Andy’s ta-da story: fraud is always about money


The expertise of those who work for our company and their diverse professional backgrounds is the main reason why Orange Business is so resourceful. The wide skillset of our employees is what enables us to meet the expectations of our customers, right when they need it the most.
We like to call it the “ta-da!” effect.
Let’s meet Andy, Fraud Mitigation Specialist, who detected and resolved fraud for one very special customer through smart tools and swift action.

Chasing data anomalies in telephone voice traffic is how we track and prevent fraud

“Fraud — unsurprisingly — is always about money. That’s why it is the billing department that’s left to deal with it. I am part of a small team of two. We work specifically with telephone voice traffic. Phone calls are easy targets because that is where the money is, as internet calls cost practically nothing. I joined Orange in 1992 and I have stayed in this line of work ever since. I started in telex network monitoring, then X.25 monitoring, then took on telex billing, then web design, then database and web tool development, which meant that we were ideally placed to develop a fraud detection tool which had billing, web and database components.

A typical example of a fraud case would be where there are two separate fraudsters — one who creates a shared cost telephone number, and the other who “sneaks” into a company’s telephone system to call a given number and collect the amount. It is virtually impossible to find a connection between these fraudsters who work behind the scenes. They are not amateurs either, but rather are likely to be members of sophisticated, very well-organized criminal gangs. This fraud is hard to detect, a new trend we are seeing is where we get one-off hit-and-run attacks. Usually, we can only analyze what has happened after the incident has taken place, once these telephone networks have already been infiltrated. To do so, we developed a phone traffic data analysis tool to analyze CDRs (Call Detail Records) and pick up anomalies in the traffic coming from irregular call destinations with the aim of saving financial losses for our clients, and in some cases ourselves! A vast majority of such fraud happens outside regular office hours, on Friday evenings, weekends or public holidays, to give fraudsters the maximum amount of undetected call time. That is why it did not come as a surprise that this client case in question happened on a weekend when I was on call.”

 

Our tool created an anomalous traffic alert for us to investigate

“It was a Sunday. I received an anomalous traffic alert and investigated further. We discovered that a global intergovernmental organization was making several suspicious calls to an Eastern European number outside of usual operating hours. These calls turned out to be fraudulent, and in line with our VoC (Voice Operations Center) agreement, we blocked the call destination and made direct contact with the customer.

One of the main challenges we have with such fraud is finding the right person within the company who can deal with such issues internally, especially given that such attacks take place outside of usual office hours and in this case there was a time difference element to complicate communication too. In this case, however, we were able to speak to them directly, even though the main contact was on holiday, and help them identify where the security breach was, saving them a good deal of money in the process.”

Calling to say we were already resolving the problem

“Part of the solution, once such fraud is detected, is to block the calls from going through to the fraudulent number. Whilst this was being done, the fraudster was trying to expand the scope of the calls, calling other fraudulent numbers around the world, so we expanded the blocking plan too. Blocking is tricky because you don’t want to block destinations that the customer intends to call – and especially for an organization like this particular one, who makes a huge amount of calls worldwide. Blocking then becomes more of a chase than a preventive measure.

The “ta-da!” moment was the surprise we had for our client when we called them to say we had not only detected the fraud but had already taken the right steps to block it. They were quite impressed, and obviously pleased to save money. One positive outcome of this whole thing is that they haven’t had any more fraud cases since we highlighted the weakness in their system and helped them take action. That’s as good as it gets!”