Email a colleague    

July 2013

Recruiting Smartphone Users as Partners in Telecom Fraud & Security Control

Recruiting Smartphone Users as Partners in Telecom Fraud & Security Control

Crowd sourcing is an awesome tool for gathering intelligence.  The most striking example for me is Wikipedia, the most popular website in the world and a site whose content is written by a crowd of global researchers who receive no compensation other than the bragging rights of being on the Wikipedia team.

Well, now I’m pleased to say that crowd sourcing is coming to telecom fraud and security management through a cVidya mobile app for the Android called FraudView CyberHub.

The purpose of the app is to detect, block, and report premium rate fraud numbers and spyware -- often the result of malware and malicious app infection of the mobile device.  The crowd intelligence is supplied by the mobile users themselves who report actual and suspected malicious numbers and apps.  Their reports are going to a cloud based server in which automatic algorithms backed up by our experts analyse it and distribute the info to all FraudView CyberHub users, wherever they may be on the globe.

We’ve completed most of the research needed to launch it and judging by the feedback we got at the TM Forum event where we announced it, lots of operators are intrigued with the idea including the two sponsors of the Catalyst: AT&T and Telstra.

What Threats is the Mobile App Aimed at?

We are targeting two main threats: Premium Rate Service (PRS) and spyware.  In many cases, the attacker uses malware to take control of the device to either automatically generate phone calls, SMSs and even data sessions to high cost (premium) phone numbers.  Likewise, spyware will communicate to cloud servers that the criminals use to gather intelligence, steal ID numbers / passwords, and the like.

While CyberHub does not prevent the PRS or spyware infection, it will provide early warning of trouble and help security and fraud professional track down malware / PRS criminals.

According to the CFCA, PRS (also known as International Revenue Share Fraud) is the third largest fraud loss category for telecoms after PBX and subscription fraud.  In PRS, the money comes from terminating phone calls to those premium priced numbers.  A couple parties usually team up on the scheme and share the revenue.  One party drives the traffic and inflates it; the other collects the money.  Each operator who routed the call passes the premium charge to the previous operator in the chain.  The operator who eventually takes the revenue hit is the one whose network initiated the call.

Bottom line with PRS: it’s the volume that matters.  The trick is to push as many calls, as much traffic volume as they possibly can -- and do so before the operators catch on to the con game.

Getting timely updates on the blacklisted numbers is critical to stop the bleeding.  International associations like the GSMA, CFCA and TM Forum help with standards, but carriers are largely left to their own devices to stop the fraud from occurring through fraud management software.

But there’s another issue, too: operators feel the pain when lots of customers call to complain about fraud charges.  Higher call center costs are one issue, then there’s the sheer hassle and time it takes to sort out the issue and make good by the customer.  The operator is always perceived as liable in such issues, despite the fact he has nothing to do with it.

How the Solution will be Deployed

Readers will see parallels to the way crowd sourcing is used in the cyber security world.  A very familiar one is where Microsoft anonymously collects data on PC-resident malware so it can develop and send security patches for Windows.

cVidya is discussing two deployment models.  The first one is a telco-centric model where the operator enables, distributes, and charges for the mobile app.  And in the second model cVidya takes the lead and interacts directly with the mobile users.

Behind the scenes, we maintain the hot-listed numbers that the mobile devices access in a cloud-based server we call CyberHub.  Users with the Fraud CyberHub app on their mobile devices simply report any number /app they suspect or know to be malicious.  Once that number is uploaded, cVidya algorithms on the server automatically analyze the suspicious number.  Meanwhile cVidya experts are standing by to validate results and continuously enhance the model and algorithms.  Then we update the global blacklist so it can be downloaded to all the mobile app users through a push-like service.

Now it’s obviously important to screen the numbers going into that blacklist.  For instance, a business might try to block all calls to its competitors.  Or two people get into an argument and one them tries to block all personal calls to the other guy to get revenge.

The prototype we demoed it at the TM Forum Catalyst is real simple to use: just type in the number, press a button, and the malicious number is saved as hot listed and pushed into the cloud.

The application works in the background.  When the user dials a number, receives a call, and receives/ sends an SMS, the app bounces the address against the hot list and either blocks the traffic or warns the user about the danger.

In a single click, the mobile user can also selects how often they want the updated hot lists downloaded to their phone -- monthly, weekly, daily, whatever.  The user can also maintain his own private list of numbers of incoming or out coming calls or SMSs that he wants to block.

What’s the Benefit for Mobile Users

In the past two years, the industry has seen a dramatic increase in mobile user complaining about malicious apps.  Often the mobile phone is hijacked and starts dialling premium rate numbers on its own without the user’s knowledge.

The mobile app we’ve developed is designed to shut down all know PRS activity for the community of app users.  The app works in the background: when the user dials a number, receives a call, and receives/send an SMS, the application analyses it and if there is something suspicious it blocks/warns about it

Now the user can fully opt out of reporting their malicious numbers and apps to us.  That’s their choice.  They still get the blacklist protection whether they help us or not.  Each user’s contribution enriches our data, but the blacklist will be maintained with or without them.

While it’s true that the user usually doesn‘t have to pay the premium fee because the operator removes the fraudulent charges or at least share the cost, dealing with PRS it’s often a big inconvenience for the user.  So that’s certainly one key incentive for the mobile user helping us: they save themselves some trouble.

When the bill arrives or the user checks his balance, that’s when the bill shock hit as they read the huge charges for unknown calls, say, to a small island in the South Pacific.

Future versions of CyberHub will serve an enterprise’s need to protect the BYOD devices of their employees.


Our industry statistics over the past 2 years points to Premium Rate Share (PRS) fraud as the most common malware reported by mobile users.  Crowd sourcing shows promise as a way to gain greater control over the problem.  The mobile users essentially become fraud and security management partners to the service provider.

Copyright 2013 Black Swan Telecom Journal

Tal Eisner

Tal Eisner

Tal Eisner, Senior Director Product Strategy as cVidya Networks, has been active in the telecom arena for over a decade in several fraud management roles.

Tal started as a fraud prevention team leader at Cellcom, the largest mobile carrier in Israel, then served as Director of global consultancy services atCtel Ltd.  In 2008 Tal became Fraud Prevention Department Manager for Partner Communications Ltd (Orange Israel) until mid 2010.

At cVidya he manages fraud management products, strategy, road map and developments.  Tal is a graduate of the Tel Aviv University and earned his BA in political science.   Contact Tal via

Black Swan Solution Guides & Papers

cSwans of a Feather

  • Deep Fraud Investigations: Mavenir and the Role of Machine Learning in IRSF Control interview with Ilia Abramov & Marie Casey — Machine Learning-based fraud protection promises an answer to blocking fraud with precision, especially in roaming and nextgen mobile networks.  An ML champion discusses unusual and interesting fraud schemes uncovered by deep investigations.
  • Safety in Numbers and NRTRDE: Syniverse’s Strategy to Constantly Enrich Its Mobile Fraud Intelligence interview with James Stewart — A discussion on NRTRDE, the Near Real Time Roaming Data Exchange, the complexity of the roaming settlement process, and the fraud challenges mobile operators face as their subscribers roam.
  • Global Interconnect Specialist iconectiv Ramps up its Fraud & Identity Solutions in Bypass & A2P Messaging interview with Bojan Andelkovic — Today’s IRSF, SIM Box, and SMS A2P frauds call for coordinated and broadly conceived FM programs.  A leading interconnect specialist explains the benefits of its managed services approach.
  • A Real-Time Packet-Based Solution to Detect & Block any Hijacked OTT Call interview with Paul David & Andy Gent — Two veterans of the SIM Box call bypass wars describe a new solution for stopping OTT bypass.  Get vital intel on the call hijacking of VIBER and other OTTs.  Learn why the revenue threat to roaming is as serious as it is to international calls.
  • Protecting the Roaming Cash Cow: Using a Global Test Network for LTE Deployments & Beyond interview with Florian Leeder — International is a premium service that operators must ensure the roaming business is reliable and optimized.  This article makes the case for a global roaming test service.  It explains the problems operators face in contracting with roaming partners, maintaining quality, and rolling out LTE.
  • Recruiting Smartphone Users as Partners in Telecom Fraud & Security Control by Tal Eisner — Premium Rate Service (PRS) fraud and spyware on a mobile phone can ruin an operator’s relationship with a  subscriber.  The attacker uses malware to automatically generate phone calls, SMSs and data sessions to high cost (premium) phone numbers.  This article discusses a new crowd sourcing mobile app that addresses the problem and helps operators better manage the threat.
  • Roaming — if Managed Correctly --  Can Be a Spark to Revenues by Brian Silvestri — Major analyst firms are predicting that roaming revenues will almost double in five years.  What’s more, roaming remains at the pivot point of Wireless Carrier strategy.  Drawing lessons from the incredible rise of AT&T’s Digital One Rate Plan, this article points to future challengtes and raises key  questions about how mobile operators will ultimately come to terms with smartphone market profitability, service quality, and data roaming.
  • International Revenue Share Fraud: Are We Winning the Battle Against Telecom Pirates? interview with Colin Yates — International Revenue Share Fraud (IRSF) is one of the telecom industry’s most enduring problems.  Yet many of us have only a foggy notion of how IRSF works and how operators around the globe are coping with the issue. This interview covers the bases: the origins of IRSF, typical fraud scenarios, efforts to get international cooperation on the issue, and the future outlook of IRSF.
  • Roaming Fraud: The Importance of Real-Time Data Exchange and Analysis interview with James Stewart — The Near Real Time Roaming Data Exchange (NRTRDE) is a GSM standard allowing operators to gain fast access to the roaming records of service providers half way around the world.  The article explains how 65 carriers are using this data to combat fraud through a service bureau.  Learn about the dangers of international roaming fraud and the value a roaming service bureau brings to the table.

Related Articles