How CDR Analysis Can Help In Combating ByPass Fraud –

How CDR Analysis Can Help In Combating ByPass Fraud

The telecommunication industry is facing an alarming surge in fraudulent activities, which is a matter of grave concern for network service providers. The infamous bypass fraud (fraudulent use of SIM boxes) executed by escaping the standard network service charges is one such common scam adversely affecting the telecom industry.

Survey suggests that the telecom industry suffers around $3 to $7 billion annual revenue loss due to bypass fraud. For instance, the African continent loses $150 million due to network fraud annually, making Africa the hub of mobile fraud. By 2025, Sub-Saharan Africa will have 615M mobile subscribers, which can result in uncontrolled bypass fraud cases. Moreover, the survey reports that telecom service providers pay around $51m annually to manage and prevent bypass fraud.

In this article, we’ll discuss how to bypass fraud affects telecommunication service providers and cover existing techniques for detecting bypass fraud. We’ll also review the application of CDR analysis to eliminate such scams.

Understanding Bypass Fraud and its Growing Impact on the Telecom Industry

Bypass fraud is also called SIM box fraud, where scammers frequently try to hide their actual location to prevent fraud detection. Caller id spoofing makes incoming calls appear to come from a valid local number to the users.

Bypass fraud intends to boost the chances of such calls being answered and reduce the call termination charges. Bypass fraud is more common in countries with different calling charges for national and international calls.

Service providers suffer a big loss as their incoming international calls are diverted and taken over by illegal operations. Some parties don’t even recognize the fraudulent activities until after receiving hefty bills. Additionally, blocking the recorded numbers is useless when numbers change quickly and randomly. 

Bypass fraud can be controlled to some extent but not eliminated or addressed completely. The network service providers need to be vigilant and employ methods to stay well-informed and notified of any abnormal activity. Collaboration of government bodies, regulatory authorities, network service providers, SIM dealers, and security officials is essential for bypassing fraud prevention.

Impact of Bypass Fraud on the Telecom Industry

The bypass fraud can be disastrous for the service providers as it leads to:

  • revenue loss
  • excessive network resource consumption
  • service disruption
  • bad company repute
  • policies violation
  • client dissatisfaction 
  • customer churn

The Evolution of Bypass Fraud Strategies 

The ongoing development of advanced fraud prevention and detection techniques forces fraudsters to adapt and change their strategies. Scammers continuously strive to identify new loopholes to hinder fraud detection. A few of their bypass fraud schemes are:

  • modifying the IMEI of every route in the SIM box
  • operating in an automobile to prevent location identification
  • changing the location repeatedly throughout the day
  • concealing a range of numbers with fake combinations
  • Alternating SIM box cards after regular intervals
  • making calls and sending texts randomly to the same numbers in the SIM box 
  • working at a specific time slot, for instance, non-office hours or off-peak timings
  • setting silence tone or operator announcement on repeat for default answering of incoming calls

Conventional Approaches for Bypass Fraud Detection 

There are many bypass fraud detections approaches available, including party diversity, around-the-clock calling, less or no SMS/GPRS usage, blacklisted IMEI list, etc. However, scammers can exploit any of these existing fraud prevention and detection techniques. Let’s discuss some of these approaches below:

  1. Manual Analysis of Individual Subscriber Accounts

Manual analysis of every subscriber account is not feasible for eliminating bypass fraud because it is an ineffective and time-consuming procedure. The cost to analyze the accounts is enormous, and the overall technique is prone to human or technical errors.

  1. Manual Analysis of Individual Calls

Manually analyzing all the calls in the record is challenging due to the rapid generation of large volumes of data. Identification of scammers from big call records needs a substantial amount of time. Furthermore, locating fraud perpetrators without any external automated tools and techniques is manually impossible.

  1. Real-Time Data Analysis

An enhanced method for fraud detection involves database servers to derive data patterns by acquiring and assessing phone usage data. Pattern recognition and real-time data analysis are relatively complicated, time-consuming procedures that can potentially produce dissatisfying results on a large scale.

  1. Test Call Generation (TCG)

Operators arrange a test or dummy number range on their networks to call those test numbers from several locations, using various interconnect voice paths worldwide. This practice helps in identifying the routes used to connect the SIM boxes.

However, fraudsters can recognize system-generated call traffic using the latest technologies that have weakened the test call strategy. Such test calls are distinguishable from real calls based on usage patterns. Scammers can even block or redirect test calls to prevent fraud detection.

Role of CDR Analysis In Detection and Prevention of Bypass Fraud

The telecom network element logs assist in collecting and validating subscriber data. Additionally, these logs identify any irrelevant or suspicious activity that can adversely affect the service.

The three network element logs are:

  • Call Detail Record (CDR)
  • Usage Detail Record (UDR)
  • Event Data/Detail Record (EDR)

We’ll only discuss CDR analysis in this article. However, UDR and EDR logs pack valuable information about subscriber usage patterns which can help identify fraudsters.

Call Detail Record (CDR)

Call Detail Record (CDR) builds a detailed report of all the network traffic activities, events, or transactions taking place on the network, for instance, voice calls or text messages, to observe and identify subscribers’ behavior and usage pattern. A Call Detail Record contains the following information:

  • Call timestamp
  • Call duration 
  • Sender or source number
  • Receiver or destination number
  • Billing information for each call 
  • Call completion status
  • Unique record identifier
  • Type (voice or SMS)
  • IMEI
  • IMSI

How Does CDR Analysis Work in Combating Bypass Fraud?

Data is a significant asset for network investigators as it can reveal useful information when carefully analyzed. The SIM box detection algorithm is a typical method used by service providers to assess and filter:

  • the ratio of incoming and outgoing calls
  • difference between the number of local and international calls
  • numbers with a similar order or range
  • high repetition of calls with the same cell ID

However, filtering such information for identification purposes is an outdated approach that results in great false positives. Bypass fraud trends can be different for various network providers worldwide. The difference in network configuration and equipment needs an in-depth data analysis. 

CDR analysis intends to identify illegal SIM card operations by creating statistical usage-based profiles with the help of call detail records. Furthermore, fraud detection algorithms can be designed under the CDR analysis framework offering detailed search and wider coverage opportunities. CDR analysis provides access to real-time SIM box activity for fraud detection.

CDR stores user data that represents client behavior patterns helpful for decision-making. AI-inspired machine learning and data science have introduced advanced and improved techniques for performing better CDR analysis and enhanced pattern recognition.

Steps To Conduct CDR Analysis

The investigation teams acquire CDRs of confirmed bypass cases and proceed with the pattern examination phase. The CDR Analysis is performed in the following stages:

  1. Data Observation Stage

The first step is to observe or monitor the call detail records. The important factors to consider include:

  • number of calls made to a unique recipient
  • number of calls made from the same cell id
  • number of calls during a particular time slot
  • number of calls made in a series within the same time slot
  • the total duration of calls made in a sequence
  • duration of a specific number activation after the first call gets flagged
  1. Designing a Database Query

The second stage involves constructing a database query to implement the logic for the key factors defined in the first stage. Precise threshold values are needed for obtaining exact output. The accurate results require refining the queries and threshold values repeatedly with a trial and error method. If the process is correctly followed, near-optimal accuracy can be achieved in CDR analysis.

On-Net Bypass Vs. Off-Net Bypass Investigation

In on-net bypass cases, the network operators have access to the location and the user’s detailed information. Whereas for off-net bypass, the operators are compelled to investigate with limited information and robust pattern mining strategies. Such cases are a bit complicated to detect and resolve and require more collaboration from the concerned service providers.

Limitations of CDR Analysis

Although CDR analysis is a promising technique for bypassing fraud detection and prevention, some gaps that need to be filled are: 

  • Large turnaround time of CDR analysis 
  • Huge records of call data are needed for effectively performing CDR analysis
  • The reappearance of fraudsters with new SIM cards after service blockage by operators

Effortless Record Collection and Fraud Investigation With S-One Analytics

To control the enormously growing bypass fraud activities, CDR analysis can be an ideal solution for telecom data. Synaptique facilitates enterprises with advanced network services to visualize their performance and boost CDR analysis. 

The S-One Analytics platform provides extensive real-time traffic analytics that helps in improving customer experience and fraud detection on a large scale. Network operators can study detailed subscriber reports to monitor their activities and extract relevant data when needed.

Book a demo today to discover how we are helping telecom operators achieve operational excellence.

Linkedin | Twitter | Youtube | Free training

Posted on May 26, 2022 by Yassine, LASRI

Synaptique

Founded in 2001, Synaptique has always been at the forefront of streaming telecom big data analytics innovation.

Products/Services

Telecom Big Data Analytics
Telecom Regulatory Compliance
Smart Provisionning/Billing Reconciliation

Contact Us

3 Rue Hounaine, Appartement N° 2, Agdal 10080 Rabat, Kingdom of Morocco

contact@synaptique.com

+212-537-674-260

+212-537-674-251