Email a colleague    

October 2015

Nine Simple Strategies for Protecting an Operator or MVNO from Telecom Fraud

Nine Simple Strategies for Protecting an Operator or MVNO from Telecom Fraud

One of the biggest challenges in fighting telecom fraud is simply knowing where to start.

Fraud threats are so diverse and complex that’s it’s hard for fraud managers to get their minds around the problems.

Well, I recently attended the WeDo Technologies Conference in Washington DC where I heard some fine briefings by key experts and members of the fraud prevention association, CFCA.

One of these experts was Jim Bolzenius, Head of Anti-Fraud Services at TNS, a leading provider of roaming, clearing/settlement, signaling, interoperability, and information validation solutions to the telecom industry.  Prior to joining TNS two years ago, Jim held the high profile job of Executive Director of Fraud and Prevention at Verizon Wireless.

I think you’ll thoroughly enjoy reading Jim’s clear, cut-to-the-chase way of explaining fraud management issues.  He begins by giving us a quick backgrounder on International Revenue Share Fraud (IRSF) and subscription fraud.  He then follows that with nine solid strategies for aiming a carrier’s or MVNO’s fraud prevention program in the right direction.

Dan Baker: Jim, people are familiar with the basics of IRSF fraud, but the details on exactly how fraudsters make their money there are less clear.  Can you shed some light on that?

Jim Bolzenius: Sure, Dan.  It’s really a case of “following the money.” If you trace the way money flows in these schemes, understanding IRSF and premium rate fraud becomes rather simple.

Basically the fraudsters need to cut a deal with a supportive local exchange carrier (LEC) in a country that has a high exchange rate.  Historically, these locations included Somalia, Gambia, and Latvia.  These are the popular destinations.

In some cases the LEC is owned by the government, so if you seek help from that government to stop the fraud, they really don’t care.  This is especially true if the government official working with the fraudster just bought himself a new Bentley :- )

To generate traffic, the fraudsters use a conference call line, a hacked PBX, stolen wireless service or a variety of other means to push traffic to these high rate destinations.  And then the terminating carrier splits the revenue with the fraudster who generates all of the calls.

In the end, it’s the “A number” home carriers who lose money.  Whoever’s customer generated those calls has to pay the bills all the way down the line.  And there’s no relief from that.

Now the US domestic version of IRSF is called “traffic pumping”.  And here the LECs are located in various States: Iowa has been a typical location.

You see a lot of calls being pumped to those LECs for things like free conference calls.  And it’s the same model as IRSF: they are paying someone to pump phone calls into these locations so the carrier can make money and share the revenue with the people generating the calls.  Please note that this Domestic Traffic Pumping is not illegal and some businesses are valid, but not all.  Carriers just need to be aware of this process and look for suspicious activity.

Now you can think of IRSF as US domestic traffic pumping times 20 — because that’s the likely exchange rate difference.

So when you add it all up, IRSF, premium rate fraud, and traffic pumping are based on a very simple model.

Of course, the other big hurdle for the bad guys is getting in the door.  They need to gain access to actual phone lines to do their traffic pumping fraud.

That’s right.  And subscription fraud remains the number one method of gaining access.  Now there are many ways to perform subscription fraud, and how to prevent and identify subscription fraud is a subject I could talk about for hours.

But the two basic schemes are to steal a person’s ID (True Name Fraud) or to take over an existing account or add-on lines to an existing account via Social Engineering.

Of course, what the fraudsters really love is a faceless transaction.  That way, the bad guys don’t have to go to a store, show an ID, or risk having their picture taken by the store’s video camera.

This is why much of today’s fraud occurs over the internet and through wholesalers or telesales.  Dealers need to be closely monitored because we pay them a commission on sales.  Do they really care if this guy is a little bit suspicious?  Maybe not if the carrier has not implemented a commission charge-back process for subscription fraud activations.

Jim, how can carriers get their fraud management problems into high gear?  What are some of the programs you feel are essential?

Well, I’ve put together a short list of 9 things that guide my own thinking.  So here they are:

1 Make Timely Detection & Blocking your Key Goal

As a fraud fighter, you need to be realistic.  You can’t really stop IRSF.  The only way to totally stop it would be to disallow all international calls.  And if you did that, I think sales would have a bit of a problem with that strategy.

So if you can’t stop it entirely, your key mission is to detect and block fraud as soon as possible.

The fraud losses can add up very fast.  Let’s say you’ve got a fraudulent phone that’s reaching a $2 a minute destination and the fraudster is using the conference call function to generate six simultaneous calls or they activate lines via subscription fraud.

Now if you have real-time tools in place to look for that type of fraud, in 30 minutes or less you could identify and stop the fraud, so your fraud loss is still going to be around $360.  No matter what, you are still going to lose money because you are not preventing the initial call, just detecting it as fast as possible.

Fraud Monitoring

But if you have no monitoring in place and are waiting, say, for the TAP records or CIBER records to come in, it could be two-days before you catch the fraud.  So by not having the proper tools in place, that one fraud account could cost you $34,000.  And that’s potentially just one phone with a six-way conference feature.

Now imagine your subscription fraud account had 10 phones with a six-way conference call feature.  Well, you’re then talking about $300,000 in a matter of two days!  That’s the money you lost because you didn’t have a real-time data feed and a Fraud Management System.

Real-time data exchange is quite critical.  If you don’t have a NRTDE feed set up, you’re waiting for the billing records to come in.  And by the way, the carriers partnering with the fraudsters are in no hurry to send you a billing record because the longer the fraud goes undetected, the more money they make.

This is why actively monitoring for calls to suspicious locations is key.  You need to know where these are so you can identify them on the first call.

2 Use Social Network Analysis to Multiply Your Blocking Capability

It’s clear that when the first call from the first phone is identified as a fraudster, you should shut down that entire account right away.

But that one phone call can lead to other fraud prevention opportunities too.  The secret is to run a linkage analysis back for accounts who the fraudulent account also called.

If I now have one bad account A, there’s an account B, account C and so forth that are associated with Account A, so you can potentially shut down 50 or 60 lines by doing that social network analysis.

So detecting one bad phone call should lead you to other suspicious numbers.

3 Don’t Make PBX Hacking Easy for the Fraudster

Hacking a PBX to pump traffic to international destinations has been around for two decades or more, but it’s still a huge business for the fraudsters.

There are MVNOs out there serving business clients, and if they are not diligent with their security procedures regarding access ports, default passwords, and training employees regarding social engineering techniques, people will get into that PBX.

It’s amazing how many times a PBX is hacked because the default password on the PBX was never changed.  Most hackers know the PBX manufacturer’s default password.  So if you never change it, you’re going to have a lot of fraud.

4 Educate Customers & Call Center Reps about Social Engineering Schemes

One of the weakest points in a carrier’s defense is that customers and call center reps are often easy prey for the fraudsters.

Calling into a call center is a very popular path.  They pretend to be a customer and attempt to take over accounts to add lines of service and international dialing features.


“Hi, I’m from General Motors (GM) and I’m the new telecom account manager here.  I need 10 more mobile phone lines.” So with social engineering and phishing, people who are very experienced at this game can get your customer care rep to send them phones and add it to GM’s bill.

Another tactic is to send a text message to customers directly, saying, “Hey, I’m with Verizon Wireless, and you need to verify this information on your account or we will have to shut it off.” You’d be surprised how many people will send their sensitive ID information back by text or call the 800-number left by the message.

Or the text will send the customer to a website owned by the criminal where they gather information.  They may have a Verizon or AT&T logo on the web page to convince the customer that the web site is valid.

5 Implement Processes to Limit the Wangiri Fraud

One of the easier methods to commit IRSF or PRS fraud is via a method called Wangiri fraud (also known as a One Ring Scheme).  Once again, it’s a very easy process.  The fraudster sets up an auto-dialer to call thousands or millions of your customers; after one ring the call disconnects.

Now, amazingly, about 15% of people will actually call that number back.

So let’s say the call goes to Grenada.  Well, the idea is to keep the customer on the line, talk to them with recorded messages, and all that time they’re being charged $10 a minute.

Wangiri fraud

Then, when your customer sees the bill, he calls to say, “Hey, Mr.  Carrier, I don’t have international service with you, so why are you billing me for international calls?” So you guessed it: the carrier gets stuck with the bill.

And the fraudsters setup the Wangiri fraud by choosing the right call back numbers.  If you aim to defraud US customers, the best place for the fraudsters to have their premium rate numbers is in places like Jamaica, the Dominican Republic, or Grenada.  Calls to these countries are 10-digit numbers, so the customer looks at the area code and figures it’s a free US long distance call.

Now the cure to blocking this Wangiri fraud is to put in the right processes.

Do you allow the Caribbean to be 10-digit dialing?  It’s part of the North American dialing plan, so an International Dialing feature is not required to call these locations unless the carrier has established these locations as requiring that feature in their networks.

As these attacks are identified, it is imperative that the carrier notify and educate their customers to prevent further losses.

6 Control or Turn Off Dangerous Calling Features & Destinations

Does someone who lives in rural Minnesota ever need to call someone in the country of Latvia?

I think the prudent thing is to block certain capabilities and dangerous calling features.

You really should consider blocking call-forwarding, multi-party calls, and explicit call transfers for all international roamers and international calls.  The need for a valid customer to forward their phone to an international location or establish 10 simultaneous calls to an international location is very small and not worth the fraud risk.  People doing that — 99% of the time — are criminals.

And for the 1% who need that capability, well, I’m not sure those customers are worth the risk.

7 Monitor and Test your International Roaming Rules

Ok, you’ve set up your roaming rules to block six simultaneous calls because there’s a strong likelihood that’s criminal activity.  It’s too much risk.

But how do you know your roaming partners are following these rules?  How do you know they are not over-riding those rules?

Well, you need to test that.  Depending on what switches they are using, the fraud prevention rules you set up may not be read properly.  So make sure to test that your roaming rules are being followed in every market you roam.

8 Don’t Let Your Guard Down over the Holidays

What is the number one day for fraud losses?


Well in the United States, it’s the Wednesday before Thanksgiving.  That’s because many carrier fraud centers are closed on Thursday, Friday, Saturday and Sunday over the Thanksgiving holiday.  Go back and look at write-offs and fraud losses for that time last year.

If you don’t have a 24/7 shop that cycles through the big alarms — or if your system doesn’t send you alerts or text message alerts — you will be hit hard during the Thanksgiving break.  On Monday morning you could have thousands of alarms waiting for you.

People really need to come in over the holidays and watch for the big alarms.

9 Recognize that a Fraud Management System Alone is Not Enough

Finally, you need to ensure that the three legs of your program — systems, processes and people — all work together.

You need all of them.  You could have the greatest system in the world, but if you don’t have the processes and trained people behind it, the system doesn’t do any good.  People may not be working the system properly or identifying the right things.  Your processes and system may be outdated if you do not stay current with the new fraud trends and types of attacks.

So that’s a critical point if you want to ever have a chance of identifying and mitigating your fraud losses.

Copyright 2015 Black Swan Telecom Journal


About the Expert

Jim Bolzenius

Jim Bolzenius

Jim is an industry expert in the Telecom fraud prevention and detection arena.  Jim participates and contributes to several Global Fraud and Security Associations.  He has worked in the Telecom fraud prevention space for about 20 years.

Jim is currently the Head of anti-fraud Services at Transaction Network Services (TNS).  Prior to that, Jim was the Vice President of Product and Market Development for RoamEx Inc.  Jim also worked for Verizon Wireless for 27 years.  He was the Executive Director of Fraud Prevention and Strategy at Verizon Wireless for 12 years.   Contact Jim via

Related Stories

Related Articles

  • Taking the Fraud Fight Directly to the Enterprise PBX: An Automated Service Does Deep Dives of PBX Data by Arnd Baranowski — Analyzing the call patterns and hacking attempts of fraud-pumping PBX machines is a new line of fraud detection.  Now a new line of enterprise fraud managed service is focused on that principle.
  • BT Americas Security Chief: Security is No Longer Just an IT Problem, It’s a Major Board Room Concern interview with Jason Cook — A global expert on security explains six key motivators that are driving enterprises and telecoms to strengthen their security protection.
  • Webinar: From Wholesale Settlement  to Global Partner Management by Dan Baker — A 40 minute webinar providing a sweeping view of the challenges and opportunities service providers face as they try to manage a far more complex wholesale and partnering scene.
  • Nine Simple Strategies for Protecting an Operator or MVNO from Telecom Fraud interview with Jim Bolzenius — An expert in telecom fraud management explains essential strategies for aiming a carrier’s or MVNO’s fraud prevention program in the right direction.
  • A Sweeping 239-Page Research Report on Fraud Management Solutions & Strategies by Dan Baker — TRI has released a comprehensive  analyst report on fraud management solutions.  The study is based on interviews with three dozen leading FM consultants and solution experts.  Download the free Executive Summary.
  • Protecting 900+ MVNOs around the Globe from IRSF Fraud Pirates interview with Colin Yates — Telecom fraudsters are seeking a new, more vulnerable path to riches.  Their target: 900+ MVNOs around the globe who generally own no mobile networks, but sell mobile service virtually.  This interview with a fraud control expert explains what steps MVNOs must take to protect themselves from IRSF fraud.
  • Solution Vendor & Integrator Partnering: The Key to Enabling an Operator to Meet its Strategic Goals interview with Kirill Rechter — Working with strategic partners is an essential component to the success of any on-going billing project.  In this interview, a billing vendor CEO explains how a software vendor, systems integrator and service provider can best work together to drive the service provider’s business strategy.
  • CABS Revenue Assurance: How Rural LECs can Recover $284 Million in Revenue Shortfalls interview with Kelly Cannon & Darrell Merschak — Independent rural LECs in the U.S. still rely on the AMA/EMI billing formats for CABS billing, even as that format has proven to be highly inaccurate as a source of inter-carrier records.  This interview includes an analysis and discussion of revenue recovery techniques ILECs can use by leveraging SS7 probes.  Also discussed are billing strategies, traffic dumping threats, and the possible fallout from the FCC’s bill-and-keep mandate.
  • Make Business Assurance Progress Every Day: How to Set Goals, Automate, and Energize Your Team interview with Kathleen Romano — Business assurance (BA) skills have wide applicability outside the revenue assurance and fraud mangement domains.  In this article, a telecom executive explains how she’s applying her BA skills in the Payments area.  In addition to discussing the key operational challenges in Payments, the interview also provides keen insights on setting goals in business assurance, leading a team, and making critical decisions.
  • Make Business Assurance Progress Every Day: How to Set Goals, Automate, and Energize Your Team interview with Kathleen Romano — Business assurance (BA) skills have wide applicability outside the revenue assurance and fraud mangement domains.  In this article, a telecom executive explains how she’s applying her BA skills in the Payments area.  In addition to discussing the key operational challenges in Payments, the interview also provides keen insights on setting goals in business assurance, leading a team, and making critical decisions.
  • Partners in Carrier Management: The Success Story Behind T-Mobile’s Fiber Rollout in Wireless Backhaul interview with Bryan Fleming — Wireless backhaul is the unsung hero of the smartphone’s success.  This interview with T-Mobile’s carrier management architect for backhaul reveals the behind the scenes game plan for one of the most ambitious wireless interconnect programs ever.  You’ll learn about: the reasons for adopting a full-scale fiber strategy; the challenge of finding carrier partners; the clever techniques T-Mobile used to simplify and cut costs; advice on building great relationships with suppliers; and the key role that analytics, assurance, and visualization software played.
  • Revenue Assurance: The Magical Market Cap Multiplier by Van Howard & Curtis Mills — Many operators today consider revenue assurance yesterday’s opportunity.  But this article shows why significant revenue and cost leakage can still go undetected, even in companies with dedicated RA departments.  Also discussed are the benefits of a broader or more “forensic” approach to revenue assurance, an approach that boosts the bottom line regardless of the automated tools already in place.
  • Telecom Merger Juggling Act: How to Convert the Back Office and Keep Customers and Investors Happy at the Same Time interview with Alan Burgess & Curtis Mills — Billing and OSS conversions as the result of a merger are a risky activity as evidenced by famous cases at Fairpoint and Hawaiian Telcom.  This article offers advice on how to head off problems by monitoring key operations checkpoints, asking the right questions, and leading with a proven conversion methodology.
  • PwC on the Business of Revenue Assurance Consulting & Mentoring interview with Tim Banks & Dan Stevens — Revenue assurance consulting firms offer a broad range of services to clients these days.  The article explains the practice of mentoring RA mangers and providing a CFO with visibility on the status of an operator’s business controls.  Perspective is also offered on the value of RA software and the opportunity to broaden the RA practice scope.
  • Is Your Company Penny-Smart and Dollar-Foolish in Auditor Productivity? by Peter Yelle — Operators who fail to automate their invoice reconciliation process could be seriously undermining the morale and efficiency of their most valuable auditors.  This article explains the many subtle ways that manual auditing process can cost operators money.  Also presented is an analysis of the typical returns achieved by CSPs with mature cost assurance programs.
  • An Automated Self-Audit Approach to Telecom Cost Assurance interview with Jim Buttafuoco — What’s the value of an automated approach to invoice validation?  This article explains the power of the SaaS model where the vendor supplies the data-processing expertise, relieves the operator of tedious manual work and boosts auditor productivity so more money is saved.