ECG announces the success of FraudStopper, a new toll-fraud detection system optimized for VoIP providers. FraudStopper was deployed in June 2011 at a nationwide CLEC based in New York City. The system has successfully detected numerous incidents of attempted theft of service, saving the CLEC tens of thousands of dollars in losses for international termination.

VoIP Toll Fraud became a major issue for many carriers in November 2010, when thieves began using the "SIPVicious" security scanning tool to search the Internet for VoIP service that could be stolen. ECG estimates that over US $1M in international termination service has been stolen by criminals targeting VoIP service providers in the United States. Some individual incidents have amounted to more than US $160,000.

Most fraud detection systems have simplistic thresholds to identify risky behavior. If a customer appears to make a large number of international calls, the system will alert automatically. But if that same customer routinely makes a large number of international calls and pays for the service, it could simply be their normal course of business. Such simplistic schemes cannot handle the wide diversity among VoIP customers, some of whom make no international calls, while others make numerous calls.

“FraudStopper learns the normal behavior for customers by analyzing historical billing records to determine what is routine for each individual,” said James Puckett, President of ECG. “Statistics are tracked per customer in the User Behavior Database. When international calling occurs that does not match a customer's profile, FraudStopper can detect that change and report the risk.”

However, ordinary activity on a Monday might be fraudulent levels on a Saturday. FraudStopper's dynamic database understands weekly patterns of work. The User Behavior Database compares details from the day of the week extending far into the past to make accurate judgments and reduce false positives.

Alerting from FraudStopper is done through email and SNMP. The email describes the user suspected of fraud, and the historical profile for the user. This allows operations staff to determine the risk and make a judgment. The SNMP trap allows integration with Network-Management tools like HP OpenView and SolarWinds.

The Real-Time Call Progress Monitor in FraudStopper can receive input data from practically any source. Full integration with real-time or batched data sources is available. ECG has integrated using CDRs from Metaswitch, BroadSoft, Acme Packet, Alcatel-Lucent, and others.