Interconnect Bypass – Which Regions of the World are Most Vulnerable?

Press Release

Can geographical location really have an impact on telecommunications fraud? After all, telecommunications spans the globe and seemingly knows no physical boundaries. That’s the beauty of this modern technology.

Yet, the economic forces and legal frameworks that regulate the telecom industry differ from country to country and region to region. This, paired with emerging technologies that have growing popularity in different regions of the world, create a range of opportunities in the call chain for fraudsters to take advantage of.

As a result, fraud has developed a regional face:
– High rate destinations like Seychelles are hit with interconnect bypass more often than others
– Robocalls are rampant in the United States and UK
– CLI spoofing fraud is more common in Europe than many other regions of the world

Knowing which fraud schemes threaten your region most can help you better protect yourself from such attacks.

To shed some light on this key issue, we’ve decided to publish a series of articles exploring the regional face of fraud.

In coming articles, we’ll discuss the various fraud schemes, which regions they’re most prevalent in, why it’s so, and how you can assure that you’re 100% protected from every single fraud scheme out there, regardless of which fraud schemes you’re most vulnerable to.
Our first article in the series is Interconnect Bypass.

Interconnect Bypass – Where does it attack?

In this article, we’re going to discuss interconnect bypass, where it’s most common and how to stay protected from it. This sneaky fraud scheme hits telco operators around the world, stealing major portions of their revenue without them even knowing it.

Where there are opportunities, there is fraud. And in the case of Interconnect Bypass, high termination costs create an opportunity for dishonest carriers to abuse traffic routes for a profit.

Regions that charge high termination rates include:
– Falkland Islands
– Seychelles
– Cuba
– Chad
– Maldives
– Tunisia
– Algeria
– European Union
And many others.

At the same time, as communication methods and patterns have changed over the past several decades, voice traffic volumes have fallen, leading to revenue losses for telco operators and carriers.
Regulators around the world have tried to make up for this lost revenue by raising termination rates on certain traffic, such as incoming international voice traffic.

For example, the European Union (EU) has raised rates on non-EU voice traffic terminating within the EU in an attempt to offset such losses.

However, thanks to interconnect bypass, the results aren’t always what they expect – fraudsters abuse the high-rate traffic for profit, stealing revenue from local carriers.

How exactly does this fraud scheme work? To better understand its success, we need to understand how interconnect bypass works.

What is Interconnect Bypass Fraud?

As voice traffic is routed from its origin to its destination, passing from carrier to carrier, each carrier in a call chain charges the one before it for passing traffic on through their network.
In other words, each carrier charges for receiving traffic and, at the same time, pays to route traffic on to the next carrier in the chain.

Corrupt carriers find opportunities to manipulate traffic routes for profit by taking advantage of the difference between low and high termination rates.

Interconnect bypass fraud is a fraud scheme in which corrupt carriers bypass interconnection agreements between operators in a call chain to profit off the difference between low and high termination rates.

In other words, a corrupt carrier may decide to dishonestly reroute incoming traffic via a SIM box, passing traffic on to another dishonest operator (refiling), rerouting it to an OTT app or via another low-rate means (i.e. disguising it as on-network traffic).

Regardless of the means, in the end, a carrier collects a fee on the high-rate incoming traffic (usually international) and pays a low-rate fee to the next carrier in the call chain, effectively increasing their profit margin (illegitimately).

Traditional anti-fraud systems aren’t very good at detecting such manipulations to the call chain. As a result, interconnect bypass successfully robs terminating carriers from revenue every year, often going undetected.

What makes it so difficult to detect and prevent? Let’s have a look.

Types of Interconnect Bypass Fraud

Why can’t traditional fraud management systems (FMS) detect interconnect bypass?
To understand this, we need to have a look at the different methods of interconnect bypass that I mentioned above (SIM boxing, Refiling and OTT bypass).

SIM Boxing

SIM box fraud entails the illegal connecting of international calls via low-cost, prepaid SIM cards, which is a component of a larger criminal business, called GSM termination.
As you know, international call tariffs are much higher than on-network rates. A SIM box fraud scheme allows fraudsters to earn profits by taking advantage of the difference between such local and international tariffs.

A fraudster will team up with an international entity to reroute international calls through their SIM box and terminate these calls via a local phone so it appears that the call was made on-network.
As a result, SIM box operators bypass interconnects in the international call chain and avoid paying international rates. They fraudulently undercut prices the Mobile Network Operators (MNO) charge and avoid government tax surcharges.

This voice traffic is billed as on-network traffic, instead of as interconnected national or international traffic, and operators earn only the value of on-network traffic.
Operator losses aren’t only financial.

Operators incur brand-loyalty and reputational losses as well, since calls rerouted via a SIM box are usually of a lower quality, have longer wait times to complete the call, are often dropped, rejected or not authorised and incur many other quality problems that can damage brand loyalty among customers.

Modus Operandi

A SIM box essentially contains multiple (thousands) SIM cards inserted into a fixed to mobile gateway switch. They operate around the clock, terminating calls to mobile networks as if they were made from that same mobile network.

Preventing SIM Box Fraud

There are some specific measures operators and carriers can take to minimize SIM box fraud, however, at the end of the day, none of the traditional fraud management systems on the market can effectively eliminate all SIM box fraud with 100% accuracy.

While this may seem like a small problem, even if fraudsters maintain a tiny foothold in the telecom market, it amounts to billions in dollars in losses each year for operators and non-telco enterprises around the world.

In 2020, AT&T had a potential fraud loss of $3.1 billion.

In 2019, Interconnect Bypass alone cost telcos around the world a whopping $2.71 billion in losses, while the total amount of revenue lost to telecom fraud that same year was $28.3 billion.

Therefore, operators often employ a Fraud Management System (FMS) in the hopes of protecting themselves.

A traditional FMS can use various methods to detect SIM box fraud, such as:
– Customer profiling
– Terminal analysis
– Usage monitoring
– Measurement of incoming vs outgoing traffic ratios
– Customer complaints of inaccurate caller IDs
– Test calls routed from fixed to GSM networks
And several others.

Once detected, operators can shut down fraudulent sim cards.

However, each of these methods has its shortcomings. For example, test calls are costly and some fraudsters are quite sophisticated – they’ll even allow an operator to detect some quantity of their SIMs to give the operator the false confidence that it’s detecting and stopping the fraud, while hiding the full extent of their SIM box operation.

Traditional FMS simply lack the technology to effectively eliminate SIM box fraud for good, before it strikes.

One of the main problems is that a traditional FMS takes a reactive approach to stopping fraud attacks.

After analysing data collected from test calls and other measures, operators can update firewalls and adjust other protocols.

Meanwhile, fraudsters evolve and develop new tactics to bypass these new measures. This cycle leads to a game of cat-and-mouse in which fraudsters continuously maintain ways to infiltrate call chains and bypass interconnects.

This is the general problem operators face when trying to stop any form of interconnect bypass fraud.
Let’s cover the other two most common forms of interconnect bypass. Then, I’ll explain what modern technology operators can use today to guarantee 100% protection from all forms of interconnect bypass, for good.

Refiling

Refiling is a generic term used to refer to various kinds of interconnect bypass. There are two main versions of refiling:
– Trunk refiling: Terminating operators charge termination fees based on the trunk a call is received on. Under normal circumstances, operators receive international traffic on international trunks and domestic traffic on other trunks. With refiling, a fraudster terminates voice traffic on an inappropriate trunk to take advantage of lower rates.
– CLI refiling: Other terminating operators charge termination fees based on the Calling Party Provider, which they determine from the Calling Line Identity (CLI), also referred to as the caller ID. With CLI refilling, criminals spoof (change) the CLI, but deliver the call via the correct trunk. The terminating operator charges a lower fee based on the CLI.

The goal of refiling and CLI refiling is the same as all interconnect bypass fraud – to abuse the difference between high and low rate traffic, increase profits for the corrupt carrier in the call chain and undercut the legitimate revenue of the terminating carrier.

Case Study: ‘EU Refiling’

As I mentioned above, refiling has become a big problem in the European Union. EU regulations put a maximum limit on call termination charges. In many markets, these regulations permit higher charges for terminating non-EU originating traffic to mobile networks within the EU.
In the markets where such rate differentiation doesn’t exist, refiling isn’t common. In markets where such termination rate differentials exist, refiling has become rampant. It’s become such a big problem that it has garnered its own name – ‘EU Refiling’.

This problem is also prevalent in other economically-linked areas with termination rate differentials between different countries, such as in East Africa, West Africa or in the Gulf region of the Middle East.

Test calls and bulk traffic analysis are some of the most effective ways of detecting refiling. However, they are a reactive approach to mitigating the fraud.

As long as termination rate differentials exist, operators in these regions will face a growing threat of refiling.

The third and final form of interconnect bypass we’ll discuss in this article is relatively new.

OTT Bypass

The way we use technology to communicate today is drastically different than it was 10 years ago. It’s even drastically different than it was 5 years ago.

The emergence of Over-The-Top (OTT) apps has played a key role in this evolution.

Due to their features and convenience, users increasingly prefer communicating via OTT apps instead of SMS. Traditional mobile services have become overshadowed by the many OTT applications available via the internet.

Emergence of OTT bypass fraud

Where there is opportunity, there will be fraud. And the emergence and popularity of such OTT apps has created a new opportunity for fraudsters.

Many OTT apps have an ‘In-Calling’ feature that allows incoming calls from numbers not connected to the OTT app. Fraudsters can use this ‘In-Calling’ feature of an OTT app to effectively abuse the difference between high and low termination rates on voice traffic for profit.

In short, OTT bypass fraud occurs when a carrier redirects terminating traffic from a legitimate mobile call onto an OTT application.

In markets where OTT communications services are widely adopted, the probability of fraud is significantly higher.

Mitigating OTT Bypass Fraud

OTT bypass fraud occurs in an ecosystem composed of several parties (i.e. MNOS, interconnect/wholesale operators, OTT providers and subscribers), which creates many complex challenges for preventing it.

For example, an OTT provider may have established a wholesale network platform in its own environment, which makes it easier for them to intercept and redirect calls from both the originating network and the wholesale network to the OTT application.

One idea is to establish partnerships between carriers that can allow the introduction of control mechanisms to help identify interceptions, or re-directions, to OTT services and decide which are permitted and which are not.

In general, OTT Bypass fraud is a relatively new and rapidly growing fraud scheme, which traditional FMS struggle to detect. And very few new solutions have been developed to detect it. As a result, many operators are at a loss of what to do as legitimate revenues continue to be stolen.
As you can see, OTT bypass, at its core, is another example of abusing the difference between termination rates.

Termination rate differences are significant in all of the above-mentioned regions of the world. It’s important for operators in these areas to understand the threat of interconnect bypass.
For example, in the case of the EU, attempts to offset losses due to decreasing voice traffic volumes has resulted in increased fraud attacks and continued revenue losses.
Another approach is worth considering.
The question many operators are asking is, "Since traditional fraud management solutions can’t effectively detect this form of fraud, how can we stay protected?".
Fortunately, there is a way to stay protected from Interconnect Bypass fraud, as well as any future variations the fraudsters may develop.

Eliminate Interconnect Bypass Fraud by Cross Validating Call Details

As is the case with any form of fraud, each of the types of interconnect bypass discussed above all share one common trait – call details.
The call registry of both the originating and terminating operators contain call details for each call.
While call details have been used in some capacity in traffic analysis, cross-validating the call details of the originating call registry with the called details of the terminating call registry is an unprecedented approach to detecting and mitigating interconnect bypass fraud. It is also a game-changer.
Customer profiling, terminal analysis, test calls, etc. These are time consuming, expensive and ineffective ways of preventing interconnect bypass. Cross validating call details in real-time before calls are connected can enable operators to stop interconnect bypass before a call is connected, completely stopping it in its tracks.
This is the foundation on which the AB Handshake solution operates.

AB Handshake – A solution for interconnect bypass fraud

By cross validating call details in real time, members of the AB Handshake community can detect every form of interconnect bypass on calls in real-time before the calls are connected, with 100% accuracy and no false positives.
With AB Handshake, we shift from a reactive game of cat-and-mouse to a proactive elimination of interconnect bypass before it hits. As a result, we have the ability to completely eliminate interconnect bypass once and for all, not just minimize it.

Here’s how it works:
1. As soon as a call is initiated, the originating network records key call details to Call Registry A. Details include the A and B numbers as well as a time-stamp for the start of the call.
2. The terminating network then sends their respective call details to Call Registry B.
3. Both registries simultaneously exchange encrypted messaging via the internet to cross-validate the call details.

Any discrepancy between the call details indicates one thing – fraud.
Once a manipulation is detected, an operator can either block the call or choose to let it connect.
All traffic between operators within the AB Handshake community is guaranteed to be 100% fraud-free with zero false positives.

The solution is affordable, easily integrated into the default settings of any operator’s current network and can be used alongside their current FMS.
Every member of the community benefits as more members join. The more members that join, the percentage of fraud-free traffic around the world increases while the volume of fraudulent traffic decreases.
If adopted on a global scale, AB Handshake can completely eliminate interconnect bypass, for good.

Join the AB Handshake Community Today

The AB Handshake community currently has 200+ operators in different integration stages, from negotiation to contract signing and onboarding.
AB Handshake is actively onboarding providers from any location around the globe and the system is already validating live traffic to every country in the world.
If you have any questions about AB Handshake, feel free to contact us here: https://abhandshake.com/contacts. One of our specialists will respond today.
If you’re ready to join the AB Handshake community today, contact us at contact@abhandshake.com and one of our onboarding specialists will likewise be in touch.