[ 07.11.2018 ]
VoIP and SIP fraud is a huge problem. Read more.
VoIP - voice over internet protocol - is pretty ubiquitous these days: it’s low cost, has great bandwidth efficiency and is quite agile. So, it’s not exactly surprising that most corporations, businesses and government agencies look to use it. As 5G starts rolling out, these kinds of services are going to become even more prevalent, which makes the fraud aspect of the service a high priority.
Make no mistake! SIP and VoIP fraud is a serious business.
Operators have long been clued up about traditional telco fraud entry points, but with virtual PBXs they and their end-users are also susceptible to imaginative internet “hackers”. As a result, fraud loss continues.
A CFCA survey from 2017 found that fraud related to IP PBX hacking was worth $1.94 billion alone, with spoofing standing at $1.29 billion, robocalling at $0.92 billion and signal manipulation at $0.92 billion. These are huge amounts which rapidly add up. It’s even more sobering when you consider that well-organised SIP fraud can lead to other damaging frauds like IRSF and Wangiri, which in turn exposes CSPs to billions more in loss.
On top of this, you have the extra customer satisfaction headaches. Even when a vulnerability is exploited on the end-user side, there is an expectation that their CSP should pay. Failure to do so leads to angry clients, missed revenues, harmed reputation and time lost.
So what are telcos doing wrong?
Telecom operators have long been used to facing wave after wave of fraud innovations, so why is it that SIP fraud is keeping operators on the back foot? It comes down to two big problems:
->> Organisational chaos - fraud teams look at fraud events. Security teams look at intrusion events. This is the familiar approach of many companies. However, it’s worth keeping in mind that whatever benefits are received in specialisation can be quickly eroded if there is no teamwork, communication and internal rules in place.
->> A reliance on CDR detection methods - most fraud detecting systems rely on CDR analysis. This made sense for over the air services, but CDR monitoring won’t help you fast enough in the face of a VoIP-based Wangiri attack as call attempts won’t usually generate a CDR! Only the subscriber (also known as 'victim') calls will generate a CDR when they’re calling back, and by that point it may be too late to avoid a big loss.
Do we have a solution? Yes WeDo!
The solution can be to simple effectiveness when following a few rules, such as:
1) Use SIP signalling messages – unlike CDRs, SIP signalling messages can be processed in real-time to control call, texts, data and more! In the case of Wangiri fraud for example, we can monitor for a high number of SIP invite and cancel messages from the same CLI. We can also look at the dispersion of called numbers from a single origin and a dispersion of calls back to the same destination number too. By doing so, it is possible to detect these fraud attacks at the first attempt and take appropriate preventative measures.
2) Use hotlists and blacklists when possible – if you can keep or gain access to a repository of risky call destinations, IRSF hotspots and premium rate numbers, then you can maximise the effectiveness of your SIP data. Going back to Wangiri fraud, if you could check the origin CLI against a known list of premium rate numbers, then you’d be in a distinct advantage over the fraudster.
3) Automate and combine – it’s probably an obvious idea, but it’s one that doesn’t happen enough. Using machine learning-based detection systems will greatly improve the efficacy of your fraud strategy. If this system can then also incorporate CDR data to give a holistic interpretation of the SIP signalling messages, and present info in easy-to-use dashboards, which give access to both security and fraud teams, then even better.
What does this mean for your bottom line?
We know VoIP and SIP fraud is a huge problem. By adopting these sensible ideas you can reduced the fraud window, reduce fraud loss, and improve your customer experience.
Quicker fraud detection = reduced fraud window, reduced loss, happier customers :-)
Want to know more? -->> Telecoms.com in partnership with WeDo Technologies will be hosting a live webinar on SIP fraud detection scenarios and challenges on November 13th and 3pm GMT. Join WeDo’s professional service’s senior product specialist, Nuno Pestana, in discovering how to better detect and prevent SIP fraud. Register for free and find out how RAID Risk Management can help you to secure your network. Or just get in contact with us anytime.
Acronyms used in this article:
VoIP - voice over internet protocol
PBX - private branch exchange
CFCA - communications fraud control association
SIP - session initiation protocol
IRSF - international revenue share fraud
CSP - communications service provider
CDR - call detail record
CLI - caller line identification
(*) Photo by pixabay.com from Pexels