SIP Analytics vs. CDR-based fraud management case study
A large telephone service provider was recently evaluating SIP Analytics® fraud prevention alongside their incumbent CDR-based telecom fraud management system. Then a telecom fraud attack hit.
Background
This provider had relied on a CDR-based telecom fraud management system (FMS) for years. They were initially interested in ClearIP blacklisting features, which would give their fraud team greater control over blacklisting without involving their Network Operation Center (NOC).
As the fraud team first began using ClearIP blacklisting, they continued to use their CDR-based FMS for fraud detection. SIP Analytics fraud prevention, a service available in ClearIP, was in report-only mode. Although it would detect fraud, the team had not yet enabled blocking.
Fraud attack!
On a Sunday afternoon, a fraudster used a customer’s hacked PBX to place fraudulent calls to various high-cost international destinations. It was a classic International Revenue Share Fraud (IRSF) attack. The fraudster swiftly placed 228 calls distributed across 120 different called numbers within 31 different countries. The fraud attack is summarized below.
SIP Analytics® inspects each call before it begins. It’s the fastest, most precise method available to detect and prevent telecom toll fraud.
Learn more about SIP Analytics| Destination | Call attempts | Fraud losses |
|---|---|---|
| Madagascar | 92 | 1,048.98 |
| Macedonia | 29 | 185.60 |
| Montenegro | 22 | 161.48 |
| Maldives | 12 | 165.58 |
| Moldova | 11 | 52.29 |
| Cuba | 9 | 104.40 |
| Algeria | 6 | 69.00 |
| Tunisia | 5 | 67.87 |
| Other Countries | 42 | 278.38 |
| Total | 228 | $2,133.58 |
CDR-based FMS response
When the CDR-based FMS detected the fraud attack, it alerted the NOC. The NOC shut down the fraud attack after 228 fraudulent calls had completed over 56 minutes. The CDR-based FMS allowed fraud losses of $2,133.58.
ClearIP response
ClearIP detected the fraud attack on the fifth call, 1 minute and 15 seconds into the attack. Unfortunately, it was still in report-only mode. Had blocking been enabled, fraud losses would have been only $2.03, or 0.1% of the actual losses. Relying on the CDR-based FMS cost the provider $2,131.55.
SIP Analytics detects and stops telecom fraud attacks faster
SIP Analytics inspects each outbound call for fraud before it is routed to a provider. It only takes milliseconds.
For each call, SIP Analytics calculates a fraud score based on the call’s financial risk. It then compares cumulative fraud scores with thresholds based upon normal calling patterns for individual calling numbers, devices, or trunk groups.
When a threshold is breached, the system can automatically block subsequent fraudulent calls involved in the attack. The system can also tear down fraudulent calls still up, if the network supports it.
Normal calls not involved in the attack continue uninterrupted. No human intervention is required to detect and block the attack.
Lessons learned
- This provider got the powerful blacklisting capabilities they sought from ClearIP.
- They saw a dramatic illustration of the difference between CDR-based fraud detection and SIP Analytics in the real world.
- They found it was easy to enable and works so much better, so now they’re using SIP Analytics fraud prevention to protect their network and subscribers from telecom fraud attacks.
Try SIP Analytics today
SIP Analytics is available with an easy-to-implement free evaluation. It works well with any SIP-based telecom system. Compare it with your current fraud management system. We think you’ll agree, it has price performance and effectiveness that can’t be beat.
Contact us today for more information.
