Email a colleague    

July 2013

Recruiting Smartphone Users as Partners in Telecom Fraud & Security Control

Recruiting Smartphone Users as Partners in Telecom Fraud & Security Control

Crowd sourcing is an awesome tool for gathering intelligence.  The most striking example for me is Wikipedia, the most popular website in the world and a site whose content is written by a crowd of global researchers who receive no compensation other than the bragging rights of being on the Wikipedia team.

Well, now I’m pleased to say that crowd sourcing is coming to telecom fraud and security management through a cVidya mobile app for the Android called FraudView CyberHub.

The purpose of the app is to detect, block, and report premium rate fraud numbers and spyware -- often the result of malware and malicious app infection of the mobile device.  The crowd intelligence is supplied by the mobile users themselves who report actual and suspected malicious numbers and apps.  Their reports are going to a cloud based server in which automatic algorithms backed up by our experts analyse it and distribute the info to all FraudView CyberHub users, wherever they may be on the globe.

We’ve completed most of the research needed to launch it and judging by the feedback we got at the TM Forum event where we announced it, lots of operators are intrigued with the idea including the two sponsors of the Catalyst: AT&T and Telstra.

What Threats is the Mobile App Aimed at?

We are targeting two main threats: Premium Rate Service (PRS) and spyware.  In many cases, the attacker uses malware to take control of the device to either automatically generate phone calls, SMSs and even data sessions to high cost (premium) phone numbers.  Likewise, spyware will communicate to cloud servers that the criminals use to gather intelligence, steal ID numbers / passwords, and the like.

While CyberHub does not prevent the PRS or spyware infection, it will provide early warning of trouble and help security and fraud professional track down malware / PRS criminals.

According to the CFCA, PRS (also known as International Revenue Share Fraud) is the third largest fraud loss category for telecoms after PBX and subscription fraud.  In PRS, the money comes from terminating phone calls to those premium priced numbers.  A couple parties usually team up on the scheme and share the revenue.  One party drives the traffic and inflates it; the other collects the money.  Each operator who routed the call passes the premium charge to the previous operator in the chain.  The operator who eventually takes the revenue hit is the one whose network initiated the call.

Bottom line with PRS: it’s the volume that matters.  The trick is to push as many calls, as much traffic volume as they possibly can -- and do so before the operators catch on to the con game.

Getting timely updates on the blacklisted numbers is critical to stop the bleeding.  International associations like the GSMA, CFCA and TM Forum help with standards, but carriers are largely left to their own devices to stop the fraud from occurring through fraud management software.

But there’s another issue, too: operators feel the pain when lots of customers call to complain about fraud charges.  Higher call center costs are one issue, then there’s the sheer hassle and time it takes to sort out the issue and make good by the customer.  The operator is always perceived as liable in such issues, despite the fact he has nothing to do with it.

How the Solution will be Deployed

Readers will see parallels to the way crowd sourcing is used in the cyber security world.  A very familiar one is where Microsoft anonymously collects data on PC-resident malware so it can develop and send security patches for Windows.

cVidya is discussing two deployment models.  The first one is a telco-centric model where the operator enables, distributes, and charges for the mobile app.  And in the second model cVidya takes the lead and interacts directly with the mobile users.

Behind the scenes, we maintain the hot-listed numbers that the mobile devices access in a cloud-based server we call CyberHub.  Users with the Fraud CyberHub app on their mobile devices simply report any number /app they suspect or know to be malicious.  Once that number is uploaded, cVidya algorithms on the server automatically analyze the suspicious number.  Meanwhile cVidya experts are standing by to validate results and continuously enhance the model and algorithms.  Then we update the global blacklist so it can be downloaded to all the mobile app users through a push-like service.

Now it’s obviously important to screen the numbers going into that blacklist.  For instance, a business might try to block all calls to its competitors.  Or two people get into an argument and one them tries to block all personal calls to the other guy to get revenge.

The prototype we demoed it at the TM Forum Catalyst is real simple to use: just type in the number, press a button, and the malicious number is saved as hot listed and pushed into the cloud.

The application works in the background.  When the user dials a number, receives a call, and receives/ sends an SMS, the app bounces the address against the hot list and either blocks the traffic or warns the user about the danger.

In a single click, the mobile user can also selects how often they want the updated hot lists downloaded to their phone -- monthly, weekly, daily, whatever.  The user can also maintain his own private list of numbers of incoming or out coming calls or SMSs that he wants to block.

What’s the Benefit for Mobile Users

In the past two years, the industry has seen a dramatic increase in mobile user complaining about malicious apps.  Often the mobile phone is hijacked and starts dialling premium rate numbers on its own without the user’s knowledge.

The mobile app we’ve developed is designed to shut down all know PRS activity for the community of app users.  The app works in the background: when the user dials a number, receives a call, and receives/send an SMS, the application analyses it and if there is something suspicious it blocks/warns about it

Now the user can fully opt out of reporting their malicious numbers and apps to us.  That’s their choice.  They still get the blacklist protection whether they help us or not.  Each user’s contribution enriches our data, but the blacklist will be maintained with or without them.

While it’s true that the user usually doesn‘t have to pay the premium fee because the operator removes the fraudulent charges or at least share the cost, dealing with PRS it’s often a big inconvenience for the user.  So that’s certainly one key incentive for the mobile user helping us: they save themselves some trouble.

When the bill arrives or the user checks his balance, that’s when the bill shock hit as they read the huge charges for unknown calls, say, to a small island in the South Pacific.

Future versions of CyberHub will serve an enterprise’s need to protect the BYOD devices of their employees.

Conclusion

Our industry statistics over the past 2 years points to Premium Rate Share (PRS) fraud as the most common malware reported by mobile users.  Crowd sourcing shows promise as a way to gain greater control over the problem.  The mobile users essentially become fraud and security management partners to the service provider.

Copyright 2013 Telexchange Journal

 

About the Experts

Chris Hill

Chris Hill

Chris is Vice President of Marketing at Mobidia.  He has over 20 years of experience with software and mobile networks.  Before joining Mobidia, he spent 7 years at Microsoft, leading the product management team and their efforts to build and commercialize the early Windows Mobile platform, Microsoft’s first platform for the PDA and smartphone categories.

Prior to Microsoft, he lived in Asia for a number of years and helped build a small, privately-held, software company into a global division of General Electric.  Chris has a Bachelor of Science degree in Electrical Engineering from Worcester Polytechnic Institute and an MBA degree from the Fuqua School of Business at Duke University.   Contact Chris via

Related Stories

  • Automatically Stopping Fraud Traffic: iBasis Raises the Bar for Wholesaler Protection of Retail Carriers interview with Daan Kleijnen — The margins in the retail voice business are so tight these days that many operators fail to make a vital investment in fraud protection, making them easy targets for IRSF and other frauds.  A leading wholesaler explains a new fraud control program that automatically disconnects a retailer’s fraud traffic.
  • False Answer Supervision Fraud: Applying Advanced Statistics to Find Needles in the CDR Haystack interview with Steve Heap — Fraud management solutions have made great technical advances via automated threshold setting, big data, and DPI.  Now this expert interview explains how a new breed of advanced statistics-based solutions is tackling very hard-to-detect fraud types such as the call signal spoofing of False Answer Supervision.
  • Fraud Management Collaboration: From “Great Idea” to Real Software & Intelligence Sharing interview with Katia González — Without effective multi-operator collaboration in fraud management, each operator ends up merely reacting to fraud threats on its own rather than building up a proactive defense.  In this interview, a leading wholesale provider explains its innovative program to enable the automated and expert-to-expert sharing of fraud intelligence and techniques.
  • Recruiting Smartphone Users as Partners in Telecom Fraud & Security Control by Chris Hill — Premium Rate Service (PRS) fraud and spyware on a mobile phone can ruin an operator’s relationship with a  subscriber.  The attacker uses malware to automatically generate phone calls, SMSs and data sessions to high cost (premium) phone numbers.  This article discusses a new crowd sourcing mobile app that addresses the problem and helps operators better manage the threat.
  • International Revenue Share Fraud: Are We Winning the Battle Against Telecom Pirates? interview with Colin Yates — International Revenue Share Fraud (IRSF) is one of the telecom industry’s most enduring problems.  Yet many of us have only a foggy notion of how IRSF works and how operators around the globe are coping with the issue. This interview covers the bases: the origins of IRSF, typical fraud scenarios, efforts to get international cooperation on the issue, and the future outlook of IRSF.
  • Converging Criminal and Technical Intelligence: Secret to Combating the Explosion in Telecom Fraud and Security Threats interview with Mark Johnson — A fraud and security expert gives a big picture talk on why industry convergence is driving the need for a broader “revenue risk intelligence.”  His prescription?  Yes, telecoms surely need to excel in technical  infrastructure such as traffic usage data, IP intrusion appliances, and physical barriers.  But just as important is the need to pair that knowledge with the real-life lessons of fighting criminals in general.

Related Articles

  • The Race to Serve Enterprises with Revenue-Generating IT Services Virtualized by SDN & NFV interview with Gal Ofel — The SDN/NVF movement is giving telcos a new revenue-generating play in the cloud: virtualized network and IT services to enterprises in areas like security, enterprise service assurance, enterprise application prioritization and content caching.
  • Lifecycle Service Orchestration: Enterprise Ethernet & Cloud Exchange Meet OSS & SDN/NFV interview with Marie Fiala Timlin — SDN and lifecycle service orchestration are key to the next generation of telco-to-enterprise services.  In this interview, an expert explains how lifecycle service orchestration adds value to SDN, cloud exchanges, enterprise Ethernet, and mobile backhaul.
  • Automatically Stopping Fraud Traffic: iBasis Raises the Bar for Wholesaler Protection of Retail Carriers interview with Daan Kleijnen — The margins in the retail voice business are so tight these days that many operators fail to make a vital investment in fraud protection, making them easy targets for IRSF and other frauds.  A leading wholesaler explains a new fraud control program that automatically disconnects a retailer’s fraud traffic.
  • False Answer Supervision Fraud: Applying Advanced Statistics to Find Needles in the CDR Haystack interview with Steve Heap — Fraud management solutions have made great technical advances via automated threshold setting, big data, and DPI.  Now this expert interview explains how a new breed of advanced statistics-based solutions is tackling very hard-to-detect fraud types such as the call signal spoofing of False Answer Supervision.
  • Fraud Management Collaboration: From “Great Idea” to Real Software & Intelligence Sharing interview with Katia González — Without effective multi-operator collaboration in fraud management, each operator ends up merely reacting to fraud threats on its own rather than building up a proactive defense.  In this interview, a leading wholesale provider explains its innovative program to enable the automated and expert-to-expert sharing of fraud intelligence and techniques.
  • Sharing Intelligence, Services, and Infrastructure across the Telecom Galaxy interview with Gary Zimmerman — The telecom industry is an industry of sharing.  In fact, the rise of mobile broadband is driving a greater reliance on real-time intelligence, services trading, and infrastructure exchange.  In this article, a leading info exchange provider explains the value of its services portfolio and points to other interoperability and sharing ideas under development.
  • Recruiting Smartphone Users as Partners in Telecom Fraud & Security Control by Chris Hill — Premium Rate Service (PRS) fraud and spyware on a mobile phone can ruin an operator’s relationship with a  subscriber.  The attacker uses malware to automatically generate phone calls, SMSs and data sessions to high cost (premium) phone numbers.  This article discusses a new crowd sourcing mobile app that addresses the problem and helps operators better manage the threat.
  • International Revenue Share Fraud: Are We Winning the Battle Against Telecom Pirates? interview with Colin Yates — International Revenue Share Fraud (IRSF) is one of the telecom industry’s most enduring problems.  Yet many of us have only a foggy notion of how IRSF works and how operators around the globe are coping with the issue. This interview covers the bases: the origins of IRSF, typical fraud scenarios, efforts to get international cooperation on the issue, and the future outlook of IRSF.
  • Converging Criminal and Technical Intelligence: Secret to Combating the Explosion in Telecom Fraud and Security Threats interview with Mark Johnson — A fraud and security expert gives a big picture talk on why industry convergence is driving the need for a broader “revenue risk intelligence.”  His prescription?  Yes, telecoms surely need to excel in technical  infrastructure such as traffic usage data, IP intrusion appliances, and physical barriers.  But just as important is the need to pair that knowledge with the real-life lessons of fighting criminals in general.
  • Real-Time Network Intelligence: The New Way to Read Telecom Tea Leaves by Suren Nathan — Real-time network intelligence is the key to deciding which products to launch, whose facilities to lease, and where to route traffic.  The article explains why telecoms — and especially enhanced service providers --  should ideally be equipped with both a fine-grained margin analysis solution and a SaaS platform, offering an upgrade path that requires no internat IT support.