SIMBOX fraud detection

What is SIMBOX:

A SIM box is device that maps the call from VoIP to a SIM card (in the SIM box) of the same mobile operator of the destination mobile,so that international call terminating as home call to subscriber country and usually cheap compared to the cost of terminating the international call.This is to just bypass international traffic.Commonly, SIM boxes are used to perpetrate bypass fraud, so we shall use this technique for illustration.

Normal call flow from Visitor country to home country Subscriber

In case of SIM BOX, call routing like

In this figure sim box is working as a ‘plug-in and work’ box that contains a mobile SIM card that is connected to a PBX or router. It can automatically reroute a call that would take place on a mobile network to a lower cost fixed or IP network.

Detection of fraud can be some what tricky because in some cases.

  1.  Some SIM boxes uses IMEI management.. which changes their IMEI constantly making it difficult to detect.
  2.  MSISDN’s are also changes regularly.

In general, the fraud can be analyzed with constantly looking various calling parameters. Further these parameters can classified into Indicators. These indicators can be used to analyze frequent usage of MSISDN and IMSI for RA perspective  .

The Indicators are based on;

  1. High volume of calls from the same MSISDN’s and IMEI’s.
  2. High volume of calls from the same cell id (this boxes are located in an office).
  3. Last recourse would be to call terminating customers and try to find out about the quality of the calls.

For shake we divide indicators.

  1. Indicator 0 – Flags high incoming calls from other carriers for potential simbox terminating to Aparty.
  2. Indicator 1 – Flags high outgoing calls for potential simbox operators and other form of fraud/abuse in usage
  3. Indicator 2 – Flags high SMS for potential abuse in usage or virus mobile phones
  4. Indicator 3 – Use to detect high usage subscribers for potential fraud/abuse in usage
  5. Indicator 4&5 – related IMEI/IMSI stuffing