The current state of global telecommunications threats demands new responses. Only the use of real-time data analysis and proactive threat detection can match the sophistication of current hacking activities worldwide.

Timely data gathering, real-time machine-based analysis, and quick dissemination of emerging threats creates a more proactive and effective security and fraud prevention environment. This combination is a future-proof, ever-evolving security strategy that meets head-on the ever-changing nature of hackers, fraudsters, and malware over telecommunication networks.

With the wide variety of connected mobile devices surrounding everyone in their daily lives, we have all become increasingly susceptible to hackers interested in the signaling messages that transfer valuable and personal information over mobile networks. Consequently, mobile operators face new decisions for securing their networks and protecting their infrastructures from cyber attacks. Additionally, there are increased legislations mandating the protection of end-user information (e.g. GDPR in Europe). In recent years, global criminal organizations have succeeded in compromising mobile operator networks and accessing sensitive customer data via signaling protocol attacks over SS7 and Diameter, for bank fraud and other criminal acts. These types of attacks are accelerating in volume and severity. A 2019 survey from the Communications Fraud Control Association (CFCA) the types of fraud losses telcos face, as illustrated in the chart below.

The industry now needs comprehensive multi-protocol firewalls to secure SS7 and Diameter signaling networks against today’s sophisticated attacks. Such attack scenarios, and the guidelines for signaling firewalls, are described in GSMA standards FS.11 and FS.19. The effectiveness of these technical network elements, however, requires complete and accurate data for the filtering actions within signaling security firewalls. This data helps analyze if an incoming signaling message may proceed or needs to be blocked, or if a call set-up may continue, be redirected or is rejected.

In discussions with TIER1 operators, the acquisition and updating of such data appears to cause major operational challenges for all carriers. The industry needs to address the specific operational challenges that operators face and what type of solutions could be effectively deployed. The first step is understanding the problems inherent in specific security and fraud use cases, and how global data sets and machine learning solutions can mitigate these vulnerabilities. Learn more about these use cases by downloading the NetNumber Signaling Security white paper.

Telecom Fraud is Big Business

Mobile operators also face serious business risk due to both consumer and network fraud. A recent survey from the CFCA indicates telecom fraud resulted in a global annual loss of $28.3B, and 1.74% of global telecom revenues lost due to fraud. Last year, telecom networks handled 89 million scam calls daily!

What types of fraud are operators facing?

Consumer Fraud includes:

  • Robocalling and Wangiri: Fraudulent call generation or misleading end-users for making calls to premium numbers
  • CLI Spoofing: Names and numbers are spoofed to mislead the receiver about the sender of the call
  • Nuisance and Scam calls: Unwanted, unsolicited calls for marketing purposes

Network Fraud, which alone results in operator losses of more than $10B per year, include:

  • Call Rerouting (IRSF) or Short Stopping: call is diverted from proper destination via number range or route manipulation, typical IRSF
  • Call Refiling: A way of CLI Spoofing to pay out a lower Mobile Termination rate by changing the CLI to one falling in the cheap(er) tariff
  • Traffic Inflation: Generating additional roaming revenue with calls or data sessions that are free on the retail and charged on the wholesale

Complaints about telemarketers and scammers have steadily increased in recent years, with robocalls identified in the majority of cases. Telecom operators must have real-time measures to fight consumer fraud to avoid heavy fines.

Implementing the Right Solution

NetNumber provides multiple Fraud and Security Control applications on the TITAN platform that can be configured/orchestrated from a common management GUI or standard API. Solutions use a continually updated GSMA dataset of fraudulent numbers and is augmented by an in-house global database of blacklisted numbers, updated in real-time. Operators can block robocalls by source numbers and call patterns, stop call-back scams, and greatly reduce termination fee fraud. Using a combination of CDR scanning, GSMA data, and source data from literally hundreds of NetNumber global sources, the service updates in near-real-time and is continually uploaded to operator subscribers 24/7. This provides protection from fraud and malicious hacking.

These Fraud and Security applications can be combined easily with the other TITAN applications to protect against multi-technology and multi-protocol threat vectors. For example, when mobile users are travelling, the Home Public Mobile Network constantly receives location updates to process in the HSS and HLR applications, updating the user profile. User profiles are targeted by hackers to gain control over user settings and eavesdrop on calls or use SMS for attacks like banking fraud. The NetNumber Signaling Firewall supports sophisticated plausibility checking capabilities that monitor the status of outbound roamers, verifying incoming location update messages in SS7/Diameter against criteria like time and location before forwarding them to the HSS.

NetNumber Fraud and Security solutions also detect new toll fraud cases in real-time, by analyzing traffic patterns and call activities using AI and machine learning to help identify and isolate suspicious behaviours and potential fraud in real-time.

Ring, Ring…

Increasingly, subscribers are not answering calls driven both by the growth of other types of communications (e.g. SMS, social media) but also by increasing numbers of robocalls and spam calls. Operators are joining forces, working with associations and mandated by legislatures, to block nuisance calls. NetNumber is actively engaged in defining and/or supporting the industry solutions for the three standards in development across the US and Europe:


Standards being defined in the US based on FCC mandates to regain trust for the CLI or Calling Name delivered for incoming calls. STIR SHAKEN is a SIP-only solution and specifically designed to work between Service Providers within a national boundary.

  • Out of Band STIR

Standards also being mandated by the FCC to ensure that local US operators will deliver STIR SHAKEN verified calls despite many operators still with legacy non-SIP networks that do not support the SIP-verified CLI passport information used in STIR SHAKEN.


This standard for Stopping Exploitation of Internetwork Signaling by Mitigating Illegitimate Communications (SEISMIC) is a focus of several large operator groups in Europe.

A New Perspective

NetNumber offers a new perspective— claiming the industry’s most robust cloud-native platform for core networks, that addresses both the legacy and next-generation requirements of telecoms.

This blog post was adapted from a Mobile Europe Supplement & Report sponsored by NetNumberFor the full complimentary report please download here.


Leave a Reply

Your email address will not be published.