Print Page   |   Contact Us   |   Sign In   |   Apply online
Community Search

Managing Risk Management Training - 2 November 2016

2016/11/03 » 2016/11/04
Project Risk Assessment Training - 3 & 4 November 2016

Risk Reporting Training - 7 November 2016

IRMSA Risk Chat
Blog Home All Blogs
Search all posts for:   


View all (60) posts »

Telecoms fraud

Posted By IRMSAInsight, 16 October 2015
19 October 2015 



The use of mobile devices continues to involve more risk for both the consumer and the service providers and operators. With thanks to one of our IRMSA member companies, we suggest you review and be aware of the following issues, both for yourselves and your companies.

Telecoms Fraud 



Telecommunications fraud is the use of telecoms products or services for fraudulent purposes, resulting in losses and revenue leakage for operators. While both fixed line and mobile operators are targeted, there exist various categories of fraud focussing specifically on mobile users and / or operators.


Although subscription fraud - or fraudulently obtained post-paid accounts or connections - is still the top fraud risk for network operators, International Revenue Share Fraud (IRSF) has become the most commonly reported fraud type and is generally perpetrated through the use of devices and / or connections obtained through fraudulent subscriptions.


International Revenue Share Fraud (IRSF)

IRSF generally starts with the assigning of a number range designated for international premium-rate numbers (PRNs) to an international revenue share provider in a given country. These PRNs allow callers to access certain forms of value-added information or entertainment services. Callers to the PRNs are charged much higher rates than normal traffic terminating in the same country. Typically, IRSF involves a relationship between the revenue share provider and fraudsters generating traffic/artificial calls to premium numbers and calls to PRNs generate a profit for both the revenue share provider and the content supplier.


Revenue share fraud activities abuse carrier interconnect agreements as carriers are bound by international agreements for roaming and interconnect payments. In short, most agreements stipulate that the originating operator is responsible to pay for all calls originating from its network. This also presents a challenge to operators when trying to recover monies already paid, but after the fraud has been discovered.


This fraud holds the dubious honour of being the most prevalent telecoms fraud type. It is perpetrated through several methods; all designed to generate maximum artificial inflation of traffic (AIT) to premium-rated numbers worldwide.


IRSF scam types



Literally meaning "one (ring) and cut" – is a scam that prompts victims to call international numbers through deception; thereby incurring significant costs. It involves the perpetrator/machine or computer dialler generating a large number of calls to multiple random numbers, often mobile users. The calls terminate after one ring, leaving the calling party’s number on the recipient’s caller ID display. Many users call back, thinking it’s a legitimate call or simply out of curiosity. The return number is, in fact, a PRN and, consequently, the caller will be charged premium rates. There is also the WhatsApp-based version of Wangiri fraud whereby users receive a WhatsApp message with a contact attachment.


Premium-rated services fraud

Here, callers or SMS/USSD senders will be sent information or content which is charged at a premium rate. This typically relates to adult chat lines, gambling, horoscope sites, news, weather and the like and is provided via voice, USSD or SMS. Fraud is committed when the operator of that service – the wireless application service provider (WASP) – stimulates calls into that service to attract higher settlement payments from an operator. The PRS provider gains financially by generating traffic to that service 


Call forwarding fraud

This occurs where a fraudster ‘tricks’ a subscriber into call-forwarding his or her number to a long-distance number or a number used by the fraudster or an accomplice to accept collect calls. The unsuspecting subscriber will receive a huge bill for all of these international calls.


Private Branch Exchanges (PBX) fraud

Here, external parties target an organisation’s PBX system to make long duration calls, usually to international premium-rated or overseas numbers. Hackers gain authorised access to the PBX system and generate profit from the calls made to premium-rated numbers, leaving the PBX system owner liable for payment. This type of fraud is most likely to occur during times when organisations / businesses are closed but their telephone systems are not.




Although IRSF can quite easily be detected by examining call detail records (CDRs), identifying the nature and volume of the calls and delays in blocking the numbers presents a challenge in combatting these activities. Counter measures will however typically encompass the following measures or controls that can prevent and/or alert when this happens:


  • Close monitoring of abnormal traffic patterns
  • Monitoring of top destinations for anomalous traffic patterns
  • A real-time monitoring and alarm system to immediately stop fraud activities
  • Analysing data where count of calls is greater than usual and identifying patterns
  • Checking dealer commissions (subscription fraud) or the negative margin per tariff plan(arbitrage)
  • Monitoring destinations which fraudsters are known to exploit
  • In-roamer monitoring of partners with less traffic than previously observed
  • Monitoring of new SIM roaming usage
  • Ensuring that systems are secure against hacking
  • Implementing security best practices, policies and procedures.




  1. Do you utilise a password to be able to access your phone?
  2. Do you utilise a pin number for SIM card access?
  3. Do you as company enforce the password and pin numbers for company issued phones and sim cards?
  4. Do you have measures in place to monitor high spending on your phone or your company issued phones?








Copyright © 2015 IRMSA - All rights reserved.

You are currently signed up to the IRMSA Risk Chat mailing list. To unsubscribe click here.

144 Katherine Street, Grayston Ridge Office Park, Block A, First Floor

Tel: 011-555-1800 

This email was sent to '@@email@@' from The Institute of Risk Management South Africa. If you wish to stop receiving email from us, you can simply remove yourself by visiting: @@unsubscribe_url@@ 


This post has not been tagged.

Share |
Permalink | Comments (0)
Sign In

Forgot your password?

Click here to join IRMSA