Fraud Management

The Analysis Advantage

Combine
an array of detection scenarios and apply additional filters using the
graphical editor.

 1. Analyze high variations in traffic volume

High
volume variations to a specific destination may indicate fraud, or potential
problems in destination tables or sales prices, deliberate or otherwise.

Variations
in traffic volume
can be expressed as:

• significant
  changes in traffic volume to destination to or from specific carrier;
  
• change of volume between two carriers;
• change of volume to or from a specific carrier.

2. Analyze origin and destination numeration

This
analysis uses several sources of numeration and verifies whether a particular
number (called or calling) lies within numeration that should belong to a
specific carrier that is directing the traffic. The system also reports cases
when numeration does not belong to any valid number range.

Hexfraud
uses the following controls to detect such cases:

• Checks
  consistency with regulatory numeration defined for specific carrier.
  
  
  
• Verifies consistency with numeration in its own origination price lists.
• Controls numeration against international master destination tables.
• Analyzes numeration type in combination with carrier type (international,
  national).
  
• Detects invalid number ranges.

3. Analyze suspicious calling patterns

The
system’s comprehensive graphical editor enables users to define filters or
patterns that specify conditions on both calling and called numbers. Rules can
be defined generally, or limited to certain carrier categories, trunk-groups or
products.  

Fast
pattern recognition controls include:

• Blacklist
  check (by complete numbers or prefixes).
  
• Whitelist check (by complete numbers or prefixes).
• Number length controls.
• Match between origin and destination prefix.

4. Analyze call parameters

In
addition to calling number, called number, time and duration, additional xDR
parameters can be used in analysis:

• Compare
  type-of-number flags with prefixes.
  
• Verify VoIP call set-up parameters indicating origin parameters.

5. Analyze call duration

A
disproportional share of short or long calls can also indicate fraud, usually
related to possible cases of inter-billing fraud, and can be controlled by
monitoring calls above or below a selected duration.

6. Correlate calls, analyze aggregated data

Instead
of focusing on individual calls, this analysis uses two or more correlated
calls to determine potential fraud cases.

• Detects
  potential external loops.
  
• Recognizes a high rate of simultaneous calls to or from the same number or
  range.
  
• Analyzes parallel call/session rate.

Drill down, drill deeper

All
detected cases are reported in the case management tool. Users get
notifications over email, SMS or SNMP trap.

Users
can analyze cases in detail and if necessary, use the CDR viewer or Event
viewer tools to examine individual call or other event records.

If
fraud is detected, future calls matching the problem criteria are definitively
barred.