Telecommunications fraud is an ongoing issue. At present, there appears to be no clear solution for keeping pace with the cybersecurity criminals committing telecoms fraud. This is where Oculeus comes in.

 Arnd Baranowski

Founded in 2004 by Arnd Baranowski, Oculeus, today, is a leading provider of OSS/BSS systems for telecommunications service providers.

EM360 talked to the firm's CEO about Oculeus' unique approach to telecoms fraud prevention for the enterprise. 

How did Oculeus get involved in the telecommunications fraud protection space?

At Oculeus, we develop software used by telecommunications service providers to efficiently manage their business and network operations.

About seven years ago, a customer of ours – Telecom Liechtenstein – approached us about developing a Voice Fraud Detection System as an extension of one of our systems that the company was already using.

We agreed upon this and from there we started the development of a system focused on fighting telecoms fraud. Today, our fraud prevention offering is highly integrated with telecom operations and provides as close as possible to “live protection”.

What should an enterprise know about telecom fraud?

It is important to convey the message that all enterprises are exposed to telecoms fraud.

The damage caused by telecoms fraud is not only financial, which sometimes ends up being the burden of the enterprise. Telecoms fraud can also damage the brand reputation not only of the service provider, but also the enterprise.

“All enterprises are exposed to telecoms fraud”

The companies providing telecommunications services are three and four steps behind the cyber criminals committing telecoms fraud. Today, a perpetrator of telecoms fraud can hijack a phone line from an enterprise's PBX and instantly inject fraudulent communications traffic.

Based on existing tools and practices, at best the service provider will only detect that an attack happened four or five hours after it was completed. More likely, the enterprise will only know when it receives its next invoice and sees the unexpected charges.

More recently, Jason Lane-Sellers, president of the Communications Fraud Control Association, said that fraud attacks carried out across the telecom industry are not overtly hitting the telcos bottom line but instead they are actually hitting the customer. Who would you say is responsible for protecting the enterprise against telecom fraud?

Who is responsible depends on the country. Here in Germany, where Oculeus is based, the telco is responsible for absorbing the costs of telecoms fraud.

In other countries, the telco is not responsible and the charges caused by fraudulent traffic are pushed off onto the enterprise - but the damage is tremendous for both sides. In the US alone, telecoms fraud causes over $15 billion in financial losses each year.

“Enterprises generally do not see what is happening and the problems caused by telecoms fraud rarely get publicised, although the problem is constant and ongoing.”

Why does this continue to happen? Telcos are simply not in the position to properly fight telecoms fraud. Most practices and tools are based on manual processes and slow moving interactions among staff in different departments.

What is unique about Oculeus' approach to fraud prevention and how can enterprises benefit from it?

Our approach to fighting telecoms fraud is based on anomaly detection. This is a familiar approach used in many cybersecurity technologies with enterprise applications.

We start by profiling the communications network to create a baseline of expected patterns of communications traffic. Any anomalies in expected traffic are detected in real-time and are immediately sent to a fraud detection engine.

Traffic that is confirmed to be fraud is then blocked instantaneously. This process takes less than a minute and stops fraudulent traffic before any significant damage is caused.

Not too long ago, our company was hit by a telecoms fraud attack. Over a weekend, our PBX was hacked and several hundreds of hours of fraudulent traffic to Africa was injected. In total, the damage was charges over nearly €14,000.

If our telecoms operator had been using our fraud protection system, the fraudulent traffic would likely have been blocked shortly after the attack began, resulting in only a few cents of fraudulent charges.

Any final words to keep our audience a little safer from telecom fraud?

First off, I would like to encourage enterprise IT managers responsible for PBX systems to ask their telecommunications service providers what they are doing to protect you against telecoms fraud. You might not be comfortable with the response you get.

With this said, I would like to take this opportunity to explain how an enterprise can access the fraud protection we offer. Today, telecommunications service providers can host our fraud protection system and offer their enterprise customers with a fraud protection service.

We are also in the process of setting up a global telecoms fraud protection service. Enterprises will be able to directly access our telecoms fraud protection through this managed service that we will be offering.  

Our service will enable enterprises to access and benefit from our telecoms fraud prevention independent of a telecommunications service provider. We are designing this service to be as straightforward as possible.

An enterprise's IT manager will be able to register for our new service online and independently configure the enterprise's PBX systems to integrate with our fraud protection. Of course, we will provide full support and a range of valuable reports.