[VoiceOps] Fraud Management

Shaun Gill Shaun.Gill at is.co.za
Tue Feb 3 01:46:39 EST 2015 

Thank you - appreciate all the feedback guys.



On 2015/02/02 9:09 PM, "Monterrosa Santiago"
<smonterrosa at mcmtelecom.com.mx> wrote:

>Hi Shaun
>
>I have evaluated a solution that is good enough flexible for us, it is
>based 100% on SIP so it generates alerts pretty fast, almost online, and
>it has proved to catch irregular traffic which resulted in fraud calls so
>that we can block immediately; this way this system is better than the
>CDR based in house developed system we do use to detect irregular
>traffic. Such new solution is called Redshift from Redshift Networks by
>the way.
>
>Regards 
>
>Santiago
>________________________________________
>De: VoiceOps [voiceops-bounces at voiceops.org] En nombre de Shaun Gill
>[Shaun.Gill at is.co.za]
>Enviado el: lunes, 02 de febrero de 2015 01:01 a.m.
>Para: Glen Gerhard; voiceops at voiceops.org
>Asunto: Re: [VoiceOps] Fraud Management
>
>Thank you for the info Glen.
>
>We have done a POC on OCFM  (Oracle Communications Fraud Monitor; the old
>FDAP - Fraud Detection and Prevention) that relies on OCOM (Oracle
>Communications Operations Monitor; old Acme Palladion product) to feed
>into the OCFM server. We could not get the call correlation on OCOM to
>work properly without extensive changes to our existing infrastructure.
>The call correlation issues resulted in bad data fed into the fraud
>monitor and resulted in false positives.
>
>Will have a look at the options below.
>
>Regards,
>Shaun
>
>From: Glen Gerhard <ggerhard at sansay.com<mailto:ggerhard at sansay.com>>
>Date: Friday 30 January 2015 3:40 PM
>To: "voiceops at voiceops.org<mailto:voiceops at voiceops.org>"
><voiceops at voiceops.org<mailto:voiceops at voiceops.org>>
>Subject: Re: [VoiceOps] Fraud Management
>
>Hi Shaun,
>
>most systems work off CDR files (or Radius or Diameter steams) so are
>proprietary in what products they support (http://oculeus.com is one such
>system).  There are some products that are auto-learning based on SIP
>monitoring so are device independent.  http://tollshield.com is one of
>them and builds a network profile over several week to understand
>"normal" traffic patterns.  It can alert on variations of those patterns.
> These systems requires monitoring ports whereas the CDR approach does
>not need SPAN ports.
>
>Also there is a difference between systems that can alert on fraud on
>ones that can proactively shut off service to suspect devices.  The
>proactive ones are usually device specific and more expensive and raise
>the risk of false positives.
>
>Regards,
>
>~Glen
>
>On 1/29/2015 11:19 PM, Shaun Gill wrote:
>Hi Brad,
>
>Neither - We are not using a product at this stage; using a combination
>of routing profiles (BSFT) and originating source IPs to block suspect
>traffic.
>
>Regards,
>Shaun
>
>From: Brad Anouar 
><brad.anouar at masergy.com<mailto:brad.anouar at masergy.com>>
>Date: Friday 30 January 2015 3:07 AM
>To: Shaun Gill <shaun.gill at is.co.za<mailto:shaun.gill at is.co.za>>
>Cc: Jay Cox <jcox at appiaservices.com<mailto:jcox at appiaservices.com>>,
>"voiceops at voiceops.org<mailto:voiceops at voiceops.org>"
><voiceops at voiceops.org<mailto:voiceops at voiceops.org>>
>Subject: Re: [VoiceOps] Fraud Management
>
>Shaun,
>
>Have you used the SIP or CDR based product?
>
>On Thu, Jan 29, 2015 at 3:26 PM, Shaun Gill
><Shaun.Gill at is.co.za<mailto:Shaun.Gill at is.co.za>> wrote:
>Noted ­ I will be checking this out Jay.
>
>From: Jay Cox <jcox at appiaservices.com<mailto:jcox at appiaservices.com>>
>Date: Wednesday 28 January 2015 3:44 PM
>To: Shaun Gill <shaun.gill at is.co.za<mailto:shaun.gill at is.co.za>>,
>"voiceops at voiceops.org<mailto:voiceops at voiceops.org>"
><voiceops at voiceops.org<mailto:voiceops at voiceops.org>>
>Subject: RE: [VoiceOps] Fraud Management
>
>Shaun:
>
>I have used the TransNexus solution for a long time.
>
>Jay Cox
>Mobile  314 910 7242
>
>From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Shaun
>Gill
>Sent: Wednesday, January 28, 2015 2:37 AM
>To: voiceops at voiceops.org<mailto:voiceops at voiceops.org>
>Subject: [VoiceOps] Fraud Management
>
>Hi Guys,
>
>Trying to get a feel for what fraud systems are out there for VoIP
>service providers; primarily using terrestrial mediums (such as metroE;
>diginet) with clients interconnecting via IP PBXs, voice gateways and IP
>phones.
>We have had fraud to international premium destinations which we are
>restricting based on calling profiles and originating source IPs; but
>neither is truly scalable.
>Subsequently we are looking for alternatives.
>
>Regards,
>Shaun
>
>
>
>_______________________________________________
>VoiceOps mailing list
>VoiceOps at voiceops.org<mailto:VoiceOps at voiceops.org>
>https://puck.nether.net/mailman/listinfo/voiceops
>
>
>
>
>--
>
>Brad Anouar
>Director of Systems Engineering
>Email brad.anouar at masergy.com<mailto:brad.anouar at masergy.com>
>Office +1 310 360 2028
>
>[http://www.masergy.com/sites/default/files/Hdr_Masegy_Logo.jpg]
>www.m<http://www.masergy.com/>asergy.com<http://www.masergy.com/>
>
>
>
>_______________________________________________
>VoiceOps mailing list
>VoiceOps at voiceops.org<mailto:VoiceOps at voiceops.org>https://puck.nether.net
>/mailman/listinfo/voiceops
>
>
>
>AVISO DE CONFIDENCIALIDAD: Este correo electrónico y sus archivos anexos,
>si los tiene, están destinados sólo para la persona o entidad a la que va
>dirigida y contiene información confidencial. Se prohíbe cualquier uso,
>impresión, divulgación o distribución de dicha información sin la
>autorización por escrito del remitente. Si usted no es el destinatario,
>por favor póngase en contacto con el remitente y destruya todas las
>copias del mensaje original.
>
>CONFIDENTIALITY NOTICE: This email message and its attachments, if any,
>are intended only for the person or entity to which it is addressed and
>contains privileged information. Any use, printing, disclosure, or
>distribution of such information without the written authorization of the
>sender is prohibited. If you are not the intended recipient, please
>contact the sender and destroy all copies of the original message.
>
>Nuestro aviso de privacidad está publicado en la página Web:
>http://www.mcmtelecom.com.mx/common/politica_privacidad.htm
>
>
>

More information about the VoiceOps mailing list