Data Fraud | Fraud Management

Data Fraud

Monitor and block illegal data bypass services as well as service abuse

Why you should pay attention to Data Fraud

As revenue from traditional voice and SMS services is declining, operators are witnessing an upward trend in the revenue from data services. These trends imply that all fraud occurring over the data network is of a serious nature as attackers take advantage of loopholes in the existing Data Charging Systems, resulting in data misuse. Fraudsters employ advanced techniques and hacking software to perform DNS tunneling or even carry out data tethering through unlimited data plan subscriptions, which leads to abuse of fair usage policies, eventually impacting operator’s revenue as well as overall customer experience.

Break through fraudster’s business model using artificial intelligence

Fraud is widespread amongst telecom services, with fraudsters continuously developing new ways to perpetuate it. The Mobileum solution utilizes the strength of artificial intelligence (AI) and machine learning (ML), combined with pre-packaged rule sets, to help CSPs stay a step ahead of frauds and reduce losses. The machine learning component is rule-based, evolving as it learns from information captured in the system. With each transaction it processes, it continually learns the practices of habitual fraudsters and adds this new data to the repository of historical information. It’s a win for CSPs and a compelling example of how they can leverage the solution to squash the fraudster’s business model.

See how Mobileum can help protect & grow your business

Over 750 Telecom companies, in more than 150 countries, are scaling their business with Mobileum solutions.

Hackers use DNS tunneling to exploit your Network

Tunneling, as the name suggests, is to tunnel or redirect data traffic. A modus operandi of tunneling fraud is to exploit the usage of paid content by disguising the IP address. Many Operators often leave whitelisted DNS open and unmonitored, believing their firewalls protect them. Port 53, which is used for DNS servers to listen for queries on DNS clients, is one that is usually open, making it subject to malicious attempts. Knowing these weaknesses, hackers increasingly use DNS tunneling to their advantage, bypassing standard data protecting firewalls by communicating via what appears to be a standard operational background channel.

Top 6 threats of Data Fraud

Negative Network Effect
The expanding bandwidth of 4G provides a more significant attack plane for fraudsters. The slow trickle of data through a 24 kb– 256 kb 2G and 3G wireless network becomes a flood of data with 3-150 Mbit 4G networks. In the absence of aggressive countermeasures, fraudulent activities will consume much of this new bandwidth leaving users who paid to upgrade to 4G service with their old 2G speeds.
Degraded QoE
Quality of Experience (QoE) is a measure of customer satisfaction for the services they use. QoE can be service-specific (e.g., video QoE) or an overall measure across all services (e.g., video, voice, and data altogether). Data fraud impacts the subscribers’ overall quality of experience, leading to potential churn.
Malware Attacks
Data-capable smartphones and tablets paired with large, wireless data pipes now attract significant attention from cybercriminal networks. Malicious software developers can now use techniques developed for personal computers and adapt those techniques to the limited footprint and technologies of mobile devices.
Degraded Customer Experience
A compromised mobile device can target and scan large numbers of other, locally adjacent, mobile devices at once, consuming vast amounts of spectrum. This activity frequently goes unseen by operators because the wireless APN to which the device connects has limited instrumentation and few internal security capabilities. 
Low Brand Value
Mobile phones are intended to facilitate improved and more convenient communications. Nevertheless, when the service quality degrades, and customers don’t get services as expected, it impacts the CSP’s brand value. In addition to siphoning off spectrum, mobile to mobile attacks can drain the battery on the victim’s device by maintaining a network connection. 
High Revenue Loss
DNS tunneling, illegal tethering, and content fraud can jeopardize expected revenue from broadband media services, degrade services, and erode subscription and adoption rates. Fraudsters attempt to disrupt content delivery systems during peak times leading to significant revenue losses for the CSPs.

Subscribers abuse your network and data plans through illegal tethering

While many users enjoy wireless data access, some users abuse their unlimited data plans by tethering multiple devices to the web over one internet access point. Causing more of an issue for operators is when individual subscribers utilize tethering for commercial use, abusing the wireless contract and deviating from the standard fair usage policy (FUP), leading to significant impacts on the operator’s revenue. Most telecom operators don’t track tethering abuse: either they cannot access the DPI data to find the damage or the fraud team is not fully aware of the issue.

Future-Proof Your Fraud Management Strategy With AI & Automated Blocking

Rule Based Approach
An extensive rules library provides immediate fraud awareness and increased accuracy
  • Optimize rules according to your needs
  • Greater accuracy and lower error rate
  • Immediate results
AI/Machine Learning
AI and Machine learning algorithms leverage data analysis processes to detect deviations and unknown fraud patterns
  • Rapid prediction and processing analysis
  • Past customer behaviors evaluation
  • Unlimited traffic analysis
Our voice, data and SMS firewalls are fully integrated with our anti-fraud system
  • Real-time blocking
  • Fraud & Security contextual analysis
  • Wide range of fraud type protection

Monitor protocols and applications disguised as normal traffic

RAID’s Data Fraud module was developed to create various fraud models from unstructured data gathered from Mobileum or third-party DPI (Deep Packet Inspection) tools and probes. Using DPI records, RAID can automatically analyze network communications between devices and extract various usage features. These features are processed using RAID’s advanced machine learning models, which detect various data fraud issues and suspicious or abnormal activities, alerting operators when such events occur.

Co-engineered to leverage fraud and security contextual analysis

DPI records, along with subscription and usage records are processed in real-time to detect and control data fraud issues. For example, in DNS scenarios, RAID can monitor data traffic comprising of both upload and download volumes and detect tunneling or spoofing. RAID can also detect tethering by identifying connectivity between multiple devices via the same IMSI, and then correlate high data consumption as compared to normal usage. Thus, to combat data fraud, it is now a joint initiative of fraud and security. Leveraging the RAID solution, security professionals and fraud experts can combat data fraud together - collaborating and analyzing incoming and outgoing traffic at the endpoint to detect and defeat these attacks.

Monitor domain fronting for data fraud

Although domain fronting wasn’t initially intended to enable zero-rated fraud, the traffic masquerading techniques can achieve just that result. For example, a fraudster could disguise all of their Internet traffic to look like Facebook, and thereby take advantage of a zero-rated Facebook plan. To achieve this deception, domain fronting relies on content delivery networks (CDNs) that host multiple domains (websites). Since major Internet players like Facebook distribute their content from CDNs, and since Facebook is included in many zero-rated Free Basics offerings, accurately identifying zero-rated traffic can be a significant challenge.

Mobileum fraud management analytics combined with its Augmented Signature Intelligence SLANG accurately identifies encrypted applications and proactively detects unclassified traffic to facilitate the timely development of new signatures.
  • 28,000 Applications & Components detected
  • 13 million domains captured
Monitor domain fronting for data fraud

Data Fraud datasheet

Learn more how Mobileum helps CSPs to monitor and block illegal data bypass and service abuse.

Integrated Fraud solution to effectively prevent loss and build trust

Mobileum’s data fraud solution takes advantage of the company product portfolio to deliver traffic classification, policy enforcement, and detect and manage zero-rated fraud. Our traffic analysis patterns go further when compared with just using embedded deep packet inspection (DPI).
  • Detect and block complex data fraud
  • Streamline subscription and FUP
  • Integrate with DPI and Probes for faster, sharper and smarter detection and prevention
  • Minimize fraud losses and avoid reputational risk

Leverage Mobileum’s DPI for data fraud detection

At the core of the Mobileum’s DPI solution is NCORE, a proprietary, evolved Deep Packet Inspection system. It is an industry-leading high performance, multi-threaded inspection engine capable of high rates of massive data processing. Designed to extract, sift, and provide meaningful and contextual data further upstream in raw logs, in-memory counters, as well as live analytics alerts, it also features multiple running modes, embedded in-memory aggregations, and state preservation. As part of Mobileum’s probes, we provide an application Identification library that enables you to see the applications on your network and learn how they work, their behavioral characteristics, and their relative risk. Using several different identification mechanisms, Mobileum’s probes can detect the applications on your network regardless of the port, protocol, and encryption (TLS/SSL or SSH) or other evasive tactics used.

Defeat the content piracy ecosystem

As the saying goes, you can’t know what you don’t know - you can’t know about things you have yet to discover. CSPs need to understand if the content they provide, some of which has exclusive distribution rights is being pirated and where. This means having the ability to have greater insight into the content they are offering and immediately identifying whether or not their current subscription base was the source of the content distribution. As part of the Mobileum solution, close monitoring at the pre-transmission stage is included. Mobileum monitoring techniques are composed of a hybrid approach where we follow automation, taking advantage of the latest technologies of AI monitoring of content distribution and human-led methods.

Bring your own ML Models (BYOM)

The evolution of sophisticated fraudulent techniques has increased the challenges of mitigating risk issues. CSPs are now actively employing data scientists, new tools, and advanced analytical models to quickly adapt to new methods to provide proactive risk coverage. These data scientists do not want to be solely dependent on vendors’ ML models and rather want to explore new ML models designed and developed in their own ecosystem.

Mobileum embraces this requirement and has now built a new openML engine based on microservice architecture, offering pluggable ML models with extensive support to all ML frameworks. This will enable the CSPs data scientists to plug and play their own developed machine learning models based on any external library or ML frameworks. Thus, offering Telecom organizations to be future proof, as they continue to develop new models to tackle unknown risk challenges using different tools and ML approaches.

Mobileum Risk Management Software Portfolio

Discover why Mobileum is the most trusted software vendor by Telecom companies all over the globe to manage their Revenue Assurance activities.

RAID for Fraud Management is Powered by Mobileum's Active Intelligence Big Data Analytics Platform

Case Management
Drill down on data and alerts with ad-hoc analysis to find the root cause of fraud and make better decisions faster.
Fully configurable
Use easy-to-apply configurations, workflows and dashboards to enable simple and transparent mirroring of your required business processes. Automations and migrations let you execute this in days instead of months
Hybrid Solution
React to and stop known and unknown fraud patterns in a repeatable and auditable way by combining an extensive rules library with machine learning.
All-In-One Software
Manage the teleco fraud management lifecycle autonomously, from data loading to mitigation actions, with Active Intelligence’s complete suite of tools for fraud analysts.
Link Analysis
Quickly uncover fraudulent activities by highlighting key individuals, connections and patterns in a unique visual way. Gain a deeper understanding of data within different entity and relationship types, as well as attributes that can help uncover hidden fraud patterns.
Big Data Analytics
Adopt stream data integration as part of your data management strategies for real-time integration and analytics. Address the problem of matching continuously income events to evolving fraud patterns with Active Intelligence’s complex event processing (CEP). Accelerate fraud detection and react faster to emerging threats with real-time data stream analysis.

Increase your Fraud Management maturity with other products in our Portfolio.

CLI Spoofing and Robocalling Fraud
Fraudsters can generate false calling party information and pass it onto the PSTN via SS7 using IP technology. Mobileum Robocalling fraud solution, combined with a voice firewall, can sort good traffic from bad, block unwanted calls, and keep a voice network safe and secure from attack.
IRSF Fraud
International Revenue Sharing Fraud (IRSF) continues as the most persistent type of fraud within the telecom industry. Mobileum’s pre-packaged Revenue Share Fraud Management solution, combined with a real-time action system, can help operators mitigate losses occurring due to revenue share fraud.
Bypass Fraud
Fraudsters highjack voice international termination calls over an IP network and send them to a SIM box (a device that houses SIM cards), which redirects this illegal VoIP traffic onto mobile networks. Mobileum’s pre-packaged Bypass fraud management solution, combined with a real-time action system, can help operators mitigate losses occurring due to bypass fraud.

One platform that cuts the data silos between all telecom applications for limitless insights

Digital business depends on a flexible application portfolio that enables delightful digital experiences, that supports new ways of doing business, and that makes the most of new technologies.