SIM Box Fraud (Interconnect Bypass) - Which countries are most vulnerable?

Can geographical location really have an impact on telecommunications fraud? After all, telecommunications spans the globe and seemingly knows no physical boundaries. That's the beauty of this modern technology.

Yet, the economic forces and legal frameworks that regulate the telecom industry differ from country to country and region to region. This, paired with emerging technologies that have growing popularity in different regions of the world, create a range of opportunities in the call chain for fraudsters to take advantage of.

As a result, fraud has developed a regional face:

• High rate destinations like Seychelles are hit with interconnect bypass (SIM Box fraud and other bypass fraud) more often than others
• Robocalls are rampant in the United States and UK
• CLI spoofing fraud is more common in Europe than many other regions of the world

Knowing which fraud schemes threaten your region most can help you better protect yourself from such attacks.

To shed some light on this key issue, we've decided to publish a series of articles exploring the regional face of fraud.

In the coming articles, we'll discuss the various fraud schemes, which regions they're most prevalent in, why it's so, and how you can assure that you're 100% protected from every single fraud scheme out there, regardless of which ones you're most vulnerable to.

Our first article in the series is Interconnect Bypass, commonly known as SIM Box Fraud.

Interconnect Bypass - Where does it attack?

In this article, we're going to discuss interconnect bypass, commonly known as SIM Box Fraud, where it's most common and how to stay protected from it. This sneaky fraud scheme hits telco operators around the world, stealing major portions of their revenue without them even knowing it.

Where there are opportunities, there is fraud. And in the case of SIM Box Fraud and other forms of Interconnect Bypass, high termination costs create an opportunity for dishonest carriers to abuse traffic routes for a profit.

Regions that charge high termination rates include:

• Falkland Islands
• Seychelles
• Cuba
• Chad
• Maldives
• Tunisia
• Algeria
• European Union

And many others.

At the same time, as communication methods and patterns have changed over the past several decades, voice traffic volumes have fallen, leading to revenue losses for telco operators and carriers.

Regulators around the world have tried to make up for this lost revenue by raising termination rates on certain traffic, such as incoming international voice traffic.

For example, the European Union (EU) has raised rates on non-EU voice traffic terminating within the EU in an attempt to offset such losses.

However, thanks to SIM Box Fraud and other forms of Interconnect Bypass, the results aren't always what they expect - fraudsters abuse the high-rate traffic for profit, stealing revenue from local carriers.

How exactly does SIM Box Fraud work? What about the other forms of Interconnect Bypass? To better understand each form of Interconnect Bypass Fraud and why it's so successful, we need to first understand the principle this fraud scheme operates on.

What is Interconnect Bypass Fraud?

As voice traffic is routed from its origin to its destination, passing from carrier to carrier, each carrier in a call chain charges the one before it for passing traffic on through their network.

In other words, each carrier charges for receiving traffic and, at the same time, pays to route traffic on to the next carrier in the chain.

Corrupt carriers find opportunities to manipulate traffic routes for profit by taking advantage of the difference between low and high termination rates.

Interconnect bypass fraud is a fraud scheme in which corrupt carriers bypass interconnection agreements between operators in a call chain to profit off the difference between low and high termination rates.

In other words, a corrupt carrier may decide to dishonestly reroute incoming traffic via a SIM box (SIM Box Fraud), passing traffic on to another dishonest operator (Refiling Fraud), rerouting it to an OTT app (OTT Bypass Fraud) or via another low-rate means (i.e. disguising it as on-network traffic).

Regardless of the means, in the end, a carrier collects a fee on the high-rate incoming traffic (usually international) and pays a low-rate fee to the next carrier in the call chain, effectively increasing their profit margin (illegitimately).

Traditional anti-fraud systems aren't very good at detecting such manipulations to the call chain. As a result, interconnect bypass successfully robs terminating carriers from revenue every year, often going undetected.

What makes it so difficult to detect and prevent SIM Box Fraud, OTT Bypass Fraud, Refiling and other forms of Interconnect Bypass? Let's have a look.

Types of Interconnect Bypass Fraud

Why can't traditional fraud management systems (FMS) detect interconnect bypass?

To understand this, we need to have a look at the different methods of interconnect bypass that I mentioned above (SIM Box Fraud, Refiling Fraud and OTT bypass Fraud).

SIM Box Fraud Explained

What is SIM Box Fraud? And how does SIM Box Fraud work? Here is a definition of SIM Box Fraud:

Modus Operandi

A SIM box essentially contains multiple (thousands) SIM cards inserted into a fixed to mobile gateway switch. They operate around the clock, terminating calls to mobile networks as if they were placed from that same mobile network.

SIM Box Fraud Detection & Prevention

There are some specific measures operators and carriers can take to minimize SIM Box Fraud; however, at the end of the day, none of the traditional fraud management systems on the market can effectively eliminate all SIM Box Fraud with 100% accuracy

While this may seem like a small problem, even if fraudsters maintain a tiny foothold in the telecom market, it amounts to billions in dollars in losses each year for operators and non-telco enterprises around the world.

In 2020, AT&T had a potential fraud loss of $3.1 billion.

In 2019, Interconnect Bypass alone cost telcos around the world a whopping $2.71 billion in losses, while the total amount of revenue lost to telecom fraud that same year was $28.3 billion.

Therefore, operators often employ a Fraud Management System (FMS) in the hopes of protecting themselves.

A traditional FMS can use various methods to detect SIM Box Fraud, such as:

• Customer profiling
• Terminal analysis
• Usage monitoring
• Measurement of incoming vs outgoing traffic ratios
• Customer complaints of inaccurate caller IDs
• Test calls routed from fixed to GSM networks

And several others.

Once detected, operators can shut down fraudulent SIM cards.

However, each of these methods has its shortcomings.

Shortcomings of Traditional Fraud Management Systems

For example, test calls are costly and some fraudsters are quite sophisticated - they'll even allow an operator to detect some quantity of their SIMs to give the operator the false confidence that it's detecting and stopping the SIM Box fraud, while hiding the full extent of their operation.

Traditional FMSs simply lack the technology to effectively eliminate SIM Box Fraud for good, before it strikes.

One of the main problems is that a traditional FMS takes a reactive approach to stopping fraud attacks.

After analyzing data collected from test calls and other measures, operators can update firewalls and adjust other protocols.

Meanwhile, fraudsters evolve and develop new tactics to bypass these new measures. This cycle leads to a game of cat-and-mouse in which fraudsters continuously maintain ways to infiltrate call chains and bypass interconnects.

This is the general problem operators face when trying to stop SIM Box Fraud and other forms of Interconnect Bypass Fraud.

Let's cover the other two most common forms of Interconnect Bypass. Then, I'll explain what modern technology operators can use today to guarantee 100% protection from all forms of Interconnect Bypass Fraud, for good.

Refiling Fraud

Refiling Fraud (also known as CLI Refiling Fraud, A-party Refiling, A-Party Caller Spoofing) is a generic term used to refer to various kinds of Interconnect Bypass Fraud. There are two main versions of Refiling Fraud:
 

• Trunk refiling fraud: Terminating operators charge termination fees based on the trunk a call is received on. Under normal circumstances, operators receive international traffic on international trunks and domestic traffic on other trunks. With refiling, a fraudster terminates voice traffic on an inappropriate trunk to take advantage of lower rates.
   
• CLI refining fraud: Other terminating operators charge termination fees based on the Calling Party Provider, which they determine from the Calling Line Identity (CLI), also referred to as the Caller ID. With CLI refilling, criminals spoof (change) the CLI, but deliver the call via the correct trunk. The terminating operator charges a lower fee based on the CLI.
   

The goal of Refiling Fraud and CLI Refiling Fraud is the same as all Interconnect Bypass Fraud - to abuse the difference between high and low rate traffic, increase profits for the corrupt carrier in the call chain and undercut the legitimate revenue of the terminating carrier.

Case Study: ‘EU Refiling’

As I mentioned above, Refiling Fraud in telecommunications has become a big problem in the European Union (EU). EU regulations put a maximum limit on call termination charges. In many markets, these regulations permit higher charges for terminating non-EU originating traffic to mobile networks within the EU.

In markets where such rate differentiation doesn't exist, refiling isn't common. In markets where such termination rate differentials exist, refiling has become rampant. It's become such a big problem that it has garnered its own name - 'EU Refiling'.

This problem is also prevalent in other economically-linked areas with termination rate differentials between different countries, such as in East Africa, West Africa or in the Gulf region of the Middle East.

Test calls and bulk traffic analysis are some of the most effective ways of detecting Refiling Fraud in telecommunications. However, they are a reactive approach to mitigating the fraud.

As long as termination rate differentials exist, operators in these regions will face a growing threat of Refiling Fraud.

The third and final form of Interconnect Bypass Fraud we'll discuss in this article is relatively new.

OTT Bypass Fraud

The way we use technology to communicate today is drastically different than it was 10 years ago. It's even drastically different than it was 5 years ago.

The emergence of Over-The-Top (OTT) apps has played a key role in this evolution.

Due to their features and convenience, users increasingly prefer communicating via OTT apps instead of SMS. Traditional mobile services have become overshadowed by the many OTT applications available via the internet.

Emergence of OTT Voice Bypass Fraud

Where there is opportunity, there will be fraud, and the emerging popularity of such OTT apps has created a new opportunity for fraudsters.

Many OTT apps have an 'In-Calling' feature that allows incoming calls from numbers not connected to the OTT app. Fraudsters can use this 'In-Calling' feature of an OTT app to effectively abuse the difference between high and low termination rates on voice traffic for profit.

In short, OTT Bypass Fraud occurs when a carrier redirects terminating traffic from a legitimate mobile call onto an OTT application.

In markets where OTT communications services are widely adopted, the probability of OTT Bypass Fraud is significantly higher.

Mitigating OTT Bypass Fraud

OTT Bypass Fraud occurs in an ecosystem composed of several parties (i.e. MNOS, interconnect/wholesale operators, OTT providers and subscribers), which creates many complex challenges for preventing it.

For example, an OTT provider may have established a wholesale network platform in its own environment, which makes it easier for them to intercept and redirect calls from both the originating network and the wholesale network to the OTT application.

One idea is to establish partnerships between carriers that can allow the introduction of control mechanisms to help identify interceptions, or re-directions, to OTT services and decide which are permitted and which are not.

In general, OTT Bypass Fraud is a relatively new and rapidly growing fraud scheme, which traditional FMSs struggle to detect. And very few new solutions have been developed to detect it. As a result, many operators are at a loss of what to do as legitimate revenues continue to be stolen.

As you can see, OTT Bypass Fraud, at its core, is another example of abusing the difference between termination rates.

Termination rate differences are significant in all of the above-mentioned regions of the world. It's important for operators in these areas to understand the threat of Interconnect Bypass Fraud.

For example, in the case of the EU, attempts to offset losses due to decreasing voice traffic volumes has resulted in increased Refiling Bypass Fraud attacks and continued revenue losses.

Another approach is worth considering.

What can we do? Detecting and Preventing SIM Box Fraud, Refiling Fraud and OTT Bypass Fraud

The question many operators are asking is, "Since traditional fraud management solutions can't effectively detect this form of fraud, how can we stay protected?". Is there an effective solution for SIM Box Fraud detection and other forms of Interconnect Bypass Fraud?

Fortunately, there is a way to stay protected from Bypass Fraud, as well as any future variations the fraudsters may develop.

Eliminate Interconnect Bypass Fraud by Cross Validating Call Details

As is the case with any form of fraud, each of the types of Interconnect Bypass discussed above all share one common trait - call details.

The call registries of both the originating and terminating operators contain call details for each call.

While call details have been used in some capacity in traffic analysis, cross-validating the call details of the originating call registry with the called details of the terminating call registry is an unprecedented approach to detecting and mitigating interconnect bypass fraud. It is also a game-changer.

Customer profiling, terminal analysis, test calls, etc. These are time-consuming, expensive and ineffective ways of preventing SIM Box Fraud and other forms of Interconnect Bypass Fraud. Cross validating call details in real-time before calls are connected can enable operators to stop Interconnect Bypass attacks before a call is connected, completely stopping it in its tracks.

This is the foundation on which the AB Handshake solution operates.

AB Handshake - Detecting and Preventing All SIM Box and Interconnect Bypass Fraud

By cross validating call details in real time, members of the AB Handshake community can detect every form of Interconnect Bypass Fraud on calls in real-time before the calls are connected, with 100% accuracy and no false positives.

With AB Handshake, we shift from a reactive game of cat-and-mouse to a proactive elimination of SIM Box Fraud and other forms of Interconnect Bypass before they hit. As a result, we have the ability to completely eliminate Bypass Fraud once and for all, not just minimize it.

Here's how it works:

1. As soon as a call is initiated, the originating network records key call details to Call Registry A. Details include the A and B numbers as well as a time-stamp for the start of the call.
2. The terminating network then sends their respective call details to Call Registry B.
3. Both registries simultaneously exchange encrypted messaging via the internet to cross-validate the call details.

Any discrepancy between the call details indicates one thing - fraud.

Once a manipulation is detected, an operator can either block the call or choose to let it connect.

All traffic between operators within the AB Handshake community is guaranteed to be 100% fraud-free with zero false positives.

The solution is affordable, easily integrated into the default settings of any operator's current network and can be used alongside their current FMS.

Every member of the community benefits as more members join. The more members that join, the percentage of fraud-free traffic around the world increases while the volume of fraudulent traffic decreases.

If adopted on a global scale, AB Handshake can completely eliminate SIM Box Fraud, Refiling Fraud, OTT Bypass Fraud and all forms of Interconnect Bypass, for good.

Join the AB Handshake Community Now - Stop SIM Box Fraud and All Forms of Interconnect Bypass Today

The AB Handshake community currently has 200+ operators in different integration stages, from negotiation to contract signing and onboarding.

We are actively onboarding providers from any location around the globe and the system is already validating live traffic to every country in the world.

If you're ready to join the AB Handshake community today, or you have any questions, feel free to contact us here. One of our specialists will be in touch.