subject:"Re\: \[VoiceOps\] Fraud"

Re: [VoiceOps] Fraud Management

2015-02-02 Thread Monterrosa Santiago

Hi Shaun

I have evaluated a solution that is good enough flexible for us, it is based 
100% on SIP so it generates alerts pretty fast, almost online, and it has 
proved to catch irregular traffic which resulted in fraud calls so that we can 
block immediately; this way this system is better than the CDR based in house 
developed system we do use to detect irregular traffic. Such new solution is 
called Redshift from Redshift Networks by the way.

Regards 

Santiago

De: VoiceOps [voiceops-boun...@voiceops.org] En nombre de Shaun Gill 
[shaun.g...@is.co.za]
Enviado el: lunes, 02 de febrero de 2015 01:01 a.m.
Para: Glen Gerhard; voiceops@voiceops.org
Asunto: Re: [VoiceOps] Fraud Management

Thank you for the info Glen.

We have done a POC on OCFM  (Oracle Communications Fraud Monitor; the old FDAP 
- Fraud Detection and Prevention) that relies on OCOM (Oracle Communications 
Operations Monitor; old Acme Palladion product) to feed into the OCFM server. 
We could not get the call correlation on OCOM to work properly without 
extensive changes to our existing infrastructure. The call correlation issues 
resulted in bad data fed into the fraud monitor and resulted in false positives.

Will have a look at the options below.

Regards,
Shaun

From: Glen Gerhard ggerh...@sansay.commailto:ggerh...@sansay.com
Date: Friday 30 January 2015 3:40 PM
To: voiceops@voiceops.orgmailto:voiceops@voiceops.org 
voiceops@voiceops.orgmailto:voiceops@voiceops.org
Subject: Re: [VoiceOps] Fraud Management

Hi Shaun,

most systems work off CDR files (or Radius or Diameter steams) so are 
proprietary in what products they support (http://oculeus.com is one such 
system).  There are some products that are auto-learning based on SIP 
monitoring so are device independent.  http://tollshield.com is one of them and 
builds a network profile over several week to understand normal traffic 
patterns.  It can alert on variations of those patterns.  These systems 
requires monitoring ports whereas the CDR approach does not need SPAN ports.

Also there is a difference between systems that can alert on fraud on ones that 
can proactively shut off service to suspect devices.  The proactive ones are 
usually device specific and more expensive and raise the risk of false 
positives.

Regards,

~Glen

On 1/29/2015 11:19 PM, Shaun Gill wrote:
Hi Brad,

Neither - We are not using a product at this stage; using a combination of 
routing profiles (BSFT) and originating source IPs to block suspect traffic.

Regards,
Shaun

From: Brad Anouar brad.ano...@masergy.commailto:brad.ano...@masergy.com
Date: Friday 30 January 2015 3:07 AM
To: Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za
Cc: Jay Cox j...@appiaservices.commailto:j...@appiaservices.com, 
voiceops@voiceops.orgmailto:voiceops@voiceops.org 
voiceops@voiceops.orgmailto:voiceops@voiceops.org
Subject: Re: [VoiceOps] Fraud Management

Shaun,

Have you used the SIP or CDR based product?

On Thu, Jan 29, 2015 at 3:26 PM, Shaun Gill 
shaun.g...@is.co.zamailto:shaun.g...@is.co.za wrote:
Noted – I will be checking this out Jay.

From: Jay Cox j...@appiaservices.commailto:j...@appiaservices.com
Date: Wednesday 28 January 2015 3:44 PM
To: Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za, 
voiceops@voiceops.orgmailto:voiceops@voiceops.org 
voiceops@voiceops.orgmailto:voiceops@voiceops.org
Subject: RE: [VoiceOps] Fraud Management

Shaun:

I have used the TransNexus solution for a long time.

Jay Cox
Mobile  314 910 7242

From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Shaun Gill
Sent: Wednesday, January 28, 2015 2:37 AM
To: voiceops@voiceops.orgmailto:voiceops@voiceops.org
Subject: [VoiceOps] Fraud Management

Hi Guys,

Trying to get a feel for what fraud systems are out there for VoIP service 
providers; primarily using terrestrial mediums (such as metroE; diginet) with 
clients interconnecting via IP PBXs, voice gateways and IP phones.
We have had fraud to international premium destinations which we are 
restricting based on calling profiles and originating source IPs; but neither 
is truly scalable.
Subsequently we are looking for alternatives.

Regards,
Shaun



___
VoiceOps mailing list
VoiceOps@voiceops.orgmailto:VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops




--

Brad Anouar
Director of Systems Engineering
Email brad.ano...@masergy.commailto:brad.ano...@masergy.com
Office +1 310 360 2028

[http://www.masergy.com/sites/default/files/Hdr_Masegy_Logo.jpg]
www.mhttp://www.masergy.com/asergy.comhttp://www.masergy.com/



___
VoiceOps mailing list
VoiceOps@voiceops.orgmailto:VoiceOps@voiceops.orghttps://puck.nether.net/mailman/listinfo/voiceops



AVISO DE CONFIDENCIALIDAD: Este correo electrónico y sus archivos anexos, si 
los tiene, están destinados sólo para la persona o entidad a la que va dirigida 
y contiene

Re: [VoiceOps] Fraud Management

2015-02-02 Thread Shaun Gill

Thank you - appreciate all the feedback guys.



On 2015/02/02 9:09 PM, Monterrosa Santiago
smonterr...@mcmtelecom.com.mx wrote:

Hi Shaun

I have evaluated a solution that is good enough flexible for us, it is
based 100% on SIP so it generates alerts pretty fast, almost online, and
it has proved to catch irregular traffic which resulted in fraud calls so
that we can block immediately; this way this system is better than the
CDR based in house developed system we do use to detect irregular
traffic. Such new solution is called Redshift from Redshift Networks by
the way.

Regards 

Santiago

De: VoiceOps [voiceops-boun...@voiceops.org] En nombre de Shaun Gill
[shaun.g...@is.co.za]
Enviado el: lunes, 02 de febrero de 2015 01:01 a.m.
Para: Glen Gerhard; voiceops@voiceops.org
Asunto: Re: [VoiceOps] Fraud Management

Thank you for the info Glen.

We have done a POC on OCFM  (Oracle Communications Fraud Monitor; the old
FDAP - Fraud Detection and Prevention) that relies on OCOM (Oracle
Communications Operations Monitor; old Acme Palladion product) to feed
into the OCFM server. We could not get the call correlation on OCOM to
work properly without extensive changes to our existing infrastructure.
The call correlation issues resulted in bad data fed into the fraud
monitor and resulted in false positives.

Will have a look at the options below.

Regards,
Shaun

From: Glen Gerhard ggerh...@sansay.commailto:ggerh...@sansay.com
Date: Friday 30 January 2015 3:40 PM
To: voiceops@voiceops.orgmailto:voiceops@voiceops.org
voiceops@voiceops.orgmailto:voiceops@voiceops.org
Subject: Re: [VoiceOps] Fraud Management

Hi Shaun,

most systems work off CDR files (or Radius or Diameter steams) so are
proprietary in what products they support (http://oculeus.com is one such
system).  There are some products that are auto-learning based on SIP
monitoring so are device independent.  http://tollshield.com is one of
them and builds a network profile over several week to understand
normal traffic patterns.  It can alert on variations of those patterns.
 These systems requires monitoring ports whereas the CDR approach does
not need SPAN ports.

Also there is a difference between systems that can alert on fraud on
ones that can proactively shut off service to suspect devices.  The
proactive ones are usually device specific and more expensive and raise
the risk of false positives.

Regards,

~Glen

On 1/29/2015 11:19 PM, Shaun Gill wrote:
Hi Brad,

Neither - We are not using a product at this stage; using a combination
of routing profiles (BSFT) and originating source IPs to block suspect
traffic.

Regards,
Shaun

From: Brad Anouar 
brad.ano...@masergy.commailto:brad.ano...@masergy.com
Date: Friday 30 January 2015 3:07 AM
To: Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za
Cc: Jay Cox j...@appiaservices.commailto:j...@appiaservices.com,
voiceops@voiceops.orgmailto:voiceops@voiceops.org
voiceops@voiceops.orgmailto:voiceops@voiceops.org
Subject: Re: [VoiceOps] Fraud Management

Shaun,

Have you used the SIP or CDR based product?

On Thu, Jan 29, 2015 at 3:26 PM, Shaun Gill
shaun.g...@is.co.zamailto:shaun.g...@is.co.za wrote:
Noted  I will be checking this out Jay.

From: Jay Cox j...@appiaservices.commailto:j...@appiaservices.com
Date: Wednesday 28 January 2015 3:44 PM
To: Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za,
voiceops@voiceops.orgmailto:voiceops@voiceops.org
voiceops@voiceops.orgmailto:voiceops@voiceops.org
Subject: RE: [VoiceOps] Fraud Management

Shaun:

I have used the TransNexus solution for a long time.

Jay Cox
Mobile  314 910 7242

From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Shaun
Gill
Sent: Wednesday, January 28, 2015 2:37 AM
To: voiceops@voiceops.orgmailto:voiceops@voiceops.org
Subject: [VoiceOps] Fraud Management

Hi Guys,

Trying to get a feel for what fraud systems are out there for VoIP
service providers; primarily using terrestrial mediums (such as metroE;
diginet) with clients interconnecting via IP PBXs, voice gateways and IP
phones.
We have had fraud to international premium destinations which we are
restricting based on calling profiles and originating source IPs; but
neither is truly scalable.
Subsequently we are looking for alternatives.

Regards,
Shaun



___
VoiceOps mailing list
VoiceOps@voiceops.orgmailto:VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops




--

Brad Anouar
Director of Systems Engineering
Email brad.ano...@masergy.commailto:brad.ano...@masergy.com
Office +1 310 360 2028

[http://www.masergy.com/sites/default/files/Hdr_Masegy_Logo.jpg]
www.mhttp://www.masergy.com/asergy.comhttp://www.masergy.com/



___
VoiceOps mailing list
VoiceOps@voiceops.orgmailto:VoiceOps@voiceops.orghttps://puck.nether.net
/mailman/listinfo/voiceops



AVISO DE CONFIDENCIALIDAD: Este correo electrónico y sus archivos anexos,
si

Re: [VoiceOps] Fraud Management

2015-02-01 Thread Shaun Gill

Thank you for the info Glen.

We have done a POC on OCFM  (Oracle Communications Fraud Monitor; the old FDAP 
- Fraud Detection and Prevention) that relies on OCOM (Oracle Communications 
Operations Monitor; old Acme Palladion product) to feed into the OCFM server. 
We could not get the call correlation on OCOM to work properly without 
extensive changes to our existing infrastructure. The call correlation issues 
resulted in bad data fed into the fraud monitor and resulted in false positives.

Will have a look at the options below.

Regards,
Shaun

From: Glen Gerhard ggerh...@sansay.commailto:ggerh...@sansay.com
Date: Friday 30 January 2015 3:40 PM
To: voiceops@voiceops.orgmailto:voiceops@voiceops.org 
voiceops@voiceops.orgmailto:voiceops@voiceops.org
Subject: Re: [VoiceOps] Fraud Management

Hi Shaun,

most systems work off CDR files (or Radius or Diameter steams) so are 
proprietary in what products they support (http://oculeus.com is one such 
system).  There are some products that are auto-learning based on SIP 
monitoring so are device independent.  http://tollshield.com is one of them and 
builds a network profile over several week to understand normal traffic 
patterns.  It can alert on variations of those patterns.  These systems 
requires monitoring ports whereas the CDR approach does not need SPAN ports.

Also there is a difference between systems that can alert on fraud on ones that 
can proactively shut off service to suspect devices.  The proactive ones are 
usually device specific and more expensive and raise the risk of false 
positives.

Regards,

~Glen

On 1/29/2015 11:19 PM, Shaun Gill wrote:
Hi Brad,

Neither - We are not using a product at this stage; using a combination of 
routing profiles (BSFT) and originating source IPs to block suspect traffic.

Regards,
Shaun

From: Brad Anouar brad.ano...@masergy.commailto:brad.ano...@masergy.com
Date: Friday 30 January 2015 3:07 AM
To: Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za
Cc: Jay Cox j...@appiaservices.commailto:j...@appiaservices.com, 
voiceops@voiceops.orgmailto:voiceops@voiceops.org 
voiceops@voiceops.orgmailto:voiceops@voiceops.org
Subject: Re: [VoiceOps] Fraud Management

Shaun,

Have you used the SIP or CDR based product?

On Thu, Jan 29, 2015 at 3:26 PM, Shaun Gill 
shaun.g...@is.co.zamailto:shaun.g...@is.co.za wrote:
Noted – I will be checking this out Jay.

From: Jay Cox j...@appiaservices.commailto:j...@appiaservices.com
Date: Wednesday 28 January 2015 3:44 PM
To: Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za, 
voiceops@voiceops.orgmailto:voiceops@voiceops.org 
voiceops@voiceops.orgmailto:voiceops@voiceops.org
Subject: RE: [VoiceOps] Fraud Management

Shaun:

I have used the TransNexus solution for a long time.

Jay Cox
Mobile  314 910 7242tel:314%20910%207242

From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Shaun Gill
Sent: Wednesday, January 28, 2015 2:37 AM
To: voiceops@voiceops.orgmailto:voiceops@voiceops.org
Subject: [VoiceOps] Fraud Management

Hi Guys,

Trying to get a feel for what fraud systems are out there for VoIP service 
providers; primarily using terrestrial mediums (such as metroE; diginet) with 
clients interconnecting via IP PBXs, voice gateways and IP phones.
We have had fraud to international premium destinations which we are 
restricting based on calling profiles and originating source IPs; but neither 
is truly scalable.
Subsequently we are looking for alternatives.

Regards,
Shaun



___
VoiceOps mailing list
VoiceOps@voiceops.orgmailto:VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops




--

Brad Anouar
Director of Systems Engineering
Email brad.ano...@masergy.commailto:brad.ano...@masergy.com
Office +1 310 360 2028

[http://www.masergy.com/sites/default/files/Hdr_Masegy_Logo.jpg]
www.mhttp://www.masergy.com/asergy.comhttp://www.masergy.com/



___
VoiceOps mailing list
VoiceOps@voiceops.orgmailto:VoiceOps@voiceops.orghttps://puck.nether.net/mailman/listinfo/voiceops

___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud Management

2015-01-30 Thread Glen Gerhard


  
  
Hi Shaun,
  
  most systems work off CDR files (or Radius or Diameter steams) so
  are proprietary in what products they support (http://oculeus.com
  is one such system).  There are some products that are
  auto-learning based on SIP monitoring so are device independent. 
  http://tollshield.com is one of them and builds a network profile
  over several week to understand "normal" traffic patterns.  It can
  alert on variations of those patterns.  These systems requires
  monitoring ports whereas the CDR approach does not need SPAN
  ports.
  
  Also there is a difference between systems that can alert on fraud
  on ones that can proactively shut off service to suspect devices. 
  The proactive ones are usually device specific and more expensive
  and raise the risk of false positives.  
  
  Regards,
  
  ~Glen
  

On 1/29/2015 11:19 PM, Shaun Gill
  wrote:


  
  

  Hi Brad,

  
  
  
  Neither - We are not using a product at this stage; using a
combination of routing profiles (BSFT) and originating source
IPs to block suspect traffic.
  
  
  Regards,
  Shaun
  
  
  

  From: Brad Anouar brad.ano...@masergy.com
  Date: Friday 30 January
  2015 3:07 AM
  To: Shaun Gill shaun.g...@is.co.za
  Cc: Jay Cox j...@appiaservices.com,
  "voiceops@voiceops.org"
  voiceops@voiceops.org
      Subject: Re: [VoiceOps]
  Fraud Management




  
Shaun,
  
  
  Have you used the SIP or CDR based product?


  On Thu, Jan 29, 2015 at 3:26 PM,
Shaun Gill 
  shaun.g...@is.co.za
wrote:

  

  
Noted – I will be checking this out Jay.

  
  

  


  
From: Jay
Cox j...@appiaservices.com
Date: Wednesday
28 January 2015 3:44 PM
To: Shaun
Gill shaun.g...@is.co.za, "voiceops@voiceops.org"
voiceops@voiceops.org
        Subject: RE:
        [VoiceOps] Fraud Management
  
  
  
  

  
Shaun:
 
I
have used the TransNexus solution for a
long time.
 

  Jay Cox
  Mobile 
  314
910 7242

 

  
From: VoiceOps [mailto:voiceops-boun...@voiceops.org]
On Behalf Of Shaun Gill
Sent: Wednesday, January 28,
2015 2:37 AM
To: voiceops@voiceops.org
Subject: [VoiceOps] Fraud
Management
  

 

  

  Hi Guys,


   


  Trying to get a feel
  for what fraud systems are out
  there for VoIP service providers;
  primarily using terrestrial
  mediums (such as metroE; diginet)
  with clients interconnecting via
  IP PBXs, voice gateways and IP
  phones.

  


  We have had fraud to
  inte

Re: [VoiceOps] Fraud Management

2015-01-29 Thread Shaun Gill

Thanx Alex; will also check this out.

Regards,
Shaun

From: Alexander Hardie ahar...@bellsouth.netmailto:ahar...@bellsouth.net
Reply-To: Alexander Hardie ahar...@bellsouth.netmailto:ahar...@bellsouth.net
Date: Wednesday 28 January 2015 1:38 PM
To: jim.dal...@transnexus.commailto:jim.dal...@transnexus.com 
jim.dal...@transnexus.commailto:jim.dal...@transnexus.com, Shaun Gill 
shaun.g...@is.co.zamailto:shaun.g...@is.co.za, 
voiceops@voiceops.orgmailto:voiceops@voiceops.org 
voiceops@voiceops.orgmailto:voiceops@voiceops.org
Subject: Re: [VoiceOps] Fraud Management

Have you tried PinDrop Security - http://www.pindropsecurity.com/

They have a purpose built solution around calling line ID fraud.  They are 
enterprise centric - but the solution is very portable.

Alex Hardie

On Wednesday, January 28, 2015 4:53 AM, Jim Dalton 
jim.dal...@transnexus.commailto:jim.dal...@transnexus.com wrote:

Hello Shaun,

TransNexus offers a fraud detection solution, NexOSS-FC, to complement your 
Session Border Controller (SBC) and block fraudulent calls at the ingress edge 
of your network.  NexOSS-FC is a SIP redirect server.  You configure your SBC 
to route every call to NexOSS-FC.  If no fraud is detected, NexOSS-FC returns a 
404 and your SBC routes the call to the next destination in its routing table.  
If fraud is detected, NexOSS-FC returns a 603 and the SBC blocks the call.  If 
you want to divert fraudulent calls, NexOSS-FC can return a 300 redirect 
message with the destination to where the SBC should divert the call.

The SIP Analytics of NexOSS-FC is better fraud protection than conventional CDR 
Analytics because it obtains the call information sooner and because SIP 
INVITES have call details for fraud detection that are not available in Call 
Detail Records.  The solution is simple and effective.  Please contact me 
offline if you want to evaluate the software.  More information is available at 
http://transnexus.com/products/nexoss-fc/

Jim Dalton
TransNexus

From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Shaun Gill
Sent: Wednesday, January 28, 2015 3:37 AM
To: voiceops@voiceops.orgmailto:voiceops@voiceops.org
Subject: [VoiceOps] Fraud Management

Hi Guys,

Trying to get a feel for what fraud systems are out there for VoIP service 
providers; primarily using terrestrial mediums (such as metroE; diginet) with 
clients interconnecting via IP PBXs, voice gateways and IP phones.
We have had fraud to international premium destinations which we are 
restricting based on calling profiles and originating source IPs; but neither 
is truly scalable.
Subsequently we are looking for alternatives.

Regards,
Shaun

___
VoiceOps mailing list
VoiceOps@voiceops.orgmailto:VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud Management

2015-01-29 Thread Brad Anouar

Shaun,

Have you used the SIP or CDR based product?

On Thu, Jan 29, 2015 at 3:26 PM, Shaun Gill shaun.g...@is.co.za wrote:

   Noted – I will be checking this out Jay.

From: Jay Cox j...@appiaservices.com
 Date: Wednesday 28 January 2015 3:44 PM
 To: Shaun Gill shaun.g...@is.co.za, voiceops@voiceops.org 
 voiceops@voiceops.org
 Subject: RE: [VoiceOps] Fraud Management

   Shaun:

 I have used the TransNexus solution for a long time.

 Jay Cox

 Mobile  314 910 7242

 *From:* VoiceOps [mailto:voiceops-boun...@voiceops.org
 voiceops-boun...@voiceops.org] *On Behalf Of *Shaun Gill
 *Sent:* Wednesday, January 28, 2015 2:37 AM
 *To:* voiceops@voiceops.org
 *Subject:* [VoiceOps] Fraud Management

 Hi Guys,

 Trying to get a feel for what fraud systems are out there for VoIP service
 providers; primarily using terrestrial mediums (such as metroE; diginet)
 with clients interconnecting via IP PBXs, voice gateways and IP phones.

 We have had fraud to international premium destinations which we are
 restricting based on calling profiles and originating source IPs; but
 neither is truly scalable.

 Subsequently we are looking for alternatives.

 Regards,

 Shaun

 ___
 VoiceOps mailing list
 VoiceOps@voiceops.org
 https://puck.nether.net/mailman/listinfo/voiceops

-- 

*Brad AnouarDirector of Systems Engineering*
*Email **brad.ano...@masergy.com brad.ano...@masergy.com*
*Office *+1 310 360 2028

*www.m http://www.masergy.com/**asergy.com http://www.masergy.com/*
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud Management

2015-01-29 Thread David Wessell

We've been using CSRP from http://evaristesys.com/ for quite some time. We
had a fair amount of fraud before and  $15 since.

dw

On Wed, Jan 28, 2015 at 3:36 AM, Shaun Gill shaun.g...@is.co.za wrote:

   Hi Guys,

  Trying to get a feel for what fraud systems are out there for VoIP
 service providers; primarily using terrestrial mediums (such as metroE;
 diginet) with clients interconnecting via IP PBXs, voice gateways and IP
 phones.
  We have had fraud to international premium destinations which we are
 restricting based on calling profiles and originating source IPs; but
 neither is truly scalable.
 Subsequently we are looking for alternatives.

  Regards,
 Shaun



 ___
 VoiceOps mailing list
 VoiceOps@voiceops.org
 https://puck.nether.net/mailman/listinfo/voiceops




-- 

[image: Ringfree Communications, Inc] http://ringfree.biz/

David Wessell / President
828-575-0030 x101/ da...@ringfree.biz

Ringfree Communications, Inc Office: 828-575-0030 / Fax: 888-243-7830
PO BOX 1994 Hendersonville, NC 28793
http://ringfree.biz

This e-mail message may contain confidential or legally privileged
information and is intended only for the use of the intended recipient(s).
Any unauthorized disclosure, dissemination, distribution, copying or the
taking of any action in reliance on the information herein is prohibited.
E-mails are not secure and cannot be guaranteed to be error free as they
can be intercepted, amended, or contain viruses. Anyone who communicates
with us by e-mail is deemed to have accepted these risks. Company Name is
not responsible for errors or omissions in this message and denies any
responsibility for any damage arising from the use of e-mail. Any opinion
and other statement contained in this message and any attachment are solely
those of the author and do not necessarily represent those of the company.
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud Management

2015-01-29 Thread Shaun Gill

Hi Brad,

Neither - We are not using a product at this stage; using a combination of 
routing profiles (BSFT) and originating source IPs to block suspect traffic.

Regards,
Shaun

From: Brad Anouar brad.ano...@masergy.commailto:brad.ano...@masergy.com
Date: Friday 30 January 2015 3:07 AM
To: Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za
Cc: Jay Cox j...@appiaservices.commailto:j...@appiaservices.com, 
voiceops@voiceops.orgmailto:voiceops@voiceops.org 
voiceops@voiceops.orgmailto:voiceops@voiceops.org
Subject: Re: [VoiceOps] Fraud Management

Shaun,

Have you used the SIP or CDR based product?

On Thu, Jan 29, 2015 at 3:26 PM, Shaun Gill 
shaun.g...@is.co.zamailto:shaun.g...@is.co.za wrote:
Noted – I will be checking this out Jay.

From: Jay Cox j...@appiaservices.commailto:j...@appiaservices.com
Date: Wednesday 28 January 2015 3:44 PM
To: Shaun Gill shaun.g...@is.co.zamailto:shaun.g...@is.co.za, 
voiceops@voiceops.orgmailto:voiceops@voiceops.org 
voiceops@voiceops.orgmailto:voiceops@voiceops.org
Subject: RE: [VoiceOps] Fraud Management

Shaun:

I have used the TransNexus solution for a long time.

Jay Cox
Mobile  314 910 7242tel:314%20910%207242

From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Shaun Gill
Sent: Wednesday, January 28, 2015 2:37 AM
To: voiceops@voiceops.orgmailto:voiceops@voiceops.org
Subject: [VoiceOps] Fraud Management

Hi Guys,

Trying to get a feel for what fraud systems are out there for VoIP service 
providers; primarily using terrestrial mediums (such as metroE; diginet) with 
clients interconnecting via IP PBXs, voice gateways and IP phones.
We have had fraud to international premium destinations which we are 
restricting based on calling profiles and originating source IPs; but neither 
is truly scalable.
Subsequently we are looking for alternatives.

Regards,
Shaun

___
VoiceOps mailing list
VoiceOps@voiceops.orgmailto:VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

--

Brad Anouar
Director of Systems Engineering
Email brad.ano...@masergy.commailto:brad.ano...@masergy.com
Office +1 310 360 2028

[http://www.masergy.com/sites/default/files/Hdr_Masegy_Logo.jpg]
www.mhttp://www.masergy.com/asergy.comhttp://www.masergy.com/
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud Management

2015-01-28 Thread Jay Cox

Shaun:

 

I have used the TransNexus solution for a long time.

 

Jay Cox

Mobile  314 910 7242

 

From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Shaun
Gill
Sent: Wednesday, January 28, 2015 2:37 AM
To: voiceops@voiceops.org
Subject: [VoiceOps] Fraud Management

 

Hi Guys,

 

Trying to get a feel for what fraud systems are out there for VoIP
service providers; primarily using terrestrial mediums (such as metroE;
diginet) with clients interconnecting via IP PBXs, voice gateways and IP
phones.

We have had fraud to international premium destinations which we are
restricting based on calling profiles and originating source IPs; but
neither is truly scalable.

Subsequently we are looking for alternatives.

 

Regards,

Shaun

 

 

___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud Management

2015-01-28 Thread Jim Dalton

Hello Shaun,

 

TransNexus offers a fraud detection solution, NexOSS-FC, to complement your
Session Border Controller (SBC) and block fraudulent calls at the ingress
edge of your network.  NexOSS-FC is a SIP redirect server.  You configure
your SBC to route every call to NexOSS-FC.  If no fraud is detected,
NexOSS-FC returns a 404 and your SBC routes the call to the next destination
in its routing table.  If fraud is detected, NexOSS-FC returns a 603 and the
SBC blocks the call.  If you want to divert fraudulent calls, NexOSS-FC can
return a 300 redirect message with the destination to where the SBC should
divert the call. 

 

The SIP Analytics of NexOSS-FC is better fraud protection than conventional
CDR Analytics because it obtains the call information sooner and because SIP
INVITES have call details for fraud detection that are not available in Call
Detail Records.  The solution is simple and effective.  Please contact me
offline if you want to evaluate the software.  More information is available
at http://transnexus.com/products/nexoss-fc/

 

Jim Dalton

TransNexus

 

From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Shaun
Gill
Sent: Wednesday, January 28, 2015 3:37 AM
To: voiceops@voiceops.org
Subject: [VoiceOps] Fraud Management

 

Hi Guys,

 

Trying to get a feel for what fraud systems are out there for VoIP service
providers; primarily using terrestrial mediums (such as metroE; diginet)
with clients interconnecting via IP PBXs, voice gateways and IP phones.

We have had fraud to international premium destinations which we are
restricting based on calling profiles and originating source IPs; but
neither is truly scalable.

Subsequently we are looking for alternatives.

 

Regards,

Shaun

 

 

___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud Management

2015-01-28 Thread Alexander Hardie

Have you tried PinDrop Security - http://www.pindropsecurity.com/

They have a purpose built solution around calling line ID fraud.  They are 
enterprise centric - but the solution is very portable.

Alex Hardie


On Wednesday, January 28, 2015 4:53 AM, Jim Dalton jim.dal...@transnexus.com 
wrote:
 


Hello Shaun,
 
TransNexus offers a fraud detection solution, NexOSS-FC, to complement your 
Session Border Controller (SBC) and block fraudulent calls at the ingress edge 
of your network.  NexOSS-FC is a SIP redirect server.  You configure your SBC 
to route every call to NexOSS-FC.  If no fraud is detected, NexOSS-FC returns a 
404 and your SBC routes the call to the next destination in its routing table.  
If fraud is detected, NexOSS-FC returns a 603 and the SBC blocks the call.  If 
you want to divert fraudulent calls, NexOSS-FC can return a 300 redirect 
message with the destination to where the SBC should divert the call. 
 
The SIP Analytics of NexOSS-FC is better fraud protection than conventional CDR 
Analytics because it obtains the call information sooner and because SIP 
INVITES have call details for fraud detection that are not available in Call 
Detail Records.  The solution is simple and effective.  Please contact me 
offline if you want to evaluate the software.  More information is available at 
http://transnexus.com/products/nexoss-fc/
 
Jim Dalton
TransNexus
 
From:VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Shaun Gill
Sent: Wednesday, January 28, 2015 3:37 AM
To: voiceops@voiceops.org
Subject: [VoiceOps] Fraud Management
 
Hi Guys,
 
Trying to get a feel for what fraud systems are out there for VoIP service 
providers; primarily using terrestrial mediums (such as metroE; diginet) with 
clients interconnecting via IP PBXs, voice gateways and IP phones.
We have had fraud to international premium destinations which we are 
restricting based on calling profiles and originating source IPs; but neither 
is truly scalable.
Subsequently we are looking for alternatives.
 
Regards,
Shaun
 
 

___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud

2014-02-26 Thread Deepak Dube

Hi Alex,

good approach.

one comment though: low-grade fraud traffic to audio text destinations will
go undetected, and over time, it can accumulate more fraud loses than those
who try to burst, get caught, and shut down immediately.

thanks,
dd.


On Mon, Feb 24, 2014 at 4:41 PM, Alex Balashov abalas...@evaristesys.comwrote:

 I've said it before and I'll say it again:

 We stopped 95-98% of the losses on this sort of thing for a large customer
 who was losing thousands of dollars per day on it, by implementing the
 following approach:

 Every trunk group gets a 'high-cost channel limit', which is the X number
 of simultaneous calls that they are allowed to make to destinations that
 cost over $Y/min. The limit was typically something like $0.10, so as to
 exclude domestic US traffic, but certainly catch Somalia and Globalstar.
 Both X and Y are configurable on a per-trunk group basis, so customers who
 have a legitimate need for 50 concurrent calls to Dakar can do that. For
 most typical domestic users, the limit was set to something like $0.10 and
 2 channels.

 When this limit was tripped, typically due to a compromised PBX with some
 extension password of 1234, the following things happen:

 (1) All existing calls are terminated;

 (2) An alert e-mail is sent out to the customer and to the NOC;

 (3) Customer is downgraded to a termination rate plan that only allows for
 domestic calling. That way, they're not totally cut off from calling and,
 in all but the most unusual scenarios, not exceptionally angry. There is no
 reason to cut them off entirely. That's a false dichotomy. Downgrade them
 to a restricted calling plan.

 The thinking was that (a) there's only so much exposure that two
 simultaneous calls to rural Chad can create; (2) almost any typical attack
 pattern relies on lighting up as many calls as possible in the shortest
 period of time, since they know they'll get cut off soon. So, almost any
 exploit is going to trip the wire, and do so quickly.

 These assumptions proved correct, and the losses virtually disappeared.

 Today, this fraud protection feature is integrated into the trunking
 platform that we sell. In our experience, it works very well.

 --
 Alex Balashov - Principal
 Evariste Systems LLC
 235 E Ponce de Leon Ave
 Suite 106
 Decatur, GA 30030
 United States
 Tel: +1-678-954-0670
 Web: http://www.evaristesys.com/, http://www.alexbalashov.com/

 ___
 VoiceOps mailing list
 VoiceOps@voiceops.org
 https://puck.nether.net/mailman/listinfo/voiceops

___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud

2014-02-25 Thread My List Account

I'm pretty sure it would ruffle some feathers around here if I sent that
list out into the public domain.  I can tell you that we basically go
thought the rate deck and filter anyone that's above X amount per minute and
then throw in countries where customer's hacked PBX's send calls to.  It's
not the most scientific method but it's the most complaint free method.

 

Richey

 

From: John Curry [mailto:telec...@gmail.com] 
Sent: Monday, February 24, 2014 4:21 PM
To: 'My List Account'; voiceops@voiceops.org
Subject: RE: [VoiceOps] Fraud

 

Would you mind sharing your hi toll rate destination dial plan?

 

From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of My List
Account
Sent: Monday, February 24, 2014 1:48 PM
To: voiceops@voiceops.org
Subject: Re: [VoiceOps] Fraud

 

Maybe I am missing something here but why does the carrier that delivers the
fraudulent traffic to the Telco that's in on the fraud pay the Telco that's
in on the fraud for the calls that are delivered to their network?   Seems
pretty simple, if you cut off their revenue stream they won't have a reason
to continue.   

 

I guess we all know there is no incentive for them to stop this practice
because it's a big cash cow for everyone except for the poor end user who is
left holding the bag.

 

Our default dial plan won't let you dial these destinations so we don't have
a real issue with this abusive traffic.   Most of our customers who use
international go with one of our filtered dial plans that let them dial most
of the world except for known fraudulent and high toll rate destinations.

 

 

Richey

 

From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Ryan
Delgrosso
Sent: Saturday, February 22, 2014 11:48 AM
To: voiceops@voiceops.org
Subject: Re: [VoiceOps] Fraud

 

In most cases you will lose this customer. They don't see this as their
responsibility (i.e. the credit card fraud defense) but the reality is their
equipment was compromised due to their negligence. 

If the customer is reasonable offer them your cost on the damages so its
just a passthrough. Otherwise you can take them to court or just send them
to collections. 

BTW while many will advocate fraud detection and mitigation systems here,
its been my experience (we wrote our own fraud system that out-performs our
upstream carriers by hours) that if you detect fraud on a customer like
this, and shut it down in minutes, and mitigate what could have been
thousands of dollars in damage due to their mis-configured systems, reducing
it to just tens or hundreds they will often still fight that amount and deny
responsibility. The fraud system protects you, and by extension the
customer, but the customers don't see it that way. 

-Ryan

On 02/19/2014 02:09 PM, John Curry wrote:

I am new to your site. I was looking in the Archives and saw in November
2013 there were some of you who experienced fraud. We had a an Avaya IP
Office customers system who got hit pretty bad. The customer is treating the
fraudulent calls like credit card fraud and not taking any responsibility.
Does anyone have any advice on how to persuade the customer take this issue
seriously?  His bill was racked up pretty good.  Strangely and
coincidentally Avaya came out with a security bulletin the end of December
2013 on this same issue.  I tried to contact Avaya with no response. It
seems as though someone has built a sniffer for the Avaya IP Offices and
gleaning their registrations.

 

___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

 

___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud

2014-02-25 Thread Paul Timmins

We do something similar in our environment. We have a per-tn blacklist that 
starts with all country codes except about 20 of them in it. If a customer 
calls to complain (I think one of them did this so far out of thousands), we 
remove a specific country from the list (or all of them).

Combined with a system that completely restricts international calling based on 
the customer's rolling 24 hour cost to us for international calls (we basically 
rate the calls every few minutes at the rates we're billed for them, and if you 
use over X amount at our cost over 24 hours, you get your international service 
shut off until we call you. The system sends a report to the account manager 
team and NOC and shuts them off instantly, and then the account managers work 
with the NOC to contact the customer offering technical assistance, and the 
account managers work with them on the financial side.

This strategy nearly eliminates losses on our side, because the account team 
knows what that traffic cost us, the NOC helps prevent the customer from 
further fraud by giving them advice or helping them, and the customer has to 
pay us maybe $100.

-Paul

On Tue, 02/25/2014 09:34 AM, My List Account myli...@battleop.com wrote:
 




I’m pretty sure it would ruffle some feathers around here if I sent that list 
out into the public domain.  I can tell you that we basically go thought the 
rate deck and filter anyone that’s above X amount per minute and then throw in 
countries where customer’s hacked PBX’s send calls to.  It’s not the most 
scientific method but it’s the most complaint free method.
 
Richey
 
From: John Curry [mailto:telec...@gmail.com] 
 Sent: Monday, February 24, 2014 4:21 PM
 To: 'My List Account'; voiceops@voiceops.org
 Subject: RE: [VoiceOps] Fraud
 
Would you mind sharing your hi toll rate destination dial plan?
 
From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of My List 
Account
 Sent: Monday, February 24, 2014 1:48 PM
 To: voiceops@voiceops.org
 Subject: Re: [VoiceOps] Fraud
 
Maybe I am missing something here but why does the carrier that delivers the 
fraudulent traffic to the Telco that’s in on the fraud pay the Telco that’s in 
on the fraud for the calls that are delivered to their network?   Seems pretty 
simple, if you cut off their revenue stream they won’t have a reason to 
continue.   
 
I guess we all know there is no incentive for them to stop this practice 
because it’s a big cash cow for everyone except for the poor end user who is 
left holding the bag.
 
Our default dial plan won’t let you dial these destinations so we don’t have a 
real issue with this abusive traffic.   Most of our customers who use 
international go with one of our filtered dial plans that let them dial most of 
the world except for known fraudulent and high toll rate destinations.
 
 
Richey
 
From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Ryan 
Delgrosso
 Sent: Saturday, February 22, 2014 11:48 AM
 To: voiceops@voiceops.org
 Subject: Re: [VoiceOps] Fraud
 
In most cases you will lose this customer. They don't see this as their 
responsibility (i.e. the credit card fraud defense) but the reality is their 
equipment was compromised due to their negligence. 
 
 If the customer is reasonable offer them your cost on the damages so its just 
 a passthrough. Otherwise you can take them to court or just send them to 
 collections. 
 
 BTW while many will advocate fraud detection and mitigation systems here, its 
 been my experience (we wrote our own fraud system that out-performs our 
 upstream carriers by hours) that if you detect fraud on a customer like this, 
 and shut it down in minutes, and mitigate what could have been thousands of 
 dollars in damage due to their mis-configured systems, reducing it to just 
 tens or hundreds they will often still fight that amount and deny 
 responsibility. The fraud system protects you, and by extension the customer, 
 but the customers don't see it that way. 
 
 -Ryan
On 02/19/2014 02:09 PM, John Curry wrote:
 I am new to your site. I was looking in the Archives and saw in November 2013 
 there were some of you who experienced fraud. We had a an Avaya IP Office 
 customers system who got hit pretty bad. The customer is treating the 
 fraudulent calls like credit card fraud and not taking any responsibility. 
 Does anyone have any advice on how to persuade the customer take this issue 
 seriously?  His bill was racked up pretty good.  Strangely and coincidentally 
 Avaya came out with a security bulletin the end of December 2013 on this same 
 issue.  I tried to contact Avaya with no response. It seems as though someone 
 has built a sniffer for the Avaya IP Offices and gleaning their registrations.
 
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
 

___
VoiceOps mailing list
VoiceOps

Re: [VoiceOps] Fraud

2014-02-24 Thread Matt Yaklin






On Mon, 24 Feb 2014, My List Account wrote:



Maybe I am missing something here but why does the carrier that delivers the 
fraudulent traffic to the Telco that?s in on the fraud pay the Telco that?s in 
on the fraud for the calls that are delivered to their
network?   Seems pretty simple, if you cut off their revenue stream they won?t 
have a reason to continue.   



I would also like to add into this question:

I realize it can be very difficult to track down the hacker generating
these SIP calls from stolen credentials because they can hide behind TOR
or other proxies... (Somehow I doubt they all do. Some are probably
terribly stupid and doing it from their home internet conncetion).

But where the calls are going can be tracked right to the switch that
has the CDN on it. Thus you have the owners of the numbers nailed down
as well as the telephone company providing the service. Why are they not
grilled as to why hackers are generating calls to their numbers and if
determined to be part of the fraud arrested and taken to court?

Is it because these telephone companies are in countries where corruption
is rampant and they are greasing the right palms to stay out of trouble?

matt


 

I guess we all know there is no incentive for them to stop this practice 
because it?s a big cash cow for everyone except for the poor end user who is 
left holding the bag.

 

Our default dial plan won?t let you dial these destinations so we don?t have a 
real issue with this abusive traffic.   Most of our customers who use 
international go with one of our filtered dial plans that let
them dial most of the world except for known fraudulent and high toll rate 
destinations.

 

 

Richey

 

From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Ryan 
Delgrosso
Sent: Saturday, February 22, 2014 11:48 AM
To: voiceops@voiceops.org
Subject: Re: [VoiceOps] Fraud

 

In most cases you will lose this customer. They don't see this as their 
responsibility (i.e. the credit card fraud defense) but the reality is their 
equipment was compromised due to their negligence.

If the customer is reasonable offer them your cost on the damages so its just a 
passthrough. Otherwise you can take them to court or just send them to 
collections.

BTW while many will advocate fraud detection and mitigation systems here, its 
been my experience (we wrote our own fraud system that out-performs our 
upstream carriers by hours) that if you detect fraud on a
customer like this, and shut it down in minutes, and mitigate what could have 
been thousands of dollars in damage due to their mis-configured systems, 
reducing it to just tens or hundreds they will often still
fight that amount and deny responsibility. The fraud system protects you, and 
by extension the customer, but the customers don't see it that way.

-Ryan


On 02/19/2014 02:09 PM, John Curry wrote:

  I am new to your site. I was looking in the Archives and saw in November 
2013 there were some of you who experienced fraud. We had a an Avaya IP Office 
customers system who got hit pretty bad. The
  customer is treating the fraudulent calls like credit card fraud and not 
taking any responsibility. Does anyone have any advice on how to persuade the 
customer take this issue seriously?  His bill was
  racked up pretty good.  Strangely and coincidentally Avaya came out with 
a security bulletin the end of December 2013 on this same issue.  I tried to 
contact Avaya with no response. It seems as though
  someone has built a sniffer for the Avaya IP Offices and gleaning their 
registrations.




___

VoiceOps mailing list

VoiceOps@voiceops.org

https://puck.nether.net/mailman/listinfo/voiceops

 


___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud

2014-02-24 Thread Ujjval Karihaloo

That is what our experience has been. The call origination IP is in
countries that the Abuse email isn't even monitored.

We have had reports to FBI, our upstream carriers, but no luck getting
anywhere with these investigations.

-Original Message-
From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Matt
Yaklin
Sent: Monday, February 24, 2014 12:31 PM
To: My List Account
Cc: voiceops@voiceops.org
Subject: Re: [VoiceOps] Fraud





On Mon, 24 Feb 2014, My List Account wrote:


 Maybe I am missing something here but why does the carrier that
 delivers the fraudulent traffic to the Telco that?s in on the fraud pay
the Telco that?s in on the fraud for the calls that are delivered to their
network?   Seems pretty simple, if you cut off their revenue stream they
won?t have a reason to continue.


I would also like to add into this question:

I realize it can be very difficult to track down the hacker generating
these SIP calls from stolen credentials because they can hide behind TOR
or other proxies... (Somehow I doubt they all do. Some are probably
terribly stupid and doing it from their home internet conncetion).

But where the calls are going can be tracked right to the switch that has
the CDN on it. Thus you have the owners of the numbers nailed down as well
as the telephone company providing the service. Why are they not grilled
as to why hackers are generating calls to their numbers and if determined
to be part of the fraud arrested and taken to court?

Is it because these telephone companies are in countries where corruption
is rampant and they are greasing the right palms to stay out of trouble?

matt



 I guess we all know there is no incentive for them to stop this practice
because it?s a big cash cow for everyone except for the poor end user who
is left holding the bag.



 Our default dial plan won?t let you dial these destinations so we
 don?t have a real issue with this abusive traffic.   Most of our
customers who use international go with one of our filtered dial plans
that let them dial most of the world except for known fraudulent and high
toll rate destinations.





 Richey



 From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of
 Ryan Delgrosso
 Sent: Saturday, February 22, 2014 11:48 AM
 To: voiceops@voiceops.org
 Subject: Re: [VoiceOps] Fraud



 In most cases you will lose this customer. They don't see this as their
responsibility (i.e. the credit card fraud defense) but the reality is
their equipment was compromised due to their negligence.

 If the customer is reasonable offer them your cost on the damages so its
just a passthrough. Otherwise you can take them to court or just send them
to collections.

 BTW while many will advocate fraud detection and mitigation systems
 here, its been my experience (we wrote our own fraud system that
 out-performs our upstream carriers by hours) that if you detect fraud on
a customer like this, and shut it down in minutes, and mitigate what could
have been thousands of dollars in damage due to their mis-configured
systems, reducing it to just tens or hundreds they will often still fight
that amount and deny responsibility. The fraud system protects you, and by
extension the customer, but the customers don't see it that way.

 -Ryan


 On 02/19/2014 02:09 PM, John Curry wrote:

   I am new to your site. I was looking in the Archives and saw in
November 2013 there were some of you who experienced fraud. We had a an
Avaya IP Office customers system who got hit pretty bad. The
   customer is treating the fraudulent calls like credit card fraud
and not taking any responsibility. Does anyone have any advice on how to
persuade the customer take this issue seriously?  His bill was
   racked up pretty good.  Strangely and coincidentally Avaya came
out with a security bulletin the end of December 2013 on this same issue.
I tried to contact Avaya with no response. It seems as though
   someone has built a sniffer for the Avaya IP Offices and gleaning
their registrations.




 ___

 VoiceOps mailing list

 VoiceOps@voiceops.org

 https://puck.nether.net/mailman/listinfo/voiceops





___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud

2014-02-24 Thread David Thompson

Most of the countries that are generating the fraud are so corrupt that
the only way you'll see justice is by sending in a team of Navy Seals.

David Thompson
Network Services Support Technician
(O) 858.357.8794
(F) 858-225-1882
(E) dthomp...@esi-estech.com
(W) www.esi-estech.com


-Original Message-
From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Matt
Yaklin
Sent: Monday, February 24, 2014 1:31 PM
To: My List Account
Cc: voiceops@voiceops.org
Subject: Re: [VoiceOps] Fraud





On Mon, 24 Feb 2014, My List Account wrote:


 Maybe I am missing something here but why does the carrier that
 delivers the fraudulent traffic to the Telco that?s in on the fraud pay
the Telco that?s in on the fraud for the calls that are delivered to their
network?   Seems pretty simple, if you cut off their revenue stream they
won?t have a reason to continue.


I would also like to add into this question:

I realize it can be very difficult to track down the hacker generating
these SIP calls from stolen credentials because they can hide behind TOR
or other proxies... (Somehow I doubt they all do. Some are probably
terribly stupid and doing it from their home internet conncetion).

But where the calls are going can be tracked right to the switch that has
the CDN on it. Thus you have the owners of the numbers nailed down as well
as the telephone company providing the service. Why are they not grilled
as to why hackers are generating calls to their numbers and if determined
to be part of the fraud arrested and taken to court?

Is it because these telephone companies are in countries where corruption
is rampant and they are greasing the right palms to stay out of trouble?

matt



 I guess we all know there is no incentive for them to stop this practice
because it?s a big cash cow for everyone except for the poor end user who
is left holding the bag.



 Our default dial plan won?t let you dial these destinations so we
 don?t have a real issue with this abusive traffic.   Most of our
customers who use international go with one of our filtered dial plans
that let them dial most of the world except for known fraudulent and high
toll rate destinations.





 Richey



 From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of
 Ryan Delgrosso
 Sent: Saturday, February 22, 2014 11:48 AM
 To: voiceops@voiceops.org
 Subject: Re: [VoiceOps] Fraud



 In most cases you will lose this customer. They don't see this as their
responsibility (i.e. the credit card fraud defense) but the reality is
their equipment was compromised due to their negligence.

 If the customer is reasonable offer them your cost on the damages so its
just a passthrough. Otherwise you can take them to court or just send them
to collections.

 BTW while many will advocate fraud detection and mitigation systems
 here, its been my experience (we wrote our own fraud system that
 out-performs our upstream carriers by hours) that if you detect fraud on
a customer like this, and shut it down in minutes, and mitigate what could
have been thousands of dollars in damage due to their mis-configured
systems, reducing it to just tens or hundreds they will often still fight
that amount and deny responsibility. The fraud system protects you, and by
extension the customer, but the customers don't see it that way.

 -Ryan


 On 02/19/2014 02:09 PM, John Curry wrote:

   I am new to your site. I was looking in the Archives and saw in
November 2013 there were some of you who experienced fraud. We had a an
Avaya IP Office customers system who got hit pretty bad. The
   customer is treating the fraudulent calls like credit card fraud
and not taking any responsibility. Does anyone have any advice on how to
persuade the customer take this issue seriously?  His bill was
   racked up pretty good.  Strangely and coincidentally Avaya came
out with a security bulletin the end of December 2013 on this same issue.
I tried to contact Avaya with no response. It seems as though
   someone has built a sniffer for the Avaya IP Offices and gleaning
their registrations.




 ___

 VoiceOps mailing list

 VoiceOps@voiceops.org

 https://puck.nether.net/mailman/listinfo/voiceops






___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud

2014-02-24 Thread Jay Hennigan

On 2/24/14 10:48 AM, My List Account wrote:
 Maybe I am missing something here but why does the carrier that delivers
 the fraudulent traffic to the Telco that’s in on the fraud pay the Telco
 that’s in on the fraud for the calls that are delivered to their
 network?   Seems pretty simple, if you cut off their revenue stream they
 won’t have a reason to continue.   

The telco that terminates the high rate calls is making money on them,
the carrier that is next-in-line makes money, and there are sufficient
non-fraudulent calls to that carrier that refusing to complete the calls
isn't possible without impacting legitimate service.

This is similar to the 900/976 arrangement in the US a few years back.

Assume that the fraudulent information service gets paid the
equivalent of 50 US cents per minute.  The national telco which may or
may not be in on the deal gets another 50 cents.  Big international rate
deck for million-minute delivery might be $1.25 and you might pay $1.50
and bill your customers $2.00.

Your customer's PBX gets owned, and racks up 5000 minutes for a bill of
$10K.  Everyone upstream wants their bite of the apple, none of them is
responsible for making the calls, or at least can't be proven to be.

If you're a really nice guy and knock the bill down to the $7500 that it
costs you, your customer still thinks you're the bad guy.

 I guess we all know there is no incentive for them to stop this practice
 because it’s a big cash cow for everyone except for the poor end user
 who is left holding the bag.

Precisely, but it's the end user who left the barn door open.  Nobody in
the revenue stream forced your customer to enable offsite international
forwarding and set the DTMF voice portal password to 1234.

 Our default dial plan won’t let you dial these destinations so we don’t
 have a real issue with this abusive traffic.   Most of our customers who
 use international go with one of our filtered dial plans that let them
 dial most of the world except for known fraudulent and high toll rate
 destinations.

And/or require verified auth codes and disable offsite forwarding, rate
limit, put in monitoring and alerting/shutdown, and spend a lot of time,
effort, and money protecting your customers from themselves.

But, just as ISP customers want the whole Internet without filtering,
most voice customers don't want The Phone Company telling them where
they're allowed to call.  Until they get the bill.  Then they care.

And if you do put in an alerting system, there's this dilemma:
My pager just went of at 4:00 AM Sunday morning - do I call the CEO of
my biggest customer and ask if they are deliberately placing 50
simultaneous calls to Somalia, shut the trunk down, or just send them
the bill and hope they pay it?

--
Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud

2014-02-24 Thread John Curry

Would you mind sharing your hi toll rate destination dial plan?

From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of My List
Account
Sent: Monday, February 24, 2014 1:48 PM
To: voiceops@voiceops.org
Subject: Re: [VoiceOps] Fraud

Maybe I am missing something here but why does the carrier that delivers the
fraudulent traffic to the Telco that's in on the fraud pay the Telco that's
in on the fraud for the calls that are delivered to their network?   Seems
pretty simple, if you cut off their revenue stream they won't have a reason
to continue.   

I guess we all know there is no incentive for them to stop this practice
because it's a big cash cow for everyone except for the poor end user who is
left holding the bag.

Our default dial plan won't let you dial these destinations so we don't have
a real issue with this abusive traffic.   Most of our customers who use
international go with one of our filtered dial plans that let them dial most
of the world except for known fraudulent and high toll rate destinations.

Richey

From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Ryan
Delgrosso
Sent: Saturday, February 22, 2014 11:48 AM
To: voiceops@voiceops.org
Subject: Re: [VoiceOps] Fraud

In most cases you will lose this customer. They don't see this as their
responsibility (i.e. the credit card fraud defense) but the reality is their
equipment was compromised due to their negligence. 

If the customer is reasonable offer them your cost on the damages so its
just a passthrough. Otherwise you can take them to court or just send them
to collections. 

BTW while many will advocate fraud detection and mitigation systems here,
its been my experience (we wrote our own fraud system that out-performs our
upstream carriers by hours) that if you detect fraud on a customer like
this, and shut it down in minutes, and mitigate what could have been
thousands of dollars in damage due to their mis-configured systems, reducing
it to just tens or hundreds they will often still fight that amount and deny
responsibility. The fraud system protects you, and by extension the
customer, but the customers don't see it that way. 

-Ryan

On 02/19/2014 02:09 PM, John Curry wrote:

I am new to your site. I was looking in the Archives and saw in November
2013 there were some of you who experienced fraud. We had a an Avaya IP
Office customers system who got hit pretty bad. The customer is treating the
fraudulent calls like credit card fraud and not taking any responsibility.
Does anyone have any advice on how to persuade the customer take this issue
seriously?  His bill was racked up pretty good.  Strangely and
coincidentally Avaya came out with a security bulletin the end of December
2013 on this same issue.  I tried to contact Avaya with no response. It
seems as though someone has built a sniffer for the Avaya IP Offices and
gleaning their registrations.

___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud

2014-02-22 Thread Deepak Dube

The PBX was hacked, originating calls to expensive int'l destination -
presumably, a case of revenue share fraud. Have you considered smart tools
that monitor revenue share fraud accurately? Some of them can flag fraud by
identifying unusual calling patterns - in near real-time.

It's like the credit card industry that shuts down the credit if it
suspects unusual purchases.

Hope that helps.




On Wed, Feb 19, 2014 at 5:09 PM, John Curry j...@intelechoice.us wrote:

 I am new to your site. I was looking in the Archives and saw in November
 2013 there were some of you who experienced fraud. We had a an Avaya IP
 Office customers system who got hit pretty bad. The customer is treating
 the fraudulent calls like credit card fraud and not taking any
 responsibility. Does anyone have any advice on how to persuade the customer
 take this issue seriously?  His bill was racked up pretty good.  Strangely
 and coincidentally Avaya came out with a security bulletin the end of
 December 2013 on this same issue.  I tried to contact Avaya with no
 response. It seems as though someone has built a sniffer for the Avaya IP
 Offices and gleaning their registrations.

 ___
 VoiceOps mailing list
 VoiceOps@voiceops.org
 https://puck.nether.net/mailman/listinfo/voiceops


___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud

2014-02-22 Thread Ryan Delgrosso

In most cases you will lose this customer. They don't see this as their 
responsibility (i.e. the credit card fraud defense) but the reality is 
their equipment was compromised due to their negligence.


If the customer is reasonable offer them your cost on the damages so its 
just a passthrough. Otherwise you can take them to court or just send 
them to collections.


BTW while many will advocate fraud detection and mitigation systems 
here, its been my experience (we wrote our own fraud system that 
out-performs our upstream carriers by hours) that if you detect fraud on 
a customer like this, and shut it down in minutes, and mitigate what 
could have been thousands of dollars in damage due to their 
mis-configured systems, reducing it to just tens or hundreds they will 
often still fight that amount and deny responsibility. The fraud system 
protects you, and by extension the customer, but the customers don't see 
it that way.


-Ryan



On 02/19/2014 02:09 PM, John Curry wrote:


I am new to your site. I was looking in the Archives and saw in 
November 2013 there were some of you who experienced fraud. We had a 
an Avaya IP Office customers system who got hit pretty bad. The 
customer is treating the fraudulent calls like credit card fraud and 
not taking any responsibility. Does anyone have any advice on how to 
persuade the customer take this issue seriously?  His bill was racked 
up pretty good.  Strangely and coincidentally Avaya came out with a 
security bulletin the end of December 2013 on this same issue.  I 
tried to contact Avaya with no response. It seems as though someone 
has built a sniffer for the Avaya IP Offices and gleaning their 
registrations.




___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops


___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud

2014-02-20 Thread Hiers, David

That actually works out great for you.

There is a federal law that limits credit card customer fraud liability to $50.

Go to court.  There is no federal law that limits phone customer fraud.   If 
you don't have such a clause in your contract, you can't lose the case.The 
customer may walk, but that might work out in your favor.



David

From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of John Curry
Sent: Wednesday, February 19, 2014 14:09
To: voiceops@voiceops.org
Subject: [VoiceOps] Fraud

I am new to your site. I was looking in the Archives and saw in November 2013 
there were some of you who experienced fraud. We had a an Avaya IP Office 
customers system who got hit pretty bad. The customer is treating the 
fraudulent calls like credit card fraud and not taking any responsibility. Does 
anyone have any advice on how to persuade the customer take this issue 
seriously?  His bill was racked up pretty good.  Strangely and coincidentally 
Avaya came out with a security bulletin the end of December 2013 on this same 
issue.  I tried to contact Avaya with no response. It seems as though someone 
has built a sniffer for the Avaya IP Offices and gleaning their registrations.


This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud

2014-02-20 Thread Matt Yaklin



Did you reach out to your upstream provider who you sent the
calls to and ask what they can do for you? See if they will
forgive the bill since they were obviously fraudulent? Then
do the same for your customer?

Have you offered the customer to cut his bill in half for the
calls since you probably mark them up 100%? In other words give
him your exact cost and see if that helps the situation?

m...@g4.net

On Thu, 20 Feb 2014, Hiers, David wrote:



That actually works out great for you. 

 

There is a federal law that limits credit card customer fraud liability to $50.

 

Go to court.  There is no federal law that limits phone customer fraud.   If 
you don't have such a clause in your contract, you can't lose the case.    The
customer may walk, but that might work out in your favor.

 

 

 

David

 

From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of John Curry
Sent: Wednesday, February 19, 2014 14:09
To: voiceops@voiceops.org
Subject: [VoiceOps] Fraud

 

I am new to your site. I was looking in the Archives and saw in November 2013 
there were some of you who experienced fraud. We had a an Avaya IP Office
customers system who got hit pretty bad. The customer is treating the 
fraudulent calls like credit card fraud and not taking any responsibility. Does
anyone have any advice on how to persuade the customer take this issue 
seriously?  His bill was racked up pretty good.  Strangely and coincidentally 
Avaya
came out with a security bulletin the end of December 2013 on this same issue.  
I tried to contact Avaya with no response. It seems as though someone has
built a sniffer for the Avaya IP Offices and gleaning their registrations.

___

  This message and any attachments are intended only for the use of the 
addressee and may contain information that is privileged and
  confidential. If the reader of the message is not the intended recipient 
or an authorized representative of the intended recipient, you are
  hereby notified that any dissemination of this communication is strictly 
prohibited. If you have received this communication in error, please
  notify us immediately by e-mail and delete the message and any 
attachments from your system.


___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud Management

Re: [VoiceOps] Fraud Management

Re: [VoiceOps] Fraud Management

Re: [VoiceOps] Fraud Management

Re: [VoiceOps] Fraud Management

Re: [VoiceOps] Fraud Management

Re: [VoiceOps] Fraud Management

Re: [VoiceOps] Fraud Management

Re: [VoiceOps] Fraud Management

Re: [VoiceOps] Fraud Management

Re: [VoiceOps] Fraud Management

Re: [VoiceOps] Fraud

Re: [VoiceOps] Fraud

Re: [VoiceOps] Fraud

Re: [VoiceOps] Fraud

Re: [VoiceOps] Fraud

Re: [VoiceOps] Fraud

Re: [VoiceOps] Fraud

Re: [VoiceOps] Fraud

Re: [VoiceOps] Fraud

Re: [VoiceOps] Fraud

Re: [VoiceOps] Fraud

Re: [VoiceOps] Fraud

23 matches

Site Navigation

Mail list logo

Footer information