1. Field of the Invention
The invention relates to preventing fraudulent access to a telecommunications system. In particular, the invention relates to identifying fraudulent calls directed at a particular telephone number (a xe2x80x9cterminating automatic number indicatorxe2x80x9d or xe2x80x9cterminating ANIxe2x80x9d) and blocking subsequent calls to that number.
2. Description of the Related Art
Fraud costs the telecommunications industry billions of dollars per year. There are many techniques used to perpetrate fraud. The fraud can be as simple as using a stolen credit card to charge a long distance call, or it can involve sophisticated looping techniques, such as repeatedly calling a private PBX system, finding the correct sequence to access an outside line (by trial and error or other hacking techniques) and then placing a costly long distance call through the PBX system. The telecommunications industry is involved in an intensive and ongoing effort to identify different types of fraud and then to develop and implement ways of preventing such fraud.
Fraud is more costly to certain telecommunications companies than others. For example, where a fraudulent call is directed at a company that owns the underlying telecommunications infrastructure, the cost of the call is less than the cost to an independent company that incurs access charges to the owner(s) of the infrastructure supporting the call, even if the call is fraudulent. In either case, however, the cost to the industry is significant.
Particular methods of fraud control and systems for implementing them are known in the industry. Fraud control may be divided conceptually into identifying a call that is likely to be fraudulent and responding after a call is identified as likely to be fraudulent.
Methods of identifying calls that are likely to be fraudulent vary from the simple to the sophisticated and are generally directed at a particular type of fraudulent activity. For example, a call is likely to be fraudulent if it is made using a calling card that has been reported stolen by the owner. A more sophisticated method of identifying fraudulent calls is described in U.S. Pat. No. 5,768,354, entitled xe2x80x9cFraud Evaluation and Reporting System and Method Thereofxe2x80x9d, which is owned by the assignee of the present invention. Fraudulent activity is identified in the ""354 patent by monitoring the activity of a billing number, such as a calling card number or a credit card number. If certain patterns of calling are detected, an alert is generated. The alert can be analyzed and a decision may be made to block subsequent calls made using the billing number.
The ""354 patent is directed at calls that require xe2x80x9cspecial servicexe2x80x9d, that is, which are placed through an operator or an automatic operation support system. Such calls generally require the caller to access an intelligent services network (ISN) of a telecommunications company through a particular number, such as an 800 access number, and then manually supply the billing number, such as by pressing numbers on a payphone, swiping the magnetic strip on a card or speaking with an operator.
The ""354 patent and like techniques focus on preventing fraudulent calls perpetrated using the same billing number. Those involved in fraudulent activity, however, may use a number of different billing numbers (often stolen) in order to conceal their activity.
In such cases, where the billing number cannot be used to effectively block the fraud, the fraud must be prevented by another means, such as blocking the desired terminating ANI. There are therefore techniques of fraud detection and prevention that focus on calling patterns to a terminating ANI. A particular terminating ANI is often the focus of fraudulent activity. For example, an offender may make multiple calls to a general number of a PBX system in an attempt to hack into the system to obtain information or place a subsequent call. In addition, lengthy fraudulent calls are commonly made to a terminating ANI in a foreign country. The single call may be used to support successive conversations between persons at the originating ANI (located, for example, in New York City or Los Angeles) and their relatives located at the terminating ANI in the foreign country.
Detecting fraudulent calls directed at a terminating ANI may be accomplished by creating a called number record for each special service call, retrieving prior called number records for the terminating ANI when it is dialed, and generating a fraud alert if the called number records fall within a pre-programmed pattern suspected of being fraudulent.
For example, an alert may be generated if ten special service calls are placed to a terminating ANI within one hour. After such an alert is generated, the calling records may be transferred to a fraud analyst, who is trained to evaluate whether further action is required. For example, the fraud analyst may see that the terminating ANI is a paging service and that the calls are originating from a wide geographical range of originating numbers (xe2x80x9coriginating automatic number indicatorxe2x80x9d or xe2x80x9coriginating ANIxe2x80x9d). The analyst may conclude that this is normal calling activity and take no further action. (The analyst may alternatively initiate an upward adjustment of the alarm level for that particular terminating ANI.) On the other hand, if the calls are being made to a business in the middle of the night, the analyst may conclude that someone is trying to hack into the business""s PBX system.
U.S. Pat. No. 5,805,686, entitled xe2x80x9cTelephone Fraud Detection Systemxe2x80x9d and owned by the Assignee of the present invention, is directed at preventing fraudulent calling through private PBX systems. The ""686 patent describes analyzing call detail records to and from a PBX in order to generate fraud alerts and, if appropriate, to block additional suspect calls through the PBX. Among other things, the ""686 patent describes analyzing calling patterns to a called number (terminating ANI), in particular, the 800 number of a PBX.
As noted, once a fraud alert is generated for a terminating ANI, the response may be to block or otherwise intercept subsequent calls to that number. The determination may be made immediately after an alert is generated, or may be made after further analysis, such as analysis of calling records to the terminating ANI by a fraud operator.
FIG. 1 depicts components of a basic known system used to block calls to a terminating ANI where it has been determined that fraudulent calls are being placed to the terminating ANI. The system shown in FIG. 1 is part of a larger ISN platform. Fraud control center 18 has processor(s) and software that monitor calls placed to terminating ANIs over time. Fraud control center 18 includes analysis software that generates alerts of possible fraud based on the calling patterns to terminating ANIs, which may consider factors such as the location and type of originating ANI, the location and type of terminating ANI, the billing product used for the call, the frequency of calls to the terminating ANI, etc.
When possible fraud directed at a terminating ANI is detected, the software at the fraud control center 18 generates an alert. The data may be sent to a fraud analyst, who, after analyzing the data, may determine that a caller (or callers) are trying to fraudulently access the terminating ANI and set a fraud flag in the system. Alternatively, the software may set a fraud flag without any further inquiry. As shown in FIG. 1, fraud control center 18 interfaces with screening database 14. Terminating ANIs that have been flagged for fraudulent activity are stored in screening database 14. The storing of the terminating ANI in the screening database 14 may be considered setting the fraud flag.
The storage of data in the database 14, as well as the retrieval, comparison and other manipulation of data related to the database 14 described further below, is performed by one or more processors (or computers) and software (not shown) related with the database. For convenience, this is sometimes referred to as being performed by the database 14. This is just a shorthand, however, for a system that is comprised of the database 14, at least one processor (or computer) and associated software.
Not all calls to a terminating ANI are necessarily blocked. The fraud alert software and/or the fraud analyst may determine that a block to a terminating ANI is appropriate for special services calls placed using a particular type of billing product or products. Thus, a category or categories of billing products (such as calling cards, credit cards and/or pre-paid calling cards) may be blocked to a terminating ANI. Also, particular types of categories of billing products may be blocked. For example, where the category of the billing product for a billing number is a credit card, the type of card blocked may be Master Card, American Express, and/or Visa, etc. Where the category of the billing product for a billing number is MCI calling cards, for example, the type may be MCI Card, Telecom USA Card, PSCC Card, VNET Vision, etc. Thus, for example, the alert software and/or the fraud analyst may determine that the fraudulent calls placed to a terminating ANI are being attempted using a series of Visa numbers, and the block to the terminating ANI may be set in the screening database 14 for calls placed using Visa credit cards.
The call screening database 14 would thus flag the terminating ANI and, if appropriate, also reference the category (or categories) and/or type (or types) of billing product that is blocked to the terminating ANI. Where a terminating ANI is an international number, it may be stored in a separate portion of the screening database 14, such as an international part of the database. Calls made to terminating ANIs that begin with xe2x80x9c011xe2x80x9d would thus be flagged in this part of the database.
The flagged terminating ANIs stored in the database are used to screen or block subsequent calls to the terminating ANI. FIG. 1 depicts components of an ISN 10 that support special services calls. As previously noted, calls that require special services generally require the caller to manually supply a portable billing number (such as a credit card, calling card, prepaid phone card, supplying a home phone number for a third party call, etc.), such as by pressing numbers on a payphone, swiping the magnetic strip on a card or speaking with an operator. Special services of an ISN are typically accessed by a toll free or special access number, such as MCI Worldcomm""s (800) 888-8000 access number. A special service call is received by the ISN 10 through a manual telephone operator console (MTOC) 22 or an automatic response unit (ARU) 26.
The MTOC 22 and ARU 26 are connected to the screening database 14 in the ISN via ethernet rail 30. In FIG. 1, screening database 14 is depicted as directly interfacing with fraud control center 18, because they are typically located in the same physical facility. However, the MTOC 22 and ARU 26 may access the screening database 14 as if it were connected directly to the ethernet rail 30.
Before a special service call is connected by the MTOC 22 or ARU 26, the screening database 14 is checked to determine whether the terminating ANI is flagged therein. If the terminating ANI is flagged in the screening database, then the call may be blocked or otherwise intercepted. Where the terminating ANI stored in the database is further referenced by a category and/or type of billing product, then a call placed using the category and/or type of billing product to the terminating ANI is blocked. For an international call (that is, a call to a terminating ANI that begins with xe2x80x9c011xe2x80x9d), the international part of the screening database 14 is checked.
A disadvantage of the called number screening databases of the prior art was that persons involved in fraudulent calling could defeat the block of a terminating ANI by simply adding one or more xe2x80x9cbogusxe2x80x9d dialing characters at the end of the dialed number. For example, for a blocked terminating ANI of xe2x80x9c800-555-1313xe2x80x9d, the hacker might dial xe2x80x9c800-555-1313-5555xe2x80x9d. When the terminating ANI xe2x80x9c800-555-1313-5555xe2x80x9d was checked in the screening database 14, it would not be found because of the additional characters xe2x80x9c5555xe2x80x9d. Thus, the system would allow the call to be connected. The switching hardware and software for connecting the call, however, would only process the first ten characters, thereby connecting the call to the terminating ANI xe2x80x9c800-555-1313xe2x80x9d. Thus, by simply adding bogus numbers at the end of the terminating ANI, the block of the terminating ANI could be defeated.
It is an objective of the present invention to provide a system and method of blocking fraudulent calls to a terminating ANI, where the dialed number has additional bogus characters.
Accordingly, one embodiment of the invention provides a system for preventing telecommunications fraud, the system comprising a database, at least one processor and related software, the at least one processor receives and stores numbers representing terminating ANIs in the database that have generated a fraud alert. The stored numbers include at least a portion of the terminating ANI and at least one variable length character, and are accessible to block subsequent calls directed at the respective terminating ANIs. The at least one processor receives a dialed terminating ANI representing a subsequently dialed call and checks the database to determine if the dialed terminating ANI matches a stored number. The at least one variable length character matches any corresponding character in the dialed terminating ANI. One variable length character may also match one or more subsequent characters in the dialed terminating ANI. A match between the dialed terminating ANI and a stored number initiates a block of the dialed call.
Another embodiment of the invention comprises a system for preventing telecommunications fraud, the system including a database, at least one processor and associated software, the at least one processor receives and stores terminating ANIs in the database that have generated a fraud alert. The at least one processor also receives a dialed terminating ANI representing a subsequently dialed call and determines if leading characters of the dialed terminating ANI match a stored terminating ANI, regardless of subsequent characters in the dialed terminating ANI. A match between the dialed terminating ANI and a stored terminating ANI initiates a block of the dialed call.
Yet another embodiment of the invention comprises a system for preventing telecommunications fraud, the system comprising a database, at least one processor and associated software, the at least one processor receives and stores at least a portion of the characters of terminating ANIs in the database that have generated a fraud alert. The at least one processor also receives a dialed terminating ANI representing a subsequently dialed call and checks the database to determine if the dialed terminating ANI matches a stored terminating ANI. The match is determined if leading characters of the dialed terminating ANI correspond to the characters of a terminating ANI stored in the database. A match between the dialed terminating ANI and a stored terminating ANI initiates a block of the dialed call.
Another embodiment of the invention is a method of preventing fraud comprising the steps of receiving and storing at least some of the leading characters of terminating ANIs that have generated a fraud alert, receiving a dialed terminating ANI representing a subsequently dialed call, determining if the leading characters of the dialed terminating ANI match the characters of a terminating ANI stored in the database and initiating a block of the call if a match is determined.
Another embodiment of the invention is a method of preventing fraud comprising the steps of receiving and storing at least some of the leading characters of terminating ANIs that generate a fraud alert and at least one variable length character, receiving a dialed terminating ANI representing a subsequently dialed call, determining if the characters of the dialed terminating ANI and the stored characters of a terminating ANI match, the at least one variable length character matching any one or more characters of the dialed terminating ANI, and initiating a block of the call if a match is determined.