“If you use a discount calling card from the US or Europe to phone Ecuador, Nigeria or any one of dozens of developing countries, your voice is now more likely streaming over the Internet and terminating via an illegal operator rather than travelling over conventional channels,” The Berkman Center, Harvard Law School.

What is the problem?

Legitimate operators negotiate interconnection agreements with other legitimate operators that define the routes and cost of termination calls (often international) on their network. An international call may route through the interconnection points of several operators: at each point a termination fee is charged by the operator through which the call is routed. Routing calls in a manner that avoids these agreed interconnection points is bypass fraud.

How big is the problem?

Bypass fraud has existed for years. Many early bypass operators used satellite communication to avoid operator international termination charges. The sophisticated equipment, considerable investment, and specialized skills needed to set-up satellite bypass contributed to keeping this fraud contained.

The advent of Voice over IP (VoIP) has made bypass easier and more common. VoIP equipment is readily available, low-cost, and easy to set-up. Individuals and groups have sprung up that use VoIP as a method to route calls onto or away from an operator’s network avoiding the interconnection points.

The value of bypass is difficult to quantify, but it is acknowledged that large telcos are losing significant revenue to VoIP routing. For example, the Wall Street Journal reported that a Mexican carrier had lodged a complaint to the WTO stating that illegal bypass by VoIP provider cost it $200 million in 2003 alone. More recently, it was estimated that Europeans spent $31 billion on VoIP bypass in 2006.

How it occurs

There are many variants of bypass fraud: international, national, mobile to mobile, mobile to fixed, and re-file. All variants and methods exploit the difference between regulated termination fees and cheaper, unofficial call routes.

Commonly, SIM boxes are used to perpetrate bypass fraud, so we shall use this technique for illustration. Other variants work in similar ways, but use different technologies, such as PBX.

The figure below shows two different routes of an international call to a mobile phone: the official route and bypass route. In the official route, the call charge may be made up of the originating section (up to the international switch), the international transit (between international switches), and the local termination.

The bypass route avoids the local termination by using VoIP to carry the call to a SIM Box in the destination country.

The SIM box maps the call from VoIP to a SIM card (in the SIM box) of the same mobile operator of the destination mobile. Calls between mobile phones (or SIMs) on the same network are usually cheap compared to the cost of terminating the international call.

How it can be tackled

Several techniques exist for detecting bypass fraud (specifically SIM boxing), for example:

B-number diversity: a series of calls placed through a bypass route are rarely to the same number as the calls are placed by large numbers of unrelated individuals. B-number/destination diversity is a reliable, low cost indicator of bypass fraud.

Roaming record matching: if an operator’s roaming subscriber’s call is routed through a bypass operator, the B-number and timestamp in the TAP record will match those of an on-network Mobile Originated Call, but the originating numbers will differ. This method is low-cost and reliable, but only identifies a narrow set of bypass situations.

International calling to SIM-card where CLIR has been removed: this method relies on initiating calls from international destinations and collecting routing information. It is highly reliable, but costly and requires operator co-operation.

Bypass routes have several other characteristics that can help reduce false positives:

*** High call volume;

*** Only voice service (i.e. no voicemail, SMS, etc);

*** Only on-network calls (originator and destination service provider is the same);

*** Mostly outgoing calls (or incoming calls, depending on the direction of bypass);

*** No movement of the SIM (for mobile);

*** Possible cell site flooding; and

*** Known SIM Box IMEIs.

How Minotaur™ can tackle it specifically

As stated, there are many characteristics that can identify a number used for call bypass. However, expecting all these characteristics to be present is unreliable as fraudsters will employ techniques to avoid detection, e.g. virtual SIMs can be used to simulate movement, small numbers of non-voice service can be used, etc.

The items below illustrates this point, where each bypass scenario, of which there are four, includes some, but not all typical characteristics:

On-net Call Volume - (Scenarios 2 and 4);

Hot IMEI - (Scenario 3);

Call Direction Ratio - (Scenario 1);

Static Cell Site - (Scenarios 1 and 2);

On-net Call Ratio - (Scenario 4);

Destination Diversity - (Scenario 4); and

Hot Cell Site - (Scenario 2).

Minotaur’s™ multi-stage analysis is ideally suited to detecting the variant nature of bypass fraud. A series of rules are defined in the first stage analysis process: one rule for each characteristic (e.g. high on-network call volume, unusual service usage ratio, static cell site, etc). The second stage analysis looks for different combinations of these alarms before deciding to raise a ticket. This approach results in high detection rate with low false positives.

Mobile call terminating using official route

A typical operator will carry 15,000 minutes per month per circuit. Assuming the cost to terminate a mobile call is $0.125 per minute (not untypical), the revenue per circuit is 15000 x $0.125 = $1,875. per month.

Int (raised to the Nth power) Switch = $0.125/min

Mobile call appearing as on-net (local) due to bypass

The cost of an on-network mobile to mobile call for the same operator is $0.04732 per minute. Therefore, the same circuit with 15,000 minutes per month results in 15,000 x $0.04732 = $710 per month when the call is routed through a bypass operator.

VoIP Gateway > VoIP Internet = $0.04732/min

A typical bypass operator will have 60 circuits, resulting in $69,912 per month of lost revenue! This lost revenue is revenue potential for the bypass operator.

This post was provided through the courtesy of Neural Technologies Ltd.