1. Bring IRSF
under control
International Revenue Share Fraud has increased 497% since 2013.
It is now the number 1 fraud threat to Telcos worldwide.
Let us help you fix the problem!
2. “Total fraud losses this year
= $38 Billion”
International Revenue Share
Fraud = $10.7 Billion”
“IRSF increase since 2013 =
497%”
“IRSF is now the top
industry threat”
The Facts
IRSF is the most harmful fraud in the industry.
It is enabled by international roaming and a combination of
other fraud types.
IRSF is hard to detect without the right tools.
3. This is where a hacked PBX is used to inflate traffic to high-cost premium rate numbers.
Utilises Outgoing
Trunks for IRSF
calls
HOME
OPERATOR
(Business Customer)
PREMIUM RATE
SERVICE
PROVIDER
Fraudsters rewarded
by PRS provider for
increased traffic
Fraudsters illegally
obtain access to
customers PBX
Traffic is then “pumped”
to PRS numbers by
fraudsters
х DISA (Direct Inward Service Access)
х Insecure Voicemail
х Insecure Maintenance ports
х Automated Attendant
х Call divert
Severity of PBX Fraud is only limited by
the number of outgoing trunks.
Points of compromise can include:
How IRSF works – Using PBX/IP-PBX as an enabler
4. How PBX Fraud is so destructive to a Telco
o Telco typically has little control over security of a customers PBX if not managed by the Telco – e.g.
Voicemail
o If a customer does suffer a significant IRSF attack, there will be a dispute over payment
o Customer has an expectation that their carrier will identify a significant change in calling patterns
o Usually IRSF through a compromised PBX will occur at night and over weekends when PBX congestion
will not be noticed
o Hackers have the sophisticated tools to bypass this
o Only one area of compromise has to be identified by Fraudsters to access outgoing trunks
o Customer will arrive at work after weekend and find they have suffered a significant IRSF attack
o Imagine the completely different customer experience if they are contacted by their network provider
and alerted to calls to IRSF test numbers resulting in an IRSF attack being prevented
o This can be achieved by utilising the IPR Test Number Database used by FraudStrike to monitor all
outward PBX calling
o Automated notifications will ensure potential attacks can be actioned 24x7
o This will reduce PBX Fraud losses, become a service differentiator, enhance customer satisfaction and
avoid potential brand impact if an IRSF attack was successful
5. This is where SIM cards are used when roaming to inflate traffic to high-cost premium rate numbers.
VISITED
OPERATOR
(VPMN)
HOME
OPERATOR
(HPMN)
PREMIUM RATE
SERVICE
PROVIDER
Fraudsters rewarded
by PRS provider for
increased traffic
Fraudsters illegally
obtain SIM cards
and ship them to a
roaming network
Traffic is then “pumped”
to PRS numbers by
fraudsters
х Subscription fraud
х Roaming fraud
х Wangiri fraud
х PBX hacking
Types of Fraud
IRSF is usually enabled by one
or more of these frauds:
How IRSF works – Using Mobile device as an enabler
6. Reduced losses by implementing FraudStrike
With
FraudStrike
Without
FraudStrike
After
48 hours
After
30 min
€2,000 lost
€500,000 lost
7. Reduced losses by implementing FraudStrike
With
FraudStrike
Without
FraudStrike
1000 mins
of calls
2 numbers called
were known by
FraudStrike
5 NRTRDE
files sent
250,000mins
of calls
12 numbers called
were known by
FraudStrike
125 NRTRDE
files sent
8. Reduced losses by implementing FraudStrike
FraudStrike immediately alerts the
HPMN when a number matches in
the hotlist.
HOME
OPERATOR
(HPMN)
Visited Called numbers (B-
numbers) checked against
database for matches
With FraudStrike, the losses are prevented
before they escalate by checking the
NRTRDE records in real time against the
database
9. Output / Actions
FraudStrike alerts the HPMN
immediately by e-mail or SMS
when a number matches in
the hotlist
HPMN investigates subscriber
profile
HPMN blocks SIM (not
destination range) if necessary,
to prevent IRSF
The above can be a managed service from
XINTEC, for full automation.
10. The Intelligence
FraudStrike is a
combination of clever
detection methods, when
used together can prevent
and even predict
International Revenue
Share Fraud (IRSF).
1 2
3
4
5Unrivalled IRSF Domain
Knowledge
Hotlist Database of
over 250,000 test-
call numbers
Overlapping Calls
Detection
High Usage
Detection
Associative Detection
(shared call patterns)
11. The Intelligence
Overlapping Calls Detection
FraudStrike will automatically detect overlapping
calls and associate them with the subscriber case
containing the database match. The user of the
system can immediately see the link between an
overlapping calls alert and an IRS test call alert in the
same case, to enhance the certainty of detecting a
fraudulent event.
1
12. The Intelligence
High Usage Detection
FraudStrike will automatically detect high usage
activity and link this with the subscriber case
containing other alerts for that subscriber. The user
of the system can see the link between a High Usage
alert with an alert as a result of a database match
and/or overlapping call to enhance the certainty of a
fraudulent event.
2
13. The Intelligence
Hotlist Database
of over 250,000 test-call numbers
A unique database of IRS test call numbers that for
the first time allows IRSF attacks to be detected
before or during the early stages of an attack.
3
14. The Intelligence
Associative Detection
(shared call patterns)
FraudStrike applies associative detection techniques
to identify the other potential “actors” in a fraud
event. For example, if the system sees a database
match on prefix range (+4412345) it will search for
other subscribers making calls to the same prefix
(+4412345) and notify the analyst, via email, of these
other suspicious IMSIs.
4
15. The Intelligence
Unrivalled IRSF
Domain Knowledge
Providing strategic and operational advice to the telco
industry for over 25 years, our team of experts offers
deep domain knowledge with respect to the
prevention and detection of IRSF worldwide.
5