How does Session Description Protocol (SDP) work?

SDP is used to negotiate the specifics to allow streams of packets to flow between two network sockets, as well as the specifics of the stream itself (ie: codec used, etc). In simple terms, how SDP works is that one end (usually the originating side) offers a set of characteristics that it can support (ie: the network socket it has created for communication, what codecs it can support, etc). The receiving side will then reply with a counter-offer, usually by listing one of the offered codecs–this serves as acceptance of that codec–and also identifying the socket it has established. Finally, the originating side will either accept or refuse the counter-offer. If the offer is accepted, the streams are established and the call proceeds; otherwise, it is torn down with an error.

What is an SDP event?

SDP informs both the parties during call setup that endpoint is capable of telephone events, i.e., DTMF/2833. Once it’s negotiated and the call is setup, the endpoints are aware that other side can support the telephone events/DTMF and SDP intervention is not needed any more unless capabilities need to be renegotiated.

What's the difference between SIP and VoIP?

At its simplest, SIP refers to the specific protocol used to negotiate the audio or video conversation between two endpoints flowing over an IP network, while also being used to manage and maintain the ongoing conversation. VoIP, however, is an umbrella term that encapsulates a wider range of related protocols of which SIP is merely a single one. For example, VoIP can also encompass presence-related metadata that relates to the SIP session.

What is codec negotiation?

It is the process of two endpoints negotiating on a common, shared audio, and/or video codec to use. It is almost always completed using SDP.

What is an example of a codec?

A codec is an algorithm that transforms an audio or video data stream into a standardized encoded form, and back again at the other end, so that it can be readily transferred as data, whether over a network or by other means, such as a file. Different codecs exist to support differing performance and bandwidth constraints. G.711a and H263 are both examples of specific codecs, with the former being a purely audio codec and the latter purely video. Conversations that require both audio and video will typically negotiate each separately, but codecs do exist that support both simultaneously.

International Revenue Share Fraud (IRSF)

Reading Time: 6 minutes

Telephony Fraud is Still Suffering Large Increases

Telecom fraud losses are increasing by about 15% every year. Each year, there is more than $40 billion worth of fraud related to telecom and mobile phones. And that’s voice only, not cyber crime or scams over the internet.

As about 7 billion people on the planet have telephones, that’s about $6 per year for every man, woman, and child who own a phone. So if you have 500,000 subscribers, you could be losing $3 million per year. And if you have below average fraud detection systems, you could be losing much more than this.

According to CFCA, there are a number of new developments since the pandemic that are accelerating this increased fraud. The primary reasons are:

Increase in cross-industry targeted social engineering schemes (Wangiri, SMS phishing/pharming, social engineering, robocalls)
Increase in financial services impersonation frauds using stolen credentials from data breaches
Use of faceless transaction portals to commit subscription fraud and account take-overs
Increase in theft of stolen equipment and services
Compromise of network, device or configuration weaknesses associated with voice-over-IP technologies

What Will You Learn from this Guide

This guide will help you learn about the different types of telecom fraud and where in the world the fraudsters are focusing their attention. We will describe how telecom fraud has changed over the years and how current tools require constant update.

How do we know phone fraud is costing telcos $40 billion a year?

The simple answer is because we asked you all. The Communications Fraud Control Association (cfca.org) has been conducting a detailed survey of all telecommunications service providers worldwide since 2008. In 2021, they saw a more intense response to this global survey from African CSPs, exceeding the interest from North American for the second time.

How has the profile of IRSF attacks changed over the last decade?

International Revenue Share Fraud (IRSF), traffic pumping, and PBX fraud all have a common source, compromised telephony equipment such as PBXs and mailboxes. When this first started with TDM (PRI) PBXs and followed by even more opportunity with IP based PBXs connected to the Internet, fraudsters would find gain access and then pound it for all their worth during the wee small hours of a weekend when perhaps the network is under less manual vigilance. Victims came into the office on Monday morning facing $10s of thousands of fraud from a weekend. Although such events were extremely costly, they exposed themselves with this extremity.

Nowadays, fraudsters remain under the radar with stealth attacks hoping to steal these real costs by remaining undetected for many months. ML and AI techniques employed in the latest technology can detect such fraud events in real time. For more information, read about Teraquant’s Robocall and Fraud Prevention solution.

What Is International Revenue Share Fraud

International revenue share fraud is essentially the same as PBX fraud. Fraudsters hack into PBX’s and generate calls to expensive international destinations such as premium rate services within those countries. When the same fraudulent technique and others are used to artificially inflate traffic to domestic premium rate services or premium rate numbers, this is called traffic pumping. Another technique to stimulate to augment traffic to, typically a domestic location, is providing a very low-quality free conferencing service to attract call us to that premium rate destination.

Toll Fraud

Toll Fraud again begins with equipment compromise and then large traffic generation to destination regulated in this case for a high rate.

Wangiri

Wangiri is a Japanese word that means “one ring and drop”, and that’s exactly what it does. The receiving subscriber receives one ring on their phone, sees a caller ID, and thinking it’s potentially a dropped call (driven from curiosity), calls them back. The fraudster accrues illegal revenue from the callback. But these days, it is also being used as a phishing mechanism. The fraudster will quiz the victim and try to obtain confidential information leading to further direct large scale fraud. As always, both the subscriber and the telco service provider are at risk.

What do you view as the top fraud types in your company?

ML and AI techniques employed in the latest technology can detect such fraud events in real time.

Read more about Teraquant’s Robocall and Fraud Prevention solution.

Those Suffering the Most Pain Have the Most to Gain

Some telephony service providers manage their fraud detection with great diligence. For example, more than 20% of communication service providers update their fraud detection rules on a daily or weekly basis. This is because they likely suffered huge losses in a short period of time, often over the course of a weekend. The investment is easily justified to fix and contain the problem.

How Frequently are Your Existing Fraud Management Control Rules and Thresholds Reviewed and Adjusted?

Many telcos have multiple lines of defense against telco fraud. Specifically, they might have 3 or 4 different systems monitoring all their calls and CDRs. One I spoke to recently believes they have cut their fraud down to $20,000 per year.

Average Is the Average

This means that whereas some telcos have spent a lot of time considerably reducing the fraud level, others have not yet been quite so successful in their efforts. The fraud figures worldwide are still increasing which means some telcos fraud losses are way above the average.

Fraud Detection and Blocking Must Be Real-Time

The first line of defense is usually analyzing the CDRs which are exported from the switch every 15 minutes or so. This of course is much too late and a large amount of revenue leakage has already occurred. Telco’s should be moving towards real-time detection and of course, real-time blocking once the policy for blocking such calls has been matured.

Fraud is International

Telecom fraud is becoming more of a worldwide problem. Fraudsters are now picking on other areas of the world. Service providers in North American and European bore the initial brunt of the attacks as they moved to IP. Accordingly, they invested heavily in fraud protection systems which now bare fruit. In 2021, African Telco/service providers were the most responsive to the Global Fraud Loss Survey. One may deduce from this that they are experiencing elevated levels of fraud attacks.

Where to Go for Trusted and Reliable Cost Effective Help?

For 21 years, Teraquant has been helping telephone companies worldwide to optimize and secure operations costs by:

troubleshooting network problems in minutes
measuring key performance indicators (KPIs)
enhancing their voice/UC network with security from Session Border Controllers (SBCs)
helping reduce fraud with ML/AI data-driven fraud detection and blocking systems

Teraquant is a contributing member to CFCA since 2011 and is well known within the IP telephony industry. Contact us now to see how we can help.

Schedule Calendly