We have always been aware that while, as an industry, our Fraud and Risk Managers are performing risk reviews, and planning and sharing intelligence to try and stay one step ahead of the fraudsters, those we are planning strategies against (ie. the fraudsters), are doing the same to try and stay ahead of us.

Fraudsters know when a CSP has improved its prevention and detection techniques, and so will move on to an easier target. Eventually they will find it difficult to keep finding easier targets, so will be forced to change their operating methods to counter the defence mechanisms being implemented.

For years, committing International Revenue Share Fraud (IRSF) has been based on targeting destinations where the call termination rates are highest, to maximise the fraudster’s earnings. However, the industry generally has become a lot more effective at identifying inflated traffic to these high-paying destinations, and in most cases, IRSF to them can be detected early and blocked.Start editing the text…

This is causing fraudsters to re-think their strategy, and many are now directing their IRSF calls to destinations that have traditionally been considered low risk. Their view is obviously that it is now in their interest to focus on lower-paying destinations in the knowledge that the originating carrier will, in most cases, take longer to detect this activity. So these fraudsters will continue to make reasonable money.

Read the white paper on this topic and learn more about this change in the fraudster’s modus operandi, and what you can do as a CSP to keep a step ahead of the game once again.


August is known to be the busiest month out of the year for telecommunications fraud, as criminals take advantage of summer plans and holidays. This summer is likely to bring with it a host of new exploits and attacks – and you must assume that your company will be targeted. This summer telecom operators should spend their time bolstering their security efforts, through the adoption of increased technology and awareness training.

Roaming Fraud is on the Rise

Telecommunications fraud is not isolated to any particular network or country. Telecommunications services are now truly global, with new regions continuously opening up – and with them, new avenues for fraud. Telecom operators are already preparing for changes in EU data roaming rules and higher-risk roaming, additional telecommunications services, increased numbers of telecommunications devices, and seasonal increases of telecommunications fraud along with declining revenues due to the impact of other disruptive technologies such as OTT.

The Internet of Things has substantially changed the landscape for telecom service providers, with a multitude of devices now having the ability to initiate or facilitate fraudulent and malicious attacks. As network activity increases overall throughout the world, so too does the number of fraud attempts, and the number of telecommunications fraud vectors. Changes in roaming rules are already responsible for increased levels of fraud as consumers become less vigilant about managing their own charges and fraudsters exploit the new fraud opportunities these changes have provided them with.

But that’s not all – telecommunications fraud also tends to go up during the holidays and summer. With more people traveling and being active, there are more opportunities for fraudulent charges. This is especially true when customers are abroad or making plans to go abroad. Many known fraud attempts involve connections on an international level, and these can be some of the most costly to contend with.

With all that in mind, how can telecom operators combat the rise of telecommunications fraud? By creating a comprehensive telecom fraud management strategy. Telecom providers need to prepare now for the risks that are certain to come.

Taking Steps to Minimize Telecom Fraud

Telecommunications fraud is frustrating to the consumer and costly for the service provider. Telecom operators must take steps to minimise fraud if they want to protect their revenue and provide the best customer experience.

A solid telecom fraud management strategy consists of two parts:

An automated fraud solution: All operators must have a comprehensive fraud solution, which will automatically detect and mitigate the signs of fraud across their network. It is not always possible for a human agent to identify these signs, and consumers will often be unaware that fraud has occurred on their account until well after. Automated fraud solutions are able to do the work of many people, automatically scanning for and identifying potentially malicious actions. Even better, these fraud solutions are able to scale up easily, thereby allowing the telecom service provider to grow without an increase in security risk

Improved training and awareness: Telecom service employees must be trained to properly identify the signs of fraud and to escalate to a supervisor when needed. Though many fraud attempts will be detected by the automated fraud solution, there are types of fraud that can occur at the service, customer, and employee level. These types of fraud are often “social engineering” attempts, which employees must be able to recognize and respond to.

Some actionable steps telecom operators can take to avoid fraud this summer:

1. Reduce the lag between when calls are made and when these time stamps are logged, to combat International Revenue Share Fraud (IRSF) in particular – a type of fraud that involves generating traffic to expensive international revenue share numbers.

2. Broaden the scope of the fraud monitoring function. Fraudsters adapt their own modus operandi to counter common prevention and detection strategies that they know telecom operators will implement. A good example is country or range blocking. In February 2017, 42% of all International Premium Rate (IPR) test numbers advertised related to the top 10 fraud destinations. In July 2018, the top 10 destinations only account for 23% of the IPR test numbers advertised. There are now over 220 countries and territories being advertised as revenue share destinations, so monitoring only high-risk destinations is no longer effective.

3. Install an early detection service for Wangiri fraud (“one ring and cut”) – particularly fraud that diverts traffic illegally or “cons” users into returning missed calls to high termination rate destinations.

4. Implement and maintain a detection service for SIM Box Fraud, which is a type of fraud that involves using the internet to terminate calls on local SIM cards to sell international minutes.

5. Only resell minutes to reputable parties to combat “arbitrage,” the practice in exploiting settlement rates between countries for a profit.

6. Use monitoring equipment to detect more complex types of fraud such as OTT hijack attacks, or hacks into VoIP systems.

Though fraud attacks are going to be increasing through the summer, they aren’t going to go away once the holidays are done. Due to the IoT, new regulations, and the general increase in global traffic volumes, fraudulent attacks are going to be an ever-increasing threat. Businesses must take action now if they want to prepare themselves and prevent the possibility of a costly fraud attack.

If you want to learn more and minimize your fraud risk, reach out to XINTEC today.


Getting tired of trawling through Excel tables, spreadsheets, etc.?

What inevitably spikes the interest of a Revenue Assurance (RA) analyst is uncovering evidence of revenue leakage somewhere in the organisation. This is what will drive him or her to expand the scope of an investigation and get to the vera causa, or true cause, of a problem.

The lesser exciting part of RA, if you ask the same analyst, is having to manually reconcile volumes of data located in different systems and in different formats. This is assuming the analyst knows what he or she is looking for in the first place!

And whereas the Switching and IT teams might occasionally be happy to offer help on a one-off basis with pulling data from their respective systems, they won’t have the resources to do this on an on-going basis.

In a maturing organisation, RA operatives will inevitably reach a limit to their ability to continually wade through reams of such data. Searching for discrepancies and mismatches to pinpoint revenue leakages within the business can be an ungrateful and oftentimes frustrating endeavour. And there is nothing more dispiriting for an RA operative than to find that, after all their hard work in finally identifying a source of leakage, that management decides it’s unworthy of collection. As perhaps too complex, too old, or too time consuming.

So probably not a very sustainable approach to RA.

But when there are clear wins, especially at the earliest stages of an investigation, the RA function has the potential to grow to new the levels of maturity by striving for continual improvement. This usually means moving towards timelier and more frequent reconciliations, which points to several options:

  • The CSP can choose to stop the RA activities and schedule another one-off RA review, perhaps next year, when the resources from the other teams are more likely to be available;
  • The CSP can ask the RA team to keep working with the hand-built system, relying on the goodwill of the other teams to support them, recognising that this can cause the deterioration of inter-departmental relationships;
  • The CSP can talk to an RA solution vendor about getting help.

The vendor will be able to build the extraction, transformation and loading (ETL) tools to take data from different sources automatically and at a frequency that suits the business, therefore not overloading other departments.

Together with the RA team, the vendor can build the reconciliation, reporting and analysis tools that are needed to identify the issues quickly, giving the RA team more time to investigate the root causes and implement corrective actions.

The vendor may even be able to run and operate the system as a managed service, leaving the RA team with the time to investigate and recover the money.

Choose a vendor with care, though. CSPs should be looking for one that can support a business of the CSPs size. Too big a vendor and the CSP will not get the dedicated focus from the vendor’s team. Too small and they may not be able to support the CSP if other clients are experiencing problems.

Telecoms is a fast-moving environment, where new products and functionality are being launched on a regular basis. Being a market leader means getting new products out there first. But the CSP will want assurances that these new products aren’t creating leakages or losing money. The CSP needs RA tools that can be implemented at the right pace for the business, keeping key systems in check, and supporting an ecosystem where RA operatives can thrive in their job.

Why not talk to us, and see what we can do to help?


Roaming revenues have been declining for several years now, and some CSP’s have realised that being accepted as a preferred roaming partner in their home country can generate important revenue to replace that lost through declining outbound roaming settlements.

A HPMN will normally have a choice of several VPMN’s in most countries their customers will roam to, and they have the ability to steer their customers towards a preferred VPMN when roaming. The decision on which roaming partner will be selected as their preferred VPMN will be based on a number of factors, for example NRTRDE compliance, network quality, inter-operator tariff (IOT) discount agreements, etc.

In most countries now, the services provided by all VPMN’s is reasonably consistent, so a service differentiator should be explored to provide an additional level of service not offered by the other in-country CSP’s. A relatively simple value add is to evaluate NRTRDE-OUT records for visiting roamers and provide immediate advice to the home network of any obvious fraud or misuse. While it is accepted that (in most cases) NRTRDE records will be delivered to the home network within 60-90 minutes, the earlier suspicious activity is notified, the sooner financial loss can be avoided.

The opportunity to add value in this way will be limited as more operators implement VoLTE. Since VoLTE is an all IP Network, the VPMN has no visibility of voice traffic originated via S8HR VoLTE roaming. While there are only an estimated 600 operators currently fully operational with VoLTE, it will take some years before there is a full transition from Circuit Switched (CS) to VoLTE.

Offering roaming partners some additional value now by reviewing their NRTRDE-OUT records is a sound strategic move to establish a trusted relationship which could then continue as the networks transition from CS to VoLTE and secure ongoing roaming revenues.