Re: [VoiceOps] Fraud Management
Hi Shaun I have evaluated a solution that is good enough flexible for us, it is based 100% on SIP so it generates alerts pretty fast, almost online, and it has proved to catch irregular traffic which resulted in fraud calls so that we can block immediately; this way this system is better than the CDR based in house developed system we do use to detect irregular traffic. Such new solution is called Redshift from Redshift Networks by the way. Regards Santiago De: VoiceOps [voiceops-boun...@voiceops.org] En nombre de Shaun Gill [shaun.g...@is.co.za] Enviado el: lunes, 02 de febrero de 2015 01:01 a.m. Para: Glen Gerhard; voiceops@voiceops.org Asunto: Re: [VoiceOps] Fraud Management Thank you for the info Glen. We have done a POC on OCFM (Oracle Communications Fraud Monitor; the old FDAP - Fraud Detection and Prevention) that relies on OCOM (Oracle Communications Operations Monitor; old Acme Palladion product) to feed into the OCFM server. We could not get the call correlation on OCOM to work properly without extensive changes to our existing infrastructure. The call correlation issues resulted in bad data fed into the fraud monitor and resulted in false positives. Will have a look at the options below. Regards, Shaun From: Glen Gerhard ggerh...@sansay.commailto:ggerh...@sansay.com Date: Friday 30 January 2015 3:40 PM To: voiceops@voiceops.orgmailto:voiceops@voiceops.org voiceops@voiceops.orgmailto:voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud Management Hi Shaun, most systems work off CDR files (or Radius or Diameter steams) so are proprietary in what products they support (http://oculeus.com is one such system). There are some products that are auto-learning based on SIP monitoring so are device independent. http://tollshield.com is one of them and builds a network profile over several week to understand normal traffic patterns. It can alert on variations of those patterns. These systems requires monitoring ports whereas the CDR approach does not need SPAN ports. Also there is a difference between systems that can alert on fraud on ones that can proactively shut off service to suspect devices. The proactive ones are usually device specific and more expensive and raise the risk of false positives. Regards, ~Glen On 1/29/2015 11:19 PM, Shaun Gill wrote: Hi Brad, Neither - We are not using a product at this stage; using a combination of routing profiles (BSFT) and originating source IPs to block suspect traffic. Regards, Shaun From: Brad Anouar brad.ano...@masergy.commailto:brad.ano...@masergy.com Date: Friday 30 January 2015 3:07 AM To: Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za Cc: Jay Cox j...@appiaservices.commailto:j...@appiaservices.com, voiceops@voiceops.orgmailto:voiceops@voiceops.org voiceops@voiceops.orgmailto:voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud Management Shaun, Have you used the SIP or CDR based product? On Thu, Jan 29, 2015 at 3:26 PM, Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za wrote: Noted – I will be checking this out Jay. From: Jay Cox j...@appiaservices.commailto:j...@appiaservices.com Date: Wednesday 28 January 2015 3:44 PM To: Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za, voiceops@voiceops.orgmailto:voiceops@voiceops.org voiceops@voiceops.orgmailto:voiceops@voiceops.org Subject: RE: [VoiceOps] Fraud Management Shaun: I have used the TransNexus solution for a long time. Jay Cox Mobile 314 910 7242 From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Shaun Gill Sent: Wednesday, January 28, 2015 2:37 AM To: voiceops@voiceops.orgmailto:voiceops@voiceops.org Subject: [VoiceOps] Fraud Management Hi Guys, Trying to get a feel for what fraud systems are out there for VoIP service providers; primarily using terrestrial mediums (such as metroE; diginet) with clients interconnecting via IP PBXs, voice gateways and IP phones. We have had fraud to international premium destinations which we are restricting based on calling profiles and originating source IPs; but neither is truly scalable. Subsequently we are looking for alternatives. Regards, Shaun ___ VoiceOps mailing list VoiceOps@voiceops.orgmailto:VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops -- Brad Anouar Director of Systems Engineering Email brad.ano...@masergy.commailto:brad.ano...@masergy.com Office +1 310 360 2028 [http://www.masergy.com/sites/default/files/Hdr_Masegy_Logo.jpg] www.mhttp://www.masergy.com/asergy.comhttp://www.masergy.com/ ___ VoiceOps mailing list VoiceOps@voiceops.orgmailto:VoiceOps@voiceops.orghttps://puck.nether.net/mailman/listinfo/voiceops AVISO DE CONFIDENCIALIDAD: Este correo electrónico y sus archivos anexos, si los tiene, están destinados sólo para la persona o entidad a la que va dirigida y contiene
Re: [VoiceOps] Fraud Management
Thank you - appreciate all the feedback guys. On 2015/02/02 9:09 PM, Monterrosa Santiago smonterr...@mcmtelecom.com.mx wrote: Hi Shaun I have evaluated a solution that is good enough flexible for us, it is based 100% on SIP so it generates alerts pretty fast, almost online, and it has proved to catch irregular traffic which resulted in fraud calls so that we can block immediately; this way this system is better than the CDR based in house developed system we do use to detect irregular traffic. Such new solution is called Redshift from Redshift Networks by the way. Regards Santiago De: VoiceOps [voiceops-boun...@voiceops.org] En nombre de Shaun Gill [shaun.g...@is.co.za] Enviado el: lunes, 02 de febrero de 2015 01:01 a.m. Para: Glen Gerhard; voiceops@voiceops.org Asunto: Re: [VoiceOps] Fraud Management Thank you for the info Glen. We have done a POC on OCFM (Oracle Communications Fraud Monitor; the old FDAP - Fraud Detection and Prevention) that relies on OCOM (Oracle Communications Operations Monitor; old Acme Palladion product) to feed into the OCFM server. We could not get the call correlation on OCOM to work properly without extensive changes to our existing infrastructure. The call correlation issues resulted in bad data fed into the fraud monitor and resulted in false positives. Will have a look at the options below. Regards, Shaun From: Glen Gerhard ggerh...@sansay.commailto:ggerh...@sansay.com Date: Friday 30 January 2015 3:40 PM To: voiceops@voiceops.orgmailto:voiceops@voiceops.org voiceops@voiceops.orgmailto:voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud Management Hi Shaun, most systems work off CDR files (or Radius or Diameter steams) so are proprietary in what products they support (http://oculeus.com is one such system). There are some products that are auto-learning based on SIP monitoring so are device independent. http://tollshield.com is one of them and builds a network profile over several week to understand normal traffic patterns. It can alert on variations of those patterns. These systems requires monitoring ports whereas the CDR approach does not need SPAN ports. Also there is a difference between systems that can alert on fraud on ones that can proactively shut off service to suspect devices. The proactive ones are usually device specific and more expensive and raise the risk of false positives. Regards, ~Glen On 1/29/2015 11:19 PM, Shaun Gill wrote: Hi Brad, Neither - We are not using a product at this stage; using a combination of routing profiles (BSFT) and originating source IPs to block suspect traffic. Regards, Shaun From: Brad Anouar brad.ano...@masergy.commailto:brad.ano...@masergy.com Date: Friday 30 January 2015 3:07 AM To: Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za Cc: Jay Cox j...@appiaservices.commailto:j...@appiaservices.com, voiceops@voiceops.orgmailto:voiceops@voiceops.org voiceops@voiceops.orgmailto:voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud Management Shaun, Have you used the SIP or CDR based product? On Thu, Jan 29, 2015 at 3:26 PM, Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za wrote: Noted I will be checking this out Jay. From: Jay Cox j...@appiaservices.commailto:j...@appiaservices.com Date: Wednesday 28 January 2015 3:44 PM To: Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za, voiceops@voiceops.orgmailto:voiceops@voiceops.org voiceops@voiceops.orgmailto:voiceops@voiceops.org Subject: RE: [VoiceOps] Fraud Management Shaun: I have used the TransNexus solution for a long time. Jay Cox Mobile 314 910 7242 From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Shaun Gill Sent: Wednesday, January 28, 2015 2:37 AM To: voiceops@voiceops.orgmailto:voiceops@voiceops.org Subject: [VoiceOps] Fraud Management Hi Guys, Trying to get a feel for what fraud systems are out there for VoIP service providers; primarily using terrestrial mediums (such as metroE; diginet) with clients interconnecting via IP PBXs, voice gateways and IP phones. We have had fraud to international premium destinations which we are restricting based on calling profiles and originating source IPs; but neither is truly scalable. Subsequently we are looking for alternatives. Regards, Shaun ___ VoiceOps mailing list VoiceOps@voiceops.orgmailto:VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops -- Brad Anouar Director of Systems Engineering Email brad.ano...@masergy.commailto:brad.ano...@masergy.com Office +1 310 360 2028 [http://www.masergy.com/sites/default/files/Hdr_Masegy_Logo.jpg] www.mhttp://www.masergy.com/asergy.comhttp://www.masergy.com/ ___ VoiceOps mailing list VoiceOps@voiceops.orgmailto:VoiceOps@voiceops.orghttps://puck.nether.net /mailman/listinfo/voiceops AVISO DE CONFIDENCIALIDAD: Este correo electrónico y sus archivos anexos, si
Re: [VoiceOps] Fraud Management
Thank you for the info Glen. We have done a POC on OCFM (Oracle Communications Fraud Monitor; the old FDAP - Fraud Detection and Prevention) that relies on OCOM (Oracle Communications Operations Monitor; old Acme Palladion product) to feed into the OCFM server. We could not get the call correlation on OCOM to work properly without extensive changes to our existing infrastructure. The call correlation issues resulted in bad data fed into the fraud monitor and resulted in false positives. Will have a look at the options below. Regards, Shaun From: Glen Gerhard ggerh...@sansay.commailto:ggerh...@sansay.com Date: Friday 30 January 2015 3:40 PM To: voiceops@voiceops.orgmailto:voiceops@voiceops.org voiceops@voiceops.orgmailto:voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud Management Hi Shaun, most systems work off CDR files (or Radius or Diameter steams) so are proprietary in what products they support (http://oculeus.com is one such system). There are some products that are auto-learning based on SIP monitoring so are device independent. http://tollshield.com is one of them and builds a network profile over several week to understand normal traffic patterns. It can alert on variations of those patterns. These systems requires monitoring ports whereas the CDR approach does not need SPAN ports. Also there is a difference between systems that can alert on fraud on ones that can proactively shut off service to suspect devices. The proactive ones are usually device specific and more expensive and raise the risk of false positives. Regards, ~Glen On 1/29/2015 11:19 PM, Shaun Gill wrote: Hi Brad, Neither - We are not using a product at this stage; using a combination of routing profiles (BSFT) and originating source IPs to block suspect traffic. Regards, Shaun From: Brad Anouar brad.ano...@masergy.commailto:brad.ano...@masergy.com Date: Friday 30 January 2015 3:07 AM To: Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za Cc: Jay Cox j...@appiaservices.commailto:j...@appiaservices.com, voiceops@voiceops.orgmailto:voiceops@voiceops.org voiceops@voiceops.orgmailto:voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud Management Shaun, Have you used the SIP or CDR based product? On Thu, Jan 29, 2015 at 3:26 PM, Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za wrote: Noted – I will be checking this out Jay. From: Jay Cox j...@appiaservices.commailto:j...@appiaservices.com Date: Wednesday 28 January 2015 3:44 PM To: Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za, voiceops@voiceops.orgmailto:voiceops@voiceops.org voiceops@voiceops.orgmailto:voiceops@voiceops.org Subject: RE: [VoiceOps] Fraud Management Shaun: I have used the TransNexus solution for a long time. Jay Cox Mobile 314 910 7242tel:314%20910%207242 From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Shaun Gill Sent: Wednesday, January 28, 2015 2:37 AM To: voiceops@voiceops.orgmailto:voiceops@voiceops.org Subject: [VoiceOps] Fraud Management Hi Guys, Trying to get a feel for what fraud systems are out there for VoIP service providers; primarily using terrestrial mediums (such as metroE; diginet) with clients interconnecting via IP PBXs, voice gateways and IP phones. We have had fraud to international premium destinations which we are restricting based on calling profiles and originating source IPs; but neither is truly scalable. Subsequently we are looking for alternatives. Regards, Shaun ___ VoiceOps mailing list VoiceOps@voiceops.orgmailto:VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops -- Brad Anouar Director of Systems Engineering Email brad.ano...@masergy.commailto:brad.ano...@masergy.com Office +1 310 360 2028 [http://www.masergy.com/sites/default/files/Hdr_Masegy_Logo.jpg] www.mhttp://www.masergy.com/asergy.comhttp://www.masergy.com/ ___ VoiceOps mailing list VoiceOps@voiceops.orgmailto:VoiceOps@voiceops.orghttps://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud Management
Hi Shaun, most systems work off CDR files (or Radius or Diameter steams) so are proprietary in what products they support (http://oculeus.com is one such system). There are some products that are auto-learning based on SIP monitoring so are device independent. http://tollshield.com is one of them and builds a network profile over several week to understand "normal" traffic patterns. It can alert on variations of those patterns. These systems requires monitoring ports whereas the CDR approach does not need SPAN ports. Also there is a difference between systems that can alert on fraud on ones that can proactively shut off service to suspect devices. The proactive ones are usually device specific and more expensive and raise the risk of false positives. Regards, ~Glen On 1/29/2015 11:19 PM, Shaun Gill wrote: Hi Brad, Neither - We are not using a product at this stage; using a combination of routing profiles (BSFT) and originating source IPs to block suspect traffic. Regards, Shaun From: Brad Anouar brad.ano...@masergy.com Date: Friday 30 January 2015 3:07 AM To: Shaun Gill shaun.g...@is.co.za Cc: Jay Cox j...@appiaservices.com, "voiceops@voiceops.org" voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud Management Shaun, Have you used the SIP or CDR based product? On Thu, Jan 29, 2015 at 3:26 PM, Shaun Gill shaun.g...@is.co.za wrote: Noted – I will be checking this out Jay. From: Jay Cox j...@appiaservices.com Date: Wednesday 28 January 2015 3:44 PM To: Shaun Gill shaun.g...@is.co.za, "voiceops@voiceops.org" voiceops@voiceops.org Subject: RE: [VoiceOps] Fraud Management Shaun: I have used the TransNexus solution for a long time. Jay Cox Mobile 314 910 7242 From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Shaun Gill Sent: Wednesday, January 28, 2015 2:37 AM To: voiceops@voiceops.org Subject: [VoiceOps] Fraud Management Hi Guys, Trying to get a feel for what fraud systems are out there for VoIP service providers; primarily using terrestrial mediums (such as metroE; diginet) with clients interconnecting via IP PBXs, voice gateways and IP phones. We have had fraud to inte
Re: [VoiceOps] Fraud Management
Thanx Alex; will also check this out. Regards, Shaun From: Alexander Hardie ahar...@bellsouth.netmailto:ahar...@bellsouth.net Reply-To: Alexander Hardie ahar...@bellsouth.netmailto:ahar...@bellsouth.net Date: Wednesday 28 January 2015 1:38 PM To: jim.dal...@transnexus.commailto:jim.dal...@transnexus.com jim.dal...@transnexus.commailto:jim.dal...@transnexus.com, Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za, voiceops@voiceops.orgmailto:voiceops@voiceops.org voiceops@voiceops.orgmailto:voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud Management Have you tried PinDrop Security - http://www.pindropsecurity.com/ They have a purpose built solution around calling line ID fraud. They are enterprise centric - but the solution is very portable. Alex Hardie On Wednesday, January 28, 2015 4:53 AM, Jim Dalton jim.dal...@transnexus.commailto:jim.dal...@transnexus.com wrote: Hello Shaun, TransNexus offers a fraud detection solution, NexOSS-FC, to complement your Session Border Controller (SBC) and block fraudulent calls at the ingress edge of your network. NexOSS-FC is a SIP redirect server. You configure your SBC to route every call to NexOSS-FC. If no fraud is detected, NexOSS-FC returns a 404 and your SBC routes the call to the next destination in its routing table. If fraud is detected, NexOSS-FC returns a 603 and the SBC blocks the call. If you want to divert fraudulent calls, NexOSS-FC can return a 300 redirect message with the destination to where the SBC should divert the call. The SIP Analytics of NexOSS-FC is better fraud protection than conventional CDR Analytics because it obtains the call information sooner and because SIP INVITES have call details for fraud detection that are not available in Call Detail Records. The solution is simple and effective. Please contact me offline if you want to evaluate the software. More information is available at http://transnexus.com/products/nexoss-fc/ Jim Dalton TransNexus From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Shaun Gill Sent: Wednesday, January 28, 2015 3:37 AM To: voiceops@voiceops.orgmailto:voiceops@voiceops.org Subject: [VoiceOps] Fraud Management Hi Guys, Trying to get a feel for what fraud systems are out there for VoIP service providers; primarily using terrestrial mediums (such as metroE; diginet) with clients interconnecting via IP PBXs, voice gateways and IP phones. We have had fraud to international premium destinations which we are restricting based on calling profiles and originating source IPs; but neither is truly scalable. Subsequently we are looking for alternatives. Regards, Shaun ___ VoiceOps mailing list VoiceOps@voiceops.orgmailto:VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud Management
Shaun, Have you used the SIP or CDR based product? On Thu, Jan 29, 2015 at 3:26 PM, Shaun Gill shaun.g...@is.co.za wrote: Noted – I will be checking this out Jay. From: Jay Cox j...@appiaservices.com Date: Wednesday 28 January 2015 3:44 PM To: Shaun Gill shaun.g...@is.co.za, voiceops@voiceops.org voiceops@voiceops.org Subject: RE: [VoiceOps] Fraud Management Shaun: I have used the TransNexus solution for a long time. Jay Cox Mobile 314 910 7242 *From:* VoiceOps [mailto:voiceops-boun...@voiceops.org voiceops-boun...@voiceops.org] *On Behalf Of *Shaun Gill *Sent:* Wednesday, January 28, 2015 2:37 AM *To:* voiceops@voiceops.org *Subject:* [VoiceOps] Fraud Management Hi Guys, Trying to get a feel for what fraud systems are out there for VoIP service providers; primarily using terrestrial mediums (such as metroE; diginet) with clients interconnecting via IP PBXs, voice gateways and IP phones. We have had fraud to international premium destinations which we are restricting based on calling profiles and originating source IPs; but neither is truly scalable. Subsequently we are looking for alternatives. Regards, Shaun ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops -- *Brad AnouarDirector of Systems Engineering* *Email **brad.ano...@masergy.com brad.ano...@masergy.com* *Office *+1 310 360 2028 *www.m http://www.masergy.com/**asergy.com http://www.masergy.com/* ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud Management
We've been using CSRP from http://evaristesys.com/ for quite some time. We had a fair amount of fraud before and $15 since. dw On Wed, Jan 28, 2015 at 3:36 AM, Shaun Gill shaun.g...@is.co.za wrote: Hi Guys, Trying to get a feel for what fraud systems are out there for VoIP service providers; primarily using terrestrial mediums (such as metroE; diginet) with clients interconnecting via IP PBXs, voice gateways and IP phones. We have had fraud to international premium destinations which we are restricting based on calling profiles and originating source IPs; but neither is truly scalable. Subsequently we are looking for alternatives. Regards, Shaun ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops -- [image: Ringfree Communications, Inc] http://ringfree.biz/ David Wessell / President 828-575-0030 x101/ da...@ringfree.biz Ringfree Communications, Inc Office: 828-575-0030 / Fax: 888-243-7830 PO BOX 1994 Hendersonville, NC 28793 http://ringfree.biz This e-mail message may contain confidential or legally privileged information and is intended only for the use of the intended recipient(s). Any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is prohibited. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, or contain viruses. Anyone who communicates with us by e-mail is deemed to have accepted these risks. Company Name is not responsible for errors or omissions in this message and denies any responsibility for any damage arising from the use of e-mail. Any opinion and other statement contained in this message and any attachment are solely those of the author and do not necessarily represent those of the company. ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud Management
Hi Brad, Neither - We are not using a product at this stage; using a combination of routing profiles (BSFT) and originating source IPs to block suspect traffic. Regards, Shaun From: Brad Anouar brad.ano...@masergy.commailto:brad.ano...@masergy.com Date: Friday 30 January 2015 3:07 AM To: Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za Cc: Jay Cox j...@appiaservices.commailto:j...@appiaservices.com, voiceops@voiceops.orgmailto:voiceops@voiceops.org voiceops@voiceops.orgmailto:voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud Management Shaun, Have you used the SIP or CDR based product? On Thu, Jan 29, 2015 at 3:26 PM, Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za wrote: Noted – I will be checking this out Jay. From: Jay Cox j...@appiaservices.commailto:j...@appiaservices.com Date: Wednesday 28 January 2015 3:44 PM To: Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za, voiceops@voiceops.orgmailto:voiceops@voiceops.org voiceops@voiceops.orgmailto:voiceops@voiceops.org Subject: RE: [VoiceOps] Fraud Management Shaun: I have used the TransNexus solution for a long time. Jay Cox Mobile 314 910 7242tel:314%20910%207242 From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Shaun Gill Sent: Wednesday, January 28, 2015 2:37 AM To: voiceops@voiceops.orgmailto:voiceops@voiceops.org Subject: [VoiceOps] Fraud Management Hi Guys, Trying to get a feel for what fraud systems are out there for VoIP service providers; primarily using terrestrial mediums (such as metroE; diginet) with clients interconnecting via IP PBXs, voice gateways and IP phones. We have had fraud to international premium destinations which we are restricting based on calling profiles and originating source IPs; but neither is truly scalable. Subsequently we are looking for alternatives. Regards, Shaun ___ VoiceOps mailing list VoiceOps@voiceops.orgmailto:VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops -- Brad Anouar Director of Systems Engineering Email brad.ano...@masergy.commailto:brad.ano...@masergy.com Office +1 310 360 2028 [http://www.masergy.com/sites/default/files/Hdr_Masegy_Logo.jpg] www.mhttp://www.masergy.com/asergy.comhttp://www.masergy.com/ ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud Management
Shaun: I have used the TransNexus solution for a long time. Jay Cox Mobile 314 910 7242 From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Shaun Gill Sent: Wednesday, January 28, 2015 2:37 AM To: voiceops@voiceops.org Subject: [VoiceOps] Fraud Management Hi Guys, Trying to get a feel for what fraud systems are out there for VoIP service providers; primarily using terrestrial mediums (such as metroE; diginet) with clients interconnecting via IP PBXs, voice gateways and IP phones. We have had fraud to international premium destinations which we are restricting based on calling profiles and originating source IPs; but neither is truly scalable. Subsequently we are looking for alternatives. Regards, Shaun ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud Management
Hello Shaun, TransNexus offers a fraud detection solution, NexOSS-FC, to complement your Session Border Controller (SBC) and block fraudulent calls at the ingress edge of your network. NexOSS-FC is a SIP redirect server. You configure your SBC to route every call to NexOSS-FC. If no fraud is detected, NexOSS-FC returns a 404 and your SBC routes the call to the next destination in its routing table. If fraud is detected, NexOSS-FC returns a 603 and the SBC blocks the call. If you want to divert fraudulent calls, NexOSS-FC can return a 300 redirect message with the destination to where the SBC should divert the call. The SIP Analytics of NexOSS-FC is better fraud protection than conventional CDR Analytics because it obtains the call information sooner and because SIP INVITES have call details for fraud detection that are not available in Call Detail Records. The solution is simple and effective. Please contact me offline if you want to evaluate the software. More information is available at http://transnexus.com/products/nexoss-fc/ Jim Dalton TransNexus From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Shaun Gill Sent: Wednesday, January 28, 2015 3:37 AM To: voiceops@voiceops.org Subject: [VoiceOps] Fraud Management Hi Guys, Trying to get a feel for what fraud systems are out there for VoIP service providers; primarily using terrestrial mediums (such as metroE; diginet) with clients interconnecting via IP PBXs, voice gateways and IP phones. We have had fraud to international premium destinations which we are restricting based on calling profiles and originating source IPs; but neither is truly scalable. Subsequently we are looking for alternatives. Regards, Shaun ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud Management
Have you tried PinDrop Security - http://www.pindropsecurity.com/ They have a purpose built solution around calling line ID fraud. They are enterprise centric - but the solution is very portable. Alex Hardie On Wednesday, January 28, 2015 4:53 AM, Jim Dalton jim.dal...@transnexus.com wrote: Hello Shaun, TransNexus offers a fraud detection solution, NexOSS-FC, to complement your Session Border Controller (SBC) and block fraudulent calls at the ingress edge of your network. NexOSS-FC is a SIP redirect server. You configure your SBC to route every call to NexOSS-FC. If no fraud is detected, NexOSS-FC returns a 404 and your SBC routes the call to the next destination in its routing table. If fraud is detected, NexOSS-FC returns a 603 and the SBC blocks the call. If you want to divert fraudulent calls, NexOSS-FC can return a 300 redirect message with the destination to where the SBC should divert the call. The SIP Analytics of NexOSS-FC is better fraud protection than conventional CDR Analytics because it obtains the call information sooner and because SIP INVITES have call details for fraud detection that are not available in Call Detail Records. The solution is simple and effective. Please contact me offline if you want to evaluate the software. More information is available at http://transnexus.com/products/nexoss-fc/ Jim Dalton TransNexus From:VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Shaun Gill Sent: Wednesday, January 28, 2015 3:37 AM To: voiceops@voiceops.org Subject: [VoiceOps] Fraud Management Hi Guys, Trying to get a feel for what fraud systems are out there for VoIP service providers; primarily using terrestrial mediums (such as metroE; diginet) with clients interconnecting via IP PBXs, voice gateways and IP phones. We have had fraud to international premium destinations which we are restricting based on calling profiles and originating source IPs; but neither is truly scalable. Subsequently we are looking for alternatives. Regards, Shaun ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud
Hi Alex, good approach. one comment though: low-grade fraud traffic to audio text destinations will go undetected, and over time, it can accumulate more fraud loses than those who try to burst, get caught, and shut down immediately. thanks, dd. On Mon, Feb 24, 2014 at 4:41 PM, Alex Balashov abalas...@evaristesys.comwrote: I've said it before and I'll say it again: We stopped 95-98% of the losses on this sort of thing for a large customer who was losing thousands of dollars per day on it, by implementing the following approach: Every trunk group gets a 'high-cost channel limit', which is the X number of simultaneous calls that they are allowed to make to destinations that cost over $Y/min. The limit was typically something like $0.10, so as to exclude domestic US traffic, but certainly catch Somalia and Globalstar. Both X and Y are configurable on a per-trunk group basis, so customers who have a legitimate need for 50 concurrent calls to Dakar can do that. For most typical domestic users, the limit was set to something like $0.10 and 2 channels. When this limit was tripped, typically due to a compromised PBX with some extension password of 1234, the following things happen: (1) All existing calls are terminated; (2) An alert e-mail is sent out to the customer and to the NOC; (3) Customer is downgraded to a termination rate plan that only allows for domestic calling. That way, they're not totally cut off from calling and, in all but the most unusual scenarios, not exceptionally angry. There is no reason to cut them off entirely. That's a false dichotomy. Downgrade them to a restricted calling plan. The thinking was that (a) there's only so much exposure that two simultaneous calls to rural Chad can create; (2) almost any typical attack pattern relies on lighting up as many calls as possible in the shortest period of time, since they know they'll get cut off soon. So, almost any exploit is going to trip the wire, and do so quickly. These assumptions proved correct, and the losses virtually disappeared. Today, this fraud protection feature is integrated into the trunking platform that we sell. In our experience, it works very well. -- Alex Balashov - Principal Evariste Systems LLC 235 E Ponce de Leon Ave Suite 106 Decatur, GA 30030 United States Tel: +1-678-954-0670 Web: http://www.evaristesys.com/, http://www.alexbalashov.com/ ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud
I'm pretty sure it would ruffle some feathers around here if I sent that list out into the public domain. I can tell you that we basically go thought the rate deck and filter anyone that's above X amount per minute and then throw in countries where customer's hacked PBX's send calls to. It's not the most scientific method but it's the most complaint free method. Richey From: John Curry [mailto:telec...@gmail.com] Sent: Monday, February 24, 2014 4:21 PM To: 'My List Account'; voiceops@voiceops.org Subject: RE: [VoiceOps] Fraud Would you mind sharing your hi toll rate destination dial plan? From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of My List Account Sent: Monday, February 24, 2014 1:48 PM To: voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud Maybe I am missing something here but why does the carrier that delivers the fraudulent traffic to the Telco that's in on the fraud pay the Telco that's in on the fraud for the calls that are delivered to their network? Seems pretty simple, if you cut off their revenue stream they won't have a reason to continue. I guess we all know there is no incentive for them to stop this practice because it's a big cash cow for everyone except for the poor end user who is left holding the bag. Our default dial plan won't let you dial these destinations so we don't have a real issue with this abusive traffic. Most of our customers who use international go with one of our filtered dial plans that let them dial most of the world except for known fraudulent and high toll rate destinations. Richey From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Ryan Delgrosso Sent: Saturday, February 22, 2014 11:48 AM To: voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud In most cases you will lose this customer. They don't see this as their responsibility (i.e. the credit card fraud defense) but the reality is their equipment was compromised due to their negligence. If the customer is reasonable offer them your cost on the damages so its just a passthrough. Otherwise you can take them to court or just send them to collections. BTW while many will advocate fraud detection and mitigation systems here, its been my experience (we wrote our own fraud system that out-performs our upstream carriers by hours) that if you detect fraud on a customer like this, and shut it down in minutes, and mitigate what could have been thousands of dollars in damage due to their mis-configured systems, reducing it to just tens or hundreds they will often still fight that amount and deny responsibility. The fraud system protects you, and by extension the customer, but the customers don't see it that way. -Ryan On 02/19/2014 02:09 PM, John Curry wrote: I am new to your site. I was looking in the Archives and saw in November 2013 there were some of you who experienced fraud. We had a an Avaya IP Office customers system who got hit pretty bad. The customer is treating the fraudulent calls like credit card fraud and not taking any responsibility. Does anyone have any advice on how to persuade the customer take this issue seriously? His bill was racked up pretty good. Strangely and coincidentally Avaya came out with a security bulletin the end of December 2013 on this same issue. I tried to contact Avaya with no response. It seems as though someone has built a sniffer for the Avaya IP Offices and gleaning their registrations. ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud
We do something similar in our environment. We have a per-tn blacklist that starts with all country codes except about 20 of them in it. If a customer calls to complain (I think one of them did this so far out of thousands), we remove a specific country from the list (or all of them). Combined with a system that completely restricts international calling based on the customer's rolling 24 hour cost to us for international calls (we basically rate the calls every few minutes at the rates we're billed for them, and if you use over X amount at our cost over 24 hours, you get your international service shut off until we call you. The system sends a report to the account manager team and NOC and shuts them off instantly, and then the account managers work with the NOC to contact the customer offering technical assistance, and the account managers work with them on the financial side. This strategy nearly eliminates losses on our side, because the account team knows what that traffic cost us, the NOC helps prevent the customer from further fraud by giving them advice or helping them, and the customer has to pay us maybe $100. -Paul On Tue, 02/25/2014 09:34 AM, My List Account myli...@battleop.com wrote: I’m pretty sure it would ruffle some feathers around here if I sent that list out into the public domain. I can tell you that we basically go thought the rate deck and filter anyone that’s above X amount per minute and then throw in countries where customer’s hacked PBX’s send calls to. It’s not the most scientific method but it’s the most complaint free method. Richey From: John Curry [mailto:telec...@gmail.com] Sent: Monday, February 24, 2014 4:21 PM To: 'My List Account'; voiceops@voiceops.org Subject: RE: [VoiceOps] Fraud Would you mind sharing your hi toll rate destination dial plan? From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of My List Account Sent: Monday, February 24, 2014 1:48 PM To: voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud Maybe I am missing something here but why does the carrier that delivers the fraudulent traffic to the Telco that’s in on the fraud pay the Telco that’s in on the fraud for the calls that are delivered to their network? Seems pretty simple, if you cut off their revenue stream they won’t have a reason to continue. I guess we all know there is no incentive for them to stop this practice because it’s a big cash cow for everyone except for the poor end user who is left holding the bag. Our default dial plan won’t let you dial these destinations so we don’t have a real issue with this abusive traffic. Most of our customers who use international go with one of our filtered dial plans that let them dial most of the world except for known fraudulent and high toll rate destinations. Richey From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Ryan Delgrosso Sent: Saturday, February 22, 2014 11:48 AM To: voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud In most cases you will lose this customer. They don't see this as their responsibility (i.e. the credit card fraud defense) but the reality is their equipment was compromised due to their negligence. If the customer is reasonable offer them your cost on the damages so its just a passthrough. Otherwise you can take them to court or just send them to collections. BTW while many will advocate fraud detection and mitigation systems here, its been my experience (we wrote our own fraud system that out-performs our upstream carriers by hours) that if you detect fraud on a customer like this, and shut it down in minutes, and mitigate what could have been thousands of dollars in damage due to their mis-configured systems, reducing it to just tens or hundreds they will often still fight that amount and deny responsibility. The fraud system protects you, and by extension the customer, but the customers don't see it that way. -Ryan On 02/19/2014 02:09 PM, John Curry wrote: I am new to your site. I was looking in the Archives and saw in November 2013 there were some of you who experienced fraud. We had a an Avaya IP Office customers system who got hit pretty bad. The customer is treating the fraudulent calls like credit card fraud and not taking any responsibility. Does anyone have any advice on how to persuade the customer take this issue seriously? His bill was racked up pretty good. Strangely and coincidentally Avaya came out with a security bulletin the end of December 2013 on this same issue. I tried to contact Avaya with no response. It seems as though someone has built a sniffer for the Avaya IP Offices and gleaning their registrations. ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps
Re: [VoiceOps] Fraud
On Mon, 24 Feb 2014, My List Account wrote: Maybe I am missing something here but why does the carrier that delivers the fraudulent traffic to the Telco that?s in on the fraud pay the Telco that?s in on the fraud for the calls that are delivered to their network? Seems pretty simple, if you cut off their revenue stream they won?t have a reason to continue. I would also like to add into this question: I realize it can be very difficult to track down the hacker generating these SIP calls from stolen credentials because they can hide behind TOR or other proxies... (Somehow I doubt they all do. Some are probably terribly stupid and doing it from their home internet conncetion). But where the calls are going can be tracked right to the switch that has the CDN on it. Thus you have the owners of the numbers nailed down as well as the telephone company providing the service. Why are they not grilled as to why hackers are generating calls to their numbers and if determined to be part of the fraud arrested and taken to court? Is it because these telephone companies are in countries where corruption is rampant and they are greasing the right palms to stay out of trouble? matt I guess we all know there is no incentive for them to stop this practice because it?s a big cash cow for everyone except for the poor end user who is left holding the bag. Our default dial plan won?t let you dial these destinations so we don?t have a real issue with this abusive traffic. Most of our customers who use international go with one of our filtered dial plans that let them dial most of the world except for known fraudulent and high toll rate destinations. Richey From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Ryan Delgrosso Sent: Saturday, February 22, 2014 11:48 AM To: voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud In most cases you will lose this customer. They don't see this as their responsibility (i.e. the credit card fraud defense) but the reality is their equipment was compromised due to their negligence. If the customer is reasonable offer them your cost on the damages so its just a passthrough. Otherwise you can take them to court or just send them to collections. BTW while many will advocate fraud detection and mitigation systems here, its been my experience (we wrote our own fraud system that out-performs our upstream carriers by hours) that if you detect fraud on a customer like this, and shut it down in minutes, and mitigate what could have been thousands of dollars in damage due to their mis-configured systems, reducing it to just tens or hundreds they will often still fight that amount and deny responsibility. The fraud system protects you, and by extension the customer, but the customers don't see it that way. -Ryan On 02/19/2014 02:09 PM, John Curry wrote: I am new to your site. I was looking in the Archives and saw in November 2013 there were some of you who experienced fraud. We had a an Avaya IP Office customers system who got hit pretty bad. The customer is treating the fraudulent calls like credit card fraud and not taking any responsibility. Does anyone have any advice on how to persuade the customer take this issue seriously? His bill was racked up pretty good. Strangely and coincidentally Avaya came out with a security bulletin the end of December 2013 on this same issue. I tried to contact Avaya with no response. It seems as though someone has built a sniffer for the Avaya IP Offices and gleaning their registrations. ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud
That is what our experience has been. The call origination IP is in countries that the Abuse email isn't even monitored. We have had reports to FBI, our upstream carriers, but no luck getting anywhere with these investigations. -Original Message- From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Matt Yaklin Sent: Monday, February 24, 2014 12:31 PM To: My List Account Cc: voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud On Mon, 24 Feb 2014, My List Account wrote: Maybe I am missing something here but why does the carrier that delivers the fraudulent traffic to the Telco that?s in on the fraud pay the Telco that?s in on the fraud for the calls that are delivered to their network? Seems pretty simple, if you cut off their revenue stream they won?t have a reason to continue. I would also like to add into this question: I realize it can be very difficult to track down the hacker generating these SIP calls from stolen credentials because they can hide behind TOR or other proxies... (Somehow I doubt they all do. Some are probably terribly stupid and doing it from their home internet conncetion). But where the calls are going can be tracked right to the switch that has the CDN on it. Thus you have the owners of the numbers nailed down as well as the telephone company providing the service. Why are they not grilled as to why hackers are generating calls to their numbers and if determined to be part of the fraud arrested and taken to court? Is it because these telephone companies are in countries where corruption is rampant and they are greasing the right palms to stay out of trouble? matt I guess we all know there is no incentive for them to stop this practice because it?s a big cash cow for everyone except for the poor end user who is left holding the bag. Our default dial plan won?t let you dial these destinations so we don?t have a real issue with this abusive traffic. Most of our customers who use international go with one of our filtered dial plans that let them dial most of the world except for known fraudulent and high toll rate destinations. Richey From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Ryan Delgrosso Sent: Saturday, February 22, 2014 11:48 AM To: voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud In most cases you will lose this customer. They don't see this as their responsibility (i.e. the credit card fraud defense) but the reality is their equipment was compromised due to their negligence. If the customer is reasonable offer them your cost on the damages so its just a passthrough. Otherwise you can take them to court or just send them to collections. BTW while many will advocate fraud detection and mitigation systems here, its been my experience (we wrote our own fraud system that out-performs our upstream carriers by hours) that if you detect fraud on a customer like this, and shut it down in minutes, and mitigate what could have been thousands of dollars in damage due to their mis-configured systems, reducing it to just tens or hundreds they will often still fight that amount and deny responsibility. The fraud system protects you, and by extension the customer, but the customers don't see it that way. -Ryan On 02/19/2014 02:09 PM, John Curry wrote: I am new to your site. I was looking in the Archives and saw in November 2013 there were some of you who experienced fraud. We had a an Avaya IP Office customers system who got hit pretty bad. The customer is treating the fraudulent calls like credit card fraud and not taking any responsibility. Does anyone have any advice on how to persuade the customer take this issue seriously? His bill was racked up pretty good. Strangely and coincidentally Avaya came out with a security bulletin the end of December 2013 on this same issue. I tried to contact Avaya with no response. It seems as though someone has built a sniffer for the Avaya IP Offices and gleaning their registrations. ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud
Most of the countries that are generating the fraud are so corrupt that the only way you'll see justice is by sending in a team of Navy Seals. David Thompson Network Services Support Technician (O) 858.357.8794 (F) 858-225-1882 (E) dthomp...@esi-estech.com (W) www.esi-estech.com -Original Message- From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Matt Yaklin Sent: Monday, February 24, 2014 1:31 PM To: My List Account Cc: voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud On Mon, 24 Feb 2014, My List Account wrote: Maybe I am missing something here but why does the carrier that delivers the fraudulent traffic to the Telco that?s in on the fraud pay the Telco that?s in on the fraud for the calls that are delivered to their network? Seems pretty simple, if you cut off their revenue stream they won?t have a reason to continue. I would also like to add into this question: I realize it can be very difficult to track down the hacker generating these SIP calls from stolen credentials because they can hide behind TOR or other proxies... (Somehow I doubt they all do. Some are probably terribly stupid and doing it from their home internet conncetion). But where the calls are going can be tracked right to the switch that has the CDN on it. Thus you have the owners of the numbers nailed down as well as the telephone company providing the service. Why are they not grilled as to why hackers are generating calls to their numbers and if determined to be part of the fraud arrested and taken to court? Is it because these telephone companies are in countries where corruption is rampant and they are greasing the right palms to stay out of trouble? matt I guess we all know there is no incentive for them to stop this practice because it?s a big cash cow for everyone except for the poor end user who is left holding the bag. Our default dial plan won?t let you dial these destinations so we don?t have a real issue with this abusive traffic. Most of our customers who use international go with one of our filtered dial plans that let them dial most of the world except for known fraudulent and high toll rate destinations. Richey From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Ryan Delgrosso Sent: Saturday, February 22, 2014 11:48 AM To: voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud In most cases you will lose this customer. They don't see this as their responsibility (i.e. the credit card fraud defense) but the reality is their equipment was compromised due to their negligence. If the customer is reasonable offer them your cost on the damages so its just a passthrough. Otherwise you can take them to court or just send them to collections. BTW while many will advocate fraud detection and mitigation systems here, its been my experience (we wrote our own fraud system that out-performs our upstream carriers by hours) that if you detect fraud on a customer like this, and shut it down in minutes, and mitigate what could have been thousands of dollars in damage due to their mis-configured systems, reducing it to just tens or hundreds they will often still fight that amount and deny responsibility. The fraud system protects you, and by extension the customer, but the customers don't see it that way. -Ryan On 02/19/2014 02:09 PM, John Curry wrote: I am new to your site. I was looking in the Archives and saw in November 2013 there were some of you who experienced fraud. We had a an Avaya IP Office customers system who got hit pretty bad. The customer is treating the fraudulent calls like credit card fraud and not taking any responsibility. Does anyone have any advice on how to persuade the customer take this issue seriously? His bill was racked up pretty good. Strangely and coincidentally Avaya came out with a security bulletin the end of December 2013 on this same issue. I tried to contact Avaya with no response. It seems as though someone has built a sniffer for the Avaya IP Offices and gleaning their registrations. ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud
On 2/24/14 10:48 AM, My List Account wrote: Maybe I am missing something here but why does the carrier that delivers the fraudulent traffic to the Telco that’s in on the fraud pay the Telco that’s in on the fraud for the calls that are delivered to their network? Seems pretty simple, if you cut off their revenue stream they won’t have a reason to continue. The telco that terminates the high rate calls is making money on them, the carrier that is next-in-line makes money, and there are sufficient non-fraudulent calls to that carrier that refusing to complete the calls isn't possible without impacting legitimate service. This is similar to the 900/976 arrangement in the US a few years back. Assume that the fraudulent information service gets paid the equivalent of 50 US cents per minute. The national telco which may or may not be in on the deal gets another 50 cents. Big international rate deck for million-minute delivery might be $1.25 and you might pay $1.50 and bill your customers $2.00. Your customer's PBX gets owned, and racks up 5000 minutes for a bill of $10K. Everyone upstream wants their bite of the apple, none of them is responsible for making the calls, or at least can't be proven to be. If you're a really nice guy and knock the bill down to the $7500 that it costs you, your customer still thinks you're the bad guy. I guess we all know there is no incentive for them to stop this practice because it’s a big cash cow for everyone except for the poor end user who is left holding the bag. Precisely, but it's the end user who left the barn door open. Nobody in the revenue stream forced your customer to enable offsite international forwarding and set the DTMF voice portal password to 1234. Our default dial plan won’t let you dial these destinations so we don’t have a real issue with this abusive traffic. Most of our customers who use international go with one of our filtered dial plans that let them dial most of the world except for known fraudulent and high toll rate destinations. And/or require verified auth codes and disable offsite forwarding, rate limit, put in monitoring and alerting/shutdown, and spend a lot of time, effort, and money protecting your customers from themselves. But, just as ISP customers want the whole Internet without filtering, most voice customers don't want The Phone Company telling them where they're allowed to call. Until they get the bill. Then they care. And if you do put in an alerting system, there's this dilemma: My pager just went of at 4:00 AM Sunday morning - do I call the CEO of my biggest customer and ask if they are deliberately placing 50 simultaneous calls to Somalia, shut the trunk down, or just send them the bill and hope they pay it? -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud
Would you mind sharing your hi toll rate destination dial plan? From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of My List Account Sent: Monday, February 24, 2014 1:48 PM To: voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud Maybe I am missing something here but why does the carrier that delivers the fraudulent traffic to the Telco that's in on the fraud pay the Telco that's in on the fraud for the calls that are delivered to their network? Seems pretty simple, if you cut off their revenue stream they won't have a reason to continue. I guess we all know there is no incentive for them to stop this practice because it's a big cash cow for everyone except for the poor end user who is left holding the bag. Our default dial plan won't let you dial these destinations so we don't have a real issue with this abusive traffic. Most of our customers who use international go with one of our filtered dial plans that let them dial most of the world except for known fraudulent and high toll rate destinations. Richey From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Ryan Delgrosso Sent: Saturday, February 22, 2014 11:48 AM To: voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud In most cases you will lose this customer. They don't see this as their responsibility (i.e. the credit card fraud defense) but the reality is their equipment was compromised due to their negligence. If the customer is reasonable offer them your cost on the damages so its just a passthrough. Otherwise you can take them to court or just send them to collections. BTW while many will advocate fraud detection and mitigation systems here, its been my experience (we wrote our own fraud system that out-performs our upstream carriers by hours) that if you detect fraud on a customer like this, and shut it down in minutes, and mitigate what could have been thousands of dollars in damage due to their mis-configured systems, reducing it to just tens or hundreds they will often still fight that amount and deny responsibility. The fraud system protects you, and by extension the customer, but the customers don't see it that way. -Ryan On 02/19/2014 02:09 PM, John Curry wrote: I am new to your site. I was looking in the Archives and saw in November 2013 there were some of you who experienced fraud. We had a an Avaya IP Office customers system who got hit pretty bad. The customer is treating the fraudulent calls like credit card fraud and not taking any responsibility. Does anyone have any advice on how to persuade the customer take this issue seriously? His bill was racked up pretty good. Strangely and coincidentally Avaya came out with a security bulletin the end of December 2013 on this same issue. I tried to contact Avaya with no response. It seems as though someone has built a sniffer for the Avaya IP Offices and gleaning their registrations. ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud
The PBX was hacked, originating calls to expensive int'l destination - presumably, a case of revenue share fraud. Have you considered smart tools that monitor revenue share fraud accurately? Some of them can flag fraud by identifying unusual calling patterns - in near real-time. It's like the credit card industry that shuts down the credit if it suspects unusual purchases. Hope that helps. On Wed, Feb 19, 2014 at 5:09 PM, John Curry j...@intelechoice.us wrote: I am new to your site. I was looking in the Archives and saw in November 2013 there were some of you who experienced fraud. We had a an Avaya IP Office customers system who got hit pretty bad. The customer is treating the fraudulent calls like credit card fraud and not taking any responsibility. Does anyone have any advice on how to persuade the customer take this issue seriously? His bill was racked up pretty good. Strangely and coincidentally Avaya came out with a security bulletin the end of December 2013 on this same issue. I tried to contact Avaya with no response. It seems as though someone has built a sniffer for the Avaya IP Offices and gleaning their registrations. ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud
In most cases you will lose this customer. They don't see this as their responsibility (i.e. the credit card fraud defense) but the reality is their equipment was compromised due to their negligence. If the customer is reasonable offer them your cost on the damages so its just a passthrough. Otherwise you can take them to court or just send them to collections. BTW while many will advocate fraud detection and mitigation systems here, its been my experience (we wrote our own fraud system that out-performs our upstream carriers by hours) that if you detect fraud on a customer like this, and shut it down in minutes, and mitigate what could have been thousands of dollars in damage due to their mis-configured systems, reducing it to just tens or hundreds they will often still fight that amount and deny responsibility. The fraud system protects you, and by extension the customer, but the customers don't see it that way. -Ryan On 02/19/2014 02:09 PM, John Curry wrote: I am new to your site. I was looking in the Archives and saw in November 2013 there were some of you who experienced fraud. We had a an Avaya IP Office customers system who got hit pretty bad. The customer is treating the fraudulent calls like credit card fraud and not taking any responsibility. Does anyone have any advice on how to persuade the customer take this issue seriously? His bill was racked up pretty good. Strangely and coincidentally Avaya came out with a security bulletin the end of December 2013 on this same issue. I tried to contact Avaya with no response. It seems as though someone has built a sniffer for the Avaya IP Offices and gleaning their registrations. ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud
That actually works out great for you. There is a federal law that limits credit card customer fraud liability to $50. Go to court. There is no federal law that limits phone customer fraud. If you don't have such a clause in your contract, you can't lose the case.The customer may walk, but that might work out in your favor. David From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of John Curry Sent: Wednesday, February 19, 2014 14:09 To: voiceops@voiceops.org Subject: [VoiceOps] Fraud I am new to your site. I was looking in the Archives and saw in November 2013 there were some of you who experienced fraud. We had a an Avaya IP Office customers system who got hit pretty bad. The customer is treating the fraudulent calls like credit card fraud and not taking any responsibility. Does anyone have any advice on how to persuade the customer take this issue seriously? His bill was racked up pretty good. Strangely and coincidentally Avaya came out with a security bulletin the end of December 2013 on this same issue. I tried to contact Avaya with no response. It seems as though someone has built a sniffer for the Avaya IP Offices and gleaning their registrations. This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud
Did you reach out to your upstream provider who you sent the calls to and ask what they can do for you? See if they will forgive the bill since they were obviously fraudulent? Then do the same for your customer? Have you offered the customer to cut his bill in half for the calls since you probably mark them up 100%? In other words give him your exact cost and see if that helps the situation? m...@g4.net On Thu, 20 Feb 2014, Hiers, David wrote: That actually works out great for you. There is a federal law that limits credit card customer fraud liability to $50. Go to court. There is no federal law that limits phone customer fraud. If you don't have such a clause in your contract, you can't lose the case. The customer may walk, but that might work out in your favor. David From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of John Curry Sent: Wednesday, February 19, 2014 14:09 To: voiceops@voiceops.org Subject: [VoiceOps] Fraud I am new to your site. I was looking in the Archives and saw in November 2013 there were some of you who experienced fraud. We had a an Avaya IP Office customers system who got hit pretty bad. The customer is treating the fraudulent calls like credit card fraud and not taking any responsibility. Does anyone have any advice on how to persuade the customer take this issue seriously? His bill was racked up pretty good. Strangely and coincidentally Avaya came out with a security bulletin the end of December 2013 on this same issue. I tried to contact Avaya with no response. It seems as though someone has built a sniffer for the Avaya IP Offices and gleaning their registrations. ___ This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops