Preventing voice fraud without blocking legitimate traffic: a new approach by AB Handshake
Many telecom professionals and customers know that certain countries are blocked from receiving international calls. How did the voice fraud situation get so dire that operators started blocking entire country codes? Is there a way to stop Wangiri, PBX hacking, and other types of IRSF fraud without blocking legitimate voice traffic?
Table of contents:
- Blocking country codes is not a solution
- Live numbers are manipulated too
- The problem with the current blocking approach
- A new approach: granular blocking of compromised A and B ranges for the duration of the attack
- Must-have features of the anti-fraud tool
- The AB Handshake System is leading the new approach
- A new solution in a challenging time
Blocking country codes is not a solution
Fraudsters use various fraud schemes that hijack calls to costly destinations, like the Cook Islands, Vanuatu, or the Maldives, to switch the payment flows to affiliated carriers. PBX hacking, short stopping, Wangiri and Wangiri 2.0 are just a few examples of these schemes that profit off unsuspecting individuals or businesses.
As a result, telecommunication companies get swarmed with trouble tickets and disputes, leaving them no choice but to block these high-cost call destinations altogether. Sadly, this also means that legitimate callers face unexpected and unwelcome inconveniences, like being unable to call the location they want. This eventually leads to customer churn and loss of revenue.
The widespread industry use of fraudulent number databases also supports the blocking of entire country codes. Major telecom organizations like GSMA, CFCA, TUFF, BEREC, and others distribute this valuable data for free or commercially. As helpful as this data is for preventing some types of fraud, it fosters an approach where legitimate traffic is blocked.
Live numbers are manipulated too
It’s important to note that the fraudulent use of real numbers belonging to actual service providers has been in practice for a while. Such numbers, assigned to a valid network operator under a national numbering plan, are called “allocated.”
Operators could traditionally prevent fraud by simply blocking compromised unallocated number ranges without harming legitimate traffic. Yet, according to our research, allocated numbers are used in more than 75% of fraud attempts, with 50% of these numbers assigned to real people.
And so, blocking the entire allocated number ranges means blocking legitimate traffic and losing real customers and revenue. Is there a better way to stop fraud?
The problem with the current blocking approach
We want to present an alternative anti-fraud method. But before that, let’s examine the step-by-step process of a call hijacking attack.
- Fraudsters begin by hacking a corporate PBX or similar device to access the originating (A) number ranges.
- After that, all outgoing calls to specific expensive terminating (B) number ranges are short stopped. They are rerouted to the affiliated carrier and never reach the destined B numbers.
- These hijacked calls are then billed to the end customer or another carrier in the routing flow, and this is how the hijackers and the rogue carriers collect money at the end of the billing period and earn profits.
Operators will typically block the entire hijacked A range, losing legitimate traffic to other destinations. They would also block the entire compromised B range, losing legitimate traffic from non-fraudulent A numbers, as in the case of blocked country codes.
A new approach: granular blocking of compromised A and B ranges for the duration of the attack
The question remains: How do we change our fraud prevention strategy to minimize the blocking of legitimate traffic?
At AB Handshake, we know from experience that this can be accomplished if we implement two considerable modifications to the fraud-blocking process:
- When the fraud attack is detected, block only the calls from the compromised A range to the compromised B range.
- Unblock the ranges exactly when the fraud attack is over.
This new approach allows operators and transit carriers to avoid blocking country codes, which minimizes the revenue losses that stem from fraud prevention. But this approach places several demands on the fraud detection process that not every anti-fraud tool can handle.
Must-have features of the anti-fraud tool
There are several features that an anti-fraud tool must have to realize our new approach.
- Accuracy of fraud detection
The anti-fraud tool must offer maximum granularity of detection. This means it will accurately detect only the hijacked A and B ranges without wrongfully labeling legitimate traffic as fraudulent. In more scientific terms, it will provide the least amount of false positive cases.
- Speed of fraud detection and blocking
The tool should be able to detect the precise moment when the attack begins in order to block the ranges immediately and avoid losses to fraud. It should also detect the end of the attack to unlock the ranges instantly and prevent the loss of legitimate traffic. The time between detection and response should be as close as possible to zero to achieve this. Real-time monitoring of live traffic is a prerequisite for the fastest speed of detection and blocking.
- Integration for real-time control
Suppose the solution will block the compromised ranges immediately when an attack starts and unblock them exactly when it’s over. In that case, it must be integrated with the operator’s network control components on a signaling level. A much less effective integration method would be Call Detail Record (CDR) uploads and analysis, which doesn’t offer automated responses to fraud in real time and requires manual adjustments of blocking settings.
The AB Handshake System is leading the new approach
Is there an anti-fraud tool that can implement the method we suggested? Our system, comprised of several tools, offers just that.
Call Validation – real-time direct and secure exchange of call information between originating and terminating operators that compares call details and identifies all known types of fraud with 100% accuracy. Because it works on a call-by-call basis, the solution offers maximum granularity and speed of detection. This means no fraud gets through and no legitimate traffic is wrongly blocked.
AI Shield uses an AI engine and sophisticated ML algorithms to discover and block fraud attacks in real time with unparalleled 99% accuracy. It monitors live traffic, analyzing hundreds of call parameters to spot even well-disguised fraudulent patterns.
Fraud Radar – the new innovative and cost-effective addition to our portfolio. Fraud Radar sends real-time API alerts based on the collective intelligence of 140+ operators worldwide. The alerts show the compromised A and B ranges and the types of fraud they are used for with exceptional accuracy. You can block these ranges immediately and unblock them when the attack ends, avoiding fraud-related losses and customer churn.
If you want to see the quality of Fraud Radar’s big data and check if your blocking policies are up-to-date, subscribe to free weekly fraud range reports.
A new solution in a challenging time
In recent years, the global voice market has been facing several critical challenges at once — decreasing traffic volumes, intense competition with VoIP platforms (WhatsApp, Viber, and other OTT apps), decreasing revenues, and, of course, the looming threat of fraud attacks.
Prominent fraud schemes are now manipulating assigned and live numbers, so the traditional blocking approach informed by number databases has become less effective. Modern protection requires granular, accurate, and fast fraud detection that prevents unnecessary losses and customer churn. At AB Handshake, we have developed an approach and tools to help all telecom market players prevent fraud while saving legitimate traffic.
If you’re interested in our product portfolio and want to know which anti-fraud solution is best for your voice business, please contact us via the button below.