Email a colleague    

May 2015

Intelligent Routing: The Case for Blocking IRSF Fraud at the SIP Session Border Controller

Intelligent Routing: The Case for Blocking IRSF Fraud at the SIP Session Border Controller

It’s hard to find authoritative data on the VoIP provider market, but VoIP’s huge impact on telecom is undeniable.

We can segment the US VoIP provider market into three broad groups:

  • The Tier 1 cable and telecom giants, like AT&T, Comcast, and Verizon, bundle VoIP service with video, mobile, and data for consumers and business accounts;
  • Mid-tier consumer / small business OTT providers like Vonage, Skype, Google, and Ooma primarily serve mass market consumer and small businesses; and,
  • Small- to garage-sized OTT providers serve enterprises. These firm differentiate themselves through strong business relationships with a relatively limited number of enterprises.  They serve up voice plus specialized value-added services.

The VoIP market is, of course, fiercely competitive — but also a hot bed of innovation.

In 2014, I switched my voice service to over-the-top Ooma, one of very few VoIP providers whose service is sold through national retailers like Staples and Best Buy.

Ooma sells you a modem box you install yourself at your home or office.  The cost of the Ooma box is $118, but after making that small investment, your national long distance service in the US — from that day forward — is totally free.  The only fee I now pay for my business line service is $3.40 a month of federal tax and regulatory fees, deducted from a credit card.  And the Ooma service is reliable and high quality.

Ooma is certainly not making money from penny-pinchers like myself, but Ooma hopes I’ll eventually buy a subscription to its Premium Ooma service for about $20+ a month which includes voice mail and caller ID.  International phone service is sold as a pre-paid service similar to Skype’s voice calls.

Well one of Ooma’s software providers is Atlanta-based TransNexus and its CEO, Jim Dalton, is here to tell us more about his company’s unique approach to delivering a combined intelligent routing and fraud management capability to VoIP providers.

Dan Baker: Jim, thanks for joining us.  Congratulations on winning the business at a high profile account like Ooma.

Jim Dalton: Glad to join you, Dan.  And yes, I love to visit those Ooma guys, because they are so forward-looking and very innovative.  If something new is coming along in the industry, they want to be first to offer it.

The other nice thing is that they buy our software, even though almost all the software they have is homegrown.  They certainly have the skills in-house to build their own LCR server application.  So we’re thrilled to have them as a client.

The service these VoIP providers deliver is amazing, but let’s face it, the margins can be very thin for these firms.

Yes, and even one bad fraud event, as you know, can be a huge loss to a provider like that.  One time I was called in to be an expert witness on a legal case here in Atlanta.  And the case was a small architectural firm with only 4 analog phone lines off their PBX.  They were hit one weekend by a $166,000 International Revenue Sharing Fraud (IRSF) charge.  And their carrier was suing them for the full amount of the bill, a sum that could put the firm out of business.

One the interesting points about the case was that the customer’s complaint to the FCC was that paying its downstream provider, the telecom carrier was in their words, “aiding and abetting the fraudsters.” They also argued that their telecom operator was “a party to the fraud” because it knew that there’s no way a small architectural firm could make this many number of calls and run up such a huge bill over one weekend.

Well, the case was eventually settled before the FCC had a chance to rule on it, and it was clear from the terms of the contract that the small architectural firm was obligated to pay.

Yet even though the enterprise is technically liable for this kind of fraud, the service provider has to collect, so that’s a huge bad debt risk for them.

Jim, before we discuss your fraud solution, it would be great to hear the history behind TransNexus.

Dan, we formed the company back in 1997 when the VoIP market was in its infancy.  Our original focus as a software developer was on providing a secure clearing and settlement service for the VoIP market.  We figured there would be a Carrier Access Billing System (CABS) equivalent requirement to collect access charges, but that never happened in the VoIP world.

Luckily we found there was a much greater demand for selling our software to help providers manage their VoIP networks.  So starting in 2000, we started providing optimized routing, CDR collection, and mediation for service providers.  Most of our customers are retail service providers with a growing number of enterprise customers.

How did you get involved in fraud management?

Well, our retail service providers led us to fraud control features for VoIP calls.

About 5 years ago we started hearing about unusual calls to the Caribbean or Africa.  And with our focus on being the routing engine that collects CDRs, we frankly never thought about fraud before.

But we soon realized that we were in perfect place to monitor calls and take phone numbers out of the routing table automatically.  Today I believe we’re one of the few companies whose software truly integrates routing with fraud mitigation.

Along the way, I understand you’ve moved away from CDR Analysis, so why do you consider CDR analytics less than ideal for your market?

Dan, CDR analysis is great and it’s been the main fraud management approach for a long time, but there are some weak points around it, for instance:

  1. The Fraud-Detection-to-Routing chain is broken. While certain soft switches come with open APIs that allow you to feed your analysis of traffic patterns back into the routing, most switches don‘t allow that.  And that results in a delay in taking action when fraud is detected.
  2. CDR Analysis Detects Fraud Only After You’ve Been Hit with Fraud. With CDR analytics, you could have dozens or hundreds of calls held up before the first records are delivered and there could be quite a bit of fraud there before CDR analysis catches it.
So what’s your new approach and what advantages does it have?

We have provided fraud detection based on CDR analysis for five years, supporting all major softswitch and Session Border Controller (SBC) vendors such as Broadsoft, Oracle Acme Packet, Metaswitch and others.

What’s different with our new NexOSS-FC solution is we use SIP Analytics® to detect fraud.  TransNexus software inspects every SIP INVITE and scores it for fraud at our customer’s access Session Border Control (SBC).  If fraudulent calls are detected, they are blocked at the SBC before they enter our customer’s network.

Fraud detection using SIP Analytics has several advantages over CDR analysis.  It’s faster, it can use call information not available in CDRs, and it works with any SIP device to block calls automatically when fraud is detected.

An important point about the automatic blocking feature is that NexOSS-FC only blocks fraudulent calls.  An enterprise could be victim to a fraud attack and never realize their service provider was blocking thousands of fraudulent calls on their behalf because normal calls would not be blocked by NexOSS-FC.

And that brings up the very important subject of number management.

Dan, we felt it important to get out in front of the number management issue.  So we proactively maintain our own list of premium rate numbers used in IRSF.

We have invested a lot of time and effort to identify high risk number ranges, and have discovered over 130 premium rate number providers on the Internet, so we record the number ranges they advertise.

And when you look at it, it’s quite amazing because in just about every country you can think of, premium rate numbers are for sale.  So we built up that black list as a good first list to check.

Thanks for this interesting briefing, Jim.  You make a good case that detecting and blocking fraud in the SIP network routing flow has some powerful advantages.

Copyright 2015 Black Swan Telecom Journal

Jim Dalton

Jim Dalton

Jim Dalton is the founder and CEO of TransNexus, Inc.  Jim became involved in the telecom industry in 1988 when he began working at BellSouth.  His work there included financial analysis and market planning for BellSouth’s GSM wireless and mobile data businesses.  This experience led to his early recognition of the promise of Voice over IP and the founding of TransNexus in 1997.

Dalton holds seven U.S. patents for VoIP clearing and settlement technology.  He holds a mechanical engineering degree from Duke University and a MBA degree from the University of Pennsylvania, Wharton school.   Contact Jim via

Black Swan Solution Guides & Papers

cSwans of a Feather

Related Articles