Taking the fraud fight directly to the enterprise PBX
An automated service does deep dives of PBX data
By Dan Baker
October 5, 2017
The business of telecom fraud fighting has always been an endless game of cat and mouse.
Yet in TRI’s just-released 385-page research report on anti-fraud solutions, we discovered at least one area where the cats are getting better at beating the mice.
Telecoms are now better able to prevent large hit-and-run fraud attacks where a hijacked enterprise PBX pumps out, say, thousands of $10-a-minute calls to a small Pacific island with weekend fraud losses adding to $50,000 or more.
This is good news. And yet, you still have to wonder: are the cats really winning or are the mice still stealing the cheese when the cats are sleeping?
Consider this: what if fraudsters started playing the long game instead of hit-and-run theft? What if they spread their fraudulent calls across dozens of PBX machines? What if they patiently hid their calls in the noise of everyday traffic and selected lower per-minute-rate destinations to avoid detection?
Now, if the fraudsters can achieve that, they have created a money-making machine.
Remember, the fraudsters are flying below the detection radar. A deeper line of detection would be to analyze the call patterns and hacking attempts of the PBX machines themselves.
Trouble is: telecom anti-fraud systems do not have access to the data internal to the enterprise PBX — the PBX is nothing more to them than a black box that originates phone calls.
Well, fortunately, one OSS/BSS vendor, Frankfurt-based Oculeus, has decided it’s high time to start analyzing the source data at the heart of the fraud-pumping PBX. This is an exciting idea for it could open up a new frontier in the fraud fight.
Here to explain his company’s software under development is Oculeus’ CEO, Arnd Baranowski.
Oculeus actually has two flavors of enterprise anti-fraud system: one offered through a telecom operator and the other direct to the enterprise. Can you explain the difference?
Yes, since 2015 we’ve sold our enterprise anti-fraud system to telecom operators who offer it as a service to their customers. It works beautifully. In some cases the operator charges the enterprise a small fee for the service. And although the fraud blocking is done at the operator level, each enterprise is monitored individually, and in that way, each enterprise can get meaningful reports on the telephony behavior at their company.
We are now supplementing that product with a new anti-fraud system sold directly to the enterprise. And the key advantage of that version is it offers superior protection against PBX-initiated fraud. And I can tell you that here in Germany there is massive fraud at the enterprise level. And it is mostly coming through PBX machines.
And the strength of your approach no doubt comes from getting your hands on that precious data in the PBX and analyzing it from an anti-fraud perspective.
Yes, and to that end we are currently engaged with developers of both software and hardware PBXs. The resulting system will run on a small footprint Linux system. And the applications on that system — all mechanisms and generic data required to successfully identify frauds — are kept up to date by Oculeus.
All the PBXs have API interfaces that provide information and they can also receive commands. PBXs are merely class 5 switches and we already have vast experience interfacing with wholesale class 4 switches, so it’s merely a matter of getting access to the APIs.
Now there are many PBX manufacturers out there, so our priority in the beginning is to work with the market-leading hard and soft PBXs firms.
Actually our system is evolving quickly. We have the first customers already and the beauty of it all is we are getting data from the PBX switches immediately and are able to directly control the switch.
And because we’re so close to the data, we don’t need to wait for a few hours. Within seconds, we have the intelligence we need and we can take immediate action to stop fraud from happening.
How is the system set up at the enterprise? Will there be a fraud expert at the enterprise running the system?
Absolutely not. Fraud control requires special expertise and no one at an enterprise is sufficiently trained in that. So the system will be monitored either by an operator or, if there’s no operator in-between, then the system will be remotely controlled by Oculeus.
The idea is to have a system that is 100% self-maintained with no enterprise user required.
If no one is a fraud expert at the enterprise, who will you sell the system to?
Well, we are certainly approaching the people who manage the PBXs and telecom services for the enterprise.
But it’s important to note that even at telecom operators, the fraud manager is not necessarily the best person to evaluate our kind of system. Typically the people responsible for anti-fraud come from revenue and fraud assurance backgrounds. These people are often experts on the forensic side or fraud analysis. However, they are usually not part of the technical or routing teams. So the integration of the current fraud systems with network and operations is not very high.
However, Oculeus, coming from the telecom wholesale systems side, our integration skills with the business are very high. Only two years ago, we built our anti-fraud system from scratch because our wholesale systems customers asked for it.
And today, I consider our level of automation and speed rather advanced. For instance, we can block the fraud during call setup at the redirect server and configure switches instantly. Often it’s not necessary for someone to do something manual. When a fraud ticket is necessary, we usually resolve it within 15 minutes.
Does your system incorporate machine learning? How does it work?
I don’t think our system is at the “machine learning” stage quite yet, but our system does include some clever and very fast mechanisms.
Our system profiles traffic for every call destination, carrier or enterprise. It tracks where calls go to and where calls come from. And by collecting this data every 5 minutes for 30 days, it learns what normal and abnormal traffic looks like.
And when it does discover anomalies, the system instantly checks whether that anomaly may be fraud. The system comes loaded, of course, with patterns and scenarios that identify the fraud, but it also uses fraud-fighting rules of thumb to automatically detect bad calls.
Then once fraud is identified, the system takes action, blocking the call. The system often knows ahead of the call whether a certain dialer was used or the call was initiated by something which tells you it’s fraud.
Our main “machine learning” thrust comes in our new version of the system where we will profile on each call individually.
In our new software model, which is being developed in cooperation with a German university, we talk about different fraud identification layers — and some them come ahead of call setup. I won’t share the details, but our goal is to identify fraud within the first 60 seconds.
I understand a side benefit of your enterprise anti-fraud system will be data the enterprise can use to analyze its own telephony behaviors.
Yes, Oculeus like all businesses, we get an invoice from our telecom provider that contains some information about our calling patterns. But what our operator gives us is practically useless. They are not giving us full transparency on our usage. So this is something we can provide back to the enterprise at virtually no cost since we collect the data as part of our ongoing anti-fraud analysis anyway.
What sorts of investigations do you perform on the PBX data? Do you check for hacking?
Yes, we do look at hacking, but most of our detections are made through traffic profiling and identifying irregularities.
People forget that hacking is not just online, brute force computing schemes. A person inside the enterprise can also hand over the access passwords to someone.
This is the beauty of getting our hands on the actual PBX records. Call flow patterns can be investigated and suspicious internal activity can be analyzed. So it’s a combination of traffic profiling and exploring special activities.
In the near future, fraudsters won’t trade away everything into one channel. They will look to maintain maybe 1,000 access points towards PBXs.
Sounds like you are anticipating a change in the way the fraudsters operate — long term fraud versus one-time hits.
I think so. I mean these fraudsters are extremely clever. They will do whatever is required to fly under the radar and not get blocked straightway. If they go through the trouble of hacking into a PBX or bribing someone inside the enterprise, they’d like to try to keep these paths open as long as possible, so they will adopt strategies that allow them to do that.
It’s impressive that Oculeus with a staff of 25, is able to develop systems on several wholesale systems: billing, routing, fraud — and now enterprise fraud. Hats off to you and your development team.
Dan, having a lot of developers is not necessary. Having the right developers is.
I’m convinced that developing systems is as complex and as difficult to do as good writing. Each of us can write a letter, but not many can write a master’s work or a best-selling book.
There are many parallels here to software development. Software is merely a different language, a different grammar. And although engineering and programming are very important aspects of any system, there are many other aspects of good systems that must be considered as well.
Our developers are encouraged to work as independently as possible and as guided as necessary. For example, when I want my team to develop something, I want them to understand all aspects of it: the functionalities, the features, as well as the usability.
Once they have built up their minds, they are ready to build something useful to many customers.
Beyond that, I simply have a passion for these things. If I like something, I want it to be as perfect as possible. And though we are a small company, I see no reason we can’t go worldwide with our software. I’m not afraid of competitors and never have been. We will go all the way and self-correct along the journey.
Arnd, congratulations on what Oculeus has achieved so far. I just love your spirit of adventure in the software business.
To view the original article, please click here.