How big is the impact of the IRSF Fraud and 5 simple strategies to control IRSF

International Revenue Share Fraud (IRSF) is one of those fraud types that has been alive for two decades now, all because of the fraud being intricate in its pattern while the approach to it being still very reactive. Here, the motive of the fraudster is to receive the revenue share from the termination charge on international premium numbers. The fraudsters abuse the telecom operator’s infrastructure to artificially inflate traffic onto high-risk international destinations with the intention of non-payment. This fraud is common across geographies and has an estimated fraud loss of USD 5.04 Billion (The highest fraud loss contributor) as per the Communications Fraud Control Association (CFCA) Global Fraud Loss Survey, 2019.

Lack of adequate steps taken to protect the network has caused this fraud to grow by leaps and bounds. In this fraud, the attacker usually tries to exploit the vulnerabilities of the Telecom Service Provider’s assets and attacks by either calling to unallocated number ranges or land calls onto international premium rated services or illegitimately route calls to short stopped mobiles. Subscription fraud, PBX hacking, Arbitrage Margin, SIM Cloning, Device theft and abuse of promotional services are often the commonly used methods for executing the fraudulent practices. The fraud is also quite common with many fixed line providers.

In my experience of working with multiple operators, globally, I feel that the most common challenge faced by operators is in understanding the fraud pattern and method used by the attacker. The impact on the operator becomes brutal when fraudsters use unknown patterns of execution and sophisticated techniques to attack the network. IRSF attacks from roaming network, call conferencing, call forwarding, calling cards, negative margin abuse for products and services are among the more popular methods for a fraudster in launching attacks.

Also, the lack of regulatory precedence in governing the way of carrying out business with international carriers is not sufficiently strict, setting the perfect breeding ground for fraudsters to flourish.

Why has this fraud grown in leaps and bounds and how do I ensure control proactiveness?

Traditional and reactive fraud countering mechanisms as of date do not have a full-proof solution, and one of the biggest reasons is that there are not enough fraud controlling strategies, mechanisms, and systems in place. IRSF, unlike other fraud types, requires a continual and proactive measure for control. More than just the “run-of-the-mill” detection techniques, the fraud type requires a well-planned control and mitigation steering strategy and here are six simple strategies, to begin with:

• Fraudulent practices have become cleverer over time.

If we brag of the fact that the fraud detection technologies have become quite sophisticated over time, we must not forget that the fraud practices too have gained an equal amount of intelligence. Fraudsters these days are quick to realize technology loopholes and system fault lines. It does not take much for fraudsters today to detect the fraud finding patterns and control logic of CSPs and identify the loophole in the system. In order to counter the fraudster’s attempt of IRSF, study of method and pattern become a critical process. Also use of SIP monitoring technique to identify devices/tool such as SIP vicious can help telcos to prevent IRSF. A mix of AI/ML techniques and models can be used to detect new IRSF fraud patterns with automation and build IRSF intelligence e.g.: trends in calling patterns.

• Demoralize your IRSF attacker

Letting your attacker attack you to dig his own grave sounds like an oxymoron? Actually not! It is, in fact, possible to have a honey-trap system in place where you lure the attacker to launch the attacks onto it without a fruitful outcome. The more the attacker’s attempts fail, the less hopeful they strive any further. Additionally, gathering intelligence from trusted suppliers who can provide information about prominent fraud groups and support surgical blocking of international number ranges has proved to be a successful strategy globally to counter IRSF.

• Think of the customer and protect their interests

IRSF not just drains away revenue resources but also can cause customer dissatisfaction, causing them to churn out of the network eventually. IRSF not only targets retail accounts but enterprise customer is a key risk group costing the telecom operator millions of dollars. Hence it is crucial that we don’t ignore whenever a customer complains of frequent cross-connections or call diversions for international calls.

• Have an “Anytime-Anywhere” vigilance strategy with automation to your advantage

The detection processes for IRSF may be complicated and resource-intensive at times. However, having the right strategies, the right processes with the right amount of automation applied to them can help the business in a significant way. I personally recommend a 24 x 7 detection strategy to be put in place to counter the IRSF attacks. From the cases that I have dealt with, it’s my observation that though IFRS attacks happen round the clock, however, the wee hours of the morning or off-business hours are critical target. Having a rotational manpower strategy can really work wonders at times. However, there could also be instances where having a 24*7 approach may not be possible owing to the lack of capital or high cost of human resources. In such instances, a mix of the automation of detection processes and human intensive operations during crucial hours will be of value.

• Never ignore negative margins

Negative margins can occur at any level. It could emerge while planning the pricing strategies of the products, services, use of calling cards in international destinations or interconnect agreements. Feeble margins on profits can often open a pandora’s box for fraudsters. Just the basic knowledge on negative margins is enough for fraudsters to break open mayhem. Trend reports on traffic patterns with priorities given to partnerships with frugal margins can save the day!

• Pursue strategic knowledge partnerships to establish fraudster intelligence

Sharing knowledge and having a supportive ecosystem for interaction with carrier partners and vendors in the value chain can be a practical step closer to proactiveness. Also, MoU’s established with industry forums and CoEs like GSMA, CFCA, RAG Blockchain for Wangiri, and others can help CSPs gain information such as PRS test numbers and services, high-risk range numbers, unallocated number series which can be used as vital sources of references to counter this fraud. Telecom operators can also build up the internal defense by establishing service controls e.g. restrictions on the use of international and roaming capabilities for certain customers. And restrict international call forwarding, multi-party calling, etc.

When I say a reactive approach for AI / ML based IRSF fraud detection, I mean that much of the effort and systems built towards countering the fraud are in silos and so are the human efforts that go into it. By a proactive system, I mean a system that is quite unified in its approach and can perform end to end operations associated with the fraud type. A proactive Fraud Management system shall flag the first call in roaming, track significant deviation in usage behavior, high volumes of international traffic to high-risk destinations, sequential dialing, etc. and couple it with the use of knowledge databases like Subex IRSF data intelligence that includes unallocated number ranges, high-risk ranges, known fraudulent numbers to support network-based blocking and/or integration for early identification of high-risk behaviors and automated blocking, where required.

One of the many ways of building a more proactive and unified system is to go the AI (Artificial Intelligence) way. A well thought out AI technology strategy can really help detect the fraud at a very early stage and help you choose the right controls for specific problems in question. It aims to reduce the time taken by the laborious human efforts that go into the detection stage while helping analysts and investigators concentrate on the need of the hour. Much as the famous English saying goes “Every cloud has a silver lining,” the impact of the IRSF can considerably be reduced by just broadening the organizational perspectives towards the fraud.

Subex has recently partnered from Biaas for IRSF data Intelligence, To know how you can benefit from this partnership

Download the flyer

Vijay Amirthraj

Vijay is a Principal Consultant in Subex’s Managed Services vertical, focusing on Fraud Management. He has over 12+ years of experience in Telecom fraud, & Revenue Assurance management professional with  progressive experience in process management and managing risks in telecom business.