Fraud Management Systems

Despite advances in technology, mobile phone fraud continues to be an ongoing problem. Fraud management systems that incorporate mechanisms to integrate service usage data are becoming a necessary weapon among wireless carriers. The challenge is to monitor and profile the activity using hard data and to be alert to the ever-changing nature of fraud. To combat cell phone fraud, a number of systems have been implemented that can discourage cell phone cloning and stop thieves from obtaining free access to cellular networks.

Personal Identification Numbers

Some service providers offer their subscribers a free fraud protection feature (FPF) to help protect against unauthorized use of their cell phones. Like an ATM bank card, FPF uses a private combination, or personal identification number (PIN), that only the subscriber knows. The PIN code does not interfere with regular phone usage. Even if pirates capture the phone’s signal, they would not be able to use it without the PIN code.

For example, the subscriber locks the phone account by pressing *56 + PIN + SEND. This blocks all outgoing calls, except for 911 (emergency) and the carrier’s customer care number. While the account is locked, calls can still be received, and voice mail will continue to take messages. When the subscriber wants to make a call, the account is unlocked by pressing *56 + 0 + PIN + SEND. Both the lock and unlock sequences can be programmed directly into the mobile phone’s speed-dial option.

There are database applications available that help service providers make better use of PINs to detect potentially fraudulent calls and prevent their completion. One of these products comes from Sanders Telecommunications Systems, a Lockheed Martin company. The company’s MicroProfile software enables the carrier to determine when a call is being placed to a number outside the subscriber’s normal calling pattern.

Combined with another product, an intelligent network-based application called Intelligent PIN, the MicroProfile software requires that the caller provide a PIN only for out-of-profile calls. By establishing and maintaining calling profiles of subscribers, out-of-profile call requests can be identified in real time, whereupon PINs can be requested to ensure that only legitimate calls are allowed to be placed.

With this system, unauthorized calls and lost revenues resulting from phone cloning or other illegal means can be reduced significantly. MicroProfile also provides the ability to monitor and analyze call histories to detect patterns of fraud and identify their origins. Since more than 90 percent of mobile calls will be within an established profile and, therefore, will not require routine PIN use, this method of fraud prevention poses little or no inconvenience to users.

Other fraud detection schemes are able to detect when more than one phone with the same personality is attempting to access the system. On detection, the subscriber is requested to enter a PIN prior to all new call attempts until further investigation. There are also fraud detection schemes that can be controlled by subscribers.

For example, the subscriber can enter numbers on a targeted list comprised of 900 numbers or international area codes that require a PIN when dialed. If the PIN entry fails, the subscriber record is marked as fraudulent and requires a PIN for all future calls until further investigation.

Call Pattern Analysis

Cloned phones can be identified with a technology called “call pattern analysis.” When a subscriber’s phone deviates from its normal activity, it trips an alarm at the service provider’s fraud management system. There it is put into a queue, where a fraud analyst ascertains whether the customer has been victimized and then remedies the situation by dropping the connection.

Coral Systems offers an innovative software solution designed to help wireless carriers worldwide to fight the ongoing fraud problem. The company’s FraudBuster system is designed specifically to detect and manage fraud in multiple wireless systems.

Through its support of wireless standards including Advanced Mobile Phone Service (AMPS), Code Division Multiple Access (CDMA), and Global System for Mobile (GSM), FraudBuster targets the most pervasive types of fraud, including cloned phones and subscription fraud. Through the development of personalized customer profiles based on the subscriber’s typical calling patterns, FraudBuster can immediately identify suspicious usage.

After primary detection, a member of the carrier’s fraud investigation team is immediately alerted, supplied with detailed information on the calls in question, and provided with recommended actions to address the alleged fraud.

Data Mining

Another method of fraud detection entails the use of datamining software that examines billing records and picks up patterns that reveal the behavior of cloning fraud. Two major patterns are associated with cloning fraud. One is called the “time overlap pattern,” which means that a phone is involved in two or more independent calls simultaneously.

The other is called the “velocity pattern,” which originates from the assumption that a handset cannot initiate or receive another call from a location far away from its previous call in a short time. If this happens, there is a high probability that a clone phone is being used somewhere.

The cloning information is passed to the service provider’s billing and management system, and countermeasures will be executed to prevent further damages. Cloning history data are also kept in the database and can be queried by service representatives via a wide area network (WAN).

Real-Time Usage Reporting

Several software vendors offer products that provide realtime collection of data from cellular switches that can be used for identifying fraudulent use. Subscriber Computing’s FraudWatch Pro software, for example, provides workable cases of fraud rather than just alarms. With this system, analysts have the ability to select the types of fraud that they work, such as subscription fraud or cloning.

Based on an analysis of call detail records (CDR) received from home switches and roaming CDR data feeds, the system detects fraudulent activities and provides prioritized cases to the analyst for action. The system provides investigative tools that allow the analyst to ascertain whether fraudulent activ

ity has indeed occurred. The cases are continuously prioritized according to fraud certainty factors or the probability of fraud occurring. FraudWatch Pro receives CDR records directly from the switches and from roaming CDR exchanges as quickly as the data become available to the service provider. Profiles are created that contain details about the specific daily activity of a given subscriber.

The subscriber profile contains about 40 single and multidimensional data “buckets” that are updated in real time. Analysts have a Graphical User Interface (GUI) that allows them to query the database to search for a wide range of behavior patterns as well as address queries about specific individuals. The system stores up to 12 months of summary statistics as well as up to 6 months of daily call detail records.

The software also provides support for the investigative analysis of additional dialed digit relationships. This allows the relationships among clones and their dialed digits to be graphically displayed as a means to help build prosecutable cases.