Understanding and Mitigating the Growing Threat of IRSF
April 26, 2017
Despite advances in technology security and increased awareness among vendors and businesses, telecom fraud remains a serious issue. In fact, the Communications Fraud Control Association estimates fraud costs the telecom industry more than $40 billion per year, even with strong measures and controls in place to combat it.
Many types of fraud are prevalent, as hackers and malicious individuals find new and creative ways to exploit the telecom industry. One of the more complex schemes gaining traction is International Revenue Share Fraud (IRSF), through which hackers divert phone traffic to high-fee international numbers like pay-per-minute 900 numbers. They then take a cut of the revenues from the company that owns the number or, in truly intricate scenarios, with the local carrier, which participates in the scheme.
According to Jim Bolzenius, head of anti-fraud services at TNS (News - Alert), which offers transaction network services to telecom providers, understanding and mitigating IRSF comes down to tracing the flow of money. He recently told Black Swan Telecom (News - Alert) Journal that, in many cases, fraudsters make a deal with a local carrier in a country with a high exchange rate, like Somalia, Gambia or Latvia. And things get even more complicated if the LEC is owned by the government, and officials are turning a blind eye to the fraudulent activity. The fraudsters then use a hacked PBX (News - Alert), a conference call line or some type of wireless service to direct traffic to the destination, with domestic carriers paying the exorbitant fees since their customers generated the calls.
A U.S. version of the IRSF scheme also exists, said Bolzenius, known as traffic pumping. It uses the same fraud model, directing calls to high-exchange rate locations with the local carrier splitting the revenues with the individuals generating the calls. This is legal in some instances if valid businesses are directing the traffic, but can easily become fraudulent when left unchecked.
To mitigate the growing threat of IRSF and its domestic counterpart, carriers need to ramp up their detection and blocking efforts. Real time detection tools can go a long way toward pinpointing and blocking traffic from a fraudulent phone or device before exchange fees add up. Carriers and service providers also need to closely monitor PBX activities, particularly on weekends and after business hours, as these are prime opportunities for hackers to exploit them.
Additional measures telecom providers can take include improving password practices, deactivating unused mailboxes, extensions and calling features in a timely fashion and checking new subscriber information against customer data to prevent identity fraud. Carriers and service providers can also educate their customers and call center agents about fraud schemes. Malicious individuals will often call into a call center and attempt to add new service lines and dialing features, which they will then exploit. Ensuring agents are trained and prepared to recognize these types of schemes can go a long way toward mitigating fraud.
Another popular way to commit IRSF is known as Wangiri fraud, or the one-ring scheme. A fraudster typically sets up an auto-dialer and calls thousands or even millions of a carrier’s customers, then disconnects the call after one ring. A whopping 15 percent of customers will call the number back, at which point the fraudster tries to keep them on the line as long as possible, racking up high exchange fees. The carrier ultimately gets stuck with the giant bill. One of the best ways to mitigate this type of fraud is to simply educate customers to prevent them from calling those numbers.
Real time fraud management systems can go a long way toward fighting IRSF and other types of telecom fraud, but technology tools aren’t the only defense. Ensuring employees, call center agents and business and individual customers are educated and aware of the most common types of fraud can go a long way toward preventing malicious activity and the massive financial burden that goes along with it.
Edited by Alicia Young
Article comments powered by