This invention relates generally to detecting fraudulent use of a resource such as a telecommunications network and particularly to methods and systems for detecting and analyzing fraudulent use of a telecommunications network in real-time.
Modern telecommunications networks consist of a number of interconnected switches which may be provided by a common operating company. Individuals may gain unauthorized access to the network to use the network resources without paying services charges to the operator. Such unauthorized use often results in the wrong party being charged for the use because the fraudulent user is unknown. When the wrong party is charged for the unauthorized use, the telecommunication network""s operator will be unable to collect the charges. Such unauthorized use may account for a significant portion of a network operating expenses and impose a financial burden on the operating company.
Fraudulent use of a telecommunications network also consumes valuable network resources which may degrade the quality of service provided to legitimate customers. The misuse of network resources denies legitimate customers access to the network.
An effective way of preventing fraudulent use of a network is to detect the misuse as it occurs. If the misuse is detected as it is occurring, may then be prevented before or as it occurs. The ability to detect fraudulent use in real-time can thus significantly reduce the financial burden imposed on a network operator. Accordingly, a network which accurately detects fraudulent use of a telecommunications network, in real-time, is needed.
Prior systems have attempted real-time fraud detection. One example of such a system is disclosed in U.S. Pat. No. 5,495,521 to Rangachar, which describes a method and means for preventing fraudulent use of a telephone network. The system described therein utilizes the switching equipment located within a network""s central offices to collect data and create a call detail record. The call detail record information is automatically generated by the switching equipment to provide data that is analyzed to detect fraudulent network use.
One problem with this data collection technique is that the switching equipment""s primary function is to switch traffic within the system. The creation of call detail records, however, is a secondary function of the switching system. Accordingly, the switching equipment is not a efficient mechanism for generating call detail records. Also, the switching equipment is equipped with hardware and extensive software which facilitate the switching of calls. The software may include upgrades and patches which can interfere with the switching and cause the switch to malfunction. This combination of shortcomings results in a data collection method where a call detail record may not be created for all calls. Accordingly, some fraudulent calls may go undetected.
Another problem with prior data collection methods is that the call records are dependent upon the individual switches. Typically, the call record format is determined by the particular switch handling the call. A network may contain a number of different types of switches. Each switch is programmed to create a call detail record which includes predetermined parameters. Thus, the modification of call detail records generated at the switch level requires the modification of all switches within the telecommunications network that is being monitored for fraud.