Fraud Detection

Owned by Samir Doshi
Last updated: Jan 23, 2024 by Devang Nathwani (Unlicensed)

 

Purpose 

Fraud detection detects all misuses and attacks on the user interface/account and ongoing calls. On detection of unusual activities which can be a potential attack/misuse of the system, the ASTPP system will alert to admin/customer in real time through email/SMS notification as per configuration.

Features 

We have added fraud detection features as : 
Fraud detection and Fraud Report
SIP Fraud
IP Fraud

Fraud detection is a add-on's part, so when we install the Fraud detection addon the new menu adds it under Switch menu.

How to Install  Fraud detection addon?

  • login as admin dashboard.

  • Go to Get Addon -> Enterprise. (Here Fraud detection addon will be available.)

  • now click on install button of Fraud detection addon.

  • after re-login as admin, new menu will be add under Switch menu. (sub-admin can also see fraud detection submenu under Switch menu as per give role and permission by admin.)


Prerequisite 

        In Server's Backend there should be install fail2ban services and fail2ban service should be working fine.
        IP tables and firewall services should be available and working fine.

Fraud detection

Fraud detection will work on based on selected filter. Filters we provided are given below

  1. Per Destination Prefix

  2. Group By Destination Prefix

  3. Per Country

  4. Group By Country

  5. Call On The Same Destination

  6. Same Desposition and Same Destination

Let's try to understand each filter by taking an example.

1) Per Destination Prefix :

This fraud will work on code/OR/Prefix bases.

Call counter will work separately for each prefix 1, 91 and 71. if customer doing 10 call on destination number starting with 1 prefix within 5 min then it will sent warning message on configured email. if customer doing 20 call on destination number starting with 1 prefix in 5 min then it will bloack that customer account and also send notification to admin.

Same mechanism will separately work for 91 and 71.

2) Group By Destination Prefix

Only different between this type and Per Destination Prefix is call counting. This type is counting sum of all the selected prefix instead of individual prefix. if customer doing 10 call on destination number starting with 1 prefix or prefix 91 or prefix 71 within 5 min then it will sent warning message on configured email. if customer doing 20 call on destination number starting with 1 prefix or prefix 91 or prefix 71 in 5 min then it will bloack that customer account and also send notification to admin. 

3) Per Country

This fraud will work on country bases.

Call counter will work separately for each each country. if customer doing 10 call on same country within 5 min then it will sent warning message on configured email. if customer doing 20 call on same country in 5 min then it will bloack that customer account and also send notification to admin.

Same mechanism will separately work for any other country.

4) Group By Country

This is similar to Group By Destination Prefix but it will work on country bases.

Call counter will work combinely for selected country. if customer doing 10 call on mutiple countries within 5 min then it will sent warning message on configured email. if customer doing 20 call on multiple countries in 5 min then it will bloack that customer account and also send notification to admin.

5) Call On The Same Destination

This is design to prevent call on same detination number.

If any user dial number same number within defined time frame then it will send warning and block notification as per configuration. if customer doing 10 call on same number 9104567XXX within 5 min then it will sent warning message on configured email. if customer doing 20 call on same number 9104567XXX within 5 min then it will bloack that customer account and also send notification to admin.

6) Same Desposition & Same Destination

This is similar to Call On The Same Destination but it will also check despotion alongside. if despostion also match then and then only it will work. if any user is dialing 9104567XXX and same disposition generate like "Insufficient_fund" within 5 min then it will sent warning message on configured email. if customer doing 20 call on same number 9104567XXX and same disposition generate like "Insufficient_fund" within 5 min then it will bloack that customer account and also send notification to admin.



             

  • If create rule by don't select any account from Accounts ( –select-- )dropdown and then set Fraud Detection Rule type as Global Rule  in customer's account profile, then this rule will be apply as global as per configuration.

  • If create rule by using select any account  from Accounts dropdown and then set Fraud Detection Rule type as Customer Specific Rule  in customer's account profile, then customer specific created rule will be apply.

  • If user set as Disable in customer's account profile, then no any rule will apply into this customer's account.

Fraud Report

SIP Fraud 

SIP fraud refers to the process of identifying and preventing fraudulent activities related to Session Initiation Protocol (SIP) communications in Voice over Internet Protocol (VoIP) networks. It identify or detect the wrong attempt SIP device registration request. when wrong attempt SIP device registration request count reached as per configured time period, then that SIP device will be blacklist automatically, so user not will be use that sip deivce untill whitelist that SIP device. 


Menu Location Switch -> Fraud Detection -> SIP Fraud.

                           

  • admin/sub-admin will set threshold value and time period by clicking on Switch > Fraud detection > SIP Fraud > Configuration option.
                    

  • when try to register SIP devices using any softphone, then if it will reach at the wrong attempt registeration request in defined time as per set threshold value in configuration, then it will block that SIP device.

  • Blacklisted SIP device will be display in SIP fraud lists page.

  • Here admin/sub-admin can check blocking SIP device with wrong attempts SIP Registration requests.




    IP Fraud 

IP Fraud refers to the illegal and unauthorized use of someone else's intellectual access or other advantages without obtaining proper permission or licensing. It detect/identify the wrong attempt authentication login and add that IP into blacklist.  when IP will be add into blacklist, then user will not access or use any services from that IP untill the whitelist that IP.

Menu Location Switch -> Fraud Detection -> IP Fraud.

                 

  • We have added configuration to have total control over service accessibility through these features.

  • admin/sub-admin will be add manually  any IP by clicking on Add Button.
         

            

  • admin/sub-admin can whitelist the IP by change the status as whitelist. when it will be change as whitelist, then user will be now able to access the GUI/SSH from that IP.


  • admin/sub-admin can delete the blacklisted/whitelisted IP from IP Fraud list.

  • if any IP is added in Fraud list with blacklist status and access type as GUI selected , then that IP will not be able to access GUI.

  • if any IP is added in Fraud list with blacklist status and access type as SSH selected , then that IP will not be able to access SSH login.

  • if any IP is added in Fraud list with blacklist status, then that IP will not be able to access GUI/SSH .

  • admin/sub-admin can add/change into blacklist the same IP for both GUI and SSH.

  • admin/sub-admin can add/change into whitelist the same IP for both GUI and SSH.