From Monitoring CDRs to Signaling Traffic: Why CSPs Must Make the Shift

The CFCA’s biennial survey is quintessential for every communication service provider as this report captures the latest fraud trends and the evolving threats.

The 2021 CFCA Fraud Loss report is interesting on many counts

  1. It shows the dynamic nature of fraud and how escalating fraud losses continue to plague the telecom industry.
  2. It introduces IoT and 5G as entry points to fraud.
  3. It also touches on a critical telecom security topic that isn’t discussed much – signaling traffic and signaling security.

What’s common between the pandemic and 5G?

Covid-19 scams have been flooding telecom networks, defrauding unsuspecting, vulnerable, and fearful citizens of precious dollars under false promises of treatment, cures, vaccines, stimulus packages, and more.  

International revenue sharing fraud remains the topmost fraud method in 2019 and 2021, costing operators a whopping US $6.69 billion (1) 

This trend is likely to continue with the advent of 5G. 

The common link – both are changing the fraud landscape and driving up fraud losses.

Now add low-cost IoT devices into this potpourri!

To meet the growing demands for having connected devices and address specific communication-based needs and yet offer a very economical, low-cost ownership approach means that these devices are feature-focused with very little to no security built on them. The rate of adoption of such devices has been accelerated with the connectivity advantage provided by 5G.

The biggest elephant in the room to speak are fraudsters, who have got busier than usual. In 2021, there has been a 28% increase in fraud, amounting to US $11.6 billion in fraud losses (1).

To compound it, fraud methods have also changed. There has been a shift from subscription fraud, payment fraud, and PBX hacking, which were trending in 2019, to caller ID spoofing, Wangiri, and SMS phishing (1, 2) in 2021.

How to complement existing fraud management systems and address the emerging fraud risks?

Back in the days when the scope of telephony was limited to public switched telephone networks (PSTNs), the most common signaling architecture was Signaling System 7 (SS7). It was built on the architecture of trust, which in the current world of schemes is prone to breaches.

With a plethora of tools and techniques freely available over the internet, SS7 networks are susceptible to attacks. Lack of security controls, protocol vulnerabilities, lack of awareness, and lack of monitoring tools has exacerbated this issue.

These days, IP networks are in vogue as they facilitate an alternate, economical solution to SS7. Several protocols facilitate Voice over IP (VoIP) such as TCP, MGCP, SCCP, and H.323 (4). Of these, Session Initiation Protocol, or SIP, is the most common. (Read this article to learn more about SIP and its security challenges.). The SIP protocol is vulnerable to attacks as well.

The majority of the telecom operators are utilizing a reactive approach to process call detailed records (CDRs) for identifying SS7 and SIP-related hacks and technical frauds such as Wangiri, Ip-PBX hack, CLI Spoofing, Robocalls among others.

The investigation is limited to post-event analytics that kicks in only after the fraud has occurred. Despite this, CDR-based fraud management systems are prevalent in 88% of telecoms. 70% still use rules-based reporting to detect fraud and 38% have no real-time threat detection capabilities at all (1)!

Rule-based anti-fraud systems work on the principle of limits. Sophisticated Fraudsters at times tend to fly below the radar or use other methods (like mimicking human behavior) to avoid detection. This way, successfully infiltrating the network and continue defrauding the network for an extended period until detected.

What becomes clear now is that new types of fraud and attack predictability aren’t covered optimally in traditional fraud management systems. Compounding this is the overall lack of automation and limited AI/ML capabilities to predict unknown unknowns. Currently, 13% of CSPs have integrated AI/ML into their FMS, and this number needs to increase to effectively combat fraud. Moreover, automation is limited, and 30% of telecoms still use manual processes for fraud management (1).

Let’s examine why this is an efficiency problem. The highest percentage of telecoms, 20%, update their existing fraud control only whenever needed. The situation is bleaker when instituting new controls: 35% report that they do so only on a need basis (1). This kind of ad-hoc fraud coverage leaves much room for error, leaving CSPs, their networks, and their revenues exposed.

Real-time signaling security: A practical fix

The way forward is to look at a signaling solution that monitors packet flow within the Signaling protocol stack (SS7, SIP, etc.), starting at the network layer and going all the way up to the application layer (referenced using the OSI model*, although for IoT we understand the network stack looks slightly different) to utilize metadata and payload (if required) for detecting fraud and security breaches.

Monitoring specific signatures and patterns within network packets will help proactively identify the technical frauds (Wangiri, CLI Spoofing, RoboCalls, IP-PBX hacking, among others) faster.

By tracking the attack origination and correlating these with high-risk behavior, telecoms can sniff out threats faster and with more certainty. These steps secure the network from those looking to exploit vulnerabilities in IP layers.

(Read this article for five use cases of real-time signaling security.)

Protect telco revenue with real-time signaling security

The proactive signaling security complements the traditional fraud management system and comes with many benefits. It minimizes fraud run-time, improves fraud detection accuracy, and enhances the user experience. It also protects CSP revenue, which can be repurposed for other investments such as improving service and experience quality, upgrading the networks, and confidently taking up new projects.


  1. CFCA Fraud Loss Survey Report 2021
  2. CFCA Fraud Loss Survey Report 2019

One stop solution to address all types of telecom frauds across Voice, Data and Digital Services

Request demo

Get started with Subex
Request Demo Contact Us
Request a demo