The present invention relates to preventing fraudulent access to a telecommunications system. In particular, the invention relates to a method and system for using bad billed records generated during failed call attempts prevent fraudulent access to a telecommunications system.
Fraud costs the telecommunications industry billions of dollars per year. There are many techniques used to perpetrate fraud. The fraud can be as simple as using a stolen credit card or calling card to charge a long distance call, or it can involve sophisticated looping techniques, such as repeatedly calling a private PBX system, finding the correct sequence to access an outside line (by trial and error or other hacking techniques) and then placing a costly long distance call through the PBX system. The telecommunications industry is involved in an intensive and ongoing effort to identify different types of fraud and then to develop and implement ways of preventing such fraud.
Fraud is more costly to certain telecommunications companies than others. For example, where a fraudulent call is directed at a company that owns the underlying telecommunications infrastructure, the cost of the call is less than the cost to an independent company that incurs access charges to the owner(s) of the infrastructure supporting the call, even if the call is fraudulent. In either case, however, the cost to the industry is significant.
Particular methods of fraud control and systems for implementing them are known in the industry. Fraud control may be divided conceptually into identifying a call that is likely to be fraudulent and responding after a call is identified as likely to be fraudulent.
Methods of identifying calls that are likely to be fraudulent vary from the simple to the sophisticated and are generally directed at a particular type of fraudulent activity. For example, a call is likely to be fraudulent if it is made using a calling card that has been reported stolen by the owner. A more sophisticated method and system of identifying fraudulent calls is described in U.S. Pat. No. 5,768,354, entitled xe2x80x9cFraud Evaluation And Reporting System and Method Thereofxe2x80x9d, which is owned by the assignee of the present invention. Fraudulent activity is identified in the ""354 patent by monitoring a billing detail record created for each call. In the simple case where the company""s database shows that the billing number being used for a call has been reported lost, stolen, etc., the billing detail record includes a header designating it is a xe2x80x9cbad billing numberxe2x80x9d, the call is immediately identified fraudulent and an alert is generated in the system.
The ""354 patent is directed at calls that require xe2x80x9cspecial servicexe2x80x9d, that is, which are placed through an operator or an automatic operation support system. Such calls generally require the caller to manually supply the billing number, such as by pressing numbers on a payphone, swiping the magnetic strip on a card or speaking with an operator. It may also require the caller to identify the category of billing product (such as credit card, calling card, pre-paid phone card) for the billing number. The category of the billing product may alternatively be identified by the system by matching all or part of the billing number with billing numbers (or ranges of billing numbers) stored in an identification database, where the stored billing numbers are correlated with the category of billing product. The identification database may also correlate a billing number with the particular type of billing product for the category. For example, where the category of the billing number is identified as a credit card, the identification database may use the billing number to further identify the type of credit card, such as Visa, Master Card, American Express, etc.
The ""354 patent also identifies fraudulent activity by monitoring use of a billing number over time. For example, where the number of domestic calls placed within a certain amount of time using the same billing number exceeds a threshold, an alert is generated. International calls are similarly handled, however, the threshold may be adjusted so that fewer calls within the time period generate an alert. In addition, the threshold may be further adjusted for calls to countries where a high percentage of fraudulent calls are directed. The thresholds may also be varied by the billing product. For example, fraudulent activity may be determined to be more likely to occur on a calling card than on a third party call; consequently, the threshold may be set lower for calling card products.
Once a call generates an alert that the call might be fraudulent, additional activity may be taken to further examine whether the billing number is being used fraudulently, or steps may be taken to prevent further calls using the billing number. In the ""354 patent, after an alarm is generated, data for prior calls charged to the billing number are sent to a fraud analyst, who analyzes that data and may determine whether or not to deactivate the card. If the decision is to deactivate the card, the ""354 patent describes the analyst as setting a fraud flag. Setting of the fraud flag causes subsequent calls using this billing number to be intercepted or blocked.
Various records have been used in telecommunications management and fraud control. For example, when a call is completed, a Call Detail Record (CDR) may be created which is associated with that call. The CDRs are generated within the telecommunications network and collected by a billing software program. The billing software program then selects suspect CDRs and forwards them to a fraud control system. The fraud control system processes the suspect CDRs by reviewing the information and comparing the information with established thresholds, and generates an alarm when the thresholds are exceeded.
A problem with prior art fraud detection systems is that they generally require a fraudulent call to be successful prior to generating a CDR. This introduces an inherent limitation into the fraud prevention process, in that the service must be stolen prior to any fraud detection occurring. This gives phone hackers an advantage of staying a step ahead of detection.
Sophisticated phone hackers may further take advantage of this limitation by attempting calls using an invalid or blocked calling card number via an automatic operator console or manual operator console. The caller is then prompted to re-enter the calling card number, and is free to do so without any record being generated. This procedure may be repeated up to three times before any record of the attempts is generated. With this knowledge, a sophisticated phone hacker can hang up after two attempts and call back again, repeatedly restarting the process without any fraud control records being generated.
The present invention provides for a new record type called a bad billed number record (BBN) to be generated on each call attempt whenever a calling card number is blocked, the terminating number is blocked, or the calling card number is invalid. The BBN preferably includes the operator site number, representing the operator site the call was processed through; the access method, representing the access method the call used to reach the operator platform; the billed number used to make the call; the originating number of the call; the information digit, used to determine the identity type of the originating number (i.e. payphone, home phone, mobile phone, PBX, etc.); the bill type, representing the product type of the billed number (i.e. calling card, credit card, etc.); the call type, representing the access feature of how the billed number is processed; and the termination method, representing how the call terminated within the network.
It is an object of the present invention to provide a method and system for detecting fraudulent use of card numbers, such as calling cards or credit cards.
It is another object of the present invention to provide a method and system for generating BBNs to improve detection of fraudulent use of card numbers.
It is still another object of the present invention to provide a method and system for generating BBNs upon receipt of a first bad billed number at an automatic operator console or manual operator console.
To achieve the above objects, a method for using at least one BBN to detect fraud in a telecommunication system includes the steps of: generating the at least one BBN for each call attempt made using a billing product, when the call attempt satisfies any one of a plurality of fraud criteria; storing the at least one BBN in a storage queue for later retrieval; and retrieving and analyzing the at least one BBN to increment a plurality of fraud control counters according to the analysis.
A system for using a plurality of BBNs to detect fraud in a telecommunications system includes a network operator service platform (OSP) for receiving call attempts using a billing product and generating BBNs based on the received call attempts; a network information concentrator (NIC) for temporarily storing the generated BBNs; and a fraud monitoring system for retrieving the stored BBNs, filtering out unidentifiable BBNs, analyzing identifiable BBNs, and generating alarms based on the analysis.