Automatically Stopping Fraud Traffic: iBasis Raises the Bar for Wholesaler Protection of Retail Carriers

Ten years ago, who would have thought that protecting customers from fraud would become a major differentiator among global wholesalers?  But it has, and that’s a sign of the times.

A decade ago, telecom fraud losses were considered a mere drop in the bucket because our industry was booming and international voice service was highly profitable.

But the ramp up of Voice over IP (VoIP) service in the mid-2000s fundamentally changed telecom’s profit equation: it led to cheaper rates and an explosion in international voice traffic.

In turn, the success and visibility of VoIP providers like Vonage in the US encouraged many more VoIP providers to enter the game.  Cable operators also leaped on VoIP as the third leg of their triple play strategy to combine video, high speed internet, and voice service.

So the net effect has been to make the retail voice business a highly competitive one where the margins are so tight that many operators fail to make a vital investment in fraud protection.

So what invariably happens?  Well, here’s a very common scenario.  The operator’s customer is an enterprise with a PBX, and a computer located halfway around the world launches a brute force attack on that PBX.  Once it discovers the PBX’s password, on an opportune Friday night, it hijacks the PBX to make hundreds of phone calls to an IVR machine in Senegal at a $10-a-minute premium rate.

Monday morning, the enterprise customer arrives at its office to get a bill for $50,000.  And to save the customer account, the operator often pays that bill.  This scheme, called International Revenue Share Fraud (IRSF), robs telecoms of $4 billion in revenue each year according to the CFCA fraud association.

Fortunately some sharp minds have been thinking about how best to solve IRSF and other fraud issues.  One such person is Daan Kleijnen, Product Manager for Fraud Solutions at global wholesaler, iBasis.  Daan is here to tell Telexchange Journal readers about a new service iBasis has just announced, an automated solution for protecting its 500+ global carrier customers.

	Dan Baker: Daan, before we discuss the details of your new fraud protection service, please tell us about your view of the fraud issue, and why you’ve now launched this new fraud protection service.

Daan Kleijnen: Dan, we created our FraudAlert™ solution for KPN and a few other large customers.  Having proven its effectiveness, we decided to develop it further so it could serve the broader set of customers we work with.

Our customer base at iBasis actually varies quite a bit.  We serve carriers from the very small to the extremely large.  And the needs vary greatly across that spectrum.

Take the smaller customers.  Many of them have zero fraud coverage over the weekend.  Some have little visibility into fraud concerns at all: they don‘t know when they’ve been hit with fraud.  And when it does occur, they are always too late to take the right action.

The larger carriers are concerned about revenue loss, too, but they are just as concerned about their public image.  When the end customer of a large carrier gets hit with a large case of fraud, the carrier is almost always blamed and so its reputation can get tarnished because of it.

Our FraudAlert solution solves these problems.

	Can you walk us through your solution and tell me how it works?

Absolutely.  The FraudAlert service begins on the principle that the retail carrier must remain in complete control of its traffic.  And through alerts that we send them when certain thresholds of fraud traffic are detected, iBasis can take action based on customer wishes — either automatically disconnecting the traffic or redirecting it back to the customer and allowing them to decide.  Either way, the customer remains in control.

The fraud protection service starts when the customer sets up threshold for three different types of alerts in our system.  The alert categories are: information, warning, and critical alerts.  Those thresholds can be set for either U.S. dollars or minutes of fraudulent traffic.

Once iBasis detects that thresholds are reached, we send the customer an email or an SMS alert, and our customer takes whatever action they have determined to take, which may include pre-set actions for us to take on their behalf.  Or they have to call us to do something with that traffic.

	So how is this new service different from the typical protection a wholesaler provides to retail carriers?

Well, the state-of-art in wholesaler fraud control today is that when fraud is detected, the traffic is sent back to the customer where it is automatically redirected to the next vendor in the customer’s routing plan.

Now, merely redirecting the traffic like that means the carrier is not really protected from revenue loss.

So we have added the capability to automatically disconnect the fraudulent traffic.  Our customers actually have two options:

• Automatically disconnect the fraud traffic. For example, our customer can set in our system the rule, “If I get hit by fraud and it goes over a $200 threshold in a 12-hour time limit, then block this traffic.” Then when that threshold is reached, we will automatically disconnect the traffic and it will not be re-directed to the next vendor in the routing lineup; or,
• Manually instructing us to disconnect the traffic. Automatically ending calls sounds scary for lots of carriers, especially the bigger ones because it means they are giving us the authority to disconnect their traffic streams.  That’s why we have a second option which is to wait for the carrier to specifically tell us to discontinue the traffic by clicking a “block” button on their portal or mobile app.  Once they’ve done that, we disconnect the traffic and stop redirecting it to their next vendor in the lineup.

	What kind of impact do you feel this service will have on your retail customers?

Number one, operators are going to save a lot of money, especially the smaller ones.  Even if they only opt to use this service for nights and weekends, that’s very convenient because the traffic will be disconnected automatically when people are no longer in the office.

There’s another key aspect of this: fraud problems are being addressed much quicker.  Now, when you think about the time delay there is between getting an alert, evaluating it, making a decision, and either blocking the traffic yourself or getting us to block it for you — there’s a lot of manual steps involved there.

But with automatic operation, the time saved can add up to a substantial amount of money.  Our new system moves the bar for blocking fraud from a matter of hours to a few minutes.

	Daan, this sounds like what the market has been waiting for.  Please tell us more about how your overall fraud control program differs from those of other players?

What differentiates us from competitors in this solution is that we have developed very sophisticated proprietary fraud management algorithms.  So, with the billions of CDRs going through our systems, we are capable of constantly improving that code base.

Fraud management solutions on the open market contain a lot of intelligence about fraud in general, but not about the traffic patterns of our customers.  And when you start with a third-party vendor, it takes time before they can adjust their own algorithms to your needs.

As a wholesaler, being smart about where traffic streams are coming from and flowing to is very important to our core business.  So, having an in-house fraud alerting and control system made a lot of sense for us.  It also allows us to be flexible enough to respond to a customer’s special needs.  For instance, if a customer sees fraud coming from a particular destination, we can tailor a solution to their needs.

But looking at the larger picture of fraud management, the blocking or disconnecting of fraud traffic is merely the last leg of a more comprehensive fraud management program that every wholesaler has in place.  We think of the process in three steps:

1. Digital analysis — When traffic comes in, we run it through digital analysis.  This is where we check the A and B numbers of the traffic and make sure it’s not on our black list of numbers we maintain and know are fraudulent.
2. Vendor selection — Second, we do a thorough background check on our vendors to make sure we have the right ones in place.
3. The Fraud Catching Algorithms — Finally once the traffic starts flowing, we have algorithms to catch everything we haven‘t stopped through digital analysis and good vendor selection.

	Thanks, Daan.  It’s a service that’s much needed.  Good luck with it.  And I think it’s also a great strategy for iBasis to get out in front of this big issue.

Dan, this new program will certainly bring some efficiencies to iBasis and substantial savings to our customers.  The international voice business is challenging — consumers are demanding high quality and low costs.  As one of the largest voice carriers in the world, we work hard to deliver both quality and revenue assurance for our customers.  When we do that, we both succeed.