Telephonic communications – With usage measurement – Call charge metering or monitoring
Reexamination Certificate
2000-05-22
2003-05-27
Barnie, Rexford (Department: 2743)
Telephonic communications
With usage measurement
Call charge metering or monitoring
C379S127020, C379S145000, C379S188000
Reexamination Certificate
active
06570968
ABSTRACT:
BACKGROUND
1. Technological Field
The present application relates generally to fraud control in telecommunications systems and, in particular, to suppressing the generation of alerts associated with fraud control thresholds in a long distance telecommunications network.
2. Description of the Related Art
Phone fraud is an ever-increasing problem in this country. This is a greater problem for long distance carriers (also known as Inter-Exchange Carriers IXCs) rather than Local Exchange Carriers (LECs), because the costs for fraudulent long distance calls are greater than fraudulent local calls. Since most fraudulent methods target the customers of long distance carriers, the long distance carriers often assume the majority of the liability for these calls in order to maintain good relations with customers and potential customers. In order to cope with these costs, IXCs have developed various techniques of fraud control.
The techniques of fraud control have been shaped by the fraudulent methods they are designed to defeat. Simply put, the most common technique of fraud control is to detect the symptoms of fraudulent behavior. This cannot be accomplished on a per call basis, but rather on the statistical basis of network traffic flow.
For example, as shown in
FIG. 1
, one type of fraud is customer premise equipment (CPE) fraud, where a hacker
101
obtains access to a Private Branch Exchange (PBX)
110
and uses it to make outgoing calls. The hacker
101
calls PBX
110
, and is thereby connected through LEC
105
, IXC network
150
, and LEC
109
, to the privately-owned PBX
110
. Once the hacker has electronically broken into the PBX
110
, he can make outgoing calls, from PBX
110
and through IXC network
150
, to any long distance destination. These fraudulent calls are often to international destinations, such as telephone
158
. However, there are certain characteristics of this type of fraud. First, the hacker
101
usually needs to make repeated short calls to the PBX
110
in order to access the outside trunk line. Second, the fraudulent calls that the hacker
101
makes on the PBX
110
are often to international destinations. Third, once the hacker
101
has access to an outside trunk line on a PBX
110
, the hacker
101
usually keeps the line busy for extended periods of time. Fourth, these fraudulent calls are often made during non-business hours, when it is unlikely a business PBX would be unduly busy.
As another example, the hacker
101
may illegally obtain a calling card. In this case, when the hacker
101
makes a call, it is routed through the Intelligent Services Network (ISN) platform
130
for validation, authorization, and connection. If the calling card has not been reported stolen or missing, the call would be processed through the ISN platform
130
and released to the IXC network
150
. As with most fraudulent calls, it is likely that the call will terminate at a foreign destination, such as telephone
158
. However, once again there are certain characteristics to this type of fraud. First, stolen calling cards are often distributed or resold to a group of people, resulting in a dramatic increase in traffic in a short amount of time on that calling card account. Second, this type of fraud may be perpetrated from certain dialing areas more than other dialing areas. In addition, as with the CPE example, the calls are often to international destinations, and last for extended periods of time.
Although the above examples are not an attempt to create an exhaustive list of the characteristics of fraudulent calling schemes, they do illustrate what an IXC must look for in order to detect fraud. Based on the above characteristics, an IXC can monitor calling patterns for particular behaviors. Below, an exemplary and simplified fraud control system is described. The described system is based upon U.S. Pat. Nos. 5,566,234, 5,596,632, and 5,805,686, which all have the same assignee as the present invention and which all are hereby incorporated by reference.
When reviewing the characteristics of fraudulent behavior described above, it is clear that a fraud control system must closely scrutinize the following calling patterns:
Inbound 800 number calls;
Outbound international calls;
Numerous short duration calls which may indicate that hackers are attempting entry;
Excessively long calls which may indicate that hackers are using inbound trunks to make outbound calls;
An unusual number of calls to foreign countries; and
An unusual number of calls during non-business hours (for accounts associated with businesses).
Furthermore, fraud may be suspected when calls originate from prisons, pay phones, hotels, hospitals, etc. Some originating regions, such as Manhattan, may become suspicious over time, if more fraudulent calls are made from that region than others. The records about such origin points may be scrutinized more carefully. For calls to specific “800” numbers or from certain Automatic Number Identifications (ANIs), the following data may be collected:
Total number of short duration calls;
Total number of long-duration calls;
Total number of calls of any type; and
Total number of cumulative minutes from any type of call.
For this type of statistical data, thresholds are established. A threshold is a number which, when exceeded, generates an alarm (or alert) indicating possible fraud. For example, the total number of short duration calls might have a threshold of 100 within a given period of time. If, within that period of time, a 101
st
call is made, a threshold alert would be generated. Thresholds may be specified for different times, different days of the week, different billing categories—in fact, almost any permutation of characteristics can be used to specify a threshold.
Thresholds may also be weighted in order to indicate an increased risk associated with certain calls. When a threshold is weighted, the statistic for that call is multiplied by the assigned risk factor (any number between 1.0 and 100.0). For example, if an outbound call to Cuba is assigned a risk of 2.0, then such a call is counted twice. In this way, the threshold is exceeded more quickly. Risk factors may be assigned to calls to or from specific exchanges, specific countries, specific calling card accounts, etc. As with thresholds themselves, risk factors can be applied to any measurement of traffic characteristics.
There are various records that are used in telecommunications system management and fraud control. A “billing number”—a billing product and an account number, such as a calling card, pre-paid phone card, etc.—is used to identify a particular account. Within the network itself, detailed information in the form of a Call Detail Record (CDR) is associated with each call made. Certain components within the long distance switched network used by the IXC create and maintain the CDRs, thus allowing billing information to be tracked.
An exemplary and simplified fraud control system is shown in FIG.
2
. The network
200
generates CDRs that are collected, along with billing data
210
, by a billing software program
220
. The billing software program
220
selects relevant CDRs to be sent to the fraud control system
250
. What is considered a relevant CDR is determined by previously gathered statistics. For instance, relevant CDRs may be the CDRs associated with all non-residential inbound “800” number calls and outbound international calls. This prevents the fraud control system
250
from being overwhelmed with data. Inside the fraud control system
250
, the CDR and billing data output of the billing software program
220
enters a fraud data server (FDS)
252
. The FDS
252
includes a buffer for holding call records and provides call records to a Threshold Manager (TM)
254
. The TM
254
processes call records by reviewing their fields and comparing their fields with the established thresholds. The TM
254
generates alarms when thresholds are exceeded, and transmits these alarms to the FDS
252
. The FDS
252
subsequently produces alarm summaries and forwards them to the fra
Jackman Erin C.
Marchand Dean C.
Barnie Rexford
WorldCom, Inc.
LandOfFree
Alert suppression in a telecommunications fraud control system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Alert suppression in a telecommunications fraud control system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Alert suppression in a telecommunications fraud control system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3002262