[VoiceOps] fraud protection
ryandelgrosso at gmail.com
Thu May 17 12:01:41 EDT 2012
I know I'm a little late to the party on this topic but it is
unfortunately something I have a lot of experience with.
I would never rely on upstream carriers to do your fraud detection for
you. The rationale here is that their definition of fraud is likely
dramatically different from yours, and they may have customers that
exclusively do 10M minutes of traffic to Belarus or Somalia, and so
might not consider that as fraud for the first few days, but you know
your customers and you know your traffic, so you are best equipped to
make that determination. They will almost always inform you, but it will
be when a threshold they consider scary has been breached, which may be
orders of magnitude worse than what you can metabolize.
I am not sure what your business model is, if you use exclusively
managed devices, or just sell straight sip trunks to anyone with a
credit card, or if you screen customers by locality, and if you normally
deal in heavy international, but most switch vendors will tell you to
lock down the number of concurrent calls per subscriber and perform
numerous other highly restrictive actions that will chafe you and your
customers and possibly hurt your service delivery model. My experience
has been to simply plot customer spending trends (you bill them with the
same data so this is easy) and then raise an alarm whenever their
calling patterns deviate significantly from the norm (obviously
calculating customer spend more than once a day is important here). What
you do with those alarms is up to you. We have an automated system with
a sliding scale that immediately terminates the active suspect calls,
and removes the ability to dial internationally and flags the account
for review all the way up to suspending the account with extreme
prejudice which is based on a lot of logic we have developed over the
years. I have seen some companies just fire off alarm emails to their
noc to have a human put eyes on it which works just as well, and can
certainly lend intelligence to the process but also may introduce a
human element of failure.
Don't rely on anyone else to watch your customers, since they don't
understand what is normal like you will, and in the end you always get
stuck with the check.
On 05/14/2012 09:33 AM, Mark Kent wrote:
> We just had an unfortunate compromise and racked up a large amount of
> calls in a 12 hour period. The attack seems to be for financial gain
> in that the most frequent destination is a conference call service in
> Poland, that possibly keeps calls open waiting for a PIN to be entered.
> Is there any basis for expecting that the upstream carrier should have
> some protections that would limit our liability?
> P.S. For those people who feel compelled to point out that we should
> have (better) protection on our end: Yes, Thank you, message received!
> VoiceOps mailing list
> VoiceOps at voiceops.org
More information about the VoiceOps