SIP Analytics vs. CDR-based fraud management case study

A large telephone service provider was recently evaluating SIP Analytics® fraud prevention alongside their incumbent CDR-based telecom fraud management system. Then a telecom fraud attack hit.


This provider had relied on a CDR-based telecom fraud management system (FMS) for years. They were initially interested in ClearIP blacklisting features, which would give their fraud team greater control over blacklisting without involving their Network Operation Center (NOC).

As the fraud team first began using ClearIP blacklisting, they continued to use their CDR-based FMS for fraud detection. SIP Analytics fraud prevention, a service available in ClearIP, was in report-only mode. Although it would detect fraud, the team had not yet enabled blocking.

Fraud attack!

On a Sunday afternoon, a fraudster used a customer’s hacked PBX to place fraudulent calls to various high-cost international destinations. It was a classic International Revenue Share Fraud (IRSF) attack. The fraudster swiftly placed 228 calls distributed across 120 different called numbers within 31 different countries. The fraud attack is summarized below.

DestinationCall attemptsFraud losses
Other Countries42278.38

CDR-based FMS response

When the CDR-based FMS detected the fraud attack, it alerted the NOC. The NOC shut down the fraud attack after 228 fraudulent calls had completed over 56 minutes. The CDR-based FMS allowed fraud losses of $2,133.58.

ClearIP response

ClearIP detected the fraud attack on the fifth call, 1 minute and 15 seconds into the attack. Unfortunately, it was still in report-only mode. Had blocking been enabled, fraud losses would have been only $2.03, or 0.1% of the actual losses. Relying on the CDR-based FMS cost the provider $2,131.55.

Subscribe to our newsletter!

News, special event notices and announcements delivered to your inbox every now and then.

All fields are required.

This information will only be used to send newsletters and occasional announcements. TransNexus will not share your data with any third parties. We will retain your information for as long as you wish to continue receiving our newsletters and announcements. You may unsubscribe at any time by selecting the unsubscribe link at the bottom of the email. For more information about how we use personal data, please see our privacy statement.

SIP Analytics detects and stops telecom fraud attacks faster

SIP Analytics inspects each outbound call for fraud before it is routed to a provider. It only takes milliseconds.

For each call, SIP Analytics calculates a fraud score based on the call’s financial risk. It then compares cumulative fraud scores with thresholds based upon normal calling patterns for individual calling numbers, devices, or trunk groups.

When a threshold is breached, the system can automatically block subsequent fraudulent calls involved in the attack. The system can also tear down fraudulent calls still up, if the network supports it.

Normal calls not involved in the attack continue uninterrupted. No human intervention is required to detect and block the attack.

Lessons learned

  1. This provider got the powerful blacklisting capabilities they sought from ClearIP.
  2. They saw a dramatic illustration of the difference between CDR-based fraud detection and SIP Analytics in the real world.
  3. They found it was easy to enable and works so much better, so now they’re using SIP Analytics fraud prevention to protect their network and subscribers from telecom fraud attacks.

Try SIP Analytics today

SIP Analytics is available with an easy-to-implement free evaluation. It works well with any SIP-based telecom system. Compare it with your current fraud management system. We think you’ll agree, it has price performance and effectiveness that can’t be beat.

Contact us today for more information.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.

illustration of a padlock over a computer screen background with programming code