PRISM IRSF TEST NUMBER DATABASE - The most effective IRSF detection tool available.
The PRISM International Revenue Share Test Number Database was initially made available in August 2013 to a number of CSP's on payment of a modest annual subscription.
From analysis of call records associated with IRSF incidents, it became apparent that preceding most attacks, test calls were being made to confirm that a country and number range could be reached from the device a fraudster was using, and the country he was calling from. These test numbers were generally taken from a schedule of test numbers available from an IPRN Resellers website or rate card. Once the calling availability is confirmed, the fraudster will then apply to the IPRN Reseller for one or more numbers to use for his IRSF activity. There would typically be a delay of between 30 minutes to 24 hours from the test numbers being called at the IRSF ‘call pumping’ activity starting.
Recognising the value of these test numbers as an early warning of an IRSF attack, Yates Fraud Consulting Limited initiated a project to analyse IRSF call records to test the value of using test numbers as an indicator of a new, or pending IRSF attack. YFCL then worked with FRSLAB (www.frslabs.com) and developed PRISM as a database of all known IPR Test Numbers that were available from IPRN Resellers. This database was initially made available to CSP's in mid-August 2013, and at that time contained 17,000 test numbers which had been obtained from 60 IPRN Resellers. Those CSP's using PRISM very quickly realised its value and PRISM has now become a critical component of their anti-fraud strategy.
Since August 2013, PRISM has continued to be improved by YFCL and FRSLABS and as at February 2017, it now contains over 412,000 IPR test numbers from 221 countries, sourced from monitoring over 160 IPRN Providers, along with other sources of information. These numbers are constantly being changed by some IPRN Providers, so YFCL and FRSLABS are updating the PRISM numbers every 2 weeks to ensure these remain current, typically adding between 15,000 and 25,000 new numbers to the database every month.
The quantity of IPR numbers being provided for use each month by the IPRN Providers continues to increase, and between January 2016 and January 2017 the numbers have increased from 61,226 in 2016 to 111,982 in 2017, an increase of 83%.
PRISM is now being used by around 50 Communication Service Providers including some of the largest mobile operators in the world, other Mobile and Fixed network operators, MVNO’s, VoIP Operators and OTT Service Providers. All users of PRISM now regard the early warning the database provides of a new or pending IRSF attack as a critical component of their Fraud Management strategy, with most crediting PRISM for detecting between 75 and 85% of their IRSF attacks. We are frequently asked by non-PRISM users to assess what value PRISM could have been to help detect IRSF attacks they have suffered. Recent examples (all 2016) are as follows;
- An Asia/Pacific MVNO suffered an organised IRSF attack where 70 of their Simcards were used fraudulently while roaming over a 77 hour period. Total losses suffered during this period were $US2.13million. 605 unique numbers were called during this attack and when we checked, 168 of these were test number in the PRISM database. Within the first 30 minutes of this fraud starting, 24 of these PRISM test numbers were called and could have generated fraud alerts. Even if the NRTRDE records took 4 hours to be delivered to the home network, the fraud could have been discovered while fraud losses were under $US65,000 and avoided losses of over $US2 million.
- A North American Mobile operator suffered a number of IRSF attacks over a few months in 2016. They analysed their IRSF call records and identified test numbers used during each fraud (test numbers are generally calls to the IRSF destinations with a duration of under 2 minutes). Of 101 test numbers identified by the operator, 96, or 95% of these numbers were in the PRISM database and each could have generated a fraud alert.
- A European fixed and mobile operator who has over 2500 numbers called over numerous IRSF attacks during the first half of 2016. 160 of these numbers were identified from their profile as test numbers, and when checked against PRISM, 132 of them were in the PRISM database and could have generated alerts.
These are just 3 examples (and we have many more) of the unique value that the PRISM IPRN database can add to your IRSF detection strategy. Unfortunately those operators referred to above all came to us after they had already suffered significant IRSF attacks, along with significant fraud losses. These losses could have been prevented through a very small investment in this valuable fraud prevention tool. Most PRISM customers acknowledge that they have recovered more than the annual access cost to PRISM through the first IRSF case detected.
For further information on PRISM go to the White Pages TAB and open the PRISM Introduction and PRISM FAQ files.
PRISM 'WILDCARD' DATABASE
In addition to PRISM, a second database has been developed to capture the number ranges these 412,000 numbers represent, by replacing the last 2 digits of each PRISM number with wildcards. This 'Wildcard' database contains over 7 million numbers and has become a valuable detection tool for Wangiri Fraud, recognising that most IRSF or Wangiri Fraud attacks will utilise a range of numbers made available to fraudsters.
Any CSP's who wish to subscribe to PRISM, but do not have the benefit of an in-house Fraud Management System, or other Fraud Monitoring Tool should follow this link 'Information on PRISM Client' for information on this tool, which has been developed by FRSLABS specifically for analysing call records against the PRISM database. The PRISM Client has in-built code to actually identify Test Calls and IRSF traffic based on the A-NO used for Test Calls and Devices used by A-NO when making the test call. This is in addition to the smart rules filter which will generate an alarm once a Test number is called, with additional alarms when further calls to high risk destinations are completed. We are also able to recommend other low cost FMS Providers if a system is required.
While other providers of IPRN databases are starting to enter the market, PRISM is without doubt the most complete and proven IPRN Database available, and does not require the purchase of any other vendor specific solutions to support it. PRISM can be used in association with any in-house or vendor supplied FMS, providing it has the ability to manage a 'B' number hotlist.
YFCL is the owner and inventor of PRISM however it is now also being made available by other selected vendors.
For further information on PRISM, click here for the PRISM FAQ document or complete the Contact form for further information