Email a colleague    

May 2015

Integrated Test Call & CDR Analysis: A New Tool in the Fight Against SIM Box & OTT Bypass Fraud

Integrated Test Call & CDR Analysis: A New Tool in the Fight Against SIM Box & OTT Bypass Fraud

In our highly networked world, passive sensors are everywhere.  And once the Internet of Things takes off, the number of sensors will probably multiply a hundred fold.

But in the area of fraud detection, we are beginning to see the limits of pure passive signature analysis.  While the CDR analysis in Fraud Management Systems (FMS) is great for detecting IRSF and other frauds, it’s relatively weak at false answer supervision fraud and advanced SIM Box bypass.  Why?  Well, the fraudsters have gotten better at flying below the statistical bell curves.

This is precisely why active probing and testing of very specific interconnection routes, such as those with a bad history — has proven to be such an invaluable aid in locating and blocking SIM boxes that an FMS may take hours to detect.

But Kenneth Mouton, Fraud Business Unit Manager at SIGOS has a better idea.  He asks: “Why not combine the virtues of FMS CDR analysis and test call generators to create a single integrated tool?” In that way, he reasons, maybe the anti-fraud solution’s value would increase, as in 1 + 1 = 3.

Well, Kenneth is here to give us some background on that intriguing idea.  What’s more, he provides a nice tutorial on the use of test calls in the SIM box fight and explains an altogether new threat: OTT bypass through mobile services such as VIBER.

Dan Baker: Kenneth, the origins of your anti-SIM box fraud business at SIGOS are interesting.  Can you explain a bit of your company’s history?

Kenneth Mouton: Dan, for 8 years I worked for Meucci Solutions, a test call generation firm, who was acquired by SIGOS in early 2014.  Now Meucci focused in SIM Box fraud detection, serving 85 customers in that space.  Meanwhile, SIGOS is a much larger test call generation firm providing mostly quality of service and roaming testing for about 400 mobile operators worldwide.

Bottom line, this merger turns out to be a remarkable fit.  In fact, when you add the anti-SIM box customers SIGOS had, we now serve about 120 operators worldwide there.  But best of all, the fraud team can now tap into the R&D resources of SIGOS, who has no less than 50 people doing product research.

Being involved in the fight to stop SIM Box fraud for so many years, I’m curious to hear your assessment of the damage this fraud causes operators around the world.

Well, the biggest concern, of course, is lost revenue.  The CFCA recently estimated the annual global revenue loss was about $2 billion.

Yet SIM box fraud also creates a lot of quality issues.  People experience more delay, echoes, and noise on the line.  And these quality issues, in turn, cause people to make shorter duration calls.

More dropped calls are experienced, too, because the prepaid balance often runs out on the SIM card.  And because the telephone number is not visible on the phone, you’re not sure who is sending you a call.

A typical SIM Box has 32 modems and antennas and makes calls continuously, so it also causes congestion problems, prompting the operator to invest in new antennas and cell towers in the region.

Ten years ago in the UK, the market was flooded with SIM boxes and we helped eradicate the problem there.  All of the major UK operators were customers of ours, and when the SIM boxes were stopped, many of them admitted to us that they now had pockets of massive over-capacity in their networks.

So when you add it all up, SIM box fraud causes a lot more damage than you would normally suppose.

How do test calls do their work in stopping bypass fraud?  And how do you differentiate your solution from what your test call competitors offer?

Certainly one of the biggest advantages of test calls is their speed.  SIM boxes can be profitable very fast.  Within 60 minutes or less they are making a profit.  So even if your FMS finds thousands of SIM boxes after three hours, that detection effort has little effect because the fraudsters will just replace the SIM cards.

However, test calls give you the ability to find the SIM boxes very fast and with 100% certainty, so you can deactivate them automatically.

The real secret of our success in SIM box detection is our network: we have the largest network of test call equipment in the world.  In fact, we have a presence in every country with the exception of the five on the US embargo list.

Sometimes when you detect SIM boxes, it’s very local.  For example, SIM box fraud in Bolivia is mostly coming from Peru.  So it’s key to be able to make calls from Peru: global flexibility and resources can make a big difference.

Test Call Generation for Bypass

Now when I say test call “network”, I’m also referring to our non-automated network of people on the street.  Let me explain.

Mobile-to-mobile calling is mostly good quality.  Where the fraud is usually found is on the low quality routes, and that’s why we specialize in testing those low quality routes.

In countries like the United States where you have a high population of immigrant people, a lot of those folks want to call home to their relatives and friends.  But to save money, they don’t call using a mobile or fixed line.  They generally use cheap calling cards or “scratch cards” as they are called.  You find them sold everywhere — in vending machines, supermarkets, and convenience stores.

Those calling cards are a key source of bypass.  And how can these cards be sold at budget prices with lots of minutes?  It’s because behind it all are cheap and fraudulent routing: the calling cards are connected to carriers who use SIM boxes to terminate their traffic.

In fact, we have people in certain countries who do nothing else but buy calling cards on the street to bring back so we can run test calls through.  So a wide logistics chain is required for finding fraudulent routes.  And if you want an effective program to detect SIM box fraud, it’s essential to have that network of people.

One of the challenges of using test calls is they are an active detection mechanism.  So how do you prevent the fraudsters from detecting you?

Yes, these days, we have to be very careful to use our test equipment wisely.  And to be honest, we used to do things like make hundreds or thousands of calls all over the world with just one SIM card.  But that pattern is very suspicious call behavior.

So in the last 10 years we have invested in counter-measures to avoid being detected.  So when we make test calls today we never do a test call with the same telephone number.  And we make sure our calls are made using random durations.  You also have to make sure the calls don’t start exactly on the minute.  There are many, many techniques, and of course, most of them are confidential.

Now we also have the means to determine if we are in fact detected.  For example, we use a shadow network that involves using different SIM cards and we compare results.  So this really is a cat and mouse game.

The fraudsters continue to improve their game.  In fact, as they step up their attacks using the latest SIM server technology, it looks like SIM box fraud has become more formidable to detect than ever.

Dan, while we firmly believe test call generation is still the most mature method of detecting SIM box bypass, we also feel you need a cocktail of medicines to cure your disease: one medicine is not enough.

For example, an operator should be able to extrapolate from our test call results with their FMS system or their own CDR profiling.  We advise them to take the data we provide them on the SIMs we detect and find similar SIM cards with the same behaviors or those calling from the same antenna.

But unfortunately, many operators don’t execute on our advice or execute on it poorly — for various reasons.  Maybe the operator only has 3 or 4 people trained in SIM box fraud, and they have many other fraud types they are concerned about.

So companies like FraudBuster and Mobius saw a market need to deliver dedicated CDR profiling for SIM box detection.  And we also saw that need and have invested heavily in it and are just rolling out such a solution.

This is very exciting for us because we are now the first solution company combining CDR profiling and test calls.  And the solution is fully integrated.  The same person doing the test calls is doing the CDR profiling.  We also incorporate a shared service center so our customers get the benefit of sharing intelligence with each other.

In a recent trial of the solution, we increased an operator’s traffic by 40%.  So we created millions of additional Euros in revenue for them each month.

Scanning your website, I noticed you have a solution for a kind of bypass I was not familiar with: OTT bypass.  What’s that all about?

OTT bypass is a brand new kind of bypass that requires no SIM boxes at all.  Basically the fraudulent interconnect carriers are terminating on mobile phones that have VIBER, an application like Skype that has a large following in Africa and Asia.

Let’s say I’m going to call you mobile-to-mobile.  The carriers have the capability to pass the traffic to VIBER.  VIBER will check if you have an account or not with them.  And if VIBER is running on your mobile phone, they will terminate the call on the VIBER application and in that way the interconnect carrier avoids paying the normal, legal termination rates.

Gee, I use Skype quite a bit.  Can the OTT bypassers commit fraud through Skype?

Actually, no.  Skype uses its own unique user names: it’s not associated with a mobile number.  The difference is that VIBER uses your telephone number to take incoming VIBER calls.  Just like WhatsApp.

So instead of terminating on the voice network, and paying termination rates to the mobile operator, it will go to my data connection through WiFi or GPRS.  And when that’s done, if the mobile operator normally gets 10 cents a minute to terminate, they get zero revenue.

So this is a new form of bypass and has only existed for a few months, and yet we have a solution for this.  It’s now a big deal in many countries.  Even in places like Belgium — which has no SIM boxes — VIBER bypass is happening.

What we do is make test calls to smartphones controlled by our machines.  And we simply measure: is the call coming in on the regular connection or through the VIBER application.  It’s fully automated — we take care of set-up, testing, analysis and reporting.  There’s very high demand for this kind of solution and we are the first to market one, so it’s quite exciting.

Kenneth, thanks for this fine briefing.  The fraudsters are innovative and clever.  So we’re fortunate to have solution vendors like SIGOS who are focused on bypass issues and are keen to make the right R&D investments.

Copyright 2015 Black Swan Telecom Journal

Kenneth Mouton

Kenneth Mouton

Kenneth Mouton is head of the Revenue Assurance & Fraud Management business unit at SIGOS, operating out of  Ghent/Belgium.

Previously he served as Head of Customer Service Delivery Interconnect & Fraud joining Meucci Solutions in 2007 and was also commercially responsible for the African and Middle-East Sales accounts.  Earlier he worked at Fortis Bank and Belgacom International Carrier Services.

Kenneth holds an Engineering degree in Computer Science and a Master’s degree in Conflict & Development.  He also received an Executive MBA graduating from Vlerick Business School.   Contact Kenneth via

Black Swan Solution Guides & Papers

cSwans of a Feather

Related Articles

  • Tokopedia, Indonesia’s E-Commerce King, Partners with 11 Million Merchants; Adopts Multi-Cloud to Drive Innovation interview with Warren Aw & Ryan de Melo — Indonesia’s Tokopedia, founded in 2009, has grown to become one of world’s leading e-commerce players.  Read about its success, technology direction, and multi-cloud connectivity adoption.
  • Bridge Alliance: Knocking Down Regional & Mobile Connectivity Barriers so Connected Car Markets Get Rolling in Asia interview with Kwee Kchwee — The CEO of an Asian consortium of mobile operators explains how they  help simplify and harmonize their members‘ operations in support of multi-national corporations.  This integration is enabling two huge industries to come together in Asia: auto manufacturing and telco.
  • Epsilon’s Infiny NaaS Platform Brings Global Connection, Agility & Fast Provision for IoT, Clouds & Enterprises in Southeast Asia, China & Beyond interview with Warren Aw — Network as a Service, powered by Software Defined Networks, are a faster, more agile, and more partner-friendly way of making data global connections.  A leading NaaS provider explains the benefits for cloud apps, enterprise IT, and IoT.
  • PCCW Global: On Leveraging Global IoT Connectivity to Create Mission Critical Use Cases for Enterprises interview with Craig Price — A leading wholesale executive explains the business challenges of the current global IoT scene as it spans many spheres: technical, political, marketing, and enterprise customer value creation.
  • Senet’s Cloud & Shared Gateways Drive LoRaWAN IoT Adoption for Enterprise Businesses, Smart Cities & Telecoms interview with Bruce Chatterley — An IoT netowork pioneer explains how LoRaWAN tech fits in the larger IoT ecosystem.  He gives use case examples, describes deployment restraints/costs, and shows how partnering, gateway sharing, and flexible deployment options are stimulating growth.
  • ARM Data Center Software’s Cloud-Based Network Inventory Links Network, Operations, Billing, Sales & CRM to One Database interview with Joe McDermott & Frank McDermott — A firm offering a cloud-based network inventory system explains the virtues of: a single underlying database, flexible conversions, task-checking workflow, new software business models, views that identify stranded assets, and connecting to Microsoft’s cloud platform.
  • Pure Play NFV: Lessons Learned from Masergy’s Virtual Deployment for a Global Enterprise interview with Prayson Pate — NFV is just getting off the ground, but one cloud provider to enterprises making a stir in virtual technology waters is Masergy.  Here are lessons learned from Masergy’s recent global deployment using a NFV pure play software approach.
  • The Digital Enabler: A Charging, Self-Care & Marketing Platform at the Core of the Mobile Business interview with Jennifer Kyriakakis — The digital enabler is a central platform that ties together charging, self-care, and marketing.  The article explains why leading operators consider digital enablers pivotal to their digital strategies.
  • Delivering Service Assurance Excellence at a Reduced Operating Cost interview with Gregg Hara — The great diversity and complexity of today’s networks make service assurance a big challenge.  But advances in off-the-shelf software now permit the configuring and visualizing of services across multiple technologies on a modest operating budget.
  • Are Cloud-Based Call Centers the Next Hot Product for the SMB Market? interview with Doron Dovrat — Quality customer service can improve a company’s corporate identity and drive business growth.  But many SMBs are priced out of acquiring modern call center technology.  This article explains the benefits of affordable and flexible cloud-based call centers.
  • Flexing the OSS & Network to Support the Digital Ecosystem interview with Ken Dilbeck — The need for telecoms to support a broader digital ecosystem requires an enormous change to OSS infrastructures and the way networks are being managed.  This interview sheds light on these challenges.
  • Crossing the Rubicon: Is it Time for Tier Ones to Move to a Real-Time Analytics BSS? interview with Andy Tiller — Will tier one operators continue to maintain their quilt works of legacy and adjunct platforms — or will they radically transform their BSS architecture into a new  system designed to address the new telecom era?  An advocate for radical transformation discusses: real-time analytics, billing for enterprises, partnering mashups, and on-going transformation work at Telenor.
  • Paradigm Shift in OSS Software: Network Topology Views via Enterprise-Search interview with Benedict Enweani — Enterprise-search is a wildly successful technology on the web, yet its influence has not yet rippled to the IT main stream.  But now a large Middle Eastern operator has deployed a major service assurance application using enterprise-search.  The interview discusses this multi-dimensional topology solution and compares it to traditional network inventory.
  • The Multi-Vendor MPLS: Enabling Tier 2 and 3 Telecoms to Offer World-Class Networks to SMBs interview with Prabhu Ramachandran — MPLS is a networking technology that has caught fire in the last decade.  Yet the complexity of MPLS has relegated to being mostly a large carrier solution.  Now a developer of a multi-vendor MPLS solutions explains why the next wave of MPLS adoption will come from tier 2/3 carriers supporting SMB customers.
  • Enabling Telecoms & Utilities to Adapt to the Winds of Business Change interview with Kirill Rechter — Billing is in the midst of momentous change.  Its value is no longer just around delivering multi-play services or sophisticated rating.  In this article you’ll learn how a billing/CRM supplier has adapted to the times by offering deeper value around the larger business issues of its telecom and utility clients.
  • Driving Customer Care Results & Cost Savings from Big Data Facts interview with Brian Jurutka — Mobile broadband and today’s dizzying array of app and network technology present a big challenge to customer care.  In fact, care agents have a hard time staying one step ahead of customers who call to report problems.  But network analytics comes to the rescue with advanced mobile handset troubleshooting and an ability to put greater intelligence at the fingertips of highly trained reps.
  • Hadoop and M2M Meet Device and Network Management Systems interview with Eric Wegner — Telecom big-data in networks is more than customer experience managment: it’s also about M2M plus network and element management systems.  This interview discusses the explosion in machine-to-machine devices, the virtues and drawbacks of Hadoop, and the network impact of shrink-wrapped search.
  • The Data Center & Cloud Infrastructure Boom: Is Your Sales/Engineering Team Equipped to Win? by Dan Baker — The build-out of enterprise clouds and data centers is a golden opportunity for systems integrators, carriers, and cloud providers.  But the firms who win this business will have sales and engineering teams who can drive an effective and streamlined requirements-to-design-to-order process.  This white paper points to a solution — a collaborative solution designs system — and explains 8 key capabilities of an ideal platform.
  • Big Data: Is it Ready for Prime Time in Customer Experience Management? interview with Thomas Sutter — Customer experience management is one of the most challenging of OSS domains and some suppliers are touting “big data” solutions as the silver bullet for CEM upgrades and consolidation.  This interview challenges the readiness of big data soluions to tackle OSS issues and deliver the cost savings.  The article also provides advice on managing technology risks, software vendor partnering, and the strategies of different OSS suppliers.
  • Calculated Risk: The Race to Deliver the Next Generation of LTE Service Management interview with Edoardo Rizzi — LTE and the emerging heterogeneous networks are likely to shake up the service management and customer experience management worlds.  Learn about the many new network management challenges LTE presents, and how a small OSS software firm aims to beat the big established players to market with a bold new technology and strategy.
  • Decom Dilemma: Why Tearing Down Networks is Often Harder than Deploying Them interview with Dan Hays — For every new 4G LTE and IP-based infrastructure deployed, there typically a legacy network that’s been rendered obsolete and needs to be decommissioned.  This article takes you through the many complexities of network decom, such as facilities planning, site lease terminations, green-safe equipment disposal, and tax relief programs.
  • Migration Success or Migraine Headache: Why Upfront Planning is Key to Network Decom interview with Ron Angner — Shutting down old networks and migrating customers to new ones is among the most challenging activities a network operators does today.  This article provides advice on the many network issues surrounding migration and decommissioning.  Topics discussed include inventory reconciliation, LEC/CLEC coordination, and protection of customers in the midst of projects that require great program management skills.
  • Navigating the Telecom Solutions Wilderness: Advice from Some Veteran Mountaineers interview with Al Brisard — Telecom solutions vendors struggle mightily to position their solutions and figure out what to offer next in a market where there’s considerable product and service crossover.  In this article, a veteran order management specialist firm lays out its strategy for mixing deep-bench functional expertise with process consulting, analytics, and custom API development.
  • Will Telecoms Sink Under the Weight of their Bloated and Out-of-Control Product Stacks? interview with Simon Muderack — Telecoms pay daily for their lack of product integration as they constantly reinvent product wheels, lose customer intelligence, and waste time/money.  This article makes the case of an enterprise product catalog.  Drawing on central catalog cases at a few Tier 1 operators, the article explains the benefits: reducing billing and provisioning costs, promoting product reuse, and smoothing operations.
  • Virtual Operator Life: Enabling Multi-Level Resellers Through an Active Product Catalog interview with Rob Hill — The value of product distribution via virtual operators is immense.  They enable a carrier to sell to markets it cannot profitably serve directly.  Yet the need for greater reseller flexibility in the bundling and pricing of increasingly complex IP and cloud services is now a major channel barrier.  This article explains what’s behind an innovative product catalog solution that doubles as a service creation environment for resellers in multiple tiers.
  • Telecom Blocking & Tackling: Executing the Fundamentals of the Order-to-Bill Process interview with Ron Angner — Just as football teams need to be good at the basics of blocking and tackling, telecoms need to excel at their own fundamental skillset: the order-to-cash process.  In this article, a leading consulting firm explains its methodology for taking operators on the path towards order-to-cash excellence.  Issues discussed include: provisioning intervals; standardization and simplicity; the transition from legacy to improved process; and the major role that industry metrics play.
  • Wireline Act IV, Scene II: Packaging Network & SaaS Services Together to Serve SMBs by John Frame — As revenue from telephony services has steadily declined, fixed network operators have scrambled to support VoIP, enhanced IP services, and now cloud applications.  This shift has also brought challenges to the provisioning software vendors who support the operators.  In this interview, a leading supplier explains how it’s transforming from plain ol‘ OSS software provider to packager of on-net and SaaS solutions from an array of third party cloud providers.
  • Telecom Merger Juggling Act: How to Convert the Back Office and Keep Customers and Investors Happy at the Same Time interview with Curtis Mills — Billing and OSS conversions as the result of a merger are a risky activity as evidenced by famous cases at Fairpoint and Hawaiian Telcom.  This article offers advice on how to head off problems by monitoring key operations checkpoints, asking the right questions, and leading with a proven conversion methodology.
  • Is Order Management a Provisioning System or Your Best Salesperson? by John Konczal — Order management as a differentiator is a very new concept to many CSP people, but it’s become a very real sales booster in many industries.  Using electronics retailer BestBuy as an example, the article points to several innovations that can — and are — being applied by CSPs today.  The article concludes with 8 key questions an operator should ask to measure advanced order management progress.
  • NEC Takes the Telecom Cloud from PowerPoint to Live Customers interview with Shinya Kukita — In the cloud computing world, it’s a long road from technology success to telecom busness opportunity.  But this story about how NEC and Telefonica are partnering to offer cloud services to small and medium enterprises shows the experience of early cloud adoption.  Issues discussed in the article include: customer types, cloud application varieties, geographic region acceptance, and selling challenges.
  • Billing As Enabler for the Next Killer Business Model interview with Scott Swartz — Facebook, cloud services, and Google Ads are examples of innovative business models that demand unique or non-standard billing techniques.  The article shows how flexible, change-on-the-fly, and metadata-driven billing architectures are enabling CSPs to offer truly ground breaking services.
  • Real-Time Provisioning of SIM Cards: A Boon to GSM Operators interview with Simo Isomaki — Software-controlled SIM card configuration is revolutionizing the activation of GSM phones.  The article explains how dynamic SIM management decouples the selection of numbers/services and delivers new opportunities to market during the customer acquisition and intial provisoining phase.
  • A Cynic Converted: IN/Prepaid Platforms Are Now Pretty Cool interview with Grant Lenahan — Service delivery platforms born in the IN era are often painted as inflexible and expensive to maintain.  Learn how modern SDPs with protocol mediation, high availability, and flexible Service Creation Environments are delivering value for operators such as Brazil’s Oi.
  • Achieving Revenue Maximization in the Telecom Contact Center interview with Robert Lamb — Optimizing the contact center offers one of the greatest returns on investment for a CSP.  The director of AT&T’s contact center services business explains how telecoms can strike an “artful balance” between contact center investment and cost savings.  The discussion draws from AT&T’s consulting with world class customers like Ford, Dell, Discover Financial, DISH Network, and General Motors.
  • Mobile Broadband: The Customer Service Assurance Challenge interview with Michele Campriani — iPhone and Android traffic is surging but operators struggle with network congestion and dropping ARPUs.  The answer?  Direct  resources and service quality measures to ensure VIPs are indeed getting the quality they expect.  Using real-life examples that cut to the chase of technical complexities, this article explains the chief causes of service quality degradation and describes efficient ways to deal with the problem.
  • Telco-in-a-Box: Are Telecoms Back in the B/OSS Business? interview with Jim Dunlap — Most telecoms have long since folded their merchant B/OSS software/services businesses.  But now Cycle30, a subsidiary of Alaskan operator GCI, is offering a order-to-cash managed service for other operators and utilities.  The article discusses the company’s unique business model and contrasts it with billing service bureau and licensed software approaches.
  • Bricks, Mortar & Well-Trained Reps Make a Comeback in Customer Management interview with Scott Kohlman — Greater industry competition, service complexity, and employee turnover have raised the bar in the customer support.  Indeed, complex services are putting an emphasis on quality care interactions in the store, on the web, and through the call center.  In this article you’ll learn about innovations in CRM, multi-tabbed agent portals,  call center agent training, customer treatment philosophies, and the impact of  self-service.
  • 21st Century Order Management: The Cross-Channel Sales Conversation by John Konczal — Selling a mobile service is generally not a one-and-done transaction.  It often involves several interactions — across the web, call center, store, and even kiosks.  This article explains the power of a “cross-channel hub” which sits above all sales channels, interacts with them all, and allows a CSP to keep the sales conversation moving forward seamlessly.
  • Building a B/OSS Business Through Common Sense Customer Service by David West — Delivering customer service excellence doesn‘t require mastering some secret technique.  The premise of this article is that plain dealing with customers and employees is all that’s needed for a winning formula.  The argument is spelling out in a simple 4 step methodology along with some practical examples.