US20030185361A1 - Fraud monitoring system - Google Patents
Fraud monitoring system Download PDFInfo
- Publication number
- US20030185361A1 US20030185361A1 US10/394,224 US39422403A US2003185361A1 US 20030185361 A1 US20030185361 A1 US 20030185361A1 US 39422403 A US39422403 A US 39422403A US 2003185361 A1 US2003185361 A1 US 2003185361A1
- Authority
- US
- United States
- Prior art keywords
- calls
- call
- origination
- pattern
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000012544 monitoring process Methods 0.000 title 1
- 238000000034 method Methods 0.000 claims description 47
- 238000001514 detection method Methods 0.000 claims description 9
- 230000000694 effects Effects 0.000 claims description 7
- 238000012935 Averaging Methods 0.000 claims description 5
- 238000012986 modification Methods 0.000 claims description 3
- 230000004048 modification Effects 0.000 claims description 3
- 230000003044 adaptive effect Effects 0.000 claims 8
- 230000006399 behavior Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 4
- 230000001413 cellular effect Effects 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 238000011835 investigation Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M15/00—Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
- H04M15/47—Fraud detection or prevention means
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M15/00—Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M2215/00—Metering arrangements; Time controlling arrangements; Time indicating arrangements
- H04M2215/01—Details of billing arrangements
- H04M2215/0148—Fraud detection or prevention means
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/22—Arrangements for supervision, monitoring or testing
- H04M3/36—Statistical metering, e.g. recording occasions when traffic exceeds capacity of trunks
Definitions
- the present invention generally relates to a telecommunications network. More particularly, one aspect of the present invention relates to a method and apparatus of automatically detecting fraudulent calls in a telecommunications network and another relates to a method of controlling calls over a telecommunications network.
- Fraudulent use of a telephone communications network can cost the telecommunications operator a significant amount of money.
- Rule based fraud detection systems have been developed with a view to combating fraud in a telecommunications network. In such systems if a particular usage of the network, determined from a call record, triggers one or more of the predefined rules, an alarm is generated enabling human operators to take the necessary action. While such systems have had some success in combating fraud, difficulties seem to arise due to the sheer number of alarms that can be generated within a short time. Typically, fraud detection operators may have tens of thousands of live alarms to deal with during a day and it is therefore generally impractical to deal with each individual alarm as it arises. Methods have been developed for consolidating or grouping the fraud alarms based on their priority and for identifying patterns in the alarms once generated. Such rule based fraud detection systems however only operate once alarms have been raised.
- the present invention provides method of automatically detecting fraudulent calls in a telecommunications network, the method comprising the steps of:
- the present invention provides apparatus for automatically detecting fraudulent calls in a telecommunications network, the apparatus comprising:
- storage means for storing data for a pattern of previous or expected calls specific to originations
- fraud detecting means for determining whether the call is likely to be a fraudulent call using the determined origination of the call and the stored pattern of calls specific to the origination.
- the pattern of use of the telecommunications network is used which is specific to the origination of the call. Fraudulent activity can be determined by detecting a deviation in the call from the predetermined pattern for the origination of the call.
- the predetermined pattern comprises information on calls over a period of time and the time of the current call can be used to determine whether the call fits the pattern.
- the origination is determined by receiving a call record containing information on the call.
- a call record is sent to the exchange which contains information for example identifying the origination, the destination, the time of initiation of the call and the date.
- the predetermined pattern of calls can be adaptively modified. Such a modification can give a greater weighting to more recently made calls. All the calls which do not deviate significantly from the predetermined pattern of calls can be used to update the pattern. Also, calls which have been determined to be fraudulent can be used to adaptively modify the predetermined pattern of calls once they have been investigated and cleared by, for example, an operator. In this way the pattern of calls can be adapted to more accurately reflect the expected call behaviour of an origination.
- an origination can comprise an individual user or group user identification code.
- an identification code are a personal number which can be input using a telephone key pad.
- the SIM card can be used to provide a unique identification code.
- a code can be assigned to an individual user or a group of users and is independent of the node in the telecommunications network i.e. the telephone number from which the call is made.
- the identity of a node or group of nodes in the telecommunications network can comprise the origination i.e.
- the origination can comprise the geographical location from which the call is made.
- the geographical location can comprise a true geographical location which can, for example, be obtained from the base stations in the cellular network.
- the geographical location can be obtained from the telephone number and can be provided as an exact address, or an area such as a town or country.
- the user profile includes information on the call destination for the pattern of calls and thus for the call made the destination is determined in order to determine whether the call fits the normal pattern of calling behaviour for the origination.
- the call destination information can comprise information identifying a node or group of nodes in the telecommunications network i.e. a specific telephone number, group of numbers, or an area code, and/or a geographical location.
- the time and/or day or date of the call is determined and the user profile includes information on the time of day of the calls, the day or date of the calls, and/or the frequency of calls made. In this way the information and/or date of the call made can be used to determine whether the call fits the user profile.
- information on the call such as the origination, the destination, the time, and date of the call can be determined as soon as the call is made from the call record and this information can be used immediately to determine whether the call represents fraudulent activity, if no fraudulent activity is detected, at the termination of the call the duration of the call can be determined and used to carry out a further check since in a preferred embodiment the user profile includes information on the duration of the calls. This specific embodiment provides a further check for fraudulent activity using the full duration parameter.
- apparatus for controlling calls over a telecommunications network comprising:
- storage means for storing data for a pattern of calls specific to originations
- allowance determining means for determining whether the call is to be allowed or disallowed using the determined origination of the call and the stored pattern of calls specific to the origination;
- control means for controlling the call in accordance with the determination.
- the user can be allowed to input a code which must be validated by the telecommunications network. If the code is valid the telecommunications network will allow the input of pattern update data to update the pattern of calls for user profile. In this way if a user wishes to significantly change their calling behaviour for example by making a series of long distance telephone calls, the user profile can be manually updated to accept this change in user behaviour.
- the predetermined pattern of calls is a pattern which is specific to the origination and can be formed during a ‘learning’ phase during which the calls made from an origination are recorded in order to form the predetermined pattern.
- the telecommunications network could form the predetermined pattern from the call records for the origination for a previous period of time. Further, the predetermined pattern could be formed based on the expected pattern of calls for the origination.
- FIG. 1 is a schematic drawing of a telecommunications network including the fraud detection system in accordance with an embodiment of the present invention.
- FIG. 2 is a flow diagram illustrating the steps carried out in detecting fraudulent calls using the method of an embodiment of the present invention.
- FIG. 3 is a flow diagram illustrating the steps of a preferred method of forming the user profile.
- FIG. 1 there is illustrated schematically a telephone communications network in which individual telephone handsets 1 a , 1 b , 1 c and 1 d are connected to respective digital local exchanges (DLEs) 2 a and 2 b .
- the digital local exchanges 2 a and 2 b receive telephone calls from the telephone handsets 1 a , 1 b , 1 c and 1 d and 1 f the telephone call is a local telephone call, the call is routed to the appropriate telephone handset 1 a , 1 b , 1 c and 1 d . If however the telephone call is not local, the digital local exchange 2 a and 2 b routes the call to respective digital main switching units 3 a , 3 b and 3 c .
- the digital main switching units 3 a , 3 b and 3 c route the calls accordingly between digital local exchanges 2 a and 2 b.
- a fraud management system (FMS) 4 monitors the calls being switched by the digital main switching units 3 a , 3 b and 3 c .
- the call record for each call is sent to the fraud management system 4 by the appropriate digital main switching unit 3 a , 3 b and 3 c which is handling the call. Since the call record containing information identifying the origination of the call, the destination of the call, and the time and date of the call is available as soon as the call is placed, the fraud management system 4 is able to detect whether the call is a fraudulent call immediately the call is placed.
- the fraud management system 4 can instruct the digital main switching units 3 a , 3 b and 3 c to disallow or disconnect the call. Alternatively, an alarm can be raised to bring the call to the attention of an operator to analyze whether action should be taken. Thus, the call can either be automatically barred if the call does not fit the expected profile for the origination, or operator intervention can be instigated.
- FIG. 2 is a flow diagram illustrating the steps of a call detection method in accordance with an embodiment of the present invention.
- a user makes a call and the call is connected to the digital local exchange in step S 2 .
- the digital local exchange determines whether the call is local and if so in step S 9 the call is proceeded with and the digital local exchange connects the local telephone handsets. If the call is not local the digital local exchange passes the call to a digital main switching unit in step S 4 .
- the digital main switching unit then passes on the call information to the fraud management system in step S 5 .
- the fraud management system selects a profile in accordance with the caller's ID i.e.
- FIG. 3 is a flow diagram illustrating one method of forming a user profile. This method represents a method of learning a user's profile during a learning phase.
- a user makes a call and in step S 31 the call is connected to the local exchange.
- step S 32 it is determined whether the call is local and if the call is local the process proceeds to step S 37 where the call proceeds. If the call is not local the call is passed by the digital local exchange to the digital main switching unit in step S 33 .
- the digital main switching unit then passes the call information to the fraud management system in step S 34 and in step S 35 the fraud management system selects the profile in accordance with the caller's ID.
- the selected profile can then be updated in step S 36 using the information about the call and in step S 37 the call can proceed.
- a telecommunications operator can utilize stored call records for a period of time in order to form a user profile ‘off line’.
- unexpected user profiles can be generated based on the expected calling behaviour of the user. This technique may be used for instance where there is a new user with no historical call information.
- the profile can be constantly updated in order to track changes in calling behaviour for a user or origination.
- the user profile represents a pattern of calling behaviour for a point of origin of a call in a telecommunications network.
- the point of origin can be specific to a personal number such as a charge-card or mobile telephone SIM, a node or group of nodes of the telecommunications network i.e. a telephone number or group of telephone numbers, or a geographical location i.e. a specific location which for a mobile telephone can, for example, be provided by the cellular base stations and for a conventional fixed telephone handset can be provided by a database identifying the telephone number and location, or a generalised locations such as a building, area, city, or country.
- a combination of this origination information can be used to provide more than one profile for a user. For example, if a charge-card user uses telephones in two different regions of the country regularly; two different profiles can be provided for the charge-card depending upon the geographical location from which the call was made. Similarly, for mobile telephone users more than one user profile can be provided.
- the user profile contains information not just on the point of origin of the calls but also the destinations.
- the destinations can be identified as nodes or groups of nodes in the telecommunications network i.e. telephone numbers, groups of telephone numbers, or area codes, and/or geographical locations i.e. specific locations or areas.
- the user profile can identify calls made from an origination to a destination over a period of time.
- the profile can also include summary information such as the frequency of calls to be made by the origination during a period of time. Also subsets of this information can be provided e.g. the frequency of calls made to a specific telephone number, area code or geographical location during a period of time.
- the pattern of calls being made during the current time period can be compared with the pattern of calls made during a previous time period to detect fraudulent activities e.g. if frequency of calls increases significantly outside the behaviour range there is potential fraud.
- the calling patterns of each origination can extend over any period of time e.g. a number of hours, a day, a week, a month, or any desired period.
- a new user profile can be generated for that location adaptively.
- User profiles can be stored for preceding periods of time e.g. an hour, a day, or a week.
- a user profile which is an average for previous periods of time can be stored and the averaging can be carried out by performing a weighted average to give favour to the most recently recorded profiles.
- the current profile recorded during the most recent period of time is averaged in their weighted manner with the average user profile automatically.
- This average user profile is the user profile which is used for fraud detection. If a fraudulent call was detected during the recording of the current or most recent profile, this profile can be ignored in the updating of the average user profile at the end of the period. If this ‘fraudulent’ call recurs, this call could be allowed to be included in the profile once an investigation has been undertaken to ensure that the call is not fraudulent.
- an embodiment of the present invention provides for a user to enter a validation code to force the acceptance of the call and to update the current user profile.
- charge-card, mobile telephone, or telephone number can be controlled by a predetermined user's profile.
- the telephone numbers available at periods of time i.e. the pattern of calls for a user can be controlled.
- the user profile represents a pattern of allowed calls specific to the origination rather than a pattern of previous or expected calls as described hereinabove with reference to the previous embodiments.
- Embodiments of the present invention can thus provide for the control of calls over a telecommunications network not just the detection of potentially fraudulent calls.
Abstract
In order to detect fraudulent or potentially fraudulent usage of a telecommunications network, each call connected by way of one of the digital main switching units of the network (3 a to 3 c) has an associated billing record transferred to a fraud management system (4). The fraud management system compares the origin and destination of the call with a known usage pattern for the originator and, if other indications are that the call is of a fraudulent nature, and the call deviates from the known usage pattern an alarm can be forwarded to an operator. The user profile used to determine normal calling behaviour is updated over a period of time in respect of calls determined as not fraudulent. An initial user profile may be generated from historic billing records.
Description
- The present invention generally relates to a telecommunications network. More particularly, one aspect of the present invention relates to a method and apparatus of automatically detecting fraudulent calls in a telecommunications network and another relates to a method of controlling calls over a telecommunications network.
- Fraudulent use of a telephone communications network can cost the telecommunications operator a significant amount of money. Rule based fraud detection systems have been developed with a view to combating fraud in a telecommunications network. In such systems if a particular usage of the network, determined from a call record, triggers one or more of the predefined rules, an alarm is generated enabling human operators to take the necessary action. While such systems have had some success in combating fraud, difficulties seem to arise due to the sheer number of alarms that can be generated within a short time. Typically, fraud detection operators may have tens of thousands of live alarms to deal with during a day and it is therefore generally impractical to deal with each individual alarm as it arises. Methods have been developed for consolidating or grouping the fraud alarms based on their priority and for identifying patterns in the alarms once generated. Such rule based fraud detection systems however only operate once alarms have been raised.
- In accordance with one aspect the present invention provides method of automatically detecting fraudulent calls in a telecommunications network, the method comprising the steps of:
- determining the origination of the calls; and
- determining whether the call is likely to be a fraudulent call using a predetermined pattern of previous or expected calls specific to the origination.
- In accordance with a second aspect the present invention provides apparatus for automatically detecting fraudulent calls in a telecommunications network, the apparatus comprising:
- determining means for determining the origination of the call;
- storage means for storing data for a pattern of previous or expected calls specific to originations; and
- fraud detecting means for determining whether the call is likely to be a fraudulent call using the determined origination of the call and the stored pattern of calls specific to the origination.
- Thus in accordance with the present invention the pattern of use of the telecommunications network is used which is specific to the origination of the call. Fraudulent activity can be determined by detecting a deviation in the call from the predetermined pattern for the origination of the call. The predetermined pattern comprises information on calls over a period of time and the time of the current call can be used to determine whether the call fits the pattern.
- Preferably the origination is determined by receiving a call record containing information on the call. Typically in a telecommunications network when a call is initiated a call record is sent to the exchange which contains information for example identifying the origination, the destination, the time of initiation of the call and the date. By determining the origination of the call from the call record at the initiation of the call, the determination of whether the call is likely to be a fraudulent call can be determined as the call is made. This allows the call to be disallowed or disconnected if the call is determined to a call which lies significantly outside the predetermined pattern of calls.
- In order to accommodate changes in the calling behaviour of the originator, the predetermined pattern of calls can be adaptively modified. Such a modification can give a greater weighting to more recently made calls. All the calls which do not deviate significantly from the predetermined pattern of calls can be used to update the pattern. Also, calls which have been determined to be fraudulent can be used to adaptively modify the predetermined pattern of calls once they have been investigated and cleared by, for example, an operator. In this way the pattern of calls can be adapted to more accurately reflect the expected call behaviour of an origination.
- The term ‘origination’ is used in the specification to refer to any identifiable point of origin of a call in a telecommunications network. For example, an origination can comprise an individual user or group user identification code. Examples of such an identification code are a personal number which can be input using a telephone key pad. Such a system is used for instance when using a charge-card. Also for a mobile telephone the SIM card can be used to provide a unique identification code. A code can be assigned to an individual user or a group of users and is independent of the node in the telecommunications network i.e. the telephone number from which the call is made. Alternatively or in addition the identity of a node or group of nodes in the telecommunications network can comprise the origination i.e. a telephone number from a group of telephone numbers, or an area code. Further, the origination can comprise the geographical location from which the call is made. For calls made from mobile telephones, the geographical location can comprise a true geographical location which can, for example, be obtained from the base stations in the cellular network. For a call originating from a conventional telephone handset, the geographical location can be obtained from the telephone number and can be provided as an exact address, or an area such as a town or country.
- Thus, one or a combination of these pieces of information identifying the origination of the call can be used to choose a predetermined pattern to be used for the call. For example, for a charge-card user, there may be more than one predetermined pattern termed a user profile assigned to that charge-card depending upon the telecommunications node used to make the call or the geographical location from which the call was made. The user's calling behaviour may be different for different telecommunications nodes and/or different geographical locations. The same is true for mobile telephone users. The pattern of calls in different geographical locations can be quite different and therefore different user profiles can be provided.
- In one embodiment the user profile includes information on the call destination for the pattern of calls and thus for the call made the destination is determined in order to determine whether the call fits the normal pattern of calling behaviour for the origination. The call destination information can comprise information identifying a node or group of nodes in the telecommunications network i.e. a specific telephone number, group of numbers, or an area code, and/or a geographical location.
- In an embodiment of the present invention the time and/or day or date of the call is determined and the user profile includes information on the time of day of the calls, the day or date of the calls, and/or the frequency of calls made. In this way the information and/or date of the call made can be used to determine whether the call fits the user profile.
- Although information on the call such as the origination, the destination, the time, and date of the call can be determined as soon as the call is made from the call record and this information can be used immediately to determine whether the call represents fraudulent activity, if no fraudulent activity is detected, at the termination of the call the duration of the call can be determined and used to carry out a further check since in a preferred embodiment the user profile includes information on the duration of the calls. This specific embodiment provides a further check for fraudulent activity using the full duration parameter.
- In accordance with another aspect of the present invention there is provided a method of controlling calls over a telecommunications network, the method comprising the steps of:
- determining the origination of a call, and
- determining whether the call is to be allowed or disallowed using a predetermined pattern of calls specific to the origination.
- In accordance with a further aspect of the present invention there is provided apparatus for controlling calls over a telecommunications network, the apparatus comprising:
- determining means for determining the origination of a call;
- storage means for storing data for a pattern of calls specific to originations;
- allowance determining means for determining whether the call is to be allowed or disallowed using the determined origination of the call and the stored pattern of calls specific to the origination; and
- control means for controlling the call in accordance with the determination.
- Thus in accordance with these aspects of the present invention if the call made does not fit the pattern for the origination of the call, the call is automatically disallowed or disconnected.
- The call pattern can thus be used to control calls from the origination. It can allow for a level of usage of the telecommunications network which is not fixed but is determined as a pattern. This can also provide automatic protection against fraudulent calls since any calls which do not fit a user profile will not be allowed.
- In order to allow a user to force the telecommunications network to allow a call, the user can be allowed to input a code which must be validated by the telecommunications network. If the code is valid the telecommunications network will allow the input of pattern update data to update the pattern of calls for user profile. In this way if a user wishes to significantly change their calling behaviour for example by making a series of long distance telephone calls, the user profile can be manually updated to accept this change in user behaviour.
- The predetermined pattern of calls (user profile) is a pattern which is specific to the origination and can be formed during a ‘learning’ phase during which the calls made from an origination are recorded in order to form the predetermined pattern. Alternatively, the telecommunications network could form the predetermined pattern from the call records for the origination for a previous period of time. Further, the predetermined pattern could be formed based on the expected pattern of calls for the origination.
- Embodiments of the present invention will now be described with reference to the accompanying drawings in which:
- FIG. 1 is a schematic drawing of a telecommunications network including the fraud detection system in accordance with an embodiment of the present invention.
- FIG. 2 is a flow diagram illustrating the steps carried out in detecting fraudulent calls using the method of an embodiment of the present invention; and
- FIG. 3 is a flow diagram illustrating the steps of a preferred method of forming the user profile.
- Referring now to FIG. 1 there is illustrated schematically a telephone communications network in which
individual telephone handsets local exchanges telephone handsets appropriate telephone handset local exchange main switching units main switching units local exchanges - In this embodiment of the present invention a fraud management system (FMS)4 monitors the calls being switched by the digital
main switching units main switching unit main switching units - If a call is allowed to proceed since from the information available at the onset of the call does not indicate that the call represents a significant deviation from the expected calling behaviour for the origination, at the termination of the call the call duration is added to the call record and this further piece of information can be used to carry out a further fraud detection step. If it is determined that this call duration does not fit the expected calling behaviour and the call lies significantly outside the expected call pattern, although it is not possible to bar the call, an alarm can be raised to bring the call to the attention of an operator who can then look into the circumstances surrounding the call.
- FIG. 2 is a flow diagram illustrating the steps of a call detection method in accordance with an embodiment of the present invention. In step S1 a user makes a call and the call is connected to the digital local exchange in step S2. In step S3 the digital local exchange determines whether the call is local and if so in step S9 the call is proceeded with and the digital local exchange connects the local telephone handsets. If the call is not local the digital local exchange passes the call to a digital main switching unit in step S4. The digital main switching unit then passes on the call information to the fraud management system in step S5. The fraud management system selects a profile in accordance with the caller's ID i.e. the origination of the call in step S6 and in step S7 it is determined whether the call is in keeping with the profile. If a call is in keeping with the profile in step S8 the profile can be updated to take into consideration this call and in step S9 the call is proceeded with i.e. the digital main switching units routes the call. If in step S7 it is determined that the call is not in keeping with the profile, in step S10 an alarm is raised allowing an operator to intervene in step S11. In step S12 the operator can determine whether the call or calls should be barred from the caller's ID. The call is not to be barred the profile can be updated in step S8 and the call can proceed. Otherwise in step S13 the call or calls from the caller's ID are barred.
- Thus in the embodiment of FIG. 2 an alarm is raised allowing an operator to intervene to determined whether to bar the call or not. However, in an alternative embodiment if the call is not in keeping with the profile, the call can be automatically barred.
- FIG. 3 is a flow diagram illustrating one method of forming a user profile. This method represents a method of learning a user's profile during a learning phase. In step S30 a user makes a call and in step S31 the call is connected to the local exchange. In step S32 it is determined whether the call is local and if the call is local the process proceeds to step S37 where the call proceeds. If the call is not local the call is passed by the digital local exchange to the digital main switching unit in step S33. The digital main switching unit then passes the call information to the fraud management system in step S34 and in step S35 the fraud management system selects the profile in accordance with the caller's ID. The selected profile can then be updated in step S36 using the information about the call and in step S37 the call can proceed.
- In an alternative method of forming the user profile, instead of carrying this out on line as illustrated in FIG. 3, a telecommunications operator can utilize stored call records for a period of time in order to form a user profile ‘off line’.
- Alternatively, unexpected user profiles can be generated based on the expected calling behaviour of the user. This technique may be used for instance where there is a new user with no historical call information.
- It can be seen from FIG. 2 that the profile can be constantly updated in order to track changes in calling behaviour for a user or origination.
- The user profile represents a pattern of calling behaviour for a point of origin of a call in a telecommunications network. The point of origin can be specific to a personal number such as a charge-card or mobile telephone SIM, a node or group of nodes of the telecommunications network i.e. a telephone number or group of telephone numbers, or a geographical location i.e. a specific location which for a mobile telephone can, for example, be provided by the cellular base stations and for a conventional fixed telephone handset can be provided by a database identifying the telephone number and location, or a generalised locations such as a building, area, city, or country. A combination of this origination information can be used to provide more than one profile for a user. For example, if a charge-card user uses telephones in two different regions of the country regularly; two different profiles can be provided for the charge-card depending upon the geographical location from which the call was made. Similarly, for mobile telephone users more than one user profile can be provided.
- In embodiments of the present invention the user profile contains information not just on the point of origin of the calls but also the destinations. The destinations can be identified as nodes or groups of nodes in the telecommunications network i.e. telephone numbers, groups of telephone numbers, or area codes, and/or geographical locations i.e. specific locations or areas. Thus, the user profile can identify calls made from an origination to a destination over a period of time. The profile can also include summary information such as the frequency of calls to be made by the origination during a period of time. Also subsets of this information can be provided e.g. the frequency of calls made to a specific telephone number, area code or geographical location during a period of time. As calls are made during a period of time the pattern of calls being made during the current time period can be compared with the pattern of calls made during a previous time period to detect fraudulent activities e.g. if frequency of calls increases significantly outside the behaviour range there is potential fraud. The calling patterns of each origination can extend over any period of time e.g. a number of hours, a day, a week, a month, or any desired period.
- For a mobile user e.g. using a charge-card or a mobile telephone, when a call is made from a new location i.e. a new node in the telecommunications network or a new geographical location, a new user profile can be generated for that location adaptively.
- User profiles can be stored for preceding periods of time e.g. an hour, a day, or a week. A user profile which is an average for previous periods of time can be stored and the averaging can be carried out by performing a weighted average to give favour to the most recently recorded profiles. In order to update the user profile the current profile recorded during the most recent period of time is averaged in their weighted manner with the average user profile automatically. This average user profile is the user profile which is used for fraud detection. If a fraudulent call was detected during the recording of the current or most recent profile, this profile can be ignored in the updating of the average user profile at the end of the period. If this ‘fraudulent’ call recurs, this call could be allowed to be included in the profile once an investigation has been undertaken to ensure that the call is not fraudulent.
- If a call is outside a usual pattern of calling, an embodiment of the present invention provides for a user to enter a validation code to force the acceptance of the call and to update the current user profile.
- Although in the foregoing embodiments an origination comprising a personal identification number has been described only with reference to charge-cards and mobile telephone SIMs, the present invention is applicable to a system wherein users are provided with codes which must be entered to allow a user to make a telephone call. The code is a unique identifer to identify the user which causes the selection of the appropriate user profile to provide calls allowed for by the user profile. Thus in this embodiment calls over the communications network from a user can be controlled in accordance with the user's profile which can be preset in advance to restrict the user's access to telephone numbers over the network. Similarly, the access to telephone numbers over the network at any point of origination e.g. charge-card, mobile telephone, or telephone number can be controlled by a predetermined user's profile. In this way the telephone numbers available at periods of time i.e. the pattern of calls for a user can be controlled. Thus the user profile represents a pattern of allowed calls specific to the origination rather than a pattern of previous or expected calls as described hereinabove with reference to the previous embodiments. Embodiments of the present invention can thus provide for the control of calls over a telecommunications network not just the detection of potentially fraudulent calls.
Claims (50)
1. A method of automatically detecting fraudulent calls in a telecommunications network, the method comprising the steps of:
determining the origination of the calls;
determining whether the call is likely to be a fraudulent call using a predetermined pattern of previous or expected calls specific to the origination.
2. A method according to claim 1 including the step of receiving a call record containing information on the call, wherein the step of determining the origination of the call uses the call record.
3. A method according to claim 1 or claim 2 wherein the call is determined to be a fraudulent call if it lies significantly outside the predetermined pattern of calls.
4. A method according to any preceding claim including the step of adaptively modifying the predetermined pattern of calls to update the pattern to accommodate changes in calling behaviour of the origination.
5. A method according to claim 4 wherein the adaptive modification of the predetermined pattern of calls is a weighted averaging operation which is weighted to favour the most recent calls.
6. A method according to claim 4 or claim 5 wherein calls determined to be fraudulent are used for adaptively modifying the predetermined pattern of calls once they have been investigated and cleared.
7. A method according to any preceding claim wherein the origination is determined as at least one of the set comprising a user or group identification code, a node or group of nodes in the telecommunications network, and a geographical location.
8. A method according to any preceding claim including the step of determining the destination of the call, wherein said predetermined pattern of calls includes information on the call destination.
9. A method according to claim 8 wherein the call destination information in said predetermined pattern of calls comprises information identifying a node or group of nodes in the telecommunications network and/or a geographical location.
10. A method according to any preceding claim including the step of determining the time and/or day or date of the call, wherein the predetermined pattern of calls includes information on at least one of the set of the time of day of the calls, the day or date of the calls, and the frequency of calls made.
11. A method according to any preceding claim including the step of determining the duration of the call, wherein said predetermined pattern of calls includes information on the duration of calls.
12. A method according to claim 2 wherein the call record is received and used in the determination as the call is made.
13. A method according to any preceding claim including the steps of receiving an input code from the origination, validating the input code, and receiving pattern update data from the origination and updating said predetermined pattern of calls if the input code is valid.
14. A method according to any preceding claim wherein a pattern of calls from the origination for a current time period is compared with a pattern of calls for a previous time period in order to determine whether there is likely to be fraudulent activity.
15. Apparatus for automatically detecting fraudulent calls in a telecommunications network, the apparatus comprising:
determining means for determining the origination of the call;
storage means for storing data for a pattern of previous or expected calls specific to origination; and
fraud detecting means for determining whether the call is likely to be a fraudulent call using the determined origination of the call and the stored pattern of calls specific to the origination.
16. Apparatus according to claim 15 wherein said determining means includes means for receiving a call record containing information on the call, and the fraud detecting means is adapted to use the call record information in the determination.
17. Apparatus according to claim 15 or claim 16 wherein said fraud detecting means is operative to determine that a call is fraudulent if it lies significantly outside the predetermined pattern of calls.
18. Apparatus according to any one of claims 15 to 17 including adaptive means for adaptively modifying the predetermined pattern of calls to update the pattern to accommodate changes in calling behaviour of the origination.
19. Apparatus according to claim 18 wherein said adaptive means is operative to carry out a weighted averaging operation wherein the most recent calls are given the highest weighting in the adaption process.
20. Apparatus according to claim 18 or claim 19 wherein said adaptive means is operative to use calls determined to be fraudulent in the adaptive process once the calls have been investigated and cleared.
21. Apparatus according to any one of claims 15 to 20 wherein said determining means is operative to determine the origination as at least one of the set comprising a user or group identification code, a node or group of nodes in the telecommunications network, and a geographical location.
22. Apparatus according to any one of claims 15 to 21 including means for determining the destination of the call, wherein said storage means is adapted to store said predetermined pattern of calls which includes information on the call destination.
23. Apparatus according to claim 22 wherein said storage means is adapted to store the information on the call destination which comprises information identifying a node or group of nodes in the telecommunications network and/or a geographical location.
24. Apparatus according to any one of claims 15 to 23 including means for determining the time and/or day or date of the call, wherein said storage means is adapted to store said predetermined pattern of calls which includes information on at least one of the set of the time of day of the calls, the day or date of the calls, and the frequency of the calls.
25. Apparatus according to any one of claims 15 to 24 including means for determining the duration of the call, wherein said storage means is adapted to store said information on said predetermined pattern of calls which includes information on the duration of calls.
26. Apparatus according to claim 16 wherein said means for receiving the call record is operative to receive the call record as the call is made and said fraud detecting means is operative to determine whether the call is likely to be a fraudulent call as the call is made.
27. Apparatus according to any one of claims 15 to 26 including means for receiving an input code from the origination, means for validating the input code, and means for receiving pattern update data from the origination and for updating said predetermined pattern of calls if the input code is valid.
28. A method according to any one of claims 15 to 27 including current storage means for storing a pattern of calls from the origination for a current time period, wherein said storage means stores a pattern of calls for a previous time period, and said fraud detection means is adapted to compare the pattern for the current time period with the pattern for the previous time period in order to determine whether there is likely to be fraudulent activity.
29. A method of controlling calls over a telecommunications network, the method comprising the steps of:
determining the origination of a call, and
determining whether the call is to be allowed or disallowed using a predetermined pattern of calls specific to the origination.
30. A method according to claim 29 including the step of receiving a call record containing information on the call, wherein the step of determining whether the call is to be allowed or disallowed uses the call record in the determination.
31. A method according to claim 29 or claim 30 wherein the call is determined to be disallowed if it lies significantly outside the predetermined pattern of calls.
32. A method according to any one of claims 29 to 31 including the step of adaptively modifying the predetermined pattern of calls to update the pattern to accommodate changes in calling behaviour of the origination.
33. A method according to claim 32 wherein the adaptive modification of the predetermined pattern of calls is a weighted averaging operation which is weighted to favour the most recent calls.
34. A method according to any one of claims 29 to 33 wherein the origination is determined as at least one of the set comprising a user or group identification code, a node or group of nodes in the telecommunications network, and a geographical location.
35. A method according to any one of claims 29 to 34 including the step of determining the destination of the call, wherein said predetermined pattern of calls includes information on the call destination.
36. A method according to claim 35 wherein the call destination information in said predetermined pattern of calls comprises information identifying a node or group of nodes in the telecommunications network and/or a geographical location.
37. A method according to any one of claims 29 to 36 including the step of determining the time and/or day or date of the call, wherein the predetermined pattern of calls includes information on at least one of the set of the time of day of the calls, the day or date of the calls, and the frequency of calls made.
38. A method according to any one of claims 29 to 37 including the steps of receiving an input code from the origination, validating the input code, and receiving pattern update data from the origination and updating said predetermined pattern of calls if the input code is valid.
39. Apparatus for controlling calls over a telecommunications network, the apparatus comprising:
determining means for determining the origination of a call;
storage means for storing data for a pattern of calls specific to origination;
allowance determining means for determining whether the call is to be allowed or disallowed using the determined origination of the call and the stored pattern of calls specific to the origination; and
control means for controlling the call in accordance with the determination.
40. Apparatus according to claim 39 wherein said determining means includes means for receiving a call record containing information on the call, and the allowance determining means is adapted to use the call record information in the determination.
41. Apparatus according to claim 39 or claim 40 wherein said allowance determining means is adapted to determine that a call is to be disallowed if it lies significantly outside the stored pattern of calls specific to the origination.
42. Apparatus according to any one of claims 39 to 41 including adaptive means for adaptively modifying the stored pattern of calls specific to the origination to update the pattern to accommodate changes in calling behaviour of the origination.
43. Apparatus according to claim 42 wherein said adaptive means is operative to carry out a weighted averaging operation wherein the most recent calls are given the highest weighting in the adaption process.
44. Apparatus according to any one of claims 39 to 43 wherein said determining means is operative to determine the origination as at least one of the set comprising a user or group identification code, a node or group of nodes in the telecommunications network, and a geographical location.
45. Apparatus according to any one of claims 39 to 44 including means for determining the destination of the call, wherein said storage means is adapted to store said pattern of calls which includes information on the call destination.
46. Apparatus according to claim 45 wherein said storage means is adapted to store the information on the call destination which comprises information identifying a node or group of nodes in the telecommunications network and/or a geographical location.
47. Apparatus according to any one of claims 39 to 46 including means for determining the time and/or day or date of the call, wherein said storage means is adapted to store said pattern of calls which includes information on at least one of the set of the time of day of the calls, the day or date of the calls, and the frequency of the calls.
48. Apparatus according to any one of claims 39 to 47 including means for receiving an input code from the origination, means for validating the input code, and means for receiving pattern update data from the origination and for updating said pattern of calls if the input code is valid.
49. A method of controlling access to a telecommunications network, the method comprising the steps of:
determining the origination of calls over the telecommunications network over a current period of time;
comparing a pattern of calls from an origination for the current period of time with an allowed pattern of calls; and
controlling access to the telecommunications network for originations based on the result of the comparison.
50. Apparatus for controlling access to a telecommunications network, the apparatus comprising:
first storage means for storing patterns of allowed calls for originations;
determining means for determining the origination of calls over the telecommunications network over a current period of time;
second storage means for storing patterns of calls from originations over the current period of time;
comparing means for comparing the stored patterns of calls from originations over the current period of time with the stored patterns of allowed calls; and
control means for controlling access to the telecommunications network for the originations based on the result of the comparison.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/394,224 US20030185361A1 (en) | 1997-07-22 | 2003-03-24 | Fraud monitoring system |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GBGB9715497.5A GB9715497D0 (en) | 1997-07-22 | 1997-07-22 | A telecommunications network |
GB9715497.5 | 1997-07-22 | ||
US09/463,299 US6801606B1 (en) | 1997-07-22 | 1998-07-15 | Fraud monitoring system |
US10/394,224 US20030185361A1 (en) | 1997-07-22 | 2003-03-24 | Fraud monitoring system |
Related Parent Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/GB1998/002078 Division WO1999005844A1 (en) | 1997-07-22 | 1998-07-15 | Fraud monitoring system |
US09/463,299 Division US6801606B1 (en) | 1997-07-22 | 1998-07-15 | Fraud monitoring system |
Publications (1)
Publication Number | Publication Date |
---|---|
US20030185361A1 true US20030185361A1 (en) | 2003-10-02 |
Family
ID=10816304
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/463,299 Expired - Fee Related US6801606B1 (en) | 1997-07-22 | 1998-07-15 | Fraud monitoring system |
US10/394,224 Abandoned US20030185361A1 (en) | 1997-07-22 | 2003-03-24 | Fraud monitoring system |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/463,299 Expired - Fee Related US6801606B1 (en) | 1997-07-22 | 1998-07-15 | Fraud monitoring system |
Country Status (6)
Country | Link |
---|---|
US (2) | US6801606B1 (en) |
EP (1) | EP0997028A1 (en) |
AU (1) | AU8349698A (en) |
CA (1) | CA2296332A1 (en) |
GB (1) | GB9715497D0 (en) |
WO (1) | WO1999005844A1 (en) |
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030133450A1 (en) * | 2002-01-08 | 2003-07-17 | Baum Robert T. | Methods and apparatus for determining the port and/or physical location of an IP device and for using that information |
US20030200311A1 (en) * | 2002-01-08 | 2003-10-23 | Baum Robert T. | Methods and apparatus for wiretapping IP-based telephone lines |
US20030211839A1 (en) * | 2002-01-08 | 2003-11-13 | Baum Robert T. | Methods and apparatus for providing emergency telephone service to IP-based telephone users |
US20040071164A1 (en) * | 2002-01-08 | 2004-04-15 | Baum Robert T. | Methods and apparatus for protecting against IP address assignments based on a false MAC address |
US20040111640A1 (en) * | 2002-01-08 | 2004-06-10 | Baum Robert T. | IP based security applications using location, port and/or device identifier information |
US20050160280A1 (en) * | 2003-05-15 | 2005-07-21 | Caslin Michael F. | Method and system for providing fraud detection for remote access services |
US20050243984A1 (en) * | 2003-05-15 | 2005-11-03 | Mahone Saralyn M | Method and apparatus for providing fraud detection using hot or cold originating attributes |
US20050249341A1 (en) * | 2003-05-15 | 2005-11-10 | Mahone Saralyn M | Method and apparatus for providing fraud detection using geographically differentiated connection duration thresholds |
US20050278550A1 (en) * | 2003-05-15 | 2005-12-15 | Mahone Saralyn M | Method and system for prioritizing cases for fraud detection |
US20080114888A1 (en) * | 2006-11-14 | 2008-05-15 | Fmr Corp. | Subscribing to Data Feeds on a Network |
US20080114886A1 (en) * | 2006-11-14 | 2008-05-15 | Fmr Corp. | Detecting and Interdicting Fraudulent Activity on a Network |
US20080115213A1 (en) * | 2006-11-14 | 2008-05-15 | Fmr Corp. | Detecting Fraudulent Activity on a Network Using Stored Information |
US20080114885A1 (en) * | 2006-11-14 | 2008-05-15 | Fmr Corp. | Detecting Fraudulent Activity on a Network |
US20100299757A1 (en) * | 2009-05-21 | 2010-11-25 | Ho Sub Lee | Mobile terminal for information security and information security method of mobile terminal |
US20120284017A1 (en) * | 2005-12-23 | 2012-11-08 | At& T Intellectual Property Ii, L.P. | Systems, Methods, and Programs for Detecting Unauthorized Use of Text Based Communications |
US8837695B1 (en) * | 2005-03-29 | 2014-09-16 | At&T Intellectual Property Ii, L.P. | Method and apparatus for monitoring shifts in call patterns |
US20140372313A1 (en) * | 2008-12-19 | 2014-12-18 | Ebay Inc. | Systems and methods for mobile transactions |
CN104660834A (en) * | 2015-03-23 | 2015-05-27 | 中国人民解放军信息工程大学 | Junk call protection method and device |
US20160150092A1 (en) * | 2014-11-21 | 2016-05-26 | Marchex, Inc. | Analyzing voice characteristics to detect fraudulent call activity and take corrective action without using recording, transcription or caller id |
GB2582613A (en) * | 2019-03-28 | 2020-09-30 | British Telecomm | Telephone network |
WO2022081269A1 (en) * | 2020-10-14 | 2022-04-21 | Feedzai-Consultadoria e Inovação Tecnológica, S.A. | Weakly supervised multi-task learning for concept-based explainability |
US11392954B2 (en) | 2020-10-14 | 2022-07-19 | Feedzai—Consultadoria e Inovação Tecnológica, S.A. | Hierarchical machine learning model for performing a decision task and an explanation task |
US11412085B2 (en) | 2019-03-28 | 2022-08-09 | British Telecommunications Public Limited Company | Spoof call detection in telephone network |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6163604A (en) * | 1998-04-03 | 2000-12-19 | Lucent Technologies | Automated fraud management in transaction-based networks |
DE19905884B4 (en) * | 1999-02-11 | 2005-01-13 | T-Mobile Deutschland Gmbh | A method for detecting customer-related abuses of network operator services by means of online analysis of customer-related data records |
GB9910268D0 (en) * | 1999-05-04 | 1999-06-30 | Northern Telecom Ltd | Behavourial pattern recognition for event streams |
US6601014B1 (en) | 1999-11-30 | 2003-07-29 | Cerebrus Solutions Ltd. | Dynamic deviation |
EP1107168A1 (en) * | 1999-12-09 | 2001-06-13 | BRITISH TELECOMMUNICATIONS public limited company | Method and apparatus for updating a training set |
GB0207392D0 (en) * | 2002-03-28 | 2002-05-08 | Neural Technologies Ltd | A configurable data profiling system |
US7327837B1 (en) * | 2002-09-30 | 2008-02-05 | At&T Corp. | Call routing method |
JP4245151B2 (en) * | 2004-02-26 | 2009-03-25 | 埼玉日本電気株式会社 | Mobile phone with use restriction function and method of restricting use of the machine |
CN1992752A (en) * | 2005-12-30 | 2007-07-04 | 华为技术有限公司 | System, method and network equipment for implementing network equipment on-condition maintenance |
WO2009102728A1 (en) * | 2008-02-11 | 2009-08-20 | Clearshift Corporation | Online work management system |
US8911507B1 (en) * | 2011-11-22 | 2014-12-16 | Symantec Corporation | Systems and methods for mitigating mobile device loss |
US10200531B2 (en) * | 2017-03-14 | 2019-02-05 | Lenovo (Singapore) Pte. Ltd. | Mitigating potential fraud |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5345595A (en) * | 1992-11-12 | 1994-09-06 | Coral Systems, Inc. | Apparatus and method for detecting fraudulent telecommunication activity |
US5566234A (en) * | 1993-08-16 | 1996-10-15 | Mci Communications Corporation | Method for controlling fraudulent telephone calls |
US6041108A (en) * | 1997-06-03 | 2000-03-21 | Daewoo Telecom, Ltd. | Method and apparatus for intelligent network call handling in a telephone exchange |
US6212266B1 (en) * | 1996-03-29 | 2001-04-03 | British Telecommunications Public Limited Company | Fraud prevention in a telecommunications network |
US6327345B1 (en) * | 1994-09-16 | 2001-12-04 | Mci Communications Corporation | Method and system therefor of establishing an acceptance threshold for controlling fraudulent telephone calls |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW225623B (en) | 1993-03-31 | 1994-06-21 | American Telephone & Telegraph | Real-time fraud monitoring system |
US5504810A (en) * | 1993-09-22 | 1996-04-02 | At&T Corp. | Telecommunications fraud detection scheme |
US5495521A (en) * | 1993-11-12 | 1996-02-27 | At&T Corp. | Method and means for preventing fraudulent use of telephone network |
US5463681A (en) | 1993-12-29 | 1995-10-31 | At&T Corp. | Security system for terminating fraudulent telephone calls |
US5627886A (en) * | 1994-09-22 | 1997-05-06 | Electronic Data Systems Corporation | System and method for detecting fraudulent network usage patterns using real-time network monitoring |
DE69631647D1 (en) * | 1995-03-30 | 2004-04-01 | Azure Solutions Ltd | DETECTING POSSIBLE FRAUDULARY USE OF COMMUNICATION |
US5790645A (en) * | 1996-08-01 | 1998-08-04 | Nynex Science & Technology, Inc. | Automatic design of fraud detection systems |
US6466778B1 (en) * | 1997-07-22 | 2002-10-15 | British Telecommunications Public Limited Company | Monitoring a communication network |
-
1997
- 1997-07-22 GB GBGB9715497.5A patent/GB9715497D0/en active Pending
-
1998
- 1998-07-15 US US09/463,299 patent/US6801606B1/en not_active Expired - Fee Related
- 1998-07-15 CA CA002296332A patent/CA2296332A1/en not_active Abandoned
- 1998-07-15 WO PCT/GB1998/002078 patent/WO1999005844A1/en active Application Filing
- 1998-07-15 EP EP98933800A patent/EP0997028A1/en not_active Withdrawn
- 1998-07-15 AU AU83496/98A patent/AU8349698A/en not_active Abandoned
-
2003
- 2003-03-24 US US10/394,224 patent/US20030185361A1/en not_active Abandoned
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5345595A (en) * | 1992-11-12 | 1994-09-06 | Coral Systems, Inc. | Apparatus and method for detecting fraudulent telecommunication activity |
US5566234A (en) * | 1993-08-16 | 1996-10-15 | Mci Communications Corporation | Method for controlling fraudulent telephone calls |
US6327345B1 (en) * | 1994-09-16 | 2001-12-04 | Mci Communications Corporation | Method and system therefor of establishing an acceptance threshold for controlling fraudulent telephone calls |
US6212266B1 (en) * | 1996-03-29 | 2001-04-03 | British Telecommunications Public Limited Company | Fraud prevention in a telecommunications network |
US6041108A (en) * | 1997-06-03 | 2000-03-21 | Daewoo Telecom, Ltd. | Method and apparatus for intelligent network call handling in a telephone exchange |
Cited By (54)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7844814B2 (en) | 2002-01-08 | 2010-11-30 | Verizon Services Corp. | Methods and apparatus for protecting against IP address assignments based on a false MAC address |
US8411672B2 (en) | 2002-01-08 | 2013-04-02 | Verizon Services Corp. | Methods and apparatus for providing emergency telephone service to IP-based telephone users |
US20030211839A1 (en) * | 2002-01-08 | 2003-11-13 | Baum Robert T. | Methods and apparatus for providing emergency telephone service to IP-based telephone users |
US20040071164A1 (en) * | 2002-01-08 | 2004-04-15 | Baum Robert T. | Methods and apparatus for protecting against IP address assignments based on a false MAC address |
US20040111640A1 (en) * | 2002-01-08 | 2004-06-10 | Baum Robert T. | IP based security applications using location, port and/or device identifier information |
US7873985B2 (en) | 2002-01-08 | 2011-01-18 | Verizon Services Corp. | IP based security applications using location, port and/or device identifier information |
US20030200311A1 (en) * | 2002-01-08 | 2003-10-23 | Baum Robert T. | Methods and apparatus for wiretapping IP-based telephone lines |
US7843934B2 (en) * | 2002-01-08 | 2010-11-30 | Verizon Services Corp. | Methods and apparatus for providing emergency telephone service to IP-based telephone users |
US8402559B2 (en) | 2002-01-08 | 2013-03-19 | Verizon Services Corp. | IP based security applications using location, port and/or device identifier information |
US7836160B2 (en) | 2002-01-08 | 2010-11-16 | Verizon Services Corp. | Methods and apparatus for wiretapping IP-based telephone lines |
US7843923B2 (en) | 2002-01-08 | 2010-11-30 | Verizon Services Corp. | Methods and apparatus for determining the port and/or physical location of an IP device and for using that information |
US7320070B2 (en) | 2002-01-08 | 2008-01-15 | Verizon Services Corp. | Methods and apparatus for protecting against IP address assignments based on a false MAC address |
US20080092228A1 (en) * | 2002-01-08 | 2008-04-17 | Verizon Services Corporation | Methods and apparatus for protecting against IP address assignments based on a false MAC address |
US20030133450A1 (en) * | 2002-01-08 | 2003-07-17 | Baum Robert T. | Methods and apparatus for determining the port and/or physical location of an IP device and for using that information |
US20050249341A1 (en) * | 2003-05-15 | 2005-11-10 | Mahone Saralyn M | Method and apparatus for providing fraud detection using geographically differentiated connection duration thresholds |
US8638916B2 (en) | 2003-05-15 | 2014-01-28 | Verizon Business Global Llc | Method and apparatus for providing fraud detection using connection frequency and cumulative duration thresholds |
US20050278550A1 (en) * | 2003-05-15 | 2005-12-15 | Mahone Saralyn M | Method and system for prioritizing cases for fraud detection |
US20100080372A1 (en) * | 2003-05-15 | 2010-04-01 | Verizon Patent And Licensing Inc. | Method and apparatus for providing fraud detection using hot or cold originating attributes |
US7774842B2 (en) | 2003-05-15 | 2010-08-10 | Verizon Business Global Llc | Method and system for prioritizing cases for fraud detection |
US7783019B2 (en) | 2003-05-15 | 2010-08-24 | Verizon Business Global Llc | Method and apparatus for providing fraud detection using geographically differentiated connection duration thresholds |
US7817791B2 (en) | 2003-05-15 | 2010-10-19 | Verizon Business Global Llc | Method and apparatus for providing fraud detection using hot or cold originating attributes |
US20050268113A1 (en) * | 2003-05-15 | 2005-12-01 | Mahone Saralyn M | Method and apparatus for providing fraud detection using connection frequency thresholds |
US8340259B2 (en) | 2003-05-15 | 2012-12-25 | Verizon Business Global Llc | Method and apparatus for providing fraud detection using hot or cold originating attributes |
US20050262563A1 (en) * | 2003-05-15 | 2005-11-24 | Mahone Saralyn M | Method and apparatus for providing fraud detection using connection frequency and cumulative duration thresholds |
US7971237B2 (en) | 2003-05-15 | 2011-06-28 | Verizon Business Global Llc | Method and system for providing fraud detection for remote access services |
US20050243984A1 (en) * | 2003-05-15 | 2005-11-03 | Mahone Saralyn M | Method and apparatus for providing fraud detection using hot or cold originating attributes |
US8015414B2 (en) * | 2003-05-15 | 2011-09-06 | Verizon Business Global Llc | Method and apparatus for providing fraud detection using connection frequency thresholds |
US20050160280A1 (en) * | 2003-05-15 | 2005-07-21 | Caslin Michael F. | Method and system for providing fraud detection for remote access services |
US8837695B1 (en) * | 2005-03-29 | 2014-09-16 | At&T Intellectual Property Ii, L.P. | Method and apparatus for monitoring shifts in call patterns |
US8548811B2 (en) | 2005-12-23 | 2013-10-01 | At&T Intellectual Property Ii, L.P. | Systems, methods, and programs for detecting unauthorized use of text based communications services |
US9491179B2 (en) | 2005-12-23 | 2016-11-08 | At&T Intellectual Property Ii, L.P. | Systems, methods and programs for detecting unauthorized use of text based communications services |
US9173096B2 (en) | 2005-12-23 | 2015-10-27 | At&T Intellectual Property Ii, L.P. | Systems, methods and programs for detecting unauthorized use of text based communications services |
US20120284017A1 (en) * | 2005-12-23 | 2012-11-08 | At& T Intellectual Property Ii, L.P. | Systems, Methods, and Programs for Detecting Unauthorized Use of Text Based Communications |
US10097997B2 (en) | 2005-12-23 | 2018-10-09 | At&T Intellectual Property Ii, L.P. | Systems, methods and programs for detecting unauthorized use of text based communications services |
US8386253B2 (en) * | 2005-12-23 | 2013-02-26 | At&T Intellectual Property Ii, L.P. | Systems, methods, and programs for detecting unauthorized use of text based communications |
US7856494B2 (en) | 2006-11-14 | 2010-12-21 | Fmr Llc | Detecting and interdicting fraudulent activity on a network |
US20080115213A1 (en) * | 2006-11-14 | 2008-05-15 | Fmr Corp. | Detecting Fraudulent Activity on a Network Using Stored Information |
US20080114885A1 (en) * | 2006-11-14 | 2008-05-15 | Fmr Corp. | Detecting Fraudulent Activity on a Network |
US20080114886A1 (en) * | 2006-11-14 | 2008-05-15 | Fmr Corp. | Detecting and Interdicting Fraudulent Activity on a Network |
US20080114888A1 (en) * | 2006-11-14 | 2008-05-15 | Fmr Corp. | Subscribing to Data Feeds on a Network |
US8180873B2 (en) | 2006-11-14 | 2012-05-15 | Fmr Llc | Detecting fraudulent activity |
US8145560B2 (en) * | 2006-11-14 | 2012-03-27 | Fmr Llc | Detecting fraudulent activity on a network |
US20140372313A1 (en) * | 2008-12-19 | 2014-12-18 | Ebay Inc. | Systems and methods for mobile transactions |
US20100299757A1 (en) * | 2009-05-21 | 2010-11-25 | Ho Sub Lee | Mobile terminal for information security and information security method of mobile terminal |
US20160150092A1 (en) * | 2014-11-21 | 2016-05-26 | Marchex, Inc. | Analyzing voice characteristics to detect fraudulent call activity and take corrective action without using recording, transcription or caller id |
US9596356B2 (en) * | 2014-11-21 | 2017-03-14 | Marchex, Inc. | Analyzing voice characteristics to detect fraudulent call activity and take corrective action without using recording, transcription or caller ID |
CN104660834A (en) * | 2015-03-23 | 2015-05-27 | 中国人民解放军信息工程大学 | Junk call protection method and device |
GB2582613A (en) * | 2019-03-28 | 2020-09-30 | British Telecomm | Telephone network |
GB2582613B (en) * | 2019-03-28 | 2022-04-13 | British Telecomm | Telephone network |
US11412085B2 (en) | 2019-03-28 | 2022-08-09 | British Telecommunications Public Limited Company | Spoof call detection in telephone network |
US11849068B2 (en) | 2019-03-28 | 2023-12-19 | British Telecommunications Public Limited Company | Spoof call detection in telephone network |
WO2022081269A1 (en) * | 2020-10-14 | 2022-04-21 | Feedzai-Consultadoria e Inovação Tecnológica, S.A. | Weakly supervised multi-task learning for concept-based explainability |
US11392954B2 (en) | 2020-10-14 | 2022-07-19 | Feedzai—Consultadoria e Inovação Tecnológica, S.A. | Hierarchical machine learning model for performing a decision task and an explanation task |
US11544471B2 (en) | 2020-10-14 | 2023-01-03 | Feedzai—Consultadoria e Inovação Tecnológica, S.A. | Weakly supervised multi-task learning for concept-based explainability |
Also Published As
Publication number | Publication date |
---|---|
US6801606B1 (en) | 2004-10-05 |
WO1999005844A1 (en) | 1999-02-04 |
EP0997028A1 (en) | 2000-05-03 |
GB9715497D0 (en) | 1997-10-01 |
CA2296332A1 (en) | 1999-02-04 |
AU8349698A (en) | 1999-02-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6801606B1 (en) | Fraud monitoring system | |
US6085084A (en) | Automated creation of a list of disallowed network points for use in connection blocking | |
CA2327338C (en) | Automated and selective authentication in transaction-based networks | |
KR100318147B1 (en) | Callee Control Method for Telecommunication Network Service | |
US6996220B2 (en) | Method and apparatus for forwarding caller identification for a credit card or calling card call to an automatic number identification system of a telephone network | |
US20060291641A1 (en) | Methods and systems for selective threshold based call blocking | |
CA2311367A1 (en) | Multiple subscriber service profiles per mobile station in a cellular communications system | |
EP1297680A1 (en) | Fraud detection based on call attempt velocity on terminating number | |
FI108503B (en) | Limiting the duration of data falsification in a telecommunications network | |
KR20080077187A (en) | Method for call-theft detection | |
US6473611B2 (en) | Preventing misuse of call forwarding service | |
AU2003204508B2 (en) | Fraud monitoring system | |
US20020186825A1 (en) | Service management system blocking | |
US6590967B1 (en) | Variable length called number screening | |
US8160961B1 (en) | Charging for prepaid subscribers in a telecommunications system | |
CA2296328C (en) | Monitoring a communication network | |
US6466778B1 (en) | Monitoring a communication network | |
JP2000022856A (en) | Trunk line incoming call charging system by calling telephone number notice | |
SE517325C2 (en) | Intelligent node in telecommunication system | |
WO1999067933A2 (en) | Multinetwork telephone set and method for using it | |
CA2509932A1 (en) | Charging for prepaid subscribers in a telecommunications system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |