An overview of Bandwidth’s approach to fighting telecom fraud
The Internet and tech innovations have ushered in a new era of communications. Simultaneously, fraudsters have claimed their place in the digital age of communications — targeting vulnerable networks and scamming people out of money across the world.
- How big of a problem is it? Telecom fraud made a whopping $28.3 billion dent in the industry in 2019 alone. That’s a big deal.
- Why should you care? Your profits, reputation and customers depend on it. And, the fraudsters keep changing the playbook.
That’s why we’ve created this 10 minute read to give you a crash course on the types of telecom fraud, how fraudsters make money from it, how it impacts your business, what you can do to protect your business from telecom fraud, and the steps Bandwidth takes to stop telecom fraud from getting onto our network.
Telecom fraud types
There are a lot of ways that fraudsters infiltrate and abuse systems to make money (and cost your business money); too many to list all of them, in fact. So we’ll focus on the top 5 types of telecom fraud, but with the understanding that your business should prepare for and protect yourself against more than just these types of attacks.
According to the CFCA, the top 5 types of telecom fraud are:
- International Revenue Share Fraud (IRSF)
- Interconnect Bypass
- Domestic Premium Rate Service
- Traffic Pumping
International Revenue Share Fraud (IRSF)
Also called international toll fraud, international revenue share fraud is perpetuated by fraudsters exploiting parts of the world that are extremely expensive to deliver calls to. IRSF gets its name because fraudsters generate a large number of long duration calls to these expensive numbers with number aggregators agreeing to “share revenues” generated from the calls, many of which never actually reach their destination country.
Check out the graphic below for another example of how IRSF works.
Domestic Premium Rate Service
Much like IRSF, Domestic Premium Rate Service relies on parts of the U.S. being more expensive to complete calls to. Rural parts of the country can be more expensive to call, and fraudsters can use that to intercept and route calls to these more expensive areas, collecting fees.
Traffic pumping happens when fraudsters stand up automated phone-answering services to generate traffic in expensive areas of the country to complete calls. They then advertise, often via social media, these numbers to drive calls into the systems with dead air, barking dogs, or ‘press 1 to continue’ loops, extending the length of the call. A nefarious service provider in the money exchange will overcharge reputable carriers exaggerated access charges and give a portion of these fees to the fraudster.
Telecom arbitrage, also referred to as “tromboning,” is when telecom companies who provide access numbers to make international calls to mobile callers enable those calls to make the long-distance calls without paying the associated charges by dialing certain access numbers.
Also referred to as OTT Bypass Fraud, interconnect bypass fraud is based on legacy interconnect telecom systems.
DISCLAIMER: These are certainly not the only types of telecom fraud. It’s critical that you take the necessary steps to protect yourself and your customers from these and other types of telecom fraud.
How telecom fraud impacts your business
There are three main ways that telecom fraud impacts your business: finances, reputation, and customers.
The financial aspect of telecom fraud is the same problem that all companies deal with when it comes to any type of scam: bad actors trying to make money, often at the expense of businesses or individuals. In the case of telecom fraud, this often results in high bills that you or your customers are responsible for, which can in turn hurt your bottom line.
Telecom fraud can also impact your business’ reputation, especially if it’s a recurring issue. Having a reputation for being a target of telecom fraud, especially fraud that directly affects your customers, can make it harder for you to get and retain customers.
Which of course leads to the third way telecom fraud impacts your business. Not all types of fraud will target your business directly; many of them can target your customers, and those customers may not want to stay with your business if they believe you didn’t take the necessary steps to protect them.
Telecom fraud is a multi-billion dollar problem, but taking the steps necessary to protect yourself, and your customers, can either stop bad actors entirely, or help you identify and mitigate the impact of it faster if it does occur.
How to protect your business (and your customers) from telecom fraud
Preventing telecom fraud starts with your business taking the steps necessary to stop it from happening. There are several steps you and your business can take to protect yourselves and your customers from telecom fraud.
- Set strong passwords
- Improve security by rate limiting login attempts
- Monitor for and block account scanners, as well as removing fake accounts and account sign-ups
- Install security software applications on all of your voice processing systems
- Disable IP ports that aren’t being used
- Utilize enterprise-grade SBCs
- Institute security measures such as PINs or other access codes for International Calling
- Leverage traffic data analytics to review and act on suspicious data
- Secure your voicemail systems to prevent unauthorized access
Tools to protect your business from telecom fraud
Aside from following best practices, there are tools you can implement to help protect yourself and your customers from telecom fraud.
Two-Factor Authentication (2FA)
Implementing strong passwords is essential, but adding another layer of security helps protect your business from unauthorized access. Two-factor authentication requires an authorized user to not only know the password, but to have access to where the second authorization will be sent (push notification, SMS, email, etc). You can use our Authentication API to enhance security in your application or customer-facing portal.
We won’t go into detail about what STIR/SHAKEN is or how it works (check out our STIR/SHAKEN page for those details), but here’s what you do need to know. The goal of STIR/SHAKEN is to prevent fraudsters from scamming consumers and businesses through illegal robocalls and unlawful phone number spoofing, while making sure that legitimate calls reach the recipient. By implementing the STIR/SHAKEN framework (or working with a provider that does), you can help restore confidence in the calls that you, or your customers, are placing.
Port-out validation & port-out passcode protection
Two different things, but both can help protect your business and customers against telecom fraud. Port-out validation happens at the time of the port-out request, and is powered by an API. A webhook is sent with predefined data, such as Account ID, ZIP code, etc, which can be used to auto-validate the port-out request. If the information isn’t provided, or doesn’t match what’s supposed to be there, the port-out request is denied.
Port-out passcodes are used to prevent unauthorized port-out requests from being started. Similar to a PIN or access code to make a long distance call, port-out passcodes must be provided to validate a port-out request.
In both cases, these tools help to prevent bad actors from gaining access to numbers that don’t belong to them and using them for nefarious purposes, be it scams or other fraud such as traffic pumping. Adding this extra layer of security to your phone numbers helps protect you and your customers, and it’s a simple addition using Bandwidth’s Dashboard or APIs.
Educating your customers
Implementing best practices for your business is important, but educating your customers on the steps they should take to protect themselves, and by extension you, is critical. Especially as bad actors become more and more sophisticated with their attacks, regularly updating customers on the steps they should take to prevent telecom fraud can go a long way towards saving them, and you, from having to deal with the ramifications of fraudsters.
Bandwidth’s approach to telecom fraud
At Bandwidth we take telecom fraud very seriously. We’ve spent decades building up our network and our reputation, which is why we’re committed to doing everything we can to stop bad actors from accessing our network. To do that, we’ve adopted a three-pronged approach to telecom fraud: prevention, detection, and mitigation.
The first step in preventing telecom fraud is education. Understanding the best practices and current tactics bad actors are using is how your business can protect yourself and your users. At Bandwidth, we’re constantly updating our customers on the latest best practices for protecting themselves and their users from fraudsters. Additionally, we keep our customers aware of the steps we’re taking to protect our network from bad actors, which of course has the added benefit of helping to protect our customers as well.
While the goal is always to stop fraud before it happens, detecting fraud when it does happen is equally important. Bandwidth has a 24/7 Fraud Mitigation Team that uses a combination of hands-on analysis and automated tools, including the Equinox Protector System, to monitor traffic on our network and identify trends and anomalies that could signal fraudulent activity.
When we do detect fraud, we act fast. We alert our customers to instances of fraud so that they can take steps on their side to help mitigate the impact, as well as deploying a suite of tools on our end to mitigate fraudulent activity that reaches the Bandwidth network, including tools for unlawful call blocking, spam filtering, telephone number disconnection, and blacklist filtering (such as the industry-recognized Prism tool and other internal blacklists managed by Bandwidth).
And if you’re curious whether or not our team is working hard to mitigate fraud, here’s what an average day looks like for them:
- Block over 2.7 million unlawful, fraudulent, and invalid calls per day
- Block more than 500,000 spam text every day
- Handle over 120 fraud and abuse incidents every day, and
- Disconnect an average of 25 telephone numbers used in various scams every day
We’re committed to protecting our network from bad actors, as well as working with our customers to give them the information they need to protect themselves and their users.
A team effort
Preventing telecom fraud is a team effort. Bandwidth is committed to protecting our network, and we take active steps to keep bad actors and fraudulent activity off of it, but it takes the combined efforts of our Fraud team and our customers to keep bad actors off our network and away from our customers and their users.