Interconnect Bypass and SIM Box Fraud Explained: Prevention and Detection

Interconnect bypass fraud, also known as toll bypass fraud or international bypass fraud, poses a significant threat to telecom operators. This sophisticated fraud scheme exploits devices known as SIM boxes or GSM gateways to reroute international calls from VoIP networks to mobile networks, causing significant losses for legitimate market players. Combatting SIM box fraud has become a top priority for telecom operators to protect their networks and revenues. In this article, we explore the specifics of interconnect bypass fraud and examine key strategies for preventing, detecting, protecting, and mitigating this form of telecom fraud.

What is Interconnect Bypass Fraud?

Interconnect bypass fraud is a type of telecommunications fraud that involves manipulating traffic routes to profit from the difference between low and high termination rates. It exploits the interconnection agreements between operators in a call chain, where each carrier charges the previous one for passing traffic through their network. Corrupt carriers manipulate traffic routes to bypass these agreements and profit from termination rate discrepancies.

In a typical interconnect bypass fraud scheme, a corrupt carrier diverts incoming traffic, often using a SIM box, another dishonest operator (refilling fraud), or other low-rate methods like rerouting traffic to an OTT app (OTT Bypass Fraud).

The carrier then collects a high-rate fee for incoming traffic and pays a low-rate fee to the next carrier in the chain, increasing its profit margin. This type of fraud can be challenging to detect with traditional anti-fraud systems, resulting in significant revenue losses for terminating carriers every year.

Forms of Interconnect Bypass Fraud

Interconnect bypass fraud takes various forms, including but not limited to SIM box fraud, refilling fraud, and OTT bypass, all of which are explained in detail below.

What is SIM Box Fraud?

SIM box fraud, or GSM gateway fraud, is a type of telecommunications fraud that involves the illegal connection of international calls via low-cost, prepaid SIM cards. These SIM cards are installed in a device known as a “GSM gateway" or “SIM box,” hence the name “SIM box fraud” or “SIM boxing.” Fraudsters use this device to route international calls to the targeted network, making them appear as local calls originating from their own customers. The fraudsters profit from the difference between the international termination rate charged to the upstream carrier and the minimal cost of local calls, which can approach zero, depending on the retail plan associated with the SIMs.

The Modus Operandi of SIM Box Fraud

A SIM box is a device containing multiple SIM cards, which are used to terminate calls on mobile networks as if they were initiated from the same mobile network. The SIM box operates continuously, allowing fraudsters to make thousands of calls simultaneously, making it a highly profitable illegal activity.

Is Using a SIM Box Illegal?

SIM box technology, permitting multiple mobile phone numbers to be active on a single device, can be used for both legal and illegal purposes. While it is often linked with illegal activities, this technology has legal applications. Here are some examples:

Backup solution: In case of primary network disruptions, businesses can quickly switch to an alternative phone number to ensure uninterrupted business communications.

Testing: SIM boxes can be extremely useful for testing applications or services requiring multiple phone numbers SIM cards. 

Analytics: Analysts can use SIM boxes to analyze network patterns. 

However, it is important to understand that sim box technology remains associated with fraud, though the extent of this association may vary from country to country. In some jurisdictions like the United States, United Kingdom, South Africa, and many others, SIM boxing is explicitly illegal and considered a form of fraud. These countries enacted laws and regulations to combat SIM box fraud, imposing severe penalties on those who are found guilty. However, there are countries where the practice of SIM boxing is not explicitly prohibited. It’s still worth noting that even in such countries, it is considered as unauthorized use of telecom infrastructure and may result in legal action.

Given that SIM boxing has negative consequences for the telecom market, telecom operators seek to implement various measures, including fraud management systems.

SIM Box Fraud Detection and Prevention

Traditional fraud management systems can help minimize SIM box fraud, but they are not foolproof and cannot completely eliminate fraud with 100% accuracy. This is a significant problem for telecom operators, since SIM box fraud can result in annual losses totaling billions of dollars. For example, in 2020, AT&T reported a potential fraud loss of $3.1 billion, while interconnect bypass alone cost telcos worldwide $2.71 billion in losses in 2019.

To combat SIM box fraud, operators often employ Fraud Management Systems (FMS) that use various methods to detect fraudulent activity. These methods include customer profiling, terminal analysis, usage monitoring, measurement of incoming vs. outgoing traffic ratios, investigating customer complaints of inaccurate caller IDs, test calls routed from fixed to GSM networks, and more. Once detected, operators can shut down fraudulent SIM cards.

However, each of these methods has its shortcomings. For instance, customer profiling may be ineffective in detecting fraudulent activity if the fraudsters use legitimate customer information. Terminal analysis may not effectively detect fraudulent activity if the SIM box is located in a different country or region. Usage monitoring may also fail to detect fraudulent activity if fraudsters imitate legitimate calling patterns.

Advanced Methods for Detecting SIM Box Fraud

To overcome the limitations of traditional fraud detection methods, telecom operators can use advanced approaches, including machine learning algorithms and big data analytics. These methods offer the capability to identify patterns of suspicious activity that may indicate SIM box fraud.

For example, machine learning algorithms can analyze call data records to identify potential call patterns, such as a high volume of calls originating from the same IP address or a disproportionate number of calls terminating in specific geographic locations. When such anomalies are detected, fraud management systems can flag these suspicious activities for further investigation and decision-making.

Similarly, big data analytics can leverage large volumes of data to uncover patterns and anomalies that may indicate fraudulent behavior. This analysis may include factors like time of day, day of the week, and type of call (e.g., international vs. domestic).

Examples of SIM box Fraud

A typical example of SIM box fraud involves the diversion of international calls to appear as local calls with lower termination rates. Here is a real life example: A telecom service user makes an international call from Germany (+49) to Nigeria (+234), and fraudsters use a SIM Box device to make it appear as a local call with lower termination rates, as opposed to the expected international rate for calls from Germany (+49). The caller remains unaware, but the fraudsters exploit the rate difference between international and local calls, resulting in financial losses for the terminating operators. In addition, the degraded call quality resulting from this fraudulent activity leads to customer dissatisfaction and lower future call answer rates.

The Impact of SIM Box Fraud 

SIM box fraud results in direct financial losses and broader consequences for the telecom industry. The low call quality associated with SIM box fraud leads to customer dissatisfaction and compromises the overall user experience. In addition, SIM box fraud strains local networks, potentially causing network overload and reduced quality of service for legitimate users. The deceptive nature of SIM box fraud, where international calls appear as local calls, undermines customer confidence and can facilitate information theft and privacy breaches.

Why Conventional Methods Fail to Mitigate SIM Box Fraud

Despite the availability of various SIM box prevention solutions in the market, conventional methods have significant limitations in accurately detecting SIM box fraud and providing real-time prevention. Common test call generators (TCG) can analyze traffic and identify potential route optimization opportunities, but they lack real-time protection from SIM box fraud. Additionally, most traditional TCG solutions share common drawbacks, including the vulnerability of the phone numbers used in test campaigns and the ability for fraudsters to track and bypass these routes in the future, diminishing the effectiveness of traditional TCG deployments. Furthermore, conventional TCGs are unable to test calls to real subscriber numbers.

Although some vendors claim that AI can help detect and block SIM box fraud, the specific nature of this type of fraud renders AI systems ineffective in guaranteeing prevention. The short lifespan of SIM cards makes their detection difficult during an attack, and fraudsters constantly adapt their methods to outsmart AI systems and go unnoticed.

Refiling Fraud

Refiling Fraud, also known as CLI Refiling Fraud or A-party Refiling, is a form of Interconnect Bypass Fraud where fraudsters manipulate the Calling Line Identity (CLI) to terminate voice traffic onto an inappropriate trunk. By exploiting lower rates, they increase their profits at the expense of the corrupt carrier.

Trunk refiling fraud occurs when fraudsters terminate voice traffic onto an inappropriate trunk to capitalize on lower rates. Normally, operators receive international traffic on international trunks and domestic traffic on other trunks, but with refiling, fraudsters manipulate this arrangement.

CLI refiling fraud involves fraudsters changing the Calling Line Identity (CLI) while delivering the call via the correct trunk. The terminating operator charges a lower fee based on the manipulated CLI, reducing revenue for the legitimate terminating carrier.

The primary objective of Refiling Fraud, including CLI Refiling Fraud, is to exploit the rate difference between high and low-rate traffic, therefore increasing profits for the fraudulent carrier and undermining the legitimate revenue of the terminating carrier.

Case Study ‘EU Refiling’

Refiling Fraud has emerged as a significant problem within the European Union (EU) telecommunications market. EU regulations impose maximum limits on call termination charges, allowing higher charges for terminating non-EU originating traffic to mobile networks within the EU.

In markets where such rate differentiation is absent, refiling is less common. However, in markets with termination rate differentials, including East Africa, West Africa, and the Gulf region of the Middle East, refiling has become prevalent, leading to the phenomenon known as 'EU Refiling' and similar challenges.

While test calls and bulk traffic analysis are effective in detecting Refiling Fraud, they primarily serve as reactive, not proactive, prevention measures. As long as termination rate differentials exist, operators in these regions will continue to face an increasing Refiling Fraud threat.

This article also introduces a relatively new form of Interconnect Bypass Fraud, which will be discussed further.

OTT Bypass Fraud

The way we communicate using technology has evolved significantly in the past decade and even the last five years.

Over-the-top (OTT) apps have played a key role in this evolution.

Users increasingly opt to communicate via OTT apps, favoring their features and convenience over traditional SMS and mobile services, resulting in a shift in the communication landscape.

The Rise of OTT Voice Bypass Fraud

Fraudsters are quick to exploit new opportunities, and the increasing popularity of Over-The-Top (OTT) apps has opened the door for a new form of fraud. Many OTT apps offer an 'In-Calling' feature, allowing incoming calls from non-OTT numbers. Fraudsters exploit this feature to profit from the disparity in termination rates on voice traffic.

In essence, OTT Bypass Fraud occurs when a carrier redirects legitimate mobile call traffic to an OTT application. The likelihood of OTT Bypass Fraud is significantly higher in markets where OTT communication services are widely adopted.

Addressing OTT Bypass Fraud

Mitigating OTT Bypass Fraud poses complex challenges involving multiple parties, including MNOS, interconnect/wholesale operators, OTT providers, and subscribers. For example, an OTT provider may have a wholesale network platform in place, simplifying the interception and redirection of calls from both originating and wholesale networks to their OTT application.

One potential solution involves establishing partnerships between carriers to establish control mechanisms for identifying and regulating interceptions or redirections to OTT services. This approach would help determine which interceptions are permissible and which are not.

Traditional Fraud Management Systems (FMS) struggle to detect OTT Bypass Fraud, as it is a relatively new and rapidly growing fraud scheme. Few solutions have been developed specifically to address this issue, leaving many operators unsure of how to tackle the problem while experiencing ongoing revenue losses.

OTT Bypass Fraud, at its core, is another example of the exploitation of termination rate differences, with the significance of these differences evident in the previously mentioned regions. Operators in these areas must understand the threat of Interconnect Bypass Fraud.

For instance, in the EU, efforts to compensate for decreasing voice traffic volumes have resulted in increased Refiling Bypass Fraud attacks and continued revenue losses.

Considering alternative approaches is also worth exploring.

AB Handshake’s Contribution to Interconnect Bypass Fraud Prevention and Detection

Considering the limitations of traditional approaches to preventing and detecting different interconnect bypass fraud types, AB Handshake has created a game-changing solution.

Introducing the Comprehensive Solution 

We offer our customers a powerful defense against fraud through a combination of two key modules: our patented Call Validation technology and a next-generation TCG.

Revolutionary Validation Technology

Call Validation is an out-of-band, real-time, end-to-end call detail validation technology. It monitors calls and blocks fraudulent ones before reaching the subscriber, ensuring transparency and visibility of the original numbers used in the call. Additionally, it provides impartial evidence about the transit operator responsible for the fraudulent call, enabling operators to optimize routing and disable unscrupulous interconnect partners.

Next-generation TCG

Realizing the drawbacks of traditional TCG solutions, AB Handshake has created a next-generation test call generator solution. Our TCG can generate calls from any A-number with any prefix to any B-number of the client/operator, without limitations on the number of generated calls. Our TCG campaigns are undetectable, and our fraud detection analytical team helps clients to correctly configure test campaigns to avoid traffic spikes that could be easily detected by fraudsters. The TCG supports silent mode, intercepting the test call before it reaches the actual subscriber.

Cross-validating Call Details

The basis of our solution is real-time cross-validation of call details before calls are connected. This approach enables operators to stop interconnect bypass fraud attacks before a call is connected, effectively stopping fraud in its tracks. Through real-time cross-validation of call details, AB Handshake community members can detect all forms of interconnect bypass fraud on calls in real-time before the calls are connected, ensuring 100% accuracy and zero false positives.

Our comprehensive solution is perfectly aligned with the ITU CxO meeting 2023 outcomes, which criticized threshold-based rules and isolated solutions, and highlighted the necessity for a global, real-time call validation system to combat the escalating challenge of voice traffic fraud.

Receive a comprehensive overview of the points of discussion from the latest ITU CxO meeting.

How it Works

Here's how our solution works:

1. As soon as a call is initiated, the originating network records key call details to Call Registry A. These details include the A and B numbers, as well as a timestamp marking the start of the call. 
2. The terminating network sends their corresponding call details to Call Registry B. 
3. Both registries simultaneously exchange encrypted messaging via the internet to cross-validate the call details. 
4. Any discrepancies between the call details indicate one thing - fraud. 
5. Once manipulation is detected, an operator can choose to either block the call or let it connect.

The ITU’s recent 2023 CxO Meeting communiqué highlights the pressing need for real-time call validation and a world-wide solution, directly supporting the AB Handshake call validation solution's established approach.

Discover how our commitment to a fraud-free telecom environment is echoed in the details of the ITU's 2023 communiqué.

Benefits of Joining the AB Handshake Community

The AB Handshake community currently has over 160 operators in different integration stages, from negotiation to contract signing and onboarding. By joining the AB Handshake community, you gain the following advantages:

• Assurance of near 100% fraud-free traffic with zero false positives; 
• Access an affordable solution easily integrated into your existing network; 
• Use the solution alongside your current FMS; 
• Inclusion in a community actively onboarding providers from around the world; 
• Validation of live traffic to every country globally.

Ready to Join the AB Handshake Community?

If you're ready to eliminate SIM box fraud, refiling Fraud, OTT bypass fraud, and all forms of interconnect bypass fraud, join the AB Handshake community today. Contact us here, and one of our specialists will be in touch.