Today was the second and final day of the Risk and Assurance Group (RAG) London conference. Due to the ongoing global pandemic it was turned into a virtual online conference. The sessions began at 7:30 AM London time (2:30 AM in Waterloo) but I listened to the whole event from start to finish for the second day in a row.
Today there was a superb real-life session on assuring network assets from Optus, one on revenue protection and maximization for pay-TV providers, Rating Reconciliation, RAG Online Learning Courses and Risk Management in Other Industries (retail, utilities, financial services and charities). The bulk of the remaining sessions, though, were related to fraud management in various forms. These were the meat, the substance I was craving when I decided to attend the conference.
A lot of modern voice calls are now placed using the SIP protocol ; IP, 4G LTE, 5G, OTT apps and all modern PBX all rely on SIP. SIP calls are a combination of two elements, a signalling stream and an RTP stream. As part of the signalling, a log-in and password accompany every call. Hackers have latched on to this to hijack SIP calls and steal those credentials. This is now the main vector for PBX hacking to do IRSF. The TL/DR is if you are using SIP (and we all do) then no one is 100% safe and we need to be very vigilant.
There were two panels discussing various aspects of fraud management . One was about integrating Test Calls into an assurance strategy to find issues that might go unnoticed if we just focus on CDR reconciliation. The other panel looked at the rise in SIM swap fraud during the pandemic , OTT bypass fraud (or OTT hijack might be a better description) via Viber, Off-net bypass, Refile and SIM box detection.
Then there was a session on IRSF (International Simple Resale Fraud); Wangiri (one ring) is one form of it, hijacked PBX’s are another and is the one I see more commonly with my customers. Kenneth Mouton outlined three tactics to provide protections; i) setting traffic limits ii) Databases (of numbers to block) iii) Analytics (CDR vs Signalling, AI/ML vs rule based) . He also ran through five myths about IRSF and proceeded to debunk them
- – “Subscriber pays” is a myth
- – “You can fix problem 1” is a myth
- – “IRSF is only about Premium Numbers” is a myth
- – “IRSF/Wangiri is high volume in a short period” is a myth
- – “RAFM Managers know IRSF” is a myth
There is enough substance here (and my notes are copious) that I plan on writing a few more detailed blog posts in the near future. For sure at least one just on SIP and another just on IRSF.
Those are just some of the over-arching themes from over ten hours of superb content. If you missed it and are interested , some of the videos will be posted on the RAG website here.
I would like to thank the hosts Eric Priezkalns, Rachel Goodin and Tony Sani for putting on a great virtual conference. I would like to thank all of the speakers and all of the sponsors. And I would like to thank RAG, for bringing together over 2,000 people in telecom revenue, risk and business assurance from around the world (93 countries !) in a free to attend event.
I so look forward to the next RAG event, hopefully it will be a live one. The content of the virtual event was superb but I miss the networking part of the conference and the chance to chat face-to-face with like minded professionals. Here is hoping we can meet in person again soon.