Dmitry Sumin: How Can Operators Minimize Blocking Legitimate Traffic While Preventing Fraud?

It’s no surprise to both telecom professionals and customers that calls to certain Pacific Island countries, such as Vanuatu, are blocked for calls from many mobile networks. How did it come to this?

The reason for this massive inconvenience for customers is that fraudsters often use high-cost call destinations for various kinds of schemes. In such fraud scenarios, fraudsters hijack calls and direct them to their own or leased lines to profit from businesses or individual subscribers. Short-stopping, Private Branch Exchange hacking, Wangiri and Wangiri 2.0 calls, and callbacks are a few examples of these fraud schemes.

Operators face a storm of trouble tickets and disputes due to fraud, so they prefer to block these high-cost call destinations altogether. The percentage of fraudulent traffic to these destinations is very high compared to legitimate traffic.

Widespread industry use of fraud number databases leads to the approach of blocking entire country codes. Credible organizations and regulators, such as GSMA, CFCA, TUFF and BEREC, provide such databases. These databases are also sold commercially and operators often block the full number ranges listed in these databases.

Fraudsters now use allocated and live numbers

However, there’s a problem. Fraudsters don’t just conduct attacks by using unallocated numbers which have not been assigned to a specific service provider. They now use more and more allocated number ranges, with some numbers even assigned to real customers. An allocated number is a number that belongs to a network operator under a national numbering plan.

Previously, operators could just block unallocated numbers used in fraud attacks and prevent fraud without affecting legitimate traffic. This is no longer possible. In fact, our team has estimated that more than 75 percent of fraud attacks come from and to allocated number ranges. Moreover, 50 percent of the numbers in those ranges are assigned to real subscribers.

It’s clear that when allocated number ranges are blocked, legitimate traffic gets blocked as well. This leads to revenue loss, dispute tickets from customers and customer churn.

The issue with the current blocking process

Before discussing the new approach to blocking fraud, let’s look at the main stages of the aforementioned fraud attacks that use call hijacking. First, the fraudster gains access to the originating A number range, for example, by hacking a corporate PBX. Then the traffic from this compromised range to specific terminating B ranges gets short stopped. This means that the call is hijacked to an expensive destination country. The hackers and the rogue carriers share the revenue generated by the fraudulent calls, which are billed to the end customer or another carrier in the routing flow.

If we block the entire originating A range, we will lose legitimate traffic to other destinations. And if we block the terminating B range, then we will also block the legitimate traffic coming from non-fraudulent A numbers, as in the case of blocking the country codes of Pacific Island nations.

The new approach: Granular blocking of A and B ranges for the duration of the attack

As you can see, blocking the entire compromised A or B range leads to unnecessary losses. How can we improve our approach to stopping fraud so that legitimate traffic is unaffected?

Our practice at AB Handshake shows that this can be done by introducing two adjustments to the blocking process. First, once an attack is detected, you should only block the traffic from the compromised A range to the compromised B range. Second, the ranges should be unblocked immediately after the attack is over.

This new approach allows service providers and transit carriers to avoid excessive blockages and minimize revenue losses while preventing fraud. But to realize this new approach, there has to be a specific fraud detection process. However, not every anti-fraud tool is capable of this. Let’s see what features an anti-fraud tool must have to achieve this.

Maximum granularity and accuracy of detection

If the tool is to detect only the compromised A and B ranges without affecting legitimate traffic, it has to offer maximum granularity of detection. This requires the highest possible accuracy in detection. An important term to understand here is “false positive,” which is a false indication of fraud when it isn’t present. In our case, regular and valid traffic could get mistakenly marked and treated as fraudulent. The anti-fraud tool must employ the latest technology, such as artificial intelligence and machine learning, to provide the highest detection accuracy and maximum granularity.

Detection speed

The most important aspects of a real-time approach are constant monitoring of live traffic and the speed of fraud detection. Ideally, the time frame between detection and response should be close to zero. This means that the least amount of fraudulent calls will get through. The solution should also detect the end of the attack with maximum speed so the ranges can be unblocked immediately to avoid revenue loss.

Real-time control

The anti-fraud solution must be integrated with the operator’s network control components on a signaling level. This ensures it can block the compromised ranges immediately when the attack starts and unblock them exactly when it’s over.

Advanced anti-fraud tools are a must

To satisfy all of the criteria above, the anti-fraud solution must use the latest technology available. One example is the call validation technology, which works on a call-by-call basis and has 100 percent detection accuracy of all known fraud types. Another option is using an anti-fraud tool with an AI engine. Such tools employ machine learning algorithms and offer up to 99 percent fraud detection accuracy.

A low-cost alternative to AI-powered tools would be the widespread adoption of real-time API solutions. Such APIs send real-time alerts when an attack is detected. The big data included in such alerts comes from hundreds of networks worldwide monitored by an AI anti-fraud tool. This alert shows the compromised A and B ranges and the types of fraud schemes they are used for. The API will also notify operators when the attack is over so they can unblock the ranges safely and avoid revenue loss.

A solution in times of crisis

At a time when the volume of international voice traffic and the revenue it generates is falling globally because of the competition from WhatsApp, Viber and VoIP services, the issue of telecom fraud is especially troublesome. Fraudsters have become more and more adept at masking their attacks as legitimate traffic, so it is no longer enough just to block ranges from databases. Blocking fraud must now be done with maximum accuracy and granularity to avoid the disruption of legitimate traffic and the resulting loss of revenue.

The new approach of blocking the compromised A and B ranges only for the duration of the attack will help operators minimize unnecessary losses while effectively preventing fraud. The first step is to have the right anti-fraud tool for this task. Thankfully, the rapidly advancing technology used by anti-fraud vendors is already capable of realizing this new approach.

Dmitry Sumin is head of products at the AB Handshake Corporation. A graduate of the Moscow State University, he has over 15 years’ experience in international roaming, interconnect and fraud management. Having previously worked for both MNO and MVNO/MVNE operators, he has a good understanding of different technologies and business models within the telecommunications market. This piece is exclusive to Broadband Breakfast.

Broadband Breakfast accepts commentary from informed observers of the broadband scene. Please send pieces to The views reflected in Expert Opinion pieces do not necessarily reflect the views of Broadband Breakfast and Breakfast Media LLC.


Leave a Reply