The “Black Swan Theory” was developed by Nassim Nicholas Taleb. According to Taleb, a Black Swan event can be described according to the following:

  1. The disproportionate role of high-impact, hard to predict, and rare events that are beyond the realm of normal expectations in history, science, finance and technology
  2. The non-computability of the probability of the consequential rare events using scientific methods (owing to the very nature of small probabilities)
  3. The psychological biases that make people individually and collectively blind to uncertainty and unaware of the massive role of the rare event in historical affairs

According to the above, Telephony Fraud can be described as combination between cases 2 and 3 of the theory. Primarily due to the following:

  1. We can’t predict or calculate when our PBX system will be hit by a fraud attack
  2. When we are attacked – usually the ramifications are profound, specifically we maintain a high volume system
  3. When it comes to handling it – we usually put our heads into the sand, negating the problem as the carriers problem

The issue is this: when fraud happens, the person left holding the bill is usually the consumer. Be it PBX fraud or mobile fraud, the end consumer will need to pay the bill at the end.

So, what does this mean for us at Humbug Labs? a whole lot! At this point I’d like to introduce you to USSSA, our analytical fraud analysis engine. USSSA stands for: User Specific Statistical Significant Anomaly – or putting it into simple terms: Telephony Black Swan Detector.

USSSA is a completely new approach to performing fraud analysis and is the base of the Humbug Engine. USSSA takes into considerations user submitted profile information (our USSSA rule base) and the gathering of information about the specific PBX/Switch system at a discrete level. Over the past 15 months, we’ve realized that telecom traffic can be profiled, analyzed, patterned and even be predicted at a given accuracy. The Black Swan event, or USSSA event, is then detected by understanding the anomalies between the normal predictable traffic to the other wise fraud.

Let us examine a use case, where USSSA will be able to detect a possible Black Swan, while traditional fraud analysis tools will fail:

We’ve recently received a inquiry from a potential user, indicating that he believes that his PBX system has been hacked and is currently being utilized to send fraudulent telephony traffic. According to the user, over the past 6 months, he’s been seeing a constant increase in his monthly payments, ranging anything from 5% to 7% on a monthly basis. When asked, the customer indicated that he’s operating a small call center, mainly working with insurance companies. Their business model is very simple, they have lists of leads provided by the insurance company, they call these leads, who ever is interested gets transferred to the insurance company. We’ve asked the user to provide us with CSV/Excel files of the traffic over the past 9 moths, so that we track the anomaly. This is a good test for USSSA, as it will indicate if there really is a problem and if so, where it may be generated. After uploading the data into the system, and letting USSSA crunch down the numbers for about 30 minutes (dissecting 9 months worth of traffic is fairly intensive), USSSA indicated a low-level warning that at a certain date a shift in the ACD value had happened. It also showed additional dates where the ACD jumped again – this was very interesting to us. USSSA was able to pick up on something, but required our assistance to indicate what the problem really was.

When digging deeper into the information, we then realized that the increase was an immediate result of 3 numbers in the first month, 4 other numbers in the next month and so on. Further investigation showed that the insurance companies had either changed their IVR flow slightly, causing an increased IVR length, while other companies had changed providers, no suffering from improper call release functions – so, we don’t have a fraud issue here, but we do have a business issue.

Is this fraud? not directly, should be investigated – most definitely. Any event where your telephone bill increases at a steady rate, without a proper known reason, is a cause for suspicion. USSSA can make the investigation of it fairly simplistic and save valuable investigation time.

Enhanced by Zemanta