Frequently asked questions about IRSF Fraud
What is IRSF Fraud?
IRSF stands for International Revenue Share Fraud, which involves fraudsters exploiting premium rate numbers to generate illicit revenue while causing financial losses to legitimate businesses. IRSF is also frequently referred to as Toll Fraud. You can read more about IRSF and Wangiri fraud here.
Is there a formal definition of IRSF Fraud?
Yes indeed. The GSMA provides a comprehensive definition for IRSF fraud: “International Revenue Share Fraud is a form of fraud whereby the perpetrator artificially inflates traffic by generating calls to certain portions of international number ranges with no intention to pay for the calls (or paying where there exists some form of arbitrage opportunity), or by stimulating calls by others to the number ranges. The fraudster receives a share of the revenue from termination charges obtained by the number range holder for inbound traffic to the number ranges.”
Is IRSF still a major threat to businesses?
According to the CFCA Global Fraud Loss surveys, IRSF has been the top fraud threat for operators across the world for ten straight years. Strong risk controls can prevent a lot of fraud from happening. However, detecting and preventing IRSF fraud requires a different kind of approach as numbers as IRSF often involves multiple parties such a fraudulent telecom operator, number range owner, and several fraudsters driving traffic to regular or unallocated numbers in collaboration with a premium rate service provider. It requires the ability to predict when an IRSF attack is imminent even when no threshold rule is exceeded for seemingly legitimate international numbers.
How is IRSF Fraud pulled off?
Fraudsters employ several tactics to inflate traffic which is at the heart of an IRSF attack. Obtaining SIM cards through illegal means, hijacking SIM cards from unsuspecting customers, utilizing SIM cards from stolen phones, acquiring SIMs via Subscription Fraud, hacking into PBX systems, hijacking number ranges, short stopping legitimate calls, and deploying malware to facilitate automated calls to premium rate numbers, to name just a few of the tricks. Once they have the devices in their possession, these fraudsters often target International Revenue Share (IRS) destinations with high payouts. This is typically done in collaboration with IPRN providers and content providers, aiming for lucrative payouts by generating substantial call traffic in short periods of time.
Despite the FMS controls, why is IRSF and Wangiri still difficult to deal with?
Having worked with a number of operators, big and small, it appears that no one is immune to IRSF and Wangiri attacks. This fact is also supported by the IRSF destinations, which span over 220 countries. That is virtually every nation on this planet. Rules based systems cannot cope with this behaviour. Even if one number is blocked there are thousands of numbers and destinations to choose from by the fraudsters. The cross-border nature of IRSF also makes it difficult for law enforcement agencies to track down the perpetrators. For instance, the head spinning IRSF cycle from SIMs being acquired by Mr. X, a national of country A, shipping SIMs to Mr. Y, a national of Country B, living in Country C and making calls to Country D with the calls re-routed to an IRS or PRS number based in country E, owned by a company with registration in Country F and money channelled through multiple bank accounts makes it an impossible task for the law enforcement team. This is why there is a need for preventing IRSF in the first place to safeguard your business and prevent your operating team inundated with arbitration.
Why can’t businesses just block IRSF numbers?
Unlike Premium Rate Fraud, IRSF is a lot more difficult to detect as the numbers in IRSF are generally not part of the official national numbering plans so the originating operator cannot easily identify the called numbers as premium rate services and hence difficult to add them to monitoring hotlists. This is why a different approach is needed to solve IRSF fraud. If you would like to learn the difference between PRS and IRSF, please read more here.
Many operators are still blocking calls to certain high-risk destinations. However, in our experience, we see that many unallocated number ranges (which are allocated subsequently to genuine customers) are also used frequently in international revenue share fraud. This type of blocking can cause widespread service disruption and lead to a significant increase in customer complaints. Besides, with the daily addition of new numbers and number ranges, it is impossible to block numbers with a broad brushstroke.
How does Rombus help prevent IRSF Fraud in voice calls?
Rombus collates high risk test numbers from global IPRN providers and offers an easy-to-use number intelligence database with an alerting engine. Used as a called number hotlist in your fraud management system or the in-built Rombus alarms module, businesses can detect and mitigate potential fraud attempts before great damage is done.
How does Rombus help prevent 2FA signup SMS fraud?
If you are a large e-commerce company or offering 2FA services (2 Factor Authentication whereby customers are authenticated using an SMS or voice passcode), then it is critical to protect your business from premium rate fraud. At the point of 2FA signup, fraudsters usually provide premium rate numbers instead of genuine numbers thereby adding to your operating cost – your SMS and calls will end up at a premium rate destination costing you more than the usual SMS or voice transaction – without the signup being completed. As you will have to pay for these services to the underlying telecom operator, it is best to do a check to see if the numbers provided for 2FA signups are legit before triggering the codes via SMS or Voice.
How can I access the Rombus dataset?
You can access Rombus data through our secure web portal, which requires no coding or integration. Alternatively, you can automate downloads to your systems using our REST APIs, ensuring seamless integration with your existing infrastructure. The database is a simple CSV file that you can load or integrate into any system of your choice.
How do I integrate the Rombus dataset into my internal systems?
The easiest way to integrate the Rombus dataset into your system is to download the dataset from the Rombus portal (downloaded as a CSV – Comma Separated – File. Upload the file to your FMS table that hotlists called numbers (B-Nos). Trigger an alert in your FMS every time the test numbers are called and add a rule to monitor subsequent calls to the destination or number range. Another way to integrate is to use our APIs to download the numbers directly into your FMS without the need for any manual interventions. Either way, we are here to help you achieve the desired goal.
How frequently is the Rombus data updated?
Rombus data is updated in near real-time, 24/7/365. However, clients have the flexibility to download data daily (new updates), or the full data (available for a quarter). We will add more flexibility to the downloads in our future releases.
What information does the Rombus dataset include?
Rombus provides a wealth of data, including the test number, destination, dates of discovery and updates, voice or sms types, and payout details. This comprehensive information helps assess the level of risk associated with each number.
What is unique about the Rombus database?
Rombus uses cutting edge AI technologies to uncover risky numbers used by fraudsters. This unique feature ensures a more comprehensive understanding of the IRSF landscape and how it can be tackled through number intelligence. Besides, there is a great deal of number standardization and verifications done before it’s made available for you so you can simply upload it to your system and start using it straight away.
What happens when I start using the Rombus database?
Usually, you will download the entire database and upload it to your Fraud Management System or any Called Number monitoring system to monitor calls that match the Rombus numbers. A match usually indicates that a potential fraudster is testing the services to see if the desired outcome is achieved through your network or device. This could just be a confirmation for the fraudster that the call is reaching the intended destination or that the call is diverted to the desired IRPN destination rather than the original called destination and so forth. Once a test call to Rombus is detected, you should start monitoring calls to the same number range or destination or calls from the affected device to ensure no great damage is done to your business.
Does Rombus offer any alerting capabilities?
Yes, Rombus comes with an alerting feature that enhances protection. This is mostly suitable for small service providers who do not want to invest in large FMS systems but require basic alerting and dashboard functions. By running your CDR (Call Detail Record) data through the Rombus engine, you can identify potential attacks. You have the option to deploy this feature on-premises or on your own cloud infrastructure for total data control. The Rombus portal can be used for analysing the alerts and taking necessary actions in your systems.
Are historical numbers available for analysis and research?
Yes! Rombus will archive numbers to facilitate future searches and analytics, providing valuable insights for researchers and law enforcement agencies. As we are just getting started with Rombus, a future announcement will be made on the archived data and how it can be used for research and law enforcement purposes.
Can Rombus integrate with existing systems?
Absolutely! Rombus is designed for seamless integration with existing fraud management systems and telecom networks. Whether you require an enterprise-wide solution or a standalone deployment, Rombus can easily be implemented and tailored to meet your specific requirements.
How is Rombus priced?
Our goal is to support ‘all’ operators and businesses and their customers who are at risk of being scammed by IRSF and Wangiri fraud. Therefore, we have set affordable and fair prices that we believe can benefit the entire telecom fraternity. Please get in touch with us so we can share the pricing models and a no obligation quote for your consideration.
How can I get started with Rombus?
Getting started with Rombus is easy! Contact our dedicated team to discuss your specific IRSF and Wangiri fraud prevention needs. Once we have a quick conversation, we will share a proposal that can be electronically signed. Once the payment (for retail licenses) or PO (for Group or OEM licenses) is released, you will have immediate access to the Rombus database.