What is SIMBOX?

A SIM box is device that maps the call from VoIP to a SIM card (in the SIM box) of the same
mobile operator of the destination mobile. So that international call terminating as home call
to subscriber country and usually cheap compared to the cost of terminating the international
call. This is to just bypass international traffic. Commonly, SIM boxes are used to perpetrate
bypass fraud, so we shall use this technique for illustration.

Normal call flow from Visitor country to home country Subscriber

In case of SIM BOX, call routing like

In this figure sim box is working as a ‘plug-in and work’ box that contains a mobile SIM card
that is connected to a PBX or router. It can automatically reroute a call that would take place
on a mobile network to a lower cost fixed or IP network. Thus interconnect carrier bypass
happens and call terminates through the local SIMS.
SIM BOX causes congestion through network and effected network performance in terms of
poor quality of calls, call waiting through network, and call drops.

Detection of fraud can be somewhat tricky because in some cases.

• SIM boxes use IMEI management. This changes their IMEI constantly making it difficult to
detect.
• MSISDNS are also changes regularly.

Detection of such fraud can be analyzed by doing some forensics on CDR’S on the basis of

• High volume of calls from the same MSISDN’s and IMEI’s.

• High volume of calls from the same cell id (this boxes are located in an office).
• Last recourse would be to call terminating customers and try to find out about the quality of
the calls.
• Calling pattern of subscriber

In general we detect the fraud with constantly looking various calling parameters. We further
classified these parameters into Indicators. By looking indicators we can analyze frequent
usage MSISDN and IMSI for RA perspective

We can deeply investigate the CDR’S by making some indicators reports, like:

• Indicator 0 – flags high incoming calls from other carriers for potential simbox terminating
to Aparty.
• Indicator 1 – flags high outgoing calls for potential simbox operators and other form of
fraud/abuse in usage
• Indicator 2 – flags high sms for potential abuse in usage or virus mobile phones
• Indicator 3 – use to detect high usage subscribers for potential fraud/abuse in usage
• Indicator 4&5 – related IMEI/IMSI stuffing

There are various fraud management systems (FMS) to detect such frauds and raise alarms.

Concepts » FRAUD MANAGEMENT SYSTEM (FMS)

Posted by admin on January 12, 2011 0 Comments Category : Telecom Concepts

Fraud management is the process of identifying, stopping and or preventing situations where
customers, employees or professional thieves set out to make use of telecommunications
services with the intention of avoiding full or partial payment.

Fraud is a major concern for all telecom operators /provides as it directly linked with revenue
fall.

There are various telecom frauds namely:

• Subscription fraud: Fraud because of false identity.

• Internal fraud: Insiders (employees and associates) who know the systems and practices
within the organization defraud the network for personal gain or for helping others. This can
be in pre-paid or post-paid and can be difficult to detect.

• SIMBOX fraud: Bypassing Carrier to terminate calls locally.

• PRS fraud: This is a fraud related to the Premium Rate Services provider. The PRS
provider obtains a fraudulent connection (say through subscription fraud) and uses that
connection to call his PRS number

Top five telecom frauds:

• Bypass Fraud.
• Mcommerce Fraud.
• Internal Fraud.
• Cloning and Stuffing.
• Dealer Fraud.

Detection of fraud need to understand architecture of all above scenarios. Rules have been set
to monitor subscriber activities, network activities, subscriber call pattern, monitoring
roaming subscribes, Understand VOIP intercept/detection techniques, coordination with
DCH, Interconnect CDR Forensics, Content Fraud Domain Analysis, Partner and Bypass
Fraud Domain Analysis.

Some of rules can be set up on CDR to analyze the fraud activities on the basis of

• Call Time, Call Diversion, Call Transfer

• Calling number and called number
• Calling pattern of subscriber.
• PRS numbers calls
• High usage calls
• Overlapping Calls
• Short Calls
• Long Calls
• Call Duration patterns
• High frequency calls
• Network Features
• Called Destination patterns
• Call mix
• Suspicious Numbers

Roaming allows mobile subscriber to visit foreign network and continue to allow send and
receive calls as they were within home network. Depending upon network services they
subscribe they can use them as well e.g. Voicemail.

A subscriber can only roam in foreign network if their home operator has roaming agreement
with foreign network. In such case foreign operator called roaming partner for home operator.
The foreign network send the call detail of visiting subscriber to their home network and
invoice them for terminating the call, then home network subsequently charges to subscriber
for providing this facility.
When a foreign subscriber roam in home network the home network send call details of
foreign subscriber to their respective foreign network and billed them.

Roaming agreement: Roaming agreement starts with request via mail from operator who is
willing to have tie up. After approval from other operator test SIM were shared across the
both the operators and
all test scenarios were tested and consolidated test scenario sheet (with IR 24 doc) were
shared across operators.
All these CDRs then put into test TD file send these file to DCH (Data Clearing House) to
share them with other operator, then operator cross checks the test scenario and issues TCC
(test completion certificates) and after all these Roaming Agreement between operator is
signed / made.

Roaming agreement between different networks are governed by number of different standard
e.g.: TAP, CIBER, and BARG

Roaming agreements are either unilateral or bilateral.

CALL SCENARIO IN ROAMING

CASE: 1 :-> When Home subscriber in foreign network: Make a MOC call

In this case home network subscriber visited foreign network and originate a call.Foregin
network route the call to their respective home network and finally home network terminate
the call to destination partner.

AT HOME NETWORK:

1: Create/Maintain roaming agreement with foreign network

2: Collect and validate CDR send by foreign network of MOC call detail originating within
their network and finally home subscriber rate the customer CDR and billed.
3: Return any dispute record within the agreement.
4: Making payment of invoice /settlement of invoices billed by foreign network.

AT FOREIGN NETWORK:

1: Rating of call and event records for subscriber of home network who visited into foreign
network.
2: Providing CDR of subscriber to home network, Invoice them as per roaming agreement and
settlement of invoices /disputes.

Case2: When home network subscriber in foreign network and receive incoming calls.

AT Home network MOC call generates first and check for called party profile on HLR. If
called party is in foreign network then its VLR profile updated accordingly. The call then
routed to foreign network. A roaming call forwarding call (RCF) is generated at Home MSC.

Roaming call forwarding call (RCF):RCF is service by which the network forwards calls
made to a subscriber who is roaming outside his HPMN.While the calling party pays for the
part of the call in the subscriber’s HPMN, the subscriber in roaming has to pay for the
roaming leg, i.e. the part outside his HPMN. It creates a MTC record from the base part,
which must be alone. The difference in between a MTC record from a MTC base part is the
charge origin indicator being ‘R’ instead of ‘H’ or ‘F’.
RCF record comes in MSC CDR and finally we rate RCF CDR as well and billed
accordingly.

Roaming Testing Types:

A: IREG (International Roaming Expert Group)

B: TADIG (Transferred Account Data Interchange Group)

MONITORING OF ROAMING CALLS (ROLE OF DCH in GSM)

Data Clearing House (DCH) is a third party solution based on the GSMA specifications and
guidelines. Various operator exchange billing information of the roaming calls as per
agreement between them.
DCH provide various services to operators like TAP file conversion, TAP file validation, Inter
operator tariff validation, Visitor customer activities, Fraud, Roaming agreement management
between roaming partners, Invoicing to operators.

Near Real-Time Roaming Data Exchange (NRTRDE)

Near Real Time Roaming Data Exchange (NRTRDE) is CDR interchange workflow
developed by GSMA to monitor customers’ activities in the VPMN (Visited Public Mobile
Network) networks, and enables the HPMN (Home Public Mobile Network) to detect
unauthorized network usage and other fraud issues near real time.
Operator generates NRTRDE files and sends to DCH for monitoring subscriber’s activities in
visitor’s network.