Fraud Management

Prevention & Profit

Margins on telco services revenues are under constant pressure as a consequence of ever increasing competition. 

Hexagon’s hexFraud module, the newest component in the hex product suite, helps detect and prevent any kind of reduction in revenue, whether it is the result of fraud or system shortcomings.

Now telco provider departments, operations and businesses can prevent shrinking margins and focus on developing profitable business operations.

Flexible & Easy

Various analytical modules incorporated in the real-time processing of xDR streams detect any fraudulent behavior in interconnect operations.

Users can easily deal with any reported cases and decide on any action that should be taken.

A flexible editor allows users to change various parameters in the statistical analysis of potential frauds and provides a drag-and-drop editor for the creation of actual detection scenarios.


Take full advantage of different analytical possibilities when processing data systems:

  • Observe absolute or relative volumes.
  • Analyze trends, time variations and statistical deviations.
  • Detect patterns related to carriers, trunk-groups, numeration types, call durations and parameters.
  • Analyze calling and called numbers in detail, define all available combinations of digital patterns.

The Analysis Advantage

Combine an array of detection scenarios and apply additional filters using the graphical editor.

 1. Analyze high variations in traffic volume

High volume variations to a specific destination may indicate fraud, or potential problems in destination tables or sales prices, deliberate or otherwise.

Variations in traffic volume can be expressed as:

  • significant changes in traffic volume to destination to or from specific carrier;
  • change of volume between two carriers;
  • change of volume to or from a specific carrier.

2. Analyze origin and destination numeration

This analysis uses several sources of numeration and verifies whether a particular number (called or calling) lies within numeration that should belong to a specific carrier that is directing the traffic. The system also reports cases when numeration does not belong to any valid number range.

Hexfraud uses the following controls to detect such cases:
  • Checks consistency with regulatory numeration defined for specific carrier.
  • Verifies consistency with numeration in its own origination price lists.
  • Controls numeration against international master destination tables.
  • Analyzes numeration type in combination with carrier type (international, national).
  • Detects invalid number ranges.

3. Analyze suspicious calling patterns

The system’s comprehensive graphical editor enables users to define filters or patterns that specify conditions on both calling and called numbers. Rules can be defined generally, or limited to certain carrier categories, trunk-groups or products.  

Fast pattern recognition controls include:
  • Blacklist check (by complete numbers or prefixes).
  • Whitelist check (by complete numbers or prefixes).
  • Number length controls.
  • Match between origin and destination prefix.

4. Analyze call parameters

In addition to calling number, called number, time and duration, additional xDR parameters can be used in analysis:
  • Compare type-of-number flags with prefixes.
  • Verify VoIP call set-up parameters indicating origin parameters.

5. Analyze call duration

A disproportional share of short or long calls can also indicate fraud, usually related to possible cases of inter-billing fraud, and can be controlled by monitoring calls above or below a selected duration.

6. Correlate calls, analyze aggregated data

Instead of focusing on individual calls, this analysis uses two or more correlated calls to determine potential fraud cases.

  • Detects potential external loops.
  • Recognizes a high rate of simultaneous calls to or from the same number or range.
  • Analyzes parallel call/session rate.

Drill down, drill deeper

All detected cases are reported in the case management tool. Users get notifications over email, SMS or SNMP trap.

Users can analyze cases in detail and if necessary, use the CDR viewer or Event viewer tools to examine individual call or other event records.

If fraud is detected, future calls matching the problem criteria are definitively barred.