All you need to know about international revenue share fraud
International revenue share fraud is not a new scam. Commonly referred to as IRSF or toll fraud, it has plagued telecom companies for a number of years and is now a serious problem for any organisation that uses internet-based calling systems such as VoIP or consumer-facing websites that offer SMS- or voice-based OTP authenticating systems. As fraudsters are constantly evolving their techniques to take advantage of any lapses in security, it is important to have a robust digital security system in place to avoid falling prey to revenue losses arising from IRSF.
How does IRSF work?
Fraudsters gain unauthorised control of processes or applications that can access the public telephone network, including VoIP and PBX (private branch exchange) systems. Then, they use advanced automated scripts to initiate multiple calls to spurious international premium rate numbers or trick the system into generating a large number of SMSs or voice OTPs, which are forwarded to these numbers. The scammers either buy unused premium-rate numbers themselves or conspire with the owners of these bogus premium lines to receive a cut from the revenue generated by this artificially inflated traffic, as well as a share of the termination charges from calls to other networks.
The end result is hefty call and SMS charges for the organisation that faced the attack and could cripple its business. Attacks are orchestrated remotely, so it becomes difficult to physically trace the attacker, while the automated scripts that are usually used to bypass security and initiate these calls and SMSs are constantly evolving. By the time an organisation using outdated reactive security measures realises that its telecommunication infrastructure has been hacked, the damage has already been done and the attackers have shifted their focus on to the next victim.
In today’s digital age, IRSF continues to be attractive to scammers due to the ample earnings involved, with minimal risk of getting caught and the ease at which they can buy and take control of premium-rate numbers. These activities are conducted stealthy and are difficult to spot until it’s too late. However, early detection using intelligent, proactive security systems can significantly reduce losses incurred due to such an attack. While being up against an invisible foe who is intent on draining your resources can seem daunting, there are a few things business owners can do to protect their organisations from IRSF scams.
Knowing the hacking tools
The first step is to know the tools that attackers use to infiltrate your systems, which include the following:
- The attackers use an automated attack script to break into your system undetected and initiate calls and SMSs. These state-of-the-art bots use advanced artificial intelligence and machine learning technologies to avoid detection until the damage is done.
- The attackers control unused premium-rate numbers that these calls and SMSs are directed to.
- The attackers partner with a rogue network through which calls and SMSs are routed to avail termination charges.
While partnerships between offending parties are impossible to control, modern fraud defences can stand up to attack scripts and identify fraudulent premium-rate numbers. Employing a strong system can lead to swift recognition of an imminent attack, considerably mitigating losses due to IRSF. Fraud can thus be nipped in the bud with the following precautions.
Adopt modern script breaker tools:Intelligent script breaker tools that incorporate artificial intelligence and machine learning are designed to detect humans and malicious bots apart and can stop an attacking script in its tracks.
Maintain intel on premium-rate numbers:Up-to-date knowledge of legitimate premium-rate numbers and unused number ranges can help identify fraudulent numbers that the attackers have purchased. Sharing this information between trusted businesses can determine if a particular number was used to commit fraud.
Thus, having a proactive security system in place can identify and block malicious activity before it starts costing you. Modern fraud prevention systems rely on automation and machine learning technologies to learn, adapt to, and keep abreast of the evolving techniques used by fraudsters. This way, your organisation can stay one step ahead of IRSF and predict breaches to mitigate losses.
For organisations on the digital transformation journey, agility is key in responding to a rapidly changing technology and business landscape. Now more than ever, it is crucial to deliver and exceed on organisational expectations with a robust digital mindset backed by innovation. Enabling businesses to sense, learn, respond, and evolve like a living organism, will be imperative for business excellence going forward. A comprehensive, yet modular suite of services is doing exactly that. Equipping organisations with intuitive decision-making automatically at scale, actionable insights based on real-time solutions, anytime/anywhere experience, and in-depth data visibility across functions leading to hyper-productivity, Live Enterprise is building connected organisations that are innovating collaboratively for the future.
How can Infosys BPM help?
Infosys BPM offers an expansive suite of telecom fraud management tools that can insulate your organisation from ISRF-related losses by incorporating the latest generation of proactive solutions to secure your organisation against fraudulent activity. Tap into customised solutions to suit your specific needs.