Inventive Fraud Management Tools Take Flight for the New Age of SIP/VoIP Operators

Watching the flight of a bird we surmise the bird has nothing more to think about than the flapping of its wings. In truth, this is a very small part of its mental labor. Birds have learned the art of equilibrium in air so thoroughly that their skill is not apparent to our sight. We only learn to appreciate that skill when we try to imitate it.

Wilbur Wright, 1902

The Wright brothers — two of the greatest engineers the world ever knew — were self-taught and never attended college.

Catching the new American craze over bicycles in the 1890’s, the Wrights started a successful bicycle shop. The modest profits from that business gave them the extra time and cash they needed to pursue their life’s dream: to build the world’s first flying machine.

Many aeronautical papers had already been published in Europe and America, but as the Wrights soon discovered, those theories were all wrong. The Wrights were basically forced to create the science from scratch by practicing and refining control of a glider – and then a propeller-driven glider – in mid-air.

The brothers’ dogged drive was only excelled by their mechanical flair: needing a low cost way to test the airflow of various wing designs, they created their own makeshift “wind tunnel” using hacksaw blades.

* * *

The telecom industry today is desperate for a little Wright brothers ingenuity. Many of yesterday’s theories on making money in the telco business are being thrown out the window as the VoIP/OTT operators emerge. Will the new OTTs soar — or merely crash and burn? A lot depends on the quality and cost of the software machines they get their hands on.

National VoIP providers such as Vonage and Ooma in the US are just the beginning of the new revolution at hand. In Europe, city OTTs are beginning to form. And VoIP enabler firms like Telinta are selling softswitches that allow OTT entrepreneurs with zero technical skills to launch businesses for only $400 a month.

Transporting packets across the globe is no longer the key issue. The challenge today is one of control. How can an operator make a profit in the business? And in that quest, the ability to control fraud has become as critical as being good at billing, pricing, routing and revenue assurance.

One company that’s pushing the envelope of BSS solutions for the next wave of operators is Frankfurt-based Oculeus. I recently caught up with company CEO and founder, Arnd Baranowski. He briefed me on the industry trends that prompted the launch of a new fraud solution specifically designed for the new OTT/VoIP era.

Dan Baker, Research Director, TRI: Arnd, if you could first give us a brief background on Oculeus, that’s a good place to begin.

Arnd Baranowski: Sure, Dan. Since we developed our first telecom system for a German carrier in 2002, our goal at Oculeus has been to offer affordable and flexible business management software for the wholesale and telco-to-enterprise space.

While we serve a few well-known telcos — SFR France, Telecom Austria, and NOS Portugal – the bulk of our 120 customers are small- to mid-sized VoIP/OTT providers offering IP services to enterprises or other telcos.

Now whether our customer is doing monthly traffic of 500,000 minutes or 1.5 billion minutes, we give them an integrated system to fully run their business. For instance, our Captura wholesale solution has modules for routing, price list management, billing, quality monitoring and traffic controlling.

So fraud management is the next key module our customers have been asking for.

Before we discuss the functionality of your fraud management system, let me first cut to the chase. Fraud management is a mature market: dozens of fraud management systems are already on the market today. So what is it about your solution that is compelling?

This, of course, is the toughest of questions, but I’m happy to answer it because I want to show why Oculeus has something unique here. Let me highlight the four key features I think set our solution apart:

Emerging IP Players – It’s true that the CDR-heavy method of fraud detection for mobile and fixed operator is very mature. But the next generation of VoIP and OTT providers – and the future direction of all voice operators for that matter – is on the SIP side of the equation. And SIP enables the wonderful capability of blocking calls at the SIP redirector even before the calls are made. Now we know VoIP/OTT providers have emerged faster in the US than they have in Europe and Asia. But regardless, if a few hundred OTT voice/SMS providers exist around the globe today, in four or five years that number could easily explode into the thousands.

Light-Weight Platform – The OTT and VoIP business model simply cannot afford the high cost of BSS systems used by traditional mobile, fixed, and wholesale players. This is why Oculeus is delivering an affordable suite of 100% web-based software that runs on a Linux server: it can even run on a light-weight Raspberry Pi single-board computer. Just provide access to backend CDRs and other systems, and you’re up and running.

Embedded Expertise – Of course, the other dimension of “affordability” is human expertise, yet the staffing at many of these OTT/VoIP provider firms is razor thin. The guy responsible for fraud prevention needs to juggle many other tasks. This why we’ve taken great pains to greatly reduce the degree of fraud expertise required of the user.

End-to-End Anti-Fraud – Finally, if the mission is to truly prevent fraud, not just block it when we detect it, then attention must be paid to stop lower level call attempts to hack and gain access to an enterprise PBX through brute force password detection. Our system identifies the IPs of the hackers so we can block these IP addresses. We also built the capability for our customers to exchange hacker IP addresses and fraudulent voice or VAS numbers.

OK, great. Let’s now get into your fraud system’s functionality? What’s your approach?

Dan, our process begins with traffic profiling, the real heart of automating fraud tasks. Our method does away with the time consuming job of a user setting thresholds.

On a 30-day cycle, the system automatically calculates the deviation for every 5 to 15 minutes of traffic — either coming in or going out of a carrier destination. And whenever the traffic deviates from what’s expected, it hands off the CDRs to the fraud detection module.

For example, the traffic profiling allows the user to say: “Hey, the traffic on that PBX is way above normal, so it’s probably been hacked.” So the user gets the intelligence in real-time to make the fraud decision to block.

The next step is fraud detection. And it’s here where the specialist can freely define an unlimited number of custom scenarios to make their “this is real fraud case” decision.

For instance, you tell the system to check calls that are:

  • Time: at least six minutes long;
  • Frequency: three times within an hour;
  • Call value: a minimum of 20 cents/minute; and,
  • Destinations: a user-defined set of A and/or B numbers.

Now once a pattern is found, the A/B numbers are stored in a database that the SIP redirector pings, so the system either blocks the call or returns the SIP routing information.

Keeping track of the A/B numbers is particularly important now in the European Union (EU) where new regulations are forcing the move to A-number based pricing. In light of the mandate to support roaming-free charges for calls made from one EU state to another, EU operators aim to recover the loss of roaming fees by raising the rates on international calls. So rating gets more complicated and the anti-fraud systems must be intelligent enough to recognize the subtle rating variations to detect fraudster scams.

It’s pretty clear that your solution is geared to the needs of enterprise clients and the operators/OTTs who serve them.

Yes, the consumer voice market is much too competitive now. Enterprise customers are the most profitable segment for small- to mid-tier operators to go after. And it’s the commercially owned PBXs that are most vulnerable to international revenue share fraud (IRSF) attacks.

Now, who actually pays the bill for IRSF damage varies by country. Here in Germany, the licensed telecom operator is required to pay the fraud charges; in the US, it’s the enterprise who’s accountable to pay for fraud. Either way, the operator serving the enterprise must take the initiative to protect the customer to keep them loyal.

Enterprise call centers are particularly at risk: lots of call activity, but poor visibility. So the call center gets hit with a surprise 50,000 Euro jump at the end of the month because a fraudster injected its IRSF traffic.

Arnd, thanks for the briefing on this new category of fraud management solution that seems well-engineered for the SIP/OTT telecom world we’re headed toward.

Thanks, Dan. I think we’ve succeeded in creating a product that fits the lightweight and quick turn-up needs of emerging OTT players. In fact, one of the world’s leading OTTs is using the solution today. And the product takes another step towards our goal of providing a full-blown solution for managing a next-gen telecom business.

Dan Baker
Dan Baker

Dan is a founder of the Technology Research Institute (TRI), which has published studies about the telecom software market since 1994.

As a journalist, Dan wrote for B/OSS magazine and recorded webinars with VanillaPlus before launching his own publication, Black Swan Telecom Journal.

  • Ken Dickenson

    Dan,
    I must agree that these small Telco’s are at greatest risk of being hit by fraud and have seen it happen here in South Africa, some Telco’s have even gone under due to fraud on their networks. These small telco’s are also not in a position to afford a solution from the large fraud management providers due to the cost of these solutions so I see this as a clear market opportunity if it can be done at the right price point.
    Regards,
    Ken