Detecting and preventing toll fraud with the ‘Antifraud Cop’

Understand what toll fraud is and how Freshcaller has created a layered defence system to prevent it

Freshcaller is a modern phone system for sales and support teams that needs no hardware, no downloads — it’s a plug-n-play cloud PBX. To enable new users to try out our product, we provide $3 as free credits once you sign up, to purchase a phone number and try out various features of the product.

Sounds awesome, right?

Well, in an ideal world, yes, this would be awesome.  But free credits also result in fraudulent usage of a phone system, whether it is Freshcaller or any other phone solution. We have to prevent such frauds to ensure that the system is highly available for our business users.

The main fraudulent usage of any phone system is toll fraud. In this article, we discuss how the Freshcaller Antifraud Cop is built to fight this very malpractice.

What is toll fraud?

In 2015, the Communications Fraud Control Association (CFCA) published a study attributing losses above USD 38 billion to toll fraud. An update from Twilio attributes an annual loss of USD 10 billion to this particular kind of telecom fraud. But, what exactly is toll fraud?

Toll fraud, also known as International Revenue Sharing Fraud (IRSF), is any activity committed by a fraudulent user of a phone system to make high volumes of international calls on expensive routes. One of the most common methods employed by fraudsters is to make calls to premium rate numbers — numbers with charges higher than normal, and more importantly, part of the call charge for these numbers is paid to the service provider. So, fraudsters exploit the credits available to them in a phone system and generate revenue just by placing these premium calls.

With the advent of VoIP, virtual phone numbers and cloud phone systems, it has become increasingly easy to commit toll fraud so much so that it has grown 6x since 2013. If the revenue losses do not scare us, this scale at which it is growing should!

‎What are the different types of fraudulent usage?

In Freshcaller or any other phone system, fraudsters make money through payment fraud or accounts abuse.

1) Payment fraud

Fraudsters can use stolen credit cards to activate a Freshcaller account, and add a lot of phone credits using such cards. This will give them unlimited access to create call traffic for committing the toll fraud.

How Freshcaller fights payment fraud

The Antifraud Cop — Freshcaller’s defence system against toll fraud — has a two-pronged approach to fighting payment-related fraud.

i) Payment checks

To fight the menace of stolen credit cards, we use our payment provider Stripe to identify potential attempts of fraudulent credit card usage, and block such actions.

ii) Phone credit purchase checks

We have also introduced certain limitations within the product to avoid abuse. Freshcaller will not allow credit purchase more than 3 times a day, with a maximum limit for each purchase.  In trial accounts, maximum credit purchase is $25, so the maximum per day will be $25 x 3 = $75.

Similarly, for an active account, the maximum credit purchase will be $500, and so the maximum credit purchase per day will be $500 x 3 = $1500.  If a stolen credit card is detected during account activation or during credit purchase, Freshcaller will block the account and the account signup filters will prevent the fraudster from using the same domain for another account.

2) Accounts abuse

A fraudster can also create a lot of trial accounts and with the accrued free credits, they can create a large number of call traffic to the premium toll free numbers to perform toll fraud.

How Freshcaller prevents this with Account Filters

With email-only signup, anyone can sign up using an email from free email providers like gmail, ymail, 10minute mail, etc. We maintain a repository of free email providers and we don’t provide free credits for the accounts created using those email providers. This filters out accounts abuse by emails from free email providers.

Another method used by fraudsters is to purchase a domain and use support@domain to sign up.  We verify if there is an email box for the id, and block signups accordingly.

But wait, is that all? What about the ones with a legit email inbox trying to exploit premium numbers. Account signup filters will not help here.

This is where the Antifraud Cop comes in with another round of defence — detecting abnormal usage.

Abnormal call usage pattern detection

The Antifraud Cop monitors various accounts at scale, analyzes its call patterns to classify them as good and potential fraudulent usage and take action.  In the real world, there cannot be more than 1 or 2 calls to the same number, but in the fraudulent accounts, they try to route large call traffic to single premium number or a set of premium numbers.  Using such patterns, Freshcaller can identify fraudulent usages.

There are different indicators that point us to abnormal patterns associated with premium rate numbers:

  • High volumes of outgoing calls to the same numbers
  • Creating an external number call queue, and making calls from very low cost providers
  • Numerous external transfer calls to the same numbers
  • Setting the number as mobile number of different agents, putting the agents on mobile, and make a lot of calls from very low cost providers.

When the Antifraud Cop detects such patterns it can decide to block the account if the confidence is high or can choose to alert administrators of potential fraudulent accounts. Admins further verify fraud usage and block the account accordingly. Once the account is blocked, the fraudster cannot use any email from that domain to sign up again.

What does toll fraud mean for regular users?

In terms of security and privacy, fraud accounts have zero impact on regular users of a phone system. However, they eat up the resources that help a PBX to work optimally for all its users. So, when you are evaluating a phone system or if you are currently using one, find out what anti-fraud measures they have in place. If you are using Freshcaller, you have the Antifraud Cop working relentlessly to make sure you have the best user experience.

Decline in toll fraud

Decline in fraud accounts in Freshcaller over the last five quarters

Fighting fraud is always hard, and a long-term continuous process. Freshcaller is continuously evolving with more features getting added everyday. With each new feature, there is a possibility of a new exploit. We, at Freshcaller, continue to add more capabilities to our Antifraud Cop to fight fraud everyday more efficiently.

If you are a developer or business working in association with Twilio, you can join me at Signal 2019 — Twilio’s annual customer and developer conference — to know more about our efforts to prevent toll fraud.