Email a colleague    

February 2015

Combating SIM Box Fraud: Network Protocol Analysis to the Revenue Rescue

Combating the SIM Box Fraud Threat: Network Protocol Analysis to the Revenue Rescue

International call bypass is one of telecom’s toughest fraud problems.

The fraud is primarily accomplished through SIM boxes equipped with dozens to hundreds of SIM cards that disguise international calls toward wireless operators as local subscribers making domestic phone calls.

These SIM boxes are causing major revenue damage to wireless operators in many countries.  Interestingly though, no one quite knows the actual volume and magnitude of the revenue lost from SIM boxes because detecting the bypass is an art, and not yet a science.  Compounding the problem, the fraudsters constantly develop new techniques to avoid detection.

Operators are not the only losers by the way.  Many countries impose a tax on telecom services, so the governments in those countries lose tax revenue when calls are illegally bypassed.

One of the innovators in the fight to curtail SIM box fraud is a U.S.-based company, LATRO Services.  Their company’s CEO, Lex Wilkinson, now joins us to give a backgrounder on SIM box detection techniques and tells us about LATRO’s new technology, Protocol Signature™ detection data analytics based on network protocol analysis that detects SIM boxes as they sign onto the network.

Dan Baker: Lex, what percent of the countries in the world experience this SIM box fraud?

Lex Wilkinson: It’s difficult to identify the exact percentage of countries, Dan, but I think that the percentage is very high.  A major misconception is that SIM box fraud happens in countries with very high termination rates, but based on our experience, we’ve seen it occurring even in countries where the rates wouldn‘t be considered very high.

The money-making opportunity for the fraudsters is the differential between the international termination rate and the local termination rate.  So even in countries where that is only a few cents, there’s still enough margin for fraudsters to make money.

The biggest hotbeds for SIM box fraud that we see are Africa, the Middle East, Central and South Asia, Latin America, the Caribbean, and Eastern Europe.

Gee, you didn‘t leave many continents out of the picture.  I’m curious: how do these fraudsters get into the business anyway?

For a fraudster to set up a profitable SIM box operation, the proper infrastructure needs to be there.  For instance, there needs to be reasonably good Internet service such as DSL, satellite, or fixed wireless like WiMAX.  We’re also finding that some of the wireless 3G and 4G data services deployed in the developing world are good enough to support termination of VoIP traffic to the SIM Boxes.  There also needs to be a plentiful supply of SIM cards because the fraudsters need to access a large volume of SIM cards on a regular basis.

We usually see fraud operations set up in urban areas within developing countries.  It’s rare — but not unheard of — to see SIM box operations in rural areas: broadband Internet connections and readily available supplies of SIM cards tend to be in the bigger cities.  Often times, access to the SIM cards in volume is made possible through dealer fraud.  A lot of countries require registration to get a SIM card, such that buyers need to show an ID in order to purchase a SIM.  In our experience.  However registration controls do little to stop SIM Boxes, but result in a criminal business around fake and stolen IDs used to acquire SIM cards.

Lex, I’m eager to learn about your new SIM box detection technology.

Well, I think the most effective way of explaining our solution is to review the evolution of SIM box detection solutions.  Let me walk you through the strengths and weaknesses of the two primary solutions used in the past 10+ years — test call generation (TCG) and fraud management systems (FMS).  Then I’ll discuss some of the advantages of what our new technology — Protocol Signature™, data analytics based on network protocol analysis — brings to the table.

SIM Box Detection Technologies

Test Call Generation (TCG) Systems

When the SIM box bypass problem was first identified in the late 2000’s, test call generation was the first detection technique that proved effective.  The idea behind test calls is to set up test phone numbers in your network and make calls to those test number from lots of different countries, through many different interconnect voice routes around the world.  In this way, you can find out where the grey routes are originating and the paths they use to reach SIM Boxes in your country.

Test Call Generation is all about probability.  The more routes and the more test calls you make, the higher the chances of finding SIM boxes.  Once you find routes that have a high volume of SIM box terminations, you can focus your call campaigns on those routes in order to maximize detections as much as possible.

Test Call Generation technology worked very successfully for many years.  Yet in the last two to three years we feel the effectiveness of that approach has dropped off significantly.  There are a few reasons for that.  First, the SIM boxers have figured out how to avoid detection by test calls.  For instance, they perform analysis on the voice call traffic coming toward their SIM boxes.  Based on usage patterns and other patterns, they can determine which calls are real subscriber calls and which are originating from a test call generation system.

Then they can either block the test calls and prevent them from reaching the SIM box to begin with, or reroute the calls to a legitimate route in order to avoid detection.

We’ve also heard cases of fraudsters allocating pools of their SIM Box cards to be sacrificed.  That is, they allow these allocated SIM cards to be detected in order to make the losing wireless operators feel like their controls are producing adequate results.  This is really only a diversion.  Meanwhile, other undetected SIM cards are driving the bypass revenue losses.

Bottom line: test calls are a technology and methodology that’s now well-understood by the fraudsters.  You still need it.  We don‘t recommend anyone stop using test calls.  Test calls do get some results and allow a wireless operator to profile their interconnect partners and understand who’s sending bypass traffic toward their networks.

Fraud Management Systems (FMS)

Another solution traditionally used to detect SIM boxes is the Fraud Management System (FMS), an enterprise wide data analysis platform that works well in detecting many different types of fraud.  In SIM box detection, the FMS uses Call Data Records (CDRs) to create usage-based analysis profiles that detect SIMs being used in SIM boxes versus those used in legitimate subscriber handsets.

FMS and similar CDR Analysis platforms have been effective in detecting SIM boxes, but in recent years, fraudsters have figured out ways to evade usage profile detection.  For instance, SIM Box manufacturers have developed something called HBS — Human Behavioral Simulation software — that allows the SIM boxer to simulate the behavior of real mobile subscriber behavior.  HBS techniques involve automating features on the SIM Box such as SMS messaging, self-calling, and international dialing in order to frustrate detection algorithms used by FMS and CDR analysis.

Now in both cases — test calls and the FMS — by nature of their methodology, the fraud has been committed by the time you detect it.  So you are already losing money before the detections occur.  This is a major limitation.

Data Analytics based on Network Protocol Analysis

At LATRO Services, we figured there must be a better way to attack this problem.  Our expertise and background is in mobile network architectures and systems: we know a lot about protocol signaling and systems integration of network elements within a wireless network.

So we developed algorithms that use information available within the network itself to help detect SIM box fraud.  In fact, we can detect SIM Boxes on the network at the moment they connect.  So as soon as the SIM box is powered up and the SIMs are inserted, we can do the detection regardless of usage analysis and test calls.

As a wireless operator, you’re never quite sure when a SIM box is going to turn on within your network.  You have to always be looking in real-time for the patterns in individual protocol messages of all the wireless devices on your network.  So we developed a technology that allows us to flag what we call the Protocol Signatures of SIM box devices vs. the devices a normal mobile subscriber uses.

Now the information we are processing and analyzing is based on signaling data that is not available in CDRs.  So we feel we are offering something unique to the market.  Something that test calls, FMS, and CDR Analysis cannot leverage.

Lex, this rundown of the different kinds of detection platforms is very valuable.  And I would love to hear the FMS and test call vendors chime, too, so I invite them to comment.  Where do you feel operators need to modify their methods of combating the SIM Box?

I think too many operators assume their current suite of tools is sufficient to detect and control the SIM box problem in their network.  Yes, they are getting some results, but my hunch is the results are not really mitigating the problem effectively.

Looking at this from a revenue perspective, if a wireless operator is doing a good job of stopping SIM boxes on its network, the volume of international traffic to that network should be increasing.  We know there should be a strong correlation here: if you do a good job at SIM box detection, yet your international call revenue is decreasing, there’s a disconnect somewhere.

In fact, many operators are frustrated by revenue declines and are looking for SIM Box control solutions that go beyond what’s available today.  And that’s where we are looking to add value.

For an effective mitigation strategy, you need to approach the problem from multiple angles.  For example, though SIM registration and distribution control is a good strategy, it needs to be complemented by other strategies.  We would never say our solution alone is a silver bullet.  But we do feel we have an innovative technology that strongly complements and even outperforms other solutions currently in use.  Clients that implement our solution as part of their overall bypass fraud control strategy, gain incremental revenue to their top lines.

Now I understand that recently some fraudsters have been arrested thanks to results from your platform.

If you scan Google under “SIM box arrests” you will find a few stories of SIM boxer arrests in countries like Senegal, Ghana, Haiti, and Morocco.

And yes, some of our clients have asked us to do investigation work.  Using our technology, we are able to physically locate SIM Box equipment within the wireless network.  Then in cooperation with our clients, we support local police to make arrests.  We use our analytics platform to calculate initial location estimates based on network data and tower locations, then we have RF-based equipment used in drive testing to pinpoint the exact location of the equipment via direction-finding techniques.

In cases where the fraud has been prosecuted and equipment confiscated, we’ve seen fraud operations with tens of thousands of SIM cards found on-site.  These are SIM cards that were blocked by control techniques like test calls and FMS.  So all the fraudsters do is throw away the blocked SIM cards and replace them with new ones in their SIM Box equipment.  Clearly, the fraudsters expect a large number of SIMs to be blocked and they know how to get their hands on more and more SIM cards.

The quicker you can detect and block, the higher the cost to the fraudster — in both money and potential jail time.

Lex, thanks for a timely briefing and advice in this important SIM box area.  And good luck in your quest to find better ways to combat this fraud.

Copyright 2015 Black Swan Telecom Journal

Lex Wilkinson

Lex Wilkinson

William “Lex” Wilkinson is the Chief Executive Officer of LATRO Services, Inc., a privately funded company based in Easton, PA.  He was a pioneer in fighting fraud during the cellular market explosion of the early 1990’s and was an original member/founder of the CTIA Fraud Task Force in 1991.  As a security consultant to industry associations and wireless operators around the world, Lex has seen first-hand the many ways fraud can affect organizations and cost millions in lost revenue.

Later as an executive with Rural Cellular Corporation, he participated in the sale and integration of RCC to Verizon Wireless where he remained until 2010.  Based on his years of experience in the industry and as a Tier 1 telecom executive, he created LATRO Services, a company that develops and implements next generation fraud analysis tools and managed services for wireless operators around the world.

Mr.  Wilkinson is a U.S.  Army Veteran, retired Police Detective and a graduate of DeSales University in Center Valley, Pennsylvania.  Today, LATRO Services operates in over twenty-five markets on four continents.   Contact Lex via

Black Swan Solution Guides & Papers

cSwans of a Feather

Related Articles

  • Tokopedia, Indonesia’s E-Commerce King, Partners with 11 Million Merchants; Adopts Multi-Cloud to Drive Innovation interview with Warren Aw & Ryan de Melo — Indonesia’s Tokopedia, founded in 2009, has grown to become one of world’s leading e-commerce players.  Read about its success, technology direction, and multi-cloud connectivity adoption.
  • Bridge Alliance: Knocking Down Regional & Mobile Connectivity Barriers so Connected Car Markets Get Rolling in Asia interview with Kwee Kchwee — The CEO of an Asian consortium of mobile operators explains how they  help simplify and harmonize their members‘ operations in support of multi-national corporations.  This integration is enabling two huge industries to come together in Asia: auto manufacturing and telco.
  • Epsilon’s Infiny NaaS Platform Brings Global Connection, Agility & Fast Provision for IoT, Clouds & Enterprises in Southeast Asia, China & Beyond interview with Warren Aw — Network as a Service, powered by Software Defined Networks, are a faster, more agile, and more partner-friendly way of making data global connections.  A leading NaaS provider explains the benefits for cloud apps, enterprise IT, and IoT.
  • PCCW Global: On Leveraging Global IoT Connectivity to Create Mission Critical Use Cases for Enterprises interview with Craig Price — A leading wholesale executive explains the business challenges of the current global IoT scene as it spans many spheres: technical, political, marketing, and enterprise customer value creation.
  • Senet’s Cloud & Shared Gateways Drive LoRaWAN IoT Adoption for Enterprise Businesses, Smart Cities & Telecoms interview with Bruce Chatterley — An IoT netowork pioneer explains how LoRaWAN tech fits in the larger IoT ecosystem.  He gives use case examples, describes deployment restraints/costs, and shows how partnering, gateway sharing, and flexible deployment options are stimulating growth.
  • ARM Data Center Software’s Cloud-Based Network Inventory Links Network, Operations, Billing, Sales & CRM to One Database interview with Joe McDermott & Frank McDermott — A firm offering a cloud-based network inventory system explains the virtues of: a single underlying database, flexible conversions, task-checking workflow, new software business models, views that identify stranded assets, and connecting to Microsoft’s cloud platform.
  • Pure Play NFV: Lessons Learned from Masergy’s Virtual Deployment for a Global Enterprise interview with Prayson Pate — NFV is just getting off the ground, but one cloud provider to enterprises making a stir in virtual technology waters is Masergy.  Here are lessons learned from Masergy’s recent global deployment using a NFV pure play software approach.
  • The Digital Enabler: A Charging, Self-Care & Marketing Platform at the Core of the Mobile Business interview with Jennifer Kyriakakis — The digital enabler is a central platform that ties together charging, self-care, and marketing.  The article explains why leading operators consider digital enablers pivotal to their digital strategies.
  • Delivering Service Assurance Excellence at a Reduced Operating Cost interview with Gregg Hara — The great diversity and complexity of today’s networks make service assurance a big challenge.  But advances in off-the-shelf software now permit the configuring and visualizing of services across multiple technologies on a modest operating budget.
  • Are Cloud-Based Call Centers the Next Hot Product for the SMB Market? interview with Doron Dovrat — Quality customer service can improve a company’s corporate identity and drive business growth.  But many SMBs are priced out of acquiring modern call center technology.  This article explains the benefits of affordable and flexible cloud-based call centers.
  • Flexing the OSS & Network to Support the Digital Ecosystem interview with Ken Dilbeck — The need for telecoms to support a broader digital ecosystem requires an enormous change to OSS infrastructures and the way networks are being managed.  This interview sheds light on these challenges.
  • Crossing the Rubicon: Is it Time for Tier Ones to Move to a Real-Time Analytics BSS? interview with Andy Tiller — Will tier one operators continue to maintain their quilt works of legacy and adjunct platforms — or will they radically transform their BSS architecture into a new  system designed to address the new telecom era?  An advocate for radical transformation discusses: real-time analytics, billing for enterprises, partnering mashups, and on-going transformation work at Telenor.
  • Paradigm Shift in OSS Software: Network Topology Views via Enterprise-Search interview with Benedict Enweani — Enterprise-search is a wildly successful technology on the web, yet its influence has not yet rippled to the IT main stream.  But now a large Middle Eastern operator has deployed a major service assurance application using enterprise-search.  The interview discusses this multi-dimensional topology solution and compares it to traditional network inventory.
  • The Multi-Vendor MPLS: Enabling Tier 2 and 3 Telecoms to Offer World-Class Networks to SMBs interview with Prabhu Ramachandran — MPLS is a networking technology that has caught fire in the last decade.  Yet the complexity of MPLS has relegated to being mostly a large carrier solution.  Now a developer of a multi-vendor MPLS solutions explains why the next wave of MPLS adoption will come from tier 2/3 carriers supporting SMB customers.
  • Enabling Telecoms & Utilities to Adapt to the Winds of Business Change interview with Kirill Rechter — Billing is in the midst of momentous change.  Its value is no longer just around delivering multi-play services or sophisticated rating.  In this article you’ll learn how a billing/CRM supplier has adapted to the times by offering deeper value around the larger business issues of its telecom and utility clients.
  • Driving Customer Care Results & Cost Savings from Big Data Facts interview with Brian Jurutka — Mobile broadband and today’s dizzying array of app and network technology present a big challenge to customer care.  In fact, care agents have a hard time staying one step ahead of customers who call to report problems.  But network analytics comes to the rescue with advanced mobile handset troubleshooting and an ability to put greater intelligence at the fingertips of highly trained reps.
  • Hadoop and M2M Meet Device and Network Management Systems interview with Eric Wegner — Telecom big-data in networks is more than customer experience managment: it’s also about M2M plus network and element management systems.  This interview discusses the explosion in machine-to-machine devices, the virtues and drawbacks of Hadoop, and the network impact of shrink-wrapped search.
  • The Data Center & Cloud Infrastructure Boom: Is Your Sales/Engineering Team Equipped to Win? by Dan Baker — The build-out of enterprise clouds and data centers is a golden opportunity for systems integrators, carriers, and cloud providers.  But the firms who win this business will have sales and engineering teams who can drive an effective and streamlined requirements-to-design-to-order process.  This white paper points to a solution — a collaborative solution designs system — and explains 8 key capabilities of an ideal platform.
  • Big Data: Is it Ready for Prime Time in Customer Experience Management? interview with Thomas Sutter — Customer experience management is one of the most challenging of OSS domains and some suppliers are touting “big data” solutions as the silver bullet for CEM upgrades and consolidation.  This interview challenges the readiness of big data soluions to tackle OSS issues and deliver the cost savings.  The article also provides advice on managing technology risks, software vendor partnering, and the strategies of different OSS suppliers.
  • Calculated Risk: The Race to Deliver the Next Generation of LTE Service Management interview with Edoardo Rizzi — LTE and the emerging heterogeneous networks are likely to shake up the service management and customer experience management worlds.  Learn about the many new network management challenges LTE presents, and how a small OSS software firm aims to beat the big established players to market with a bold new technology and strategy.
  • Decom Dilemma: Why Tearing Down Networks is Often Harder than Deploying Them interview with Dan Hays — For every new 4G LTE and IP-based infrastructure deployed, there typically a legacy network that’s been rendered obsolete and needs to be decommissioned.  This article takes you through the many complexities of network decom, such as facilities planning, site lease terminations, green-safe equipment disposal, and tax relief programs.
  • Migration Success or Migraine Headache: Why Upfront Planning is Key to Network Decom interview with Ron Angner — Shutting down old networks and migrating customers to new ones is among the most challenging activities a network operators does today.  This article provides advice on the many network issues surrounding migration and decommissioning.  Topics discussed include inventory reconciliation, LEC/CLEC coordination, and protection of customers in the midst of projects that require great program management skills.
  • Navigating the Telecom Solutions Wilderness: Advice from Some Veteran Mountaineers interview with Al Brisard — Telecom solutions vendors struggle mightily to position their solutions and figure out what to offer next in a market where there’s considerable product and service crossover.  In this article, a veteran order management specialist firm lays out its strategy for mixing deep-bench functional expertise with process consulting, analytics, and custom API development.
  • Will Telecoms Sink Under the Weight of their Bloated and Out-of-Control Product Stacks? interview with Simon Muderack — Telecoms pay daily for their lack of product integration as they constantly reinvent product wheels, lose customer intelligence, and waste time/money.  This article makes the case of an enterprise product catalog.  Drawing on central catalog cases at a few Tier 1 operators, the article explains the benefits: reducing billing and provisioning costs, promoting product reuse, and smoothing operations.
  • Virtual Operator Life: Enabling Multi-Level Resellers Through an Active Product Catalog interview with Rob Hill — The value of product distribution via virtual operators is immense.  They enable a carrier to sell to markets it cannot profitably serve directly.  Yet the need for greater reseller flexibility in the bundling and pricing of increasingly complex IP and cloud services is now a major channel barrier.  This article explains what’s behind an innovative product catalog solution that doubles as a service creation environment for resellers in multiple tiers.
  • Telecom Blocking & Tackling: Executing the Fundamentals of the Order-to-Bill Process interview with Ron Angner — Just as football teams need to be good at the basics of blocking and tackling, telecoms need to excel at their own fundamental skillset: the order-to-cash process.  In this article, a leading consulting firm explains its methodology for taking operators on the path towards order-to-cash excellence.  Issues discussed include: provisioning intervals; standardization and simplicity; the transition from legacy to improved process; and the major role that industry metrics play.
  • Wireline Act IV, Scene II: Packaging Network & SaaS Services Together to Serve SMBs by John Frame — As revenue from telephony services has steadily declined, fixed network operators have scrambled to support VoIP, enhanced IP services, and now cloud applications.  This shift has also brought challenges to the provisioning software vendors who support the operators.  In this interview, a leading supplier explains how it’s transforming from plain ol‘ OSS software provider to packager of on-net and SaaS solutions from an array of third party cloud providers.
  • Telecom Merger Juggling Act: How to Convert the Back Office and Keep Customers and Investors Happy at the Same Time interview with Curtis Mills — Billing and OSS conversions as the result of a merger are a risky activity as evidenced by famous cases at Fairpoint and Hawaiian Telcom.  This article offers advice on how to head off problems by monitoring key operations checkpoints, asking the right questions, and leading with a proven conversion methodology.
  • Is Order Management a Provisioning System or Your Best Salesperson? by John Konczal — Order management as a differentiator is a very new concept to many CSP people, but it’s become a very real sales booster in many industries.  Using electronics retailer BestBuy as an example, the article points to several innovations that can — and are — being applied by CSPs today.  The article concludes with 8 key questions an operator should ask to measure advanced order management progress.
  • NEC Takes the Telecom Cloud from PowerPoint to Live Customers interview with Shinya Kukita — In the cloud computing world, it’s a long road from technology success to telecom busness opportunity.  But this story about how NEC and Telefonica are partnering to offer cloud services to small and medium enterprises shows the experience of early cloud adoption.  Issues discussed in the article include: customer types, cloud application varieties, geographic region acceptance, and selling challenges.
  • Billing As Enabler for the Next Killer Business Model interview with Scott Swartz — Facebook, cloud services, and Google Ads are examples of innovative business models that demand unique or non-standard billing techniques.  The article shows how flexible, change-on-the-fly, and metadata-driven billing architectures are enabling CSPs to offer truly ground breaking services.
  • Real-Time Provisioning of SIM Cards: A Boon to GSM Operators interview with Simo Isomaki — Software-controlled SIM card configuration is revolutionizing the activation of GSM phones.  The article explains how dynamic SIM management decouples the selection of numbers/services and delivers new opportunities to market during the customer acquisition and intial provisoining phase.
  • A Cynic Converted: IN/Prepaid Platforms Are Now Pretty Cool interview with Grant Lenahan — Service delivery platforms born in the IN era are often painted as inflexible and expensive to maintain.  Learn how modern SDPs with protocol mediation, high availability, and flexible Service Creation Environments are delivering value for operators such as Brazil’s Oi.
  • Achieving Revenue Maximization in the Telecom Contact Center interview with Robert Lamb — Optimizing the contact center offers one of the greatest returns on investment for a CSP.  The director of AT&T’s contact center services business explains how telecoms can strike an “artful balance” between contact center investment and cost savings.  The discussion draws from AT&T’s consulting with world class customers like Ford, Dell, Discover Financial, DISH Network, and General Motors.
  • Mobile Broadband: The Customer Service Assurance Challenge interview with Michele Campriani — iPhone and Android traffic is surging but operators struggle with network congestion and dropping ARPUs.  The answer?  Direct  resources and service quality measures to ensure VIPs are indeed getting the quality they expect.  Using real-life examples that cut to the chase of technical complexities, this article explains the chief causes of service quality degradation and describes efficient ways to deal with the problem.
  • Telco-in-a-Box: Are Telecoms Back in the B/OSS Business? interview with Jim Dunlap — Most telecoms have long since folded their merchant B/OSS software/services businesses.  But now Cycle30, a subsidiary of Alaskan operator GCI, is offering a order-to-cash managed service for other operators and utilities.  The article discusses the company’s unique business model and contrasts it with billing service bureau and licensed software approaches.
  • Bricks, Mortar & Well-Trained Reps Make a Comeback in Customer Management interview with Scott Kohlman — Greater industry competition, service complexity, and employee turnover have raised the bar in the customer support.  Indeed, complex services are putting an emphasis on quality care interactions in the store, on the web, and through the call center.  In this article you’ll learn about innovations in CRM, multi-tabbed agent portals,  call center agent training, customer treatment philosophies, and the impact of  self-service.
  • 21st Century Order Management: The Cross-Channel Sales Conversation by John Konczal — Selling a mobile service is generally not a one-and-done transaction.  It often involves several interactions — across the web, call center, store, and even kiosks.  This article explains the power of a “cross-channel hub” which sits above all sales channels, interacts with them all, and allows a CSP to keep the sales conversation moving forward seamlessly.
  • Building a B/OSS Business Through Common Sense Customer Service by David West — Delivering customer service excellence doesn‘t require mastering some secret technique.  The premise of this article is that plain dealing with customers and employees is all that’s needed for a winning formula.  The argument is spelling out in a simple 4 step methodology along with some practical examples.