Fraud is always about money: Discover Andrew's ta-da story.
The expertise of those who work for our company and their diverse professional backgrounds is the main reason why Orange Business Services is so resourceful. The wide skillset of our employees is what enables us to meet the expectations of our customers, right when they need it the most.
We like to call it the “ta-da!” effect.
Let’s meet Andrew Parker, a cybersecurity engineer, who detected and resolved fraud for one very special customer through smart tools and swift action.
Chasing anomalies in telephone voice traffic is how we track and prevent fraud
“Fraud — unsurprisingly — is always about money. That’s why it is the billing department that’s left to deal with it. I am part of small team of two. We work specifically with telephone voice traffic. Phone calls are easy targets because that is where the money is, as internet calls cost practically nothing. I joined Orange in 1992 and I have stayed in this line of work ever since. I started out in telex billing, followed by X25 networks and web design. I’ve always chased anomalies to prevent revenue loss.
The fraud we are after is simple but quite clever. There are always two separate fraudsters – one who creates a shared cost telephone number, and the other who “sneaks” into a company’s telephone system to call a given number and collect the amount. It is virtually impossible to find a connection between these fraudsters who work behind the scenes. They are not amateurs either, but rather are likely to be members of sophisticated, very well-organized criminal gangs. This fraud is hard to detect, as they tend to be one-off hit-and-run attacks.
Sometimes, we can only analyze what has happened after the incident has taken place – once these telephone networks have already been infiltrated. To do so, we developed a tool in 2012 to analyze CDRs (Call Detail Records) and pick up anomalies in the traffic coming from irregular call destinations with the aim of saving financial losses for our clients. A vast majority of such fraud happens outside regular office hours, on Friday evenings, weekends or public holidays, to give fraudsters the maximum amount of undetected call time. That is why it did not come as a surprise that this client case in question happened on a weekend when I was on call.”
The “ta-da!” moment happened when we called our clients to say we had not only detected the fraud but had already taken the right steps to block it. They were quite impressed.
Our tool created an anomalous traffic alert for us to investigate
“This was in 2018. It was a Sunday. I received an anomalous traffic alert and investigated further. We discovered that a global intergovernmental organization (a client of our customer for whom we manage telephone services) was making several suspicious calls to a Latvian number outside of usual operating hours. These calls turned out to be fraudulent, and in line with our VoC (Voice of the Customer) agreement, we blocked the call destination and made direct contact with the customer.
One of the main challenges we have with such fraud is finding the right person within the company who can deal with such issues internally, especially given that such attacks take place outside of usual office hours and there was a time difference to deal with too. In this case, however, we were able to speak to them directly, even though the main contact was on holiday, and help them identify where the security breach was, saving them a good deal of money in the process.”
Calling to say we were already resolving the problem
“Part of the solution, once such fraud is detected, is to block the calls from going through to the fraudulent number. Whilst this was being done, the fraudster was trying to expand the scope of the calls, calling other fraudulent numbers around the world, so we expanded the blocking plan too. Blocking is tricky because you don’t want to block destinations that the customer intends to call – and especially for an organization like this particular one, who make a huge amount of calls worldwide. Blocking then becomes more of a chase than a preventive measure.
The “Ta-Da!” moment for the client was the surprise we had for our client when we called them to say we had not only detected the fraud but had already taken the right steps to block it. They were quite impressed, and obviously pleased to save money. One positive outcome of this whole thing is that we haven’t had any more alerts from them since we highlighted the weakness in their system and took action. That’s as good as it gets!”
Discover other stories