Home
About Black Swan Editorial Mission Reports & Papers
Fraud Systems SIM Box Roaming Fraud PBX Fraud Subscription Databases
RA Practices Business Assurance RA Maturity RA Consulting Bill Testing
Wholesale Systems Net Inventory Margin Assure Partner Mgmt
Customer Behavior Machine Learning Network Analytics Marketing Analytics
Network Behavior Mobile & IoT Security Trusted Communication Signaling
Email a colleague    

April 2017

Bypass Fraud Evolves: New Threats from Outgoing SIM Box Bypass & Spikes in CLI-Tampering

interview with Philippe Orsini

Bypass Fraud Evolves: New Threats from Outgoing SIM Box Bypass & Spikes in CLI-Tampering

Is the fraudster’s mindset fundamentally different from that of your average honest person?

Well, maybe not.  Consider this: all of us who participate in the free enterprise system — as owners, employees or independent agents —aim to exploit certain advantages we have in the game.  It could be technical skills, knowledge, leadership, money, relationships... or many other things.

We then leverage that “special something” to discover and exploit markets that are out of balance.  For instance, traders invest in stocks or currencies that are undervalued.  Successful entrepreneurs deliver products people are clamoring for, but no one is properly delivering.

Often the ticket to riches is access to deeper levels of knowledge.  Investor Warren Buffet (second richest man in the world) once said that successful investing in like watching a parade while standing on your tiptoes.  Likewise, a biologist finds his pot of gold by seeing things in a microscope that others fail to notice.

But only the fraudster (or corrupt insider) is willing to go the next step: to pursue those opportunities by breaking the law, risking jail time — or worse.

So the first step to stopping fraudsters is understanding human nature.  And the next most important thing is mastering the technical playing field where the fraudster plays.

Araxxe is one of the foremost companies in the world peering into the psychology and habits of fraudsters, then anticipating their moves and putting defenses in place to protect an operator’s revenue.

I recently caught up with Philippe Orsini, VP Product Management, who provided an insightful update on new developments in bypass and SIM box fraud his company is dealing with.

Dan Baker, Editor, Black Swan: What’s happening in the world of SIM box fraud these days?  Are we getting better at controlling this type of fraud?

Philippe Orsini: Well, Dan, it obviously depends on your region of the world and the local market.  As you would expect, Africa and Asia are still the most impacted parts of the world, and Araxxe continues to serve clients in those regions.

Traditional in-bound SIM box fraud remains a constant threat to the termination revenues of operators — and the tax revenue of governments in these countries.

But now we see emerging a new form of SIM box fraud threat, what we call "outgoing SIM box".

So what do you mean by Outgoing SIM Box fraud?

It’s very simple actually.  SIM box fraud is always about the tariffs — or the margins you can get by bypassing legal call distribution channels.

To understand what “outgoing SIM box fraud” is about, let’s first review how billing for mobile traffic has evolved.

Five or six years ago, if you looked at mobile-to-mobile traffic in Italy, for instance, an Italian mobile operator would sell its SIM cards to terminate traffic on its own network.  And soon thereafter it became practical to terminate all domestic mobile operator calls on their networks at no additional charge because retail rates were low.  In short, it was not worth the cost of billing for traffic between the Italian operators.

However, in the past few years, a new trend in Europe has been to offer SIM cards that terminate on international destinations.  These are the so-called "world plans" which usually feature a flat fee number of minutes across 5, 10 or 20 selected countries.  And the tariff packages for these world-plan SIM cards are priced aggressively to attract new customers.

But now fraud is occurring in countries within these world plans where the mobile termination rate is very high.  For example, Albania’s termination rate is very high, so if an operator in Italy has a bundled “world plan” where Albania as one of the destinations, fraudsters will try to exploit that by pumping lots of low cost calls through to Albania.

Interesting, so the fraudster gets the same benefit of pumping traffic without the risk of operating illegal SIM boxes in Albania.

Yes, Dan.  Going further with my example: this Italian mobile operator would definitely be impacted if their tariff plan failed to account for the huge traffic volumes being pumped into Albania.

Relatively few calls to Albania were expected: the lion’s share of traffic was projected to go to low cost destinations such as France, Switzerland, and Germany perhaps.  If we would normally see 5% of calls ending in Albania, if that volume spikes to 20% of all calls, the underlying profits of the world plan would be terrible.  It could even put them in the red.

I see, so this outgoing SIM box fraud is very deceptive because it goes against the normal fraud pattern in bypass.

True.  And the other interesting twist is that this Italian mobile operator would suffer no revenue loss from this fraud.  However, they would see a tremendous increase in their interconnect costs because many more calls are terminating in Albania.

At first, fraud managers often don’t understand this fraud: their first instinct is to look at revenue alone.  They might say, "Hmm.  This is a very successful rate plan that is generating lots of international calls!"

But looking deeper, of course, you notice that while SIM card sales are high, you’re losing big on the wholesale side paying all these high interconnect charges to Albanian mobile operators.

Now to exploit this fraud requires the fraudster be very familiar with the termination rates in different countries and with the rate plans offered by the mobile operators worldwide — and knowing where the profit margins are best.  And maybe the fraudster shifts from using SIM boxes to terminate traffic in Italy and instead uses them to pump a ton of calls from Italy to Albania.

This outgoing SIM box fraud is a very interesting case.  At usual, the fraudsters are adept at finding unique ways to exploit big price differences in markets.  Any other new kinds of bypass you’re seeing?

Well, another bypass I’ll mention is not exactly new.  It’s fraudulent CLI (Caller Line ID) changes, also known as CLI re-filing, a growing bypass type in Europe because of changes in regulations and increased competition.

Operators in the European Union are under pressure to increase their revenues because competition has brought prices down and also because the revenue operators earn from roaming fees is considerably reduced.

So increasingly European operators are implementing so-called “differential mobile termination rates” to countries outside of Europe.  Now a French operator, for example, must still maintain low termination rates for traffic from member countries in the European Union.

Let’s take the case of France and Morocco to illustrate the problem.  Traditionally an operator in Morocco could terminate calls in France at a very low rate.  Yet when a French operator terminates a call in Morocco, the termination rates are very high.  So the rates were absolutely asymmetric.

But now, to recover more revenue, the French operator tacks on a non-European surcharge to traffic coming from Morocco.

And how is this non-European differential surcharge applied to the traffic?

Dan, it’s all based on the interconnect origin-based billing rate which is calculated on the CLI phone number (or A number) transmitted to the destination operator.

So in my example, if the CLI says the origin is Spain, you pay one cent per minute; if the CLI says Morocco, it’s 6 cent per minute.  Big difference.  And when an operator doesn’t want to pay the 5 or 6 cents per minute surcharge, what they can do is fraudulently change the CLI to pretend the traffic is coming from Spain, Italy, or another European country — and they will not be charged the high termination rate.

And I believe any operator in the interconnect chain has the technical ability to modify that CLI number, right?

Correct.  And that’s where the dilemma lies, for there’s no easy way to determine exactly who is committing the fraud because several operators can be in the chain.  The only way you can analyze which interconnect operator is doing the fraud is to do lots of test calls across many routes to trace the true origin of calls made from various corners of the word.

Now even though this fraud has been active for quite some time, European operators don’t seem to appreciate how much money they are losing through these CLI-altering schemes.

The prevailing attitude seems to be: "Okay, maybe we will experience a small amount of fraud from CLI altering, but at least, 80% of my traffic from Morocco will be charged at the higher rate."

Even still, losing 20% of the high rate traffic is a lot of money to let slip out the door.

In any kind of SIM box or bypass fraud, two different solutions are used.  You have the robot calling firms and SIM box fraud specialists such as Araxxe, and the FMS solution providers also play a role.  Can you explain to us the differences between these two roles?

Well, the best anti-fraud solution is always a combination of fraud solutions, isn’t it?  I mean, there is certainly high value in combining what a WeDo or Subex does and what Araxxe does.

Yet we at Araxxe are very different from a Subex or WeDo because we don’t have the big data warehouse storing the full traffic all these years to perform profiling and analysis, etc.  In SIM Box detection, our CDR analysis is much more focused.  We don’t deal with all the traffic or all the users, but only a sample of CDRs derived from the particular test calls our robots are making.

And the number of calls we make varies: we could be making 1,000, 5,000, or 100,000 calls per month — depends on the need at the particular operator.  So we approach the client and say, "If you want us to analyze your SIM box problem, you need to send us the CDRs of our robot calls.”

FMS companies like Subex and Neural Tech play an important role in SIM Box fraud mitigation by maintaining a rich history of usage for each phone number.  They also ensure their application scales/performs well, the database is tuned, and the dashboards and reporting are excellent.

But to be honest, in SIM box fraud control, the technical platform is only secondary.  What matters most is the experience of the fraud analyst or user of the platform who knows what profiling rules to implement in the system.

Maybe the old 80:20 rule applies here.  In SIM box fraud control, 80% of the value comes from the user’s knowledge and 20% from the technical platform.  And in IRSF, it’s the other way around: 20% user, 80% technical platform.

I would agree with that.  IRSF detection is far more methodical.  It lends itself to automation and data analysis.  A phone number is either in the blacklist or it’s not.  Or it fits an analytical pattern that raises the level of suspicion, so you block the call.

SIM box fraud is not so simple.  The fraudster adapts its strategy depending on the defense.  So it’s kind of an electronic cat vs. mouse game: there are attacks, counter-measures, and counter-counter measures.  This is why the experience and training of the fraud analyst is so key.

Another analogy: it’s the difference between using MS Word as a typing platform versus using MS Word to write a novel: the skill of the writer is almost everything in producing a great novel.

Thanks very much, Philippe.

Copyright 2017 Black Swan Telecom Journal

 
Philippe Orsini

Philippe Orsini

Philippe Orsini is VP Product Management at Araxxe, a specialized company providing End-to-End Billing Verification and Interconnect Fraud Detection solutions to communication companies worldwide.

Philippe, who joined Araxxe in 2007, is in charge of product portfolio management and new product creation.  He also manages key client accounts mainly in North Africa and Europe.

After graduating from a top French “Grandes Ecole” and the Universidad Politécnica of Madrid (Spain) in telecommunication, Philippe has been developing strong insight and operational expertise in the communications industry across Europe.

Philippe has spent most of his work experience working at consulting companies, such as IBM Global Services or Accenture.  He has been managing large IT systems implementation projects and in-depth consulting studies in the distribution and telecommunication industries.   Contact Philippe via

Black Swan Solution Guides & Papers

cSwans of a Feather

Related Articles

  • Tokopedia, Indonesia’s E-Commerce King, Partners with 11 Million Merchants; Adopts Multi-Cloud to Drive Innovation interview with Warren Aw & Ryan de Melo — Indonesia’s Tokopedia, founded in 2009, has grown to become one of world’s leading e-commerce players.  Read about its success, technology direction, and multi-cloud connectivity adoption.
  • Bridge Alliance: Knocking Down Regional & Mobile Connectivity Barriers so Connected Car Markets Get Rolling in Asia interview with Kwee Kchwee — The CEO of an Asian consortium of mobile operators explains how they  help simplify and harmonize their members‘ operations in support of multi-national corporations.  This integration is enabling two huge industries to come together in Asia: auto manufacturing and telco.
  • Epsilon’s Infiny NaaS Platform Brings Global Connection, Agility & Fast Provision for IoT, Clouds & Enterprises in Southeast Asia, China & Beyond interview with Warren Aw — Network as a Service, powered by Software Defined Networks, are a faster, more agile, and more partner-friendly way of making data global connections.  A leading NaaS provider explains the benefits for cloud apps, enterprise IT, and IoT.
  • PCCW Global: On Leveraging Global IoT Connectivity to Create Mission Critical Use Cases for Enterprises interview with Craig Price — A leading wholesale executive explains the business challenges of the current global IoT scene as it spans many spheres: technical, political, marketing, and enterprise customer value creation.
  • Senet’s Cloud & Shared Gateways Drive LoRaWAN IoT Adoption for Enterprise Businesses, Smart Cities & Telecoms interview with Bruce Chatterley — An IoT netowork pioneer explains how LoRaWAN tech fits in the larger IoT ecosystem.  He gives use case examples, describes deployment restraints/costs, and shows how partnering, gateway sharing, and flexible deployment options are stimulating growth.
  • ARM Data Center Software’s Cloud-Based Network Inventory Links Network, Operations, Billing, Sales & CRM to One Database interview with Joe McDermott & Frank McDermott — A firm offering a cloud-based network inventory system explains the virtues of: a single underlying database, flexible conversions, task-checking workflow, new software business models, views that identify stranded assets, and connecting to Microsoft’s cloud platform.
  • Pure Play NFV: Lessons Learned from Masergy’s Virtual Deployment for a Global Enterprise interview with Prayson Pate — NFV is just getting off the ground, but one cloud provider to enterprises making a stir in virtual technology waters is Masergy.  Here are lessons learned from Masergy’s recent global deployment using a NFV pure play software approach.
  • The Digital Enabler: A Charging, Self-Care & Marketing Platform at the Core of the Mobile Business interview with Jennifer Kyriakakis — The digital enabler is a central platform that ties together charging, self-care, and marketing.  The article explains why leading operators consider digital enablers pivotal to their digital strategies.
  • Delivering Service Assurance Excellence at a Reduced Operating Cost interview with Gregg Hara — The great diversity and complexity of today’s networks make service assurance a big challenge.  But advances in off-the-shelf software now permit the configuring and visualizing of services across multiple technologies on a modest operating budget.
  • Are Cloud-Based Call Centers the Next Hot Product for the SMB Market? interview with Doron Dovrat — Quality customer service can improve a company’s corporate identity and drive business growth.  But many SMBs are priced out of acquiring modern call center technology.  This article explains the benefits of affordable and flexible cloud-based call centers.
  • Flexing the OSS & Network to Support the Digital Ecosystem interview with Ken Dilbeck — The need for telecoms to support a broader digital ecosystem requires an enormous change to OSS infrastructures and the way networks are being managed.  This interview sheds light on these challenges.
  • Crossing the Rubicon: Is it Time for Tier Ones to Move to a Real-Time Analytics BSS? interview with Andy Tiller — Will tier one operators continue to maintain their quilt works of legacy and adjunct platforms — or will they radically transform their BSS architecture into a new  system designed to address the new telecom era?  An advocate for radical transformation discusses: real-time analytics, billing for enterprises, partnering mashups, and on-going transformation work at Telenor.
  • Paradigm Shift in OSS Software: Network Topology Views via Enterprise-Search interview with Benedict Enweani — Enterprise-search is a wildly successful technology on the web, yet its influence has not yet rippled to the IT main stream.  But now a large Middle Eastern operator has deployed a major service assurance application using enterprise-search.  The interview discusses this multi-dimensional topology solution and compares it to traditional network inventory.
  • The Multi-Vendor MPLS: Enabling Tier 2 and 3 Telecoms to Offer World-Class Networks to SMBs interview with Prabhu Ramachandran — MPLS is a networking technology that has caught fire in the last decade.  Yet the complexity of MPLS has relegated to being mostly a large carrier solution.  Now a developer of a multi-vendor MPLS solutions explains why the next wave of MPLS adoption will come from tier 2/3 carriers supporting SMB customers.
  • Enabling Telecoms & Utilities to Adapt to the Winds of Business Change interview with Kirill Rechter — Billing is in the midst of momentous change.  Its value is no longer just around delivering multi-play services or sophisticated rating.  In this article you’ll learn how a billing/CRM supplier has adapted to the times by offering deeper value around the larger business issues of its telecom and utility clients.
  • Driving Customer Care Results & Cost Savings from Big Data Facts interview with Brian Jurutka — Mobile broadband and today’s dizzying array of app and network technology present a big challenge to customer care.  In fact, care agents have a hard time staying one step ahead of customers who call to report problems.  But network analytics comes to the rescue with advanced mobile handset troubleshooting and an ability to put greater intelligence at the fingertips of highly trained reps.
  • Hadoop and M2M Meet Device and Network Management Systems interview with Eric Wegner — Telecom big-data in networks is more than customer experience managment: it’s also about M2M plus network and element management systems.  This interview discusses the explosion in machine-to-machine devices, the virtues and drawbacks of Hadoop, and the network impact of shrink-wrapped search.
  • The Data Center & Cloud Infrastructure Boom: Is Your Sales/Engineering Team Equipped to Win? by Dan Baker — The build-out of enterprise clouds and data centers is a golden opportunity for systems integrators, carriers, and cloud providers.  But the firms who win this business will have sales and engineering teams who can drive an effective and streamlined requirements-to-design-to-order process.  This white paper points to a solution — a collaborative solution designs system — and explains 8 key capabilities of an ideal platform.
  • Big Data: Is it Ready for Prime Time in Customer Experience Management? interview with Thomas Sutter — Customer experience management is one of the most challenging of OSS domains and some suppliers are touting “big data” solutions as the silver bullet for CEM upgrades and consolidation.  This interview challenges the readiness of big data soluions to tackle OSS issues and deliver the cost savings.  The article also provides advice on managing technology risks, software vendor partnering, and the strategies of different OSS suppliers.
  • Calculated Risk: The Race to Deliver the Next Generation of LTE Service Management interview with Edoardo Rizzi — LTE and the emerging heterogeneous networks are likely to shake up the service management and customer experience management worlds.  Learn about the many new network management challenges LTE presents, and how a small OSS software firm aims to beat the big established players to market with a bold new technology and strategy.
  • Decom Dilemma: Why Tearing Down Networks is Often Harder than Deploying Them interview with Dan Hays — For every new 4G LTE and IP-based infrastructure deployed, there typically a legacy network that’s been rendered obsolete and needs to be decommissioned.  This article takes you through the many complexities of network decom, such as facilities planning, site lease terminations, green-safe equipment disposal, and tax relief programs.
  • Migration Success or Migraine Headache: Why Upfront Planning is Key to Network Decom interview with Ron Angner — Shutting down old networks and migrating customers to new ones is among the most challenging activities a network operators does today.  This article provides advice on the many network issues surrounding migration and decommissioning.  Topics discussed include inventory reconciliation, LEC/CLEC coordination, and protection of customers in the midst of projects that require great program management skills.
  • Navigating the Telecom Solutions Wilderness: Advice from Some Veteran Mountaineers interview with Al Brisard — Telecom solutions vendors struggle mightily to position their solutions and figure out what to offer next in a market where there’s considerable product and service crossover.  In this article, a veteran order management specialist firm lays out its strategy for mixing deep-bench functional expertise with process consulting, analytics, and custom API development.
  • Will Telecoms Sink Under the Weight of their Bloated and Out-of-Control Product Stacks? interview with Simon Muderack — Telecoms pay daily for their lack of product integration as they constantly reinvent product wheels, lose customer intelligence, and waste time/money.  This article makes the case of an enterprise product catalog.  Drawing on central catalog cases at a few Tier 1 operators, the article explains the benefits: reducing billing and provisioning costs, promoting product reuse, and smoothing operations.
  • Virtual Operator Life: Enabling Multi-Level Resellers Through an Active Product Catalog interview with Rob Hill — The value of product distribution via virtual operators is immense.  They enable a carrier to sell to markets it cannot profitably serve directly.  Yet the need for greater reseller flexibility in the bundling and pricing of increasingly complex IP and cloud services is now a major channel barrier.  This article explains what’s behind an innovative product catalog solution that doubles as a service creation environment for resellers in multiple tiers.
  • Telecom Blocking & Tackling: Executing the Fundamentals of the Order-to-Bill Process interview with Ron Angner — Just as football teams need to be good at the basics of blocking and tackling, telecoms need to excel at their own fundamental skillset: the order-to-cash process.  In this article, a leading consulting firm explains its methodology for taking operators on the path towards order-to-cash excellence.  Issues discussed include: provisioning intervals; standardization and simplicity; the transition from legacy to improved process; and the major role that industry metrics play.
  • Wireline Act IV, Scene II: Packaging Network & SaaS Services Together to Serve SMBs by John Frame — As revenue from telephony services has steadily declined, fixed network operators have scrambled to support VoIP, enhanced IP services, and now cloud applications.  This shift has also brought challenges to the provisioning software vendors who support the operators.  In this interview, a leading supplier explains how it’s transforming from plain ol‘ OSS software provider to packager of on-net and SaaS solutions from an array of third party cloud providers.
  • Telecom Merger Juggling Act: How to Convert the Back Office and Keep Customers and Investors Happy at the Same Time interview with Curtis Mills — Billing and OSS conversions as the result of a merger are a risky activity as evidenced by famous cases at Fairpoint and Hawaiian Telcom.  This article offers advice on how to head off problems by monitoring key operations checkpoints, asking the right questions, and leading with a proven conversion methodology.
  • Is Order Management a Provisioning System or Your Best Salesperson? by John Konczal — Order management as a differentiator is a very new concept to many CSP people, but it’s become a very real sales booster in many industries.  Using electronics retailer BestBuy as an example, the article points to several innovations that can — and are — being applied by CSPs today.  The article concludes with 8 key questions an operator should ask to measure advanced order management progress.
  • NEC Takes the Telecom Cloud from PowerPoint to Live Customers interview with Shinya Kukita — In the cloud computing world, it’s a long road from technology success to telecom busness opportunity.  But this story about how NEC and Telefonica are partnering to offer cloud services to small and medium enterprises shows the experience of early cloud adoption.  Issues discussed in the article include: customer types, cloud application varieties, geographic region acceptance, and selling challenges.
  • Billing As Enabler for the Next Killer Business Model interview with Scott Swartz — Facebook, cloud services, and Google Ads are examples of innovative business models that demand unique or non-standard billing techniques.  The article shows how flexible, change-on-the-fly, and metadata-driven billing architectures are enabling CSPs to offer truly ground breaking services.
  • Real-Time Provisioning of SIM Cards: A Boon to GSM Operators interview with Simo Isomaki — Software-controlled SIM card configuration is revolutionizing the activation of GSM phones.  The article explains how dynamic SIM management decouples the selection of numbers/services and delivers new opportunities to market during the customer acquisition and intial provisoining phase.
  • A Cynic Converted: IN/Prepaid Platforms Are Now Pretty Cool interview with Grant Lenahan — Service delivery platforms born in the IN era are often painted as inflexible and expensive to maintain.  Learn how modern SDPs with protocol mediation, high availability, and flexible Service Creation Environments are delivering value for operators such as Brazil’s Oi.
  • Achieving Revenue Maximization in the Telecom Contact Center interview with Robert Lamb — Optimizing the contact center offers one of the greatest returns on investment for a CSP.  The director of AT&T’s contact center services business explains how telecoms can strike an “artful balance” between contact center investment and cost savings.  The discussion draws from AT&T’s consulting with world class customers like Ford, Dell, Discover Financial, DISH Network, and General Motors.
  • Mobile Broadband: The Customer Service Assurance Challenge interview with Michele Campriani — iPhone and Android traffic is surging but operators struggle with network congestion and dropping ARPUs.  The answer?  Direct  resources and service quality measures to ensure VIPs are indeed getting the quality they expect.  Using real-life examples that cut to the chase of technical complexities, this article explains the chief causes of service quality degradation and describes efficient ways to deal with the problem.
  • Telco-in-a-Box: Are Telecoms Back in the B/OSS Business? interview with Jim Dunlap — Most telecoms have long since folded their merchant B/OSS software/services businesses.  But now Cycle30, a subsidiary of Alaskan operator GCI, is offering a order-to-cash managed service for other operators and utilities.  The article discusses the company’s unique business model and contrasts it with billing service bureau and licensed software approaches.
  • Bricks, Mortar & Well-Trained Reps Make a Comeback in Customer Management interview with Scott Kohlman — Greater industry competition, service complexity, and employee turnover have raised the bar in the customer support.  Indeed, complex services are putting an emphasis on quality care interactions in the store, on the web, and through the call center.  In this article you’ll learn about innovations in CRM, multi-tabbed agent portals,  call center agent training, customer treatment philosophies, and the impact of  self-service.
  • 21st Century Order Management: The Cross-Channel Sales Conversation by John Konczal — Selling a mobile service is generally not a one-and-done transaction.  It often involves several interactions — across the web, call center, store, and even kiosks.  This article explains the power of a “cross-channel hub” which sits above all sales channels, interacts with them all, and allows a CSP to keep the sales conversation moving forward seamlessly.
  • Building a B/OSS Business Through Common Sense Customer Service by David West — Delivering customer service excellence doesn‘t require mastering some secret technique.  The premise of this article is that plain dealing with customers and employees is all that’s needed for a winning formula.  The argument is spelling out in a simple 4 step methodology along with some practical examples.