Passive methods for detecting illegal traffic termination

image

Now illegal traffic termination has become one of the main troubles of any telecommunications operator. Operators suffer the most in countries where international calls are much more expensive than local traffic. The government’s attitude to this, so to speak, type of business also plays a significant role. The top states that suffer most from this type of fraud include the countries of Africa, the Balkan Peninsula and of course the CIS.

As you know, the essence of this type of fraud is to direct international voice or SMS traffic bypassing the proper switching equipment. As a result, a number of problems arise. Firstly, the operator loses money on interconnect settlements. Secondly, the quality of communication is suffering, extraneous noise, delays, frequent breaks appear. Thirdly, there is a substitution of the caller's number.

If a few years ago only people with the appropriate technical education could deal with this type of fraud, today this type of “business” can be bought on a turn-key basis. On the Internet, there are many offers from organizations ready for an affordable fee to sell and configure the necessary equipment, install specialized software to simulate human activity, reduce traffic to the originators, and provide round-the-clock technical support. support. And of course, they will teach where to place the equipment and what settings to make so that it is more difficult for operators to identify and block SIM cards of a scammer.

In 2016, two main types of systems for detecting this type of fraud are used in world practice:

Active systems- These are systems that detect fraud numbers by making test call sessions (ringing) from various parts of the world to operator numbers.

Passive systems are systems that analyze the activity of subscribers for the subject of “humanity”.

If with active systems everything is more or less clear, then tuning passive systems requires in-depth analysis to identify the main criteria that distinguish fraud cards from live subscribers. This is not such a simple task as it might seem at first glance.

Thanks to modern systems, SIM-cards in the gateways allow:

  • send and receive messages with pre-prepared text;
  • make and answer calls with the transfer of the recording of a real conversation to the voice channel;
  • create groups by simulating communication with regular contacts (friends);
  • simulate a different movement between locations, depending on the time and day of the week;
  • send USSD requests to check the balance and connect bonuses. Read the required information from the responses;
  • monitor balances and bonuses;
  • set a schedule to distribute traffic volumes during the day and on different days of the week.

We propose to pay attention to some features of the work of systems simulating human activity, which you can try to use to additionally identify SIM-cards of scammers, or in order to complicate the lives of crooks.

Terminator needs to control balances and bonuses on their SIM cards. This is necessary so that the number does not suddenly shut up. (After all, they also need to maintain a reputation in the eyes of their customers.) Traffic termination control systems can send USSD commands to check balances and connect bonuses. They can also read the necessary information from the responses received. If the answer could not be read, after several attempts, the system often unloads the SIM-ku from the gateway. If you periodically make small changes to the USSD response to make it difficult to parse text on a mask, it is theoretically possible to achieve a malfunction in the parser and, as a result, complicate the life of the fraudster.

When simulating human activity, the system makes a call between numbers in the gateway. Thus, when a terminator number is detected, it is necessary to analyze the connections with other SIM cards.

The system that controls the termination allows you to create several locations and configure the movement between them. Moreover, since instantaneous movement over a long distance will look suspicious, a delay is set between leaving one location and appearing in another. During the delay, the SIM card is turned off. Based on this feature, it is proposed to analyze the geography of the movement of subscribers. Whether they move gradually or jump between locations, bypassing intermediate base stations. Also, it makes sense to look at other numbers, the list of locations of which coincides with the locations of the identified numbers.

Of course, it is unlikely that the methods described above are applicable to all operators and all terminators. But, in my opinion, it makes sense to analyze the traffic of terminators through the prism of these features.

If you need a universal method that can be supplemented with an illegal termination detection system, then the best result will be obtained by reconciling outgoing calls in roaming received from TAP files and NRTRDE with incoming calls from your own called subscribers.

In general terms, the control logic is as follows: subscriber A is in roaming and calls subscriber B. Subscribers A and B are subscribers of the operator. If at that time subscriber B received an incoming call of the same duration from number C, then traffic is terminated through number C. Of course, such control cannot be compared with ringing, but, as practice has shown, it can be a pleasant addition with a high percentage of accuracy.

The fight against illegal traffic termination is a difficult and expensive task. But if the situation is left to chance, one day the day will come when the revenue for interconnect will become a history for the operator.

Also popular now: