Roaming fraud is causing losses in the millions for the operators of mobile networks, and also for the providers.
In the case of roaming fraud, subscriber identity modules, so-called SIM cards (SIM: Subscriber Identity Module) are being acquired under fake identities or through blackmail. These SIM cards are then used abroad, that is in foreign mobile networks (roaming networks: FPLMN), to set up permanent connections to international destinations (in maximum tariff zones), such as, e.g. the South Sea Islands. As a rule, these are permanent connections (at times also multiple connections via multi-party), that are established during times outside of regular working hours (e.g. on weekends). Particularly on weekends, delays occur in the home network (HPLMN) in recognizing these activities early-on and initiating counter-measures. So-called “high usage reports” that reveal a massive use of roaming connections can sometimes be transmitted from the roaming network to the home network only a few days later. Just three SIM cards, for example, can result in a loss of several thousand Euro to a network operator on a single weekend through the above-mentioned connection scenarios.
T-Mobile Germany has a misuse detection system (Missbrauchserkennungssystem, MEGS) that comprises various filters for early detection of roaming fraud. This involves the use, for example, of typical filter criteria, such as:                SIM card is used for the first time and registers abroad        the card is a postpaid card        typical roaming partners are used (network scoring)        the customer is not a business customer        other filter criteria        
The MEGS is depicted schematically, at the top left, in FIG. 1. If the above criteria are found to be met in a SIM card an alert ticket is issued. Unfortunately, the success rate with this detection method is currently only a few percent, i.e. of 100 alert tickets only a few actually denote cases of roaming fraud. Since the MEGS filter criteria in most cases apply not only to fraudsters but also to many “normal” customers, a significant flood of alerts (>100/day) can occur with the MEGS. In order to protect the “normal” customers, sanctions can be applied only in those few cases where the suspicions are confirmed. The massive losses that are caused by roaming fraud, therefore, essentially continue.
US 2005 0084083 A1 discloses a method for fraud detection in a communications network, wherein call connections are checked by means of a misuse detection system based on fixed rules for potential misuse. One possible criteria in this context is the duration of the call connections, which are not allowed to exceed a certain threshold value. For connections in the fixed network this is relatively easy to implement. No mention is made of a solution for mobile radio connections, in particular roaming connections.