losses that would have resulted would then have been reduced to less than $US5,000, and this was a perfect example of how a minimal investment in PRISM, along with an associated FMS if one does not already exist within the organisation, can generate impressive fraud savings. It also highlighted the fact that IRS fraudsters are not concerned with the size, location or business interests of the victims they are going to attack. They will continue to search for the ‘weakest link’, put in place a strategy to maximise their fraudulent profits, decide on a time and date of commencement of the fraud, and then commence their attack. In this case the fraud was organised, with simultaneous PBX hacks originating from Germany, Palestine, Israel and other locations.

In this case, the end result for PSL was not as bad as it could have been. From using the data within PRISM, the Investigator was able to identify the likely IPRN Reseller who controlled most of the numbers used during this fraud, and also confirm that many of them were hijacked ranges which did not terminate in the countries to which the relevant country codes applied. Because of this information, the Wholesale Carrier agreed to reduce the amount owed, allowing PSL time to pay this reduced amount and save their business. However this was still a significant loss that could have been avoided had either PSL or their Wholesale Carrier made a small investment in what is generally accepted as the most effective IRSF detection tool available.

Check our PRISM FAQ


Vodafone Qatar, the Gulf Emirate’s newest communications company implements XINTEC’s FMSevolution Fraud Management System as the first step in their strategy to partner with XINTEC to deploy their innovative revenue optimization tools.

“The choice for FMSevolution was clear for several reasons, not least that we get all the functionality we need from a fraud management system without the show-stopping costs we see all too often” Rob James, Head of Fraud, VF-Qatar.

The Challenge

Vodafone Qatar, a consortium comprised of Vodafone Group and Qatar Foundation, received the second public mobile networks and services licence in the State of Qatar in June 2008.  Remarkably, they were able to switch of a fully functional mobile network on the 1 March 2009, with 1,000 customers. With a vision to be the most admired brand in Qatar within 3 years, and to grow to 1.6 million customers by 2018, protecting their customers from becoming victims to fraud while ensuring their own revenues were secure became extremely important to them. Wiithin months of going live, Vodafone Qatar started the search for a suitable revenue protection partner.

The Solution

As part of this search for a suitable revenue protection tool, Vodafone Qatar evaluated the XINTEC FMSevolution product, then known as FMSlite. This was perfect for them. It was quick to deploy, low-cost and a solution that was already proven.  It was also a modular solution that was capable of growing along with them, as they moved towards their vision of growing to 1.6 million customers. Vodafone Qatar were well aware that during this period of growth, particularly in light of the long established competition in Qatar, they would be wise to plan to extend their Fraud Management tools to Revenue Assurance and other areas of revenue risk.

The Result

Once the decision to use XINTEC was confirmed, the FMSevolution product was implemented and operational within weeks. The results achieved by Vodafone Qatar were immediate, with the system helping them to recover over €200,000 within the first few weeks of operation. Since this time, Vodafone Qatar have continued to add to their suite of XINTEC products which has included a full implementation of the XINTEC Revenue Assurance System (RAevolution). Vodafone Qatar have experienced customer growth to 1 million customers by early 2013, and the XINTEC revenue optimization tools have ensured that revenues have been maximised during this period of growth.


23rd February 2016 

Irish start-up XINTEC has good news for the world’s mobile operators ahead of Mobile World Congress: it has found a solution to the €10bn-a-year International Revenue Share Fraud (IRSF) problem that is taking a toll on mobile operators all over the world.

IRSF occurs when fraudsters use stolen SIMs or SIMs obtained using false identities to take advantage of international premium rate numbers and rack up millions of euros of cross-border calls that operators are obliged to pay termination fees for.

In 2015, the Communications Fraud Control Association (CFCA) commissioned a report that found an increase of 497pc in IRSF, which cost more than €10.7bn last year alone.

The problem is the rise in the number of fraudsters scamming networks via international premium rate numbers.

Read the full siliconrepublic.com article here