International Revenue Share Fraud (IRSF) has been a bane for communication service providers for over a decade. IRSF perpetrators make vicious attacks, often taking the operators by surprise, and in some cases, leaving smaller operators at the brink of closure.
The GSMA provides a comprehensive definition of what IRS Fraud is: “International Revenue Share Fraud is a form of fraud whereby the perpetrator artificially inflates traffic by generating calls to certain portions of international number ranges with no intention to pay for the calls (or paying where there exists some form of arbitrage opportunity), or by stimulating calls by others to the number ranges. The fraudster receives a share of the revenue from termination charges obtained by the number range holder for inbound traffic to the number ranges.”
The modus operandi for fraudsters are: acquire SIMs illegally; hijack SIMs from unsuspecting customers; use SIMs from stolen phones; Obtain SIMs through Subscription Fraud; hack into PBX systems or Hijack number ranges; Once SIMs are obtained or PBX compromised, fraudsters often choose IRS destinations – in collusion with IPRN providers and content providers – with good pay-outs to drive traffic. To maximize revenues, fraudsters use multiple techniques such as international call forwarding and use multiple moles to drive traffic at the same time. Often, calls will continue until the number range owner or the operator becomes aware of the attack and blocks access. Typically the fraudsters will simply move on to another number or another destination to carry on the attack until the SIMs are blocked by the originating home operator. Often the originating operator will not be able to recover the money from the perpetrators.
Having worked with a number of operators, big and small, it appears that no one is immune to IRSF attacks. A fact also supported by the IRSF destinations, which spans over 220 countries, in our ‘PRISM – Test Number Database’. That is virtually every nation on this planet. Even if one number is blocked there are thousands of numbers and destinations to choose from by the fraudsters. The cross border nature of IRSF also makes it difficult for law enforcement agencies to track down the perpetrators. For instance, the head spinning IRSF cycle from SIMs being acquired by Mr. X, a national of country A, shipping SIMs to Mr. Y, a national of Country B, living in Country C and making calls to Country D with the calls re-routed to a IRS or PRS number based in country E, owned by a company with registration in Country F and money channelled through multiple bank accounts makes it an impossible task for the law enforcement team.
Having strong primary fraud controls such as Application Fraud Prevention and Subscription Fraud Detection are indeed a must. On top of this, operators will need more than just a fraud management system to detect and prevent IRSF attacks. For instance, numbers called in IRSF incidents are usually not part of official national numbering plans, so the originating operator cannot easily identify the B-numbers as premium rate service numbers and add them in the fraud management system to generate alerts.
Recognizing the unique behaviour of how IRSF fraud is perpetrated, FRS Labs and Yates Fraud Consulting have developed ‘PRISM – IRSF Test Number Database’ that holds over 2 million IRS Test Numbers and destinations. These numbers are updated every 2 weeks to keep it up to date. Used as a hotlist, this could prove to be a valuable arsenal in the fight against IRSF fraud.
For operators who do not wish to invest in a heavy weight Fraud Management System but are keen to control IRSF immediately (or are already a victim of this vicious attack and need something quickly), FRS Labs can help with the ‘PRISM Client’ tool. Both PRISM Database and PRISM Client tools are offered for a low subscription fee that everyone can afford. Both the tools are hosted on the cloud so the operators can get started in minutes.