In recent years, the advent of a multitude of advanced techniques and tools for telecommunication has unfortunately also entailed the substantial risk of being subject to fraud when communicating over public telecommunication networks such as the Internet. Illicit parties conceive ever more sophisticated methods of stealing money from Internet users, e.g., by unallowably obtaining credit card information or login credentials for online banking operations. Other common methods of fraud attacks in such networks exploit various charging mechanisms in the networks, e.g., relating to so-called premium services, typically when the Internet is accessed over a telecommunication network.
One example of fraud is to incite a call or SMS (Short Message Service) message from a terminal user to a premium service, which triggers automatic transaction of a small sum from the user's subscription account to an account of the fraudster, without the user even noticing. Another example is to offer media or software for downloading which contains a hidden computer program which, when installed in a user terminal, operates to somehow transfer money from the user's account to the fraudster's account, e.g. by automatically sending SMS messages causing minor money transactions as described above. Such malicious computer programs are referred to as “malware” and can thus be installed in a user terminal without the user noticing. Hence, a fraudster inside or outside the network may, by means of malware or otherwise, manipulate the user's terminal and/or the operator's charging mechanism to steal money from the user.
As a result, various defense mechanisms have been developed attempting to discover network-based fraud attacks against user terminals in the network. Today, different firewalls, spam filters and malware protection mechanisms are typically used in network nodes and terminals. There are also some more sophisticated mechanisms in the networks for fraud detection which are based on the recognition of previously known fraud attacks, e.g. by recognising signatures, messages, signalling patterns, communication with web sites and servers known to be associated with criminal activities, and so forth. Moreover, network operators use fraud detection tools that can recognise abnormal charging patterns possibly associated with fraudulent activities.
FIG. 1 illustrates how a telecommunication network, e.g. a mobile network, can employ different security systems for detecting attacks potentially related to fraud, according to current solutions. A network security function 100 receives information on traffic in the network which is analysed, e.g. using so-called “Deep Packet Inspection”, with respect to potential attacks such as malware, spam, communication with notorious web sites, etc. The network security function 100 may also receive information on activities in terminals in the network. To obtain the above information, the network security function 100 may utilise sensors or the like placed in network nodes and/or in the user terminals.
Alternatively or additionally, a fraud detection function 102 analyses information on the network operator's charging of subscribers and users in the network, based on charging information obtained from a charging system 104 of the network, in order to detect any abnormalities in charging patterns for one or more users that might indicate fraud. For example, the fraud detection function 102 may react when a great number of money transactions to a certain account suddenly occur, or when money is transferred to an account that can be traced to a notorious or suspect party. As indicated in the figure, an alarm or the like may be generated from the security functions 100, 102 if a network attack or fraud activity, respectively, is detected. However, fraudsters are constantly getting more skilled in making network attacks and fraud that go unnoticed by the security systems above.
Apart from the obvious nuisance to the users when subject to fraud attacks, the network operators also find it troublesome that their subscribers in the network are defrauded of money, particularly when the operator's charging mechanisms are exploited by the fraudsters. This may result in monetary losses also for the operator, as well as customer complaints and general distrust in the operator for not being capable of suppressing the fraudulent activities in their networks.