Why Intelligently Designed IRSF Frauds Are So Difficult To Identify

Wangiri (missed call) frauds are a rather blunt type of International Revenue Share Fraud (IRSF), which impact on many customers, and which rightly generate lots of publicity around the world. They are seen by millions daily as they look at their phones. But what about the other types of IRSF which generate much less publicity?

When designing a fraud, the perpetrators know that it pays not to get caught. They are therefore quite willing to invest time and technology in designing their frauds to make them especially challenging for operators to identify. This task can be made even more difficult for those operators who have not yet invested in the necessary detection or prevention controls which should certainly include a database of unallocated international number ranges.

The trend we see today is that the design goal for some of the most successful “non-wangiri” IRSF frauds is often to perpetuate the fraud over a long period of time, often months or even years. This ensures a lucrative and steady income stream for the fraudsters.

To assist our blog readers, here are some key attributes that we’ve observed when studying these ‘hand crafted’ frauds:

  1. IRSF is often targeted towards ‘mid-range’ destinations in terms of Interconnect Cost i.e. between 10 – 30 Euro cents per minute. Calls to expensive destinations which usually see minimal traffic are more obviously identified as fraud and tend to get shut down quite quickly, whilst fraudsters hope calls to lower cost destinations will slip ‘below the radar’
  1. Traffic designed to ‘copy normal human behaviour’ and not stand out to an analyst as ‘obviously fraudulent’.
  1. Call durations designed with a random spread, to mimic non artificial traffic.
  1. IRSF often has an even mix of calls to many different destinations within the number range (often unallocated) being used for the fraud, creating the illusion that many different people are making legitimate calls to the number range.
  1. Traffic has consistent daily patterns of usage. Once volumes of calls and duration patterns have been established, many systems designed to detect fraud seem to de-prioritise the calls as they appear normal.
  1. Fraudsters are not being too ‘greedy’ with one destination and are in it for the longer term. Recently, we have been observing Interconnect cost leakage of between 50 and 300 Euros per day to IRSF unallocated number ranges. The returns add up over time.
  1. Traffic is mostly to FNRM™ unallocated ranges – unscrupulous Interconnect Operators can quietly terminate these calls without generating any complaints fromactual retail customers which might draw unwanted attention to the traffic.
  1. Sometimes, there will be person paid to physically answer the phone and have a pre-rehearsed script explaining why the calls are being made. E.g. legitimate business reasons.

The best tool we can recommend for identifying this ‘Intelligently Designed’ traffic is our Fraud Number Range Management database, FNRM™. You can read more about it on our website at biaas.com