On the tracks of fraudsters

With nearly 100 deployments in 50 countries, FraudBuster has a unique vision of the trends and techniques in fraud. You can bet our Analysts have stories to tell! So, this is the story of the whitelisted numbers.

Whitelisting or not, that is the question

A year ago, FraudBuster was asked by a Mobile Network Operator (MNO) to whitelist batches of MSISDNs. Surprisingly, the request concerned nearly 20% of the Operator’s subscribers base…

Whitelisting numbers is a risky action. Indeed, it creates a significant exposure to internal fraud. As the numbers fall under the radar, they can be abused without triggering the standard set of alarms.

Finetuning detection rules

With this in mind, an initial investigation by FraudBuster’s Analysts revealed that a part of the requested numbers was already suspicious (outgoing calls only, significant B-number dispersion, etc.). However, the Operator argued there were numbers from identified customer’s PBX, with legitimate business activities.

There’s sometimes a very thin line between PBX lines and SIMbox profiles. For instance, commercial businesses, banks, insurance companies will make many calls throughout the day towards customers or prospects base. Usually, they get little or no inbound calls in return. Accordingly, such subtle differences require precise finetuning of the Detection Rules and the permanent attention of the FraudBuster Analysts.

In this case, FraudBuster evaluated that the risk of whitelisting such a large number of MSISDNs was too high, and instead put them in an intermediary Grey List.

Constant monitoring

Recently, almost a year after this episode, FraudBuster detected some numbers within this batch showing a clear change of behavior and an unmistakable SIMbox activity. The Operator quickly agreed to block those numbers. They indeed amounted to nearly 30% of the list they had initially requested to be whitelisted!

Conclusion

To conclude, whitelisting numbers is a risky operation! It should only ever happen for specific MSISDNs and positively identified owners. Even in this case, whitelisting should not be definitive. Moreover, it should include some controls to make sure the lines are not abused. Fortunately, FraudBuster has your back; in particular because our customers are looked after by a team of Fraud Analysts who will maintain a questioning (paranoid? 🙂 ) mindset.