EP4252407A1 - Procede et systeme de lutte contre la fraude telephonique aux appels-pieges - Google Patents
Procede et systeme de lutte contre la fraude telephonique aux appels-piegesInfo
- Publication number
- EP4252407A1 EP4252407A1 EP21823979.6A EP21823979A EP4252407A1 EP 4252407 A1 EP4252407 A1 EP 4252407A1 EP 21823979 A EP21823979 A EP 21823979A EP 4252407 A1 EP4252407 A1 EP 4252407A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- telephone
- numbers
- suspicious
- communication
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 97
- 230000011664 signaling Effects 0.000 claims abstract description 65
- 238000001514 detection method Methods 0.000 claims abstract description 31
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 9
- 238000004891 communication Methods 0.000 claims description 315
- 230000000903 blocking effect Effects 0.000 claims description 69
- 230000005540 biological transmission Effects 0.000 claims description 46
- 239000000523 sample Substances 0.000 claims description 13
- 238000013480 data collection Methods 0.000 claims description 8
- 230000003542 behavioural effect Effects 0.000 claims description 2
- 230000002123 temporal effect Effects 0.000 claims description 2
- 230000008569 process Effects 0.000 description 7
- 230000004044 response Effects 0.000 description 7
- 230000009471 action Effects 0.000 description 6
- 230000005236 sound signal Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000000717 retained effect Effects 0.000 description 3
- 230000009849 deactivation Effects 0.000 description 2
- 230000001627 detrimental effect Effects 0.000 description 2
- 230000002349 favourable effect Effects 0.000 description 2
- 239000002131 composite material Substances 0.000 description 1
- 230000003116 impacting effect Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003449 preventive effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 230000003014 reinforcing effect Effects 0.000 description 1
- 230000008685 targeting Effects 0.000 description 1
- 238000013518 transcription Methods 0.000 description 1
- 230000035897 transcription Effects 0.000 description 1
- 238000011144 upstream manufacturing Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M15/00—Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
- H04M15/04—Recording calls, or communications in printed, perforated or other permanent form
- H04M15/06—Recording class or number of calling, i.e. A-party or called party, i.e. B-party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M15/00—Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
- H04M15/41—Billing record details, i.e. parameters, identifiers, structure of call data record [CDR]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M15/00—Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
- H04M15/47—Fraud detection or prevention means
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/24—Accounting or billing
Definitions
- the present invention relates to the general technical field of telecommunications, and in particular telephone communications
- the present invention relates more specifically to the technical field of methods and systems for combating telephone fraud comprising the transmission of a telephone communication, called requesting below, requesting the transmission in return of a telephone call to a telephone number, referred to as the target number below.
- This type of phone fraud usually comes in the following three main variants.
- the fraud is known as a trap call (or "ping call” in English, or even “wangiri” in Japanese), the soliciting communication being a voice telephone call . It consists for a fraudster to call a subscriber of a telephone operator without giving the latter time to pick up or by interrupting the communication very quickly. Faced with such a missed or interrupted call, the subscriber is in fact encouraged to call back the corresponding sender number (calling number) displayed on his telephone, which sender number may be a Value Added Service (VAS) number. surcharged or a number to which the sending of a call generates high outgoing interconnection costs for the operator of the called subscriber.
- VAS Value Added Service
- the fraudster seeks to maximize the communication time to capture a share of the corresponding interconnection revenues, for example by means of a voice response system which automatically picks up the call and then plays music on hold or a pre-recorded voice message.
- the soliciting communication is again a voice telephone call, but this time, when the customer picks up, a voice response system broadcasts a pre-recorded voice message instructing him, under some false pretext, to call back a telephone number. dictated in the voice message.
- the soliciting communication is a text message (for example, an SMS) or multimedia message (for example, an MMS) the content of which directs the subscriber to send in return a voice telephone call or a text or multimedia message intended either for the sender number that is displayed for the message received by the customer, or another telephone number contained in said message.
- the telephone number to which the subscriber is invited to send a telephone call in return is generally here also a surcharged VAS number or a number to which the sending of a call or a message generates high outgoing interconnection costs for the operator of the requested subscriber.
- This type of fraud is detrimental in the first place for the subscriber of the telephone operator, who is billed by his operator for a sometimes large sum for the call or the message he sent to the target number in response at the request of the fraudster. It is also detrimental to the telephone company, which has to deal with an increase in its outgoing interconnection costs, and possible dissatisfaction and a demand for reimbursement from the subscriber regarding the amounts billed to the latter.
- the target number used by the fraudster is a foreign telephone number, the telephone company must pay termination charges to the transit operator to whom it entrusts the task of routing the customer's call or message to the number foreign target.
- the objects assigned to the invention therefore aim to provide an answer to the aforementioned problem, and to propose a new method and a new system for combating telephone fraud described above, which allow rapid detection of fraudulent communications and the rapid and effective implementation of appropriate and targeted remedies against fraud.
- Another object of the invention aims to propose a new method and a new system for combating the telephone fraud described above, which allow particularly precise detection of fraudulent communications.
- Another object of the invention aims to propose a new method and a new system for combating telephone fraud which are substantially transparent or particularly low-impact for legitimate users of telephone networks.
- Another object of the invention aims to provide a new method and a new system for combating telephone fraud which, while being particularly effective, nevertheless remain relatively simple to deploy and implement.
- Another object of the invention aims to propose a new method and a new system for combating telephone fraud which are particularly adaptable to the needs and strategies of telephone operators in terms of combating fraud.
- the objects assigned to the invention are achieved with the aid of a method for combating telephone fraud comprising the transmission of a telephone communication, called a soliciting communication, requesting the transmission in return of a telephone communication to a telephone number, called target number, said method comprising the following steps: collection E1 of signaling data for telephone communications carried out via a telephone network of a telephone operator; detection E2 of suspicious telephone communications from signaling data collected and using at least one detection algorithm, and for each suspicious telephone communication detected, identification E3 and storage of a telephone number, called suspicious number, to which said telephone communication is suspected of fraudulently soliciting the transmission of a telephone communication in return; comparison E4 of said suspect number with at least one telephone number and/or at least a range of telephone numbers, known as certified target numbers, contained in a certification database, and definition E5 for said suspect number of a different risk depending on whether or not said suspicious number corresponds to a certified target number and/or to a number belonging to a range of certified target numbers contained in said certification database.
- the objects assigned to the invention are also achieved with the aid of a system for combating telephone fraud comprising the transmission of a telephone communication, called a soliciting communication, requesting the transmission in return of a telephone communication to a telephone number, called the target number, said system comprising a network signaling data collection device for collecting signaling data from telephone communications carried out via a telephone network of a telephone operator, and software and/or hardware means to implement the method according to the invention.
- Figure 1 schematically illustrates a preferred embodiment of a system for combating telephone fraud according to the invention.
- the invention relates to a method for combating telephone fraud, which fraud comprises, as explained above, the transmission of a telephone communication by a fraudster, called soliciting communication, to a subscriber of a telephone operator (telephone operator). This soliciting communication solicits the issue in return by the subscriber of a telephone communication to a telephone number, called the target number, for the benefit of the fraudster.
- the invention also relates to a system 1 for combating such fraud, which system 1 is advantageously designed and configured to implement the combat method in accordance with the invention. As will be detailed below, said system 1 therefore comprises software and/or hardware means for implementing said method.
- FIG. 1 illustrates a preferred embodiment of a system 1 for combating fraud in accordance with the invention. This embodiment is of course only given here by way of example and in a non-limiting manner.
- the method in accordance with the invention comprises a step E1 of collecting signaling data from telephone communications carried out via a telephone network 2 of a telephone operator, which is typically carried out using a data collection device from network signaling.
- the telephone network 2 concerned is typically a telephone network of a given telephone operator, which wishes to fight against fraud in soliciting communications (and in particular of the trap-call type) on its telephone network and targeting its subscribers (incoming soliciting communicators) . It may be a mobile telephone network, a fixed telephone network, or even a fixed and mobile telephone network.
- the communications, for which signaling data, are collected may be telephone communications in voice format, i.e. voice telephone calls, and/or text or multimedia telephone messages (typically in SMS or MMS format) .
- telephone calls made is meant here advantageously telephone calls which have been initiated and/or routed through the telephone network 2 of the telephone operator, preferably telephone calls initiated and/or routed through the telephone network 2 until reaching a telephone number recipient of the telephone communication, more preferably telephone communications which have then been finalized from so that the phone line was released. It is therefore preferentially telephone communications which have effectively reached a recipient subscriber, either directly (for example with the transmission of an incoming call warning signal on a telephone terminal of the recipient subscriber, possibly followed by establishing a voice call if the subscriber picks up, or by delivering a text or multimedia message to the telephone terminal of the recipient subscriber), or indirectly (for example, via a subscriber's voice mail corresponding to the telephone number recipient).
- the signaling data can be collected using a collection device 3 consisting of a, that is to say comprising a, system of network signaling probes 3A connected to said telephone network 2.
- a collection device 3 consisting of a, that is to say comprising a, system of network signaling probes 3A connected to said telephone network 2.
- passive, network signaling probes are hardware and/or software devices well known as such.
- the network signaling probes are configured to passively monitoring the signaling channels of the telephone network 2, and collecting on its latter and recording in real time (or near real time) signaling data relating to the telephone communications in which the telephone network 2 is involved, with a view to processing particular application.
- a system of network signaling probes 3A external to the telephone network 2, independent of the latter, and therefore not belonging to a signaling network of said telephone network 2.
- Such a system of network signaling probes 3A does not intervene, as such, in the realization of telephone communications through the telephone network 2.
- the system of network signaling probes 3A thus collects a certain number of signaling data and compiles them advantageously, for each telephone communication concerned, for example in a detailed call record (“Call Detail Report” or “Call Detail Record” or even “Call Data Record” (CDR), in English).
- said signaling data can be collected, and advantageously compiled in the form of detailed call records, directly by one or more dedicated software modules embedded in network equipment of the telephone network (or "integrated probes")
- the signaling data is therefore not collected via "external" probes. connected to the telephone network, but directly by technical equipment belonging to the latter and responsible for the transmission, establishment, telephone communications and generation / reception of the corresponding signaling data.
- a signaling data collection device 3 comprising a system of network signaling probes (typically passive) 3A connected to said telephone network 2 proves to be more advantageous.
- the signaling data collection step E1 thus consists in collecting, in real or quasi-real time, for example using a system of network signaling probes 3A, data relating to telephone numbers involved in said telephone communications as well as, preferably, time data relating to said telephone communications.
- said signaling data is advantageously collected during the initialization and/or the routing of said telephone communications through the telephone network 2, preferably while the telephone communications are established, as well as more preferably in the following second or seconds. the end of the telephone calls concerned, that is to say after the release of the corresponding telephone line.
- the signaling data thus collected may include, as data relating to telephone numbers: a telephone number recipient of the communication (“ISDN” recipient , or number called in the case of a communication in the form of a voice call), and/or a telephone number from which the communication originated (“ISDN” of origin, actually at the origin of the communications), and/or a telephone number, referred to as the sender number in the following, intended to be displayed on the recipient's telephone terminal (that is to say as the "caller's" number in the case of a communication in the form of a a voice call).
- the sender number to be displayed may possibly be different from the aforementioned original telephone number. It is indeed a telephone number which will be displayed on the recipient's telephone terminal, but which may not be the telephone number actually at the origin of the communication, i.e. the phone number actually used to send or route the communication to the recipient.
- the signaling data collected may typically include, as associated time data, a timestamp of when the telephone call was initiated from the originating phone number of the call, a timestamp of the instant at which communication is established with a recipient (or called party), a timestamp of the instant at which the communication is released by the sender (or caller) or by the called party, and/or a timestamp of the instant at which the signaling link relating to the communication is released after the interruption of the communication.
- the telephone communications concerned it is particularly advantageous for the telephone communications concerned to be telephone communications not only initiated and/or routed, but which have also reached the corresponding destination number (whether the destination subscriber picks up or not in the case of a communication in voice format), insofar as this makes it possible to collect and compile such temporal data, which is particularly useful for the detection of fraud of the "trap call” type, which is often characterized by telephone communications in voice format with a very short incoming call warning signal duration (ringing) or no or very short voice communication establishment duration (typically only a few seconds).
- the system 1 in accordance with the invention therefore comprises a device 3 for collecting network signaling data to collect signaling data for telephone communications carried out via a telephone network 2 of the telephone operator concerned (such as for example a system of typically passive network signaling probes 3A, as described above, which is connected, interfaced, to said network telephone 2).
- the system 1 comprises a dedicated signaling database 4 in which the signaling data thus collected are stored, in volatile or non-volatile memory.
- the method in accordance with the invention then comprises a step E2 of detecting suspicious telephone communications, from signaling data collected during the aforementioned collection step E1 and using at least one detection algorithm.
- Step E2 of detecting suspicious telephone communications therefore aims to detect, among a set of telephone communications carried out via the telephone network 2 concerned and with the aid of signaling data associated with these telephone communications, particular communications which are likely to be soliciting communications, as defined above.
- step E2 of detecting suspicious telephone communications implements one or more detection algorithms using one or more traffic profiles based on a combination of significant indicators defined, constructed, from collected signaling data.
- the step E2 of detecting suspicious telephone communications advantageously implements a behavioral analysis of the telephone communications for which signaling data has been collected during the collection step E1.
- Particular threshold values are advantageously defined and adjusted for all or part of the significant indicators to achieve a good compromise between the detection precision and the speed of execution of the detection step E2.
- call frequency number of incoming voice telephone calls on the telephone network 2 greater than a predefined threshold value, over a predefined past period of time, issued by the same sender number and/or a same telephone number of origin of the communication, or by sender numbers and/or telephone numbers of origin of the communication belonging to the same range of telephone numbers; call ringing duration (incoming call warning) for a given incoming call on the telephone network 2: tone duration greater than a predefined threshold value (typically non-zero); duration of incoming communication established on the telephone network 2 for a given call: duration of communication established—after picking up a voice telephone call given by the recipient of the latter—less than a predefined threshold value (typically less than a few seconds); geographical origin of the caller's number for a given call: o international telephone code of the originating
- the method comprises, for each suspicious telephone communication thus detected by analysis of network signaling data collected, a step E3 of identifying and storing a telephone number, called suspicious number, to which said telephone communication is therefore suspected of requesting fraudulently sending back an outgoing telephone call by the recipient.
- a so-called suspicious number is therefore a telephone number suspected of being a target, fraudulent number.
- the suspicious number may correspond to the sender number associated with the telephone communication detected as suspicious, that is to say the telephone number intended to be displayed on the telephone terminal of the recipient (called).
- said transmitter number is contained, as such, in the network signaling data collected.
- the sender number is not necessarily the originating number of the suspicious telephone communication detected.
- the detection algorithm(s) implemented for carrying out step E2 of detecting suspicious telephone communications is therefore defined, designed, to specifically detect, from collected signaling data, telephone communications which , on the basis of certain criteria and certain typical characteristics of telephone communications or "trap calls" (as mentioned above in particular), are likely to constitute fraudulent communications (or "soliciting communications").
- the step E3 of identifying and storing a suspicious number reciprocally aims to identify and store a telephone number associated with a telephone communication detected as suspicious, insofar as this telephone number is therefore likely to constitute a "target" number, as defined above.
- step E3 is therefore a step of identifying and storing a telephone number (suspicious number) to which a telephone call is, at the end of step E2, suspected of soliciting the sending back of a telephone communication by the recipient subscriber.
- each identified suspicious number is stored in a list L1 of suspicious numbers, either by creating a new entry in the list L1 when the identified suspicious number is not contained in the latter (new suspicious number), or by incrementing statistics related to said suspicious number when the latter has already been identified in the past.
- each new entry or incrementation of statistics in the list L1 is timestamped.
- the step E2 of detecting suspicious telephone communications and the step E3 of identifying and storing a suspicious number associated with a suspicious communication are advantageously carried out continuously, in order to supply and update the list L1 of suspicious numbers as soon as possible.
- the system 1 comprises, in addition to said signaling data collection device 3, software and/or hardware means for implementing said step E2 of detecting suspicious telephone communications and said step E3 of identifying and storing a suspicious number associated with a suspicious communication.
- the system 1 advantageously comprises as such a computer detection platform 5, advantageously connected in data communication with the signaling database 4, and which implements the detection algorithm(s) mentioned above.
- the detection platform 5 is advantageously connected in data communication with a first server 6 (or first set of servers 6), to which the detection platform 5 transmits, preferably continuously , information relating to suspicious telephone communications detected, including in particular information relating to identified suspicious numbers.
- the first server 6 thus notably comprises a list management module for storing information relating to suspicious numbers transmitted by the detection platform 5 in a list L1 of suspicious numbers, as mentioned above.
- the signaling database 4 and the first server 6 belong to a first subsystem 1a of the system 1 for combating fraud which is arranged within the technical infrastructures of the telephone operator concerned.
- the method in accordance with the invention further comprises a step E4 of comparing at least one suspicious number, which has therefore been identified for a suspicious telephone call detected from signaling data collected, with at least one telephone number and / or at least a range of telephone numbers, called certified target number(s), contained in a certification database.
- the comparison step E4 is therefore, in other words, a step E4 of matching the suspect number with said (at least one) range of certified target numbers.
- each identified suspicious number is confronted with the contents of a predefined certification database, which advantageously contains: telephone numbers (certified target numbers) which have been previously identified as having already been involved in telephone fraud by the past, and in particular in soliciting communications fraud, and/or ranges of telephone numbers (ranges of certified target numbers), defined from such telephone numbers previously identified as having already been involved in telephone fraud in the past.
- a predefined certification database which advantageously contains: telephone numbers (certified target numbers) which have been previously identified as having already been involved in telephone fraud by the past, and in particular in soliciting communications fraud, and/or ranges of telephone numbers (ranges of certified target numbers), defined from such telephone numbers previously identified as having already been involved in telephone fraud in the past.
- Said step E4 of comparison is therefore distinct from step E2 of detecting suspicious telephone communications and of step E3 of identifying and storing a suspicious telephone number, and consecutive to the latter.
- Said steps E2 and E3 thus advantageously make it possible to carry out a pre-sorting, that is to say a first level of analysis, so as not to submit to step E4 of comparison using the database certification, only telephone numbers previously identified as suspicious in terms of "trap call” type fraud. This makes it possible in particular to make the method in accordance with the invention particularly efficient, while limiting the consumption of material and energy resources.
- the method in accordance with the invention comprises, following the comparison step E4, a step E5 of defining, for said suspect number, a risk profile (or "risk profile sheet") that differs depending on whether the number suspicious corresponds or not to a certified target number and/or to a number belonging to a range of certified target numbers contained in said certification database.
- the comparison step E4 thus aims to certify the suspicious number as a target number, so that a higher risk profile can then be defined for the suspicious number if the latter is certified as a target number, than if said suspicious number does not correspond to a known certified target number or does not belong to a known range of certified target numbers.
- said step E5 for defining the risk profile comprises an operation for storing the risk profile thus defined.
- the step E5 for defining a risk profile may consist of integrating into the list L1 of suspect numbers, for each identified suspect number, a “risk profile” field comprising at least: a “Suspect” parameter , which can take a binary value “Yes/No”, which value is therefore fixed at “Yes”; a “Certified” parameter, which can take a binary value “Yes/No”, which value will therefore be chosen according to the result of the comparison thus carried out.
- the telephone operator may then decide to warn all of its subscribers who have received a suspicious incoming telephone call, without however blocking the transmission of outgoing telephone calls in return by subscribers to a suspect number if the latter does not correspond to a certified target number or to a number belonging to a range of certified target numbers.
- the telephone operator may possibly reserve such blocking only for outgoing telephone communications sent by its subscribers to a suspicious number which has actually been certified as a target number.
- the implementation of the comparison step E4 advantageously makes it possible, if necessary, to deal effectively with the case of a telephone number which, although identified as suspect at the end of the steps E2 and E3 referred to above, is in reality associated with a telephone call initiated by mistake (for example, following a number entry error by a caller), with no fraudulent purpose. Indeed, in this case, such a telephone number would then advantageously be assigned during step E5 a low or zero risk profile insofar as it would not correspond to a certified target number known to the database of certification.
- said list L1 of suspicious numbers may further comprise, in relation to each of the suspicious numbers thus listed, statistics relating in particular, for example: to the suspicious telephone communications identified for the suspicious number: total number of suspicious telephone communications identified, date and time of the first suspicious telephone communication identified to a subscriber of the telephone operator, date and time of the last suspicious telephone communication identified to a subscriber of the telephone operator, etc. and/or to any telephone communications issued in response to suspicious telephone communications (i.e.
- “recall” in the case of a communication in the form of a voice call total number of telephone communications, total number of subscribers of the telephone operator having issued in return a telephone communication, ratio of transmission of telephone communication in return, total duration and / or average duration of telephone communications issued in return, date and time of the first communication telephone call of non-zero duration sent back by a subscriber of the telephone operator, date and time of the most recent telephone call of non-zero duration sent back by a subscriber of the telephone operator, etc.
- the system 1 comprises software and/or hardware means for implementing steps E4 and E5 of the method, described above.
- the system 1 advantageously comprises a second server 7 (or second set of servers 7), which hosts said certification database.
- the second server 7 is distinct from the first server 6 mentioned above, and belongs to a second subsystem 1b of the system 1 for combating fraud which is arranged outside the technical infrastructures of the telephone operator concerned.
- the second server 7 is then advantageously connected in data communication with the first server 6, typically through an Internet type communication network, for example via a VPN, so that each suspicious number identified and stored (step E3) is sent to the second server 7, either individually and in real time, or in batches of suspect numbers according to a predefined sending frequency, with a view to being compared (step E4) with at least one number and/or at least one range certified target number(s) contained in the certification database.
- information relating to the result of the comparison is sent by the second server 7 to the first server 6, so as to allow the definition (step E5) of the risk profile of each of the suspect numbers by said first server 6.
- the numbers and/or ranges of certified target numbers contained in the certification database typically come from at least one supply source of the certification database in numbers and/or ranges of certified target numbers , and preferably from a plurality of different power sources, in order to to optimize the performance of the certification of suspicious numbers. It should be noted here that the use of individual numbers is advantageously favorable to the precision of the certification, while the use of ranges of numbers is rather advantageously favorable to the speed of the certification (since it is possible to consider a number as fraudulent when it belongs to a range of fraudulent numbers, and even if it has not been individually identified as fraudulent).
- the certification database is fed by (and therefore contains at least) numbers and/or ranges of certified target telephone numbers which are certified target numbers, and/or ranges of telephone numbers certified targets defined from certified target numbers, which have been previously identified for telephone communications received by at least one telephone robot using at least one telephone number managed by the telephone operator concerned by the method.
- the method for combating fraud preferably comprises: an operation 01 for receiving at least one (incoming) telephone communication by at least one first telephone robot 8 using at least one telephone number, called the internal robot number ci -afterwards, managed by the telephone operator and, for a telephone communication thus received at the internal robot number, an operation 02 of identification of a corresponding target number, to which said (incoming) telephone communication fraudulently requests transmission by return of an (outgoing) telephone call, which is followed o by an operation 03 to store the target number identified in the certification database as a certified target number, and/or o by an operation 04 to define of a range of target numbers including said identified target number and an operation 05 of storing said range of target numbers in the certification database as that certified target number range.
- the first telephone robot 8 is a piece of technical equipment which, in the case for example where the telephone network 2 is a mobile telephone network, is typically connected to at least one SIM card(s) server using at least one internal robot number and advantageously controlled by dedicated software means.
- the first bot telephone 8 is configured at least to receive incoming telephone calls (passive operation) to the internal robot number via the telephone network 2 of the telephone operator to which the SIM card or cards are connected.
- the first telephone robot 8 could alternatively be configured to connect to a fixed telephone network 2 of the telephone operator, to receive incoming telephone communications intended for the internal robot number.
- the first telephone robot 8 is configured to generate a detailed call record (“Call Detail Report” or “Call Detail Record” or even “Call Data Record” (CDR), in English) for each incoming telephone communication received at the internal robot number.
- the first telephone robot 8 is advantageously configured (for example using a specific computer script) to answer automatically, upon receipt of an incoming telephone communication in the form of a voice telephone call.
- Such a detailed call recording may advantageously constitute an opposable piece of evidence in matters of fraud.
- the internal robo number is not a telephone number used by a real person subscriber of the telephone company, it is unlikely that the internal robo number is the recipient of legitimate telephone communications on a daily basis.
- the internal robot number is likely to receive soliciting communications in the same way as telephone numbers used by real people, insofar as such soliciting communications are very often directed to masses of numbers without verification of attribution. beforehand by the fraudsters. It is therefore easier to identify precisely and reliably target, fraudulent numbers, by analyzing telephone communications received by one or more robots, than by analyzing a very large number of telephone communications made daily through a telephone network to a multitude of subscribers of a telephone operator.
- said at least one first telephone robot 8 and the associated SIM card(s) server advantageously play a decoy role, in order to identify, at least passively, target numbers used by fraudsters.
- a plurality of first telephone robots 8 using a plurality of internal robot numbers is implemented, in order to optimize the identification of target numbers.
- the internal robot number is chosen from telephone numbers managed by the telephone operator (i.e. assigned to the telephone operator, by a numbering plan or by a mechanism of portability) which operates the telephone network 2 concerned by the method, so that the incoming telephone communication received by the first telephone robot 8 is an incoming telephone communication carried out on the telephone network concerned by the method, to which said internal robot number is therefore connected .
- This advantageously makes it possible to focus the fight on a fraud which would more specifically target the subscribers of said telephone operator and to identify similar patterns of incoming communications between communications received by the first telephone robot 8 and incoming communications intended for subscribers of the phone operator.
- the incoming telephone communication received by the first telephone robot 8 at said internal robot number can be a soliciting communication in the form of a voice trap call (“ping call”), as described above.
- the certified target number is then the sender number associated with the voice requesting communication received at the internal robot number.
- the internal robot number is not a telephone number used by a real person, it is advantageously possible to access the actual content of the telephone communication to which the internal robot number is addressed, freeing itself from constraints confidentiality and for analytical purposes, to identify a target number.
- a requesting communication can also advantageously be received at the internal robot number in the form, for example: of a voice telephone call which, once picked up by the first telephone robot 8, broadcasts a pre-recorded voice message encouraging the caller to call back a telephone number dictated in the voice message, which pre-recorded dictated telephone number can therefore be identified as the target number; a text message (for example, an SMS) or multimedia message (for example, an MMS) the content of which encourages sending in return a voice telephone call or a text or multimedia message, either directly to the sender number associated with the message, which sender number can therefore be identified as a target number, ie to a number different from the sender number associated with the message and contained in the body of the message.
- a target number for example, an SMS
- multimedia message for example, an MMS
- the number indicated in the body of the message can then be identified as the target number.
- Each target number thus identified is thus stored in the certification database, either by creating a new entry in the certification database when the target number identified using the first telephone robot 8 is not contained in the latter (new target number), or by incrementing statistics linked to said target number when the latter has already been identified in the past.
- each new entry or increment of statistics in the certification database is timestamped.
- the system 1 for combating fraud comprises software and/or hardware means for implementing the operation 01 of reception of a telephone communication by the first telephone robot 8, said operations 02, 03 of identification and storing a corresponding target number, and/or said operations 04, 05 of defining and storing a range of target numbers, such as the latter have been described above.
- the system 1 comprises at least a first telephone robot 8, as described above. Using at least one telephone number, called internal robot number, said first robot 8 is configured to receive at least one telephone communication.
- the system 1 comprises a plurality of first telephone robots 8 each using a plurality of internal robot numbers, which makes it possible in particular to increase the number of internal robot numbers likely to receive soliciting communications, and therefore to increase the number of identifiable certified target numbers.
- the system 1 advantageously comprises one or more SIM card(s) servers (in the case of a mobile telephone network 2) using at least one or more internal robot numbers, to which the first(s) s) telephone robot(s) 8 are typically connected, and dedicated software means to drive said SIM card(s) server(s).
- the SIM card server can be located on a site remote from the first telephone robots 8, or on the same site(s) as the first telephone robots 8.
- the SIM card server can be in communication with each first telephone robots 8 through an Internet type communication network, for example via a VPN.
- the second server 7 of the system 1 is linked in data communication with the first telephone robot(s) 8, typically through a network Internet type communication, for example via a VPN.
- the first telephone robot(s) 8 and the SIM card server(s) belong to the second subsystem 1 b of system 1 for the fight against fraud.
- the second server 7 typically comprises a module for analyzing the telephone communications received by the first telephone robot(s) 8 at the internal robot(s) number(s) to identify , for each of the telephone communications received, a corresponding target number (operation 02) and memorizing the latter (operation 03) and/or to define and memorize a range of corresponding target numbers (operations 04 and 05).
- the second server 7 is configured to transmit to the first server 6 information relating to target numbers thus identified (certified target numbers) using the first telephone robot 8, and/or to ranges of target numbers defined from of target numbers thus identified (ranges of certified target numbers). More advantageously still, the second server 7 is configured to transmit (preferably in real time) to the first server 6, for each certified target number, a timestamp of the reception by the first telephone robot 8 of the corresponding requesting communication, and information relating to the format of the latter (voice telephone call or text/multimedia message).
- the first server 6 advantageously comprises a list management module for storing information relating to certified target numbers transmitted by the second server 7 in a list L2 of certified target numbers, either by creating a new entry in the list L2 when the identified target number is not contained in the latter (new target number), or by incrementing statistics linked to said target number when the latter has already been identified in the past.
- each new entry or incrementation of statistics in the list L2 is timestamped.
- said list L2 of certified target numbers may be confused with or merged with the list L1 of suspect numbers mentioned above.
- This makes it possible in particular to simplify the implementation of the method, by reducing the number of lists to be handled.
- This can also make it possible to optimize the subsequent implementation of differentiated protection actions, insofar as it is advantageous to initiate actions both vis-à-vis suspicious numbers, according to the risk profile of the latter , only to certified target numbers, which would not necessarily have been identified for telephone communications made via said telephone network 2.
- the list of suspect numbers and the list of certified target numbers together constitute a list L1 L2 of suspicious and/or certified target numbers.
- a "risk profile” field comprising at least: a “Suspect” parameter, which can take a binary value “Yes / No”, which value is then set to “No” on the assumption that the certified target number in question has not already been successfully compared with a suspicious number identified during step E3; a "Certified” parameter, which can take a binary value "Yes / No", which value is then set to "Yes”.
- the certification database is fed by (and therefore contains at least) numbers and/or ranges of certified target telephone numbers which are certified target numbers, and/or ranges of numbers certified target telephone numbers defined from certified target numbers, which have been previously identified for telephone communications received by at least one telephone robot using at least one telephone number managed by a telephone operator other than that concerned by the method.
- the method for combating fraud preferably comprises: an operation 06 for receiving at least one (incoming) telephone communication by at least one second telephone robot 9 using at least one telephone number, called the external robot number ci -afterwards, managed by another telephone operator and, for an (incoming) telephone call thus received at said external robot number, an operation 07 for identifying a corresponding target number, to which the (incoming) telephone call fraudulently solicits the return transmission of an (outgoing) telephone call, which is followed o by an operation 08 of storing the target number identified in the certification database as a certified target number, and/or o by an operation 09 for defining a range of target numbers including said identified target number and an operation 010 for storing said range of target numbers in the database of this rtification as a certified target number range.
- the fact that an internal or external robot number is not a telephone number used by a real person advantageously makes it possible to access the very content of the telephone communication whose internal or external robot number is recipient, freeing himself from confidentiality constraints.
- the method for combating fraud can advantageously comprise an operation 011 of recording and an operation 012 of analysis of a content of said telephone communication received by said by the first robot 8 and/or by said second robot 9. This analysis can advantageously lead to reinforcing the certainty as to the fraudulent nature of the identified target number (operation 02 and/or operation 07) for said telephone communication.
- the recording made can then advantageously constitute a piece of evidence in terms of fraud.
- the analysis can lead to identifying a sender number associated with said telephone communication as being a telephone number of a legitimate user, that is to say not used for fraudulent purposes.
- this legitimate number can advantageously be stored in a white list LB, such as the latter will be discussed later.
- the first robot 8 and/or the second robot 9 is advantageously configured (for example using a specific computer script) to answer automatically, and the system 1 can comprise, for example at the level of the second server 7, modules for recording and analyzing telephone communications received by the first robot 8 and / or the second robot 9.
- the method comprises, for at least one telephone communication (requesting communication) received by the first telephone robot 8 at said internal robot number, an operation 013 of sending back, by the first telephone robot 8, at least a telephone call to a target number identified for said received telephone call (certified target number).
- a target number identified for said received telephone call (certified target number).
- Such a call reactive telephone can be transmitted by the first telephone robot 8 immediately after reception of a requesting communication and detection of the corresponding target number, and/or repeatedly at regular time intervals or not over a predetermined time range after reception of a soliciting communication and detection of the corresponding target number.
- said operation 013 is automated.
- said operation 013 can thus advantageously comprise transmission of a voice telephone call by the first telephone robot 8 to said target number.
- the first telephone robot 8 can be configured to wait for the call to pick up.
- the sound signal can be a previously memorized sound signal, or selected from several sound signals previously memorized.
- the telephone communication sent by the first telephone robot 8 can be recorded for the purposes of analysis and/or constitution of proof of the fraudulent character of the target number.
- the first telephone robot 8 can be configured (for example using a specific computer script) to hang up after a predetermined number of rings, without waiting for the call to be picked up.
- said operation of transmitting at least one telephone communication to a target number may comprise transmission of a text message (for example, an SMS) or multimedia (for example, an MMS) by the robot to said target number.
- the message sent may be an empty message.
- the message sent can be a message whose content is not empty and previously generated and stored. Such a message can for example be selected from several previously stored messages.
- the method may comprise, for at least one telephone communication (requesting communication) received this time by the second telephone robot 9 at said external robot number, an operation 013' of transmission in return, by the second telephone robot 9, at least one telephone call to a target number identified for said received telephone call (certified target number).
- the principle of the 013' operation is advantageously identical to that, described above, of the 013' operation.
- said 013' operation is automated.
- the first robot(s) 8 and/or the second robot(s) 9 of the system 1 are therefore advantageously configured to send at least one telephone call to at least a certified target number
- the system 1 comprises software and/or hardware means for implementing operation 013 and/or operation 013' as described above.
- Such software and/or hardware means can advantageously include at least one computer script, installed on the robot(s) 8, 9 concerned, in order to define in particular the mode, the frequency and the duration of the communications to be transmitted.
- the method comprises an operation 014 of transmission by a telephone robot, using a telephone number (robot number), of a telephone communication to a suspicious number, identified at the end of step E3, when said suspect number does not correspond, at the end of step E4, to a certified target number and/or to a number belonging to a range of certified target numbers contained in the certification database.
- a telephone communication may be a voice telephone call, or a text or multimedia message.
- said telephone robot is the first telephone robot 8, so that the communication is transmitted on the telephone network 2 of the telephone operator concerned.
- said telephone robot is the second telephone robot 8, so that the communication is transmitted this time over a telephone network of another telephone operator.
- said telephone robot could optionally be separate from said first and second telephone robots 8, 9.
- Such a telephone communication can advantageously be transmitted and processed in the manner already described above in relation to operation 013. This allows, on the one hand, to increase the chances that the robot number will be registered by fraudsters as a telephone number used by a real person likely to be easily tricked, and therefore to encourage fraudsters to issue soliciting communications to the robot number. It is thus possible to detect and memorize new target numbers, and/or to define and memorize new ranges of new target numbers in the certification database, which can then in turn be compared (step E4 ) to the suspicious numbers identified for the telephone communications carried out via said telephone network 2.
- this can advantageously make it possible to verify, by recording and analyzing the content of the telephone communication emitted by the robot, whether the tested suspicious number is a target number or not.
- said operation 014 is automated.
- the system 1 advantageously comprises at least one telephone robot using a telephone number (robot number), configured to transmit at least one telephone communication from the robot number and intended for an identified suspect number.
- said telephone robot is the first telephone robot 8.
- System 1 comprises, in addition to said telephone robot, software and/or hardware means for implementing operation 014 described above.
- the second server 7 can be advantageously configured to transmit a suspicious number, when the latter is not certified at the end of step E4, to the first telephone robot 8.
- the latter is then advantageously configured to send at least one telephone communication to at least one such suspicious number, and at least one computer script can be installed on the first telephone robot 8 to define in particular the mode, frequency and duration of communications to be sent.
- the method comprises an operation 015 of collecting telephone numbers and/or ranges of telephone numbers, contained in at least one blacklist LN of numbers and/or ranges of numbers which have been reported as having been involved (or at the very least as being strongly suspected of having been involved) in the past in at least one soliciting communication, said numbers or number ranges reported.
- Such numbers or ranges of numbers have typically been reported by the telephone operator itself, or by third parties such as, for example, one or more other telephone operator(s), users of telephone networks, a or more organizations or professional associations working in the fight against fraud in the field of telecommunications, one or more players specializing in the creation and supply of blacklists of numbers or ranges of telephone numbers, etc.
- the method comprises an operation 016 of storing said numbers and/or ranges of numbers reported in the certification database as certified target numbers or ranges of certified target numbers.
- the certification database is supplied with such numbers and/or ranges of numbers reported, with a view to certification (step E4) of suspect numbers by comparing the latter with said reported numbers and/or ranges of numbers.
- the certification database is preferably regularly updated (for example, on a daily basis), by reiteration of said collection operation 015 and storage operation 016 .
- the system 1 advantageously comprises suitable software and/or hardware means.
- the second server 7 can include a collection module configured to establish remote data communication with one or more external storage spaces (website, FTP space, etc.) hosting one or more LN blacklists of reported numbers and/or ranges of numbers, as defined above.
- the second server 7 is configured to store said numbers and/or ranges of numbers reported in the certification database (operation 016).
- said reported numbers and/or ranges of numbers thus collected may also be transmitted by the second server 7 to said first server 6, so that the latter stores them in the aforementioned list L2, either by creating a new entry in the list L2, or by incrementing the corresponding statistics.
- each new entry or incrementation of statistics in the list L2 is timestamped.
- the method can advantageously comprise an operation 017 of transmission by a telephone robot, using a telephone number (robot number), of at least one telephone communication to at least one of said reported numbers or to at least one number belonging to one of said reported number ranges.
- a telephone communication may be a voice telephone call, or a text or multimedia message.
- said telephone robot is the first telephone robot 8, so that the telephone communication is transmitted on said telephone network 2 of the telephone operator concerned.
- said telephone robot is the second telephone robot 8, so that the telephone communication is transmitted this time over a telephone network of another telephone operator.
- said telephone robot could optionally be separate from said first and second telephone robots 8, 9.
- Such a telephone communication can advantageously be transmitted and processed in the manner already described above in relation to operation 013 of transmission by the first telephone robot s of a telephone call to a target number.
- said operation 017 is automated. This allows, on the one hand, to increase the chances that the robot number will be registered by fraudsters as a telephone number used by a real person likely to be easily trapped, and therefore to encourage fraudsters to issue communications soliciting for the robot number. It is thus possible to detect and memorize new target numbers, and/or to define and memorize new ranges of new target numbers in the certification database, which can then in turn be compared (step E4 ) to suspicious numbers identified for telephone communications made via said network telephone 2.
- this can advantageously make it possible to verify, by recording and analyzing the content of the telephone communication emitted by the telephone robot, whether the reported number thus tested is indeed a target number.
- the reliability of reported numbers or ranges of numbers contained in LN blacklists may possibly vary according to the actors involved in the constitution of the latter and according to their frequency of update (with particular regard to the sometimes very punctual nature, for example over a range of a few minutes, of massive fraud).
- a telephone number has been wrongly reported as being a target number, fraudulent, or even that a telephone number rightly reported as having been a target number at a given moment does not or more at a later time, following a reassignment of said number to a legitimate subscriber for example, and that the blacklist has not yet been updated accordingly.
- the system 1 advantageously comprises at least one telephone robot using a telephone number (robot number), configured to send at least one telephone communication from the robot number and to a reported number and/or a number belonging to a range of reported numbers.
- said telephone robot is the first telephone robot 8.
- System 1 comprises, in addition to said telephone robot, software and/or hardware means for implementing the transmission operation 017 as described above.
- the second server 7 can be advantageously configured to transmit to the first telephone robot 8 a reported number and/or a number belonging to a range of reported numbers.
- the first telephone robot 8 is then advantageously configured to transmit at least one telephone communication to at least one such number, and at least one computer script can be installed on the first telephone robot 8 to define in particular the mode, the frequency and the duration of the communications to be sent.
- the method comprises an operation 018 of constitution of a list of premium rate telephone numbers and/or ranges of premium rate telephone numbers.
- a list can be formed, at least in part, by collecting premium rate telephone numbers, and/or ranges of premium rate telephone numbers, contained in at least one third party LS list, public or private, of numbers or ranges of premium rate telephone numbers.
- such a list may be compiled and subsequently updated, at least in part, by analysis of billing data relating to telephone communications sent by subscribers of the telephone operator, and/or relating to telephone communications sent by a telephone robot as part of at least one of the 013/013', 014 and/or 017 operations described above.
- said list of premium rate telephone numbers and/or ranges of premium rate telephone numbers is preferably regularly updated (for example, on a daily basis), by repeating said operation 018.
- the system 1 advantageously comprises appropriate software and/or hardware means.
- the second server 7 can include a module configured to establish remote data communication with one or more external storage spaces (website, FTP space, etc.) hosting one or more third-party, public or private l_S lists, numbers or ranges of premium rate telephone numbers, as defined above.
- the second server 6 also advantageously comprises a list management module for storing in a list the numbers and/or ranges of surcharged numbers thus collected.
- the method can then advantageously comprise an operation 019 of comparing the suspect number identified during step E3 with at least one premium rate number and/or of matching a suspect number with at least a range of numbers premium rates, and an operation 020 for modifying the risk profile of said suspect number depending on whether or not said suspect number corresponds to a premium rate number and/or to a number belonging to a range of premium rate numbers.
- the level of risk associated with the suspect number may thus advantageously be considered higher if the suspect number is a premium rate telephone number or if it belongs to a range of premium rate numbers, taking into account the economic impact linked to the premium rate nature of the number.
- the "Risk profile" field mentioned above may include a "Premium rate number” parameter which may take a binary value "Yes / No” depending on the result of the additional comparison thus carried out .
- said operation 019 and said operation 020 are repeated on a regular basis, and for example on a daily basis, in order to keep the risk profile as up to date as possible.
- the system 1 advantageously also comprises software and/or hardware means for implementing the operations 019 and 020 described above.
- the second server 7 can be advantageously configured to carry out the comparison/matching operation 019, and to transmit to the first server 6 information relating to the result of the comparison/matching, said first server 6 then being configured to perform operation 020 of modifying the risk profile of said suspicious number.
- the method can advantageously comprise an operation 021 of transmission by a telephone robot, using a telephone number (robot number), of at least one telephone call to at least one of said premium rate numbers or to at least one number belonging to one of said ranges of premium rate numbers.
- a telephone communication may be a voice telephone call, or a text or multimedia message.
- said telephone robot is the first telephone robot 8, so that the communication is transmitted on the telephone network 2 of the telephone operator concerned.
- said telephone robot is the second telephone robot 8, so that the communication is transmitted this time over a telephone network of another telephone operator.
- said telephone robot could optionally be separate from said first and second telephone robots 8, 9.
- Such a telephone communication can advantageously be transmitted and processed in the manner already described above in relation to operation 013. This allows, on the one hand, to increase the chances that the robot number is registered by fraudsters as a telephone number used by a real person likely to be easily trapped, and therefore to encourage fraudsters sending soliciting communications to the robot number. It is thus possible to detect and memorize new target numbers, and/or to define and memorize new ranges of new target numbers in the certification database, which can then in turn be compared (step E4 ) to identified suspicious numbers.
- the system 1 advantageously comprises at least one telephone robot using a telephone number (robot number), configured to send at least one telephone call from the robot number and to at least one of said surcharged numbers or at least at least one number belonging to one of said ranges of premium rate numbers.
- said telephone robot is the first telephone robot 8.
- System 1 comprises, in addition to said telephone robot, software and/or hardware means for implementing operation 021 described above.
- the second server 7 can be advantageously configured to transmit to the first telephone robot 8 one of said premium rate numbers or a number belonging to a range of premium rate numbers.
- the first telephone robot 8 is then advantageously configured to transmit at least one telephone communication to at least one such number, and at least one computer script can be installed on the first telephone robot 8 to define in particular the mode, the frequency and the duration of the communications to be sent.
- At least one telephone call is sent back to at least one target number identified for a telephone call received by the first telephone robot s (operation 013) and/or by the second telephone robot 9 (operation 013'), and/or to at least one suspicious number (operation 014), when the latter does not correspond, at the end of step E4, to a certified target number and/or to a number belonging to a range of certified target numbers contained in the certification database, and/or to at least one reported number or to at least one number belonging to a range of reported numbers (operation 017), and/or to at least one premium rate number or to at least one number belonging to a range of premium rate numbers (operation 021)
- said telephone communication sent is then a voice telephone call, and the method advantageously comprises a recording operation 022 and an operation 023 analyzing a content of said voice telephone call.
- an operation of transcription of the content of the voice telephone call can possibly be implemented in order to facilitate the analysis of said content.
- Such recording and analysis operations 022 and 023 can advantageously make it possible to establish or confirm that the number thus recalled by the telephone robot is a target number, that is to say a number used for fraudulent purposes. .
- said number can then advantageously be added to the list L2 of certified target numbers.
- Said number may advantageously be stored in the certification database, if it is not already stored, in order to be compared with the identified suspicious numbers.
- said 022 and 023 recording and analysis operations can advantageously make it possible to qualify the recalled telephone number as being a non-fraudulent telephone number, used legitimately. In this case, this legitimate number can advantageously be stored in a white list LB, such as the latter will be discussed later.
- the system 1 for combating fraud advantageously comprises modules for recording and analyzing the content of a telephone communication thus transmitted within the framework of all or part of said operations 013 / 013′, 014, 017 and 021.
- Said system 1 can, for example, comprise a server for storing the content thus recorded, which server can be said second server 7 (or belong to said second set of servers 7) or be separate from the latter and be connected to it in communication with data.
- Said analysis module can be designed and configured to carry out an automated analysis of said recorded content, for example on the basis of recognition of keywords, predefined type sequences, etc., or to be implemented manually by a analyst.
- the method for combating fraud comprises: an operation 024 for creating, then subsequently updating, a white list LB of telephone numbers and/or ranges of telephone numbers previously identified as non-fraudulent, that is to say as not being target numbers in particular, an operation 025 of comparing at least one suspicious number identified during step E3 with at least one number not fraudulent contained in the white list LB or an operation for matching a suspicious number with at least a range of non-fraudulent numbers contained in said white list LB, and an operation 026 for modifying the risk profile of said suspicious number depending on whether said suspicious number does or does not correspond to a non-fraudulent number, or to a number belonging to a range of non-fraudulent numbers, contained in the white list LB.
- the level of risk associated with the suspect number identified during the step E3 could in fact thus advantageously be considered to be lower, if not zero, if the suspect number is also known to be non-fraudulent.
- the "Risk profile" field mentioned above may include a "Whitelisted” parameter that can take a binary value "Yes / No” depending on the result of the matching thus performed. This advantageously makes it possible to avoid the implementation of a protective action, such as for example a blocking, against telephone numbers which could be identified as suspect by the detection algorithm(s), but which could in reality correspond perfectly legitimate use of the telephone network.
- such a white list LB can be constituted and kept up to date, at least in part, by collecting and storing numbers and/or ranges of numbers contained in at least one third-party list, public or private, of numbers or ranges of numbers ponderedly non-fraudulent telephone numbers (business customer service numbers, public administration numbers, etc.).
- the LB white list can also be compiled and updated from numbers or ranges of numbers provided by the telephone operator itself, and/or by collecting individual numbers from Internet sites.
- operation 023 and/or even from numbers identified as non-fraudulent after analysis (operation 023) of the content of a telephone communication sent by one or other of the telephone robots described above within the framework of at least 'one of the operations 013 / 013', 014, 017 and/or 021 described above.
- the operations 025 and 026 referred to above are repeated on on a regular basis, and for example on a daily basis, in order to keep the risk profile as up to date as possible.
- the system 1 advantageously comprises software and/or hardware means for implementing the operations 024, 025 and 026 described above.
- the second server 7 can be advantageously configured to carry out the comparison/matching operation 025, and to transmit to the first server 6 information relating to the result of the comparison/matching, said first server 6 then being configured to perform operation 026 of modifying the risk profile of said suspect number.
- the numbers or ranges of non-fraudulent numbers on the LB whitelist may in particular come from the telephone operator, which can advantageously provide numbers and/or ranges of numbers that it wishes to place on the LB whitelist. , for example by means of a user interface module 10 which the system 1 may advantageously comprise.
- the second server 7 may in particular comprise a module configured to establish a remote data communication with a or more external storage spaces (website, FTP space, etc.) hosting one or more third-party lists, public or private, of numbers or ranges of telephone numbers known to be non-fraudulent.
- the second server 7 may also comprise, as already envisaged previously, a module for analyzing telephone communications sent by a telephone robot within the framework within the framework of all or part of said operations 013 / 013', 014, 017 and 021 previously described to identify in particular among suspicious numbers, reported and / or surcharged any numbers which would in reality prove to be non-fraudulent.
- step E2 of detecting suspicious telephone communications may comprise reading at least one telephone number or at least one range of telephone numbers contained in said white list L_B, in order to refine and to accelerate detection by taking into account, in the detection algorithm(s), only telephone communications involving a sender number which does not correspond to a telephone number or to a range of telephone numbers contained in said white list LB .
- the certification database is regularly fed, updated, in parallel with the execution of steps E1 to E5, the method advantageously comprises at least one iteration of steps E4 and E5 of the method, and this for each of the suspect numbers identified at the end of step E3. In this way, the risk profile of suspicious numbers can be updated regularly, in order to refine the accuracy and efficiency of the process for combating fraud.
- step E3 In order to further refine the definition of the risk profile attached to each suspect number identified at the end of step E3, it is advantageously possible to introduce a distinction in terms of degree (or mode) of certification, according in particular to the source or sources from which the Certified Target Number originated and/or the range of Certified Target Numbers from which a given suspicious number was certified as a Target Number.
- degree (or mode) of certification according in particular to the source or sources from which the Certified Target Number originated and/or the range of Certified Target Numbers from which a given suspicious number was certified as a Target Number.
- the “Certified” parameter mentioned above of the risk profile of each suspicious number may be a composite parameter reflecting such a distinction.
- the same suspect number may possibly fulfill several of the aforementioned degrees of certification, taking into account in particular the advantageously iterative of steps E3 and E4, and regular updating of the certification database.
- the method of fight against fraud preferably comprises, for each suspicious telephone communication detected in step E3: an operation 027 for identifying a telephone number of a user (subscriber or user in a roaming situation) of the telephone network 2 recipient of the suspicious telephone communication, and an operation 028 for storing the telephone number of said recipient user in a list L3 of recipient numbers, referred to as the L3 list of (potentially) impacted user numbers below.
- said recipient number of a suspicious telephone communication is contained, as such, in the network signaling data collected in relation to the suspicious telephone communication concerned.
- the user concerned may be a subscriber of the telephone operator, or a subscriber of another operator connected while roaming on the telephone network 2 of the telephone operator.
- Each recipient number of a suspicious telephone communication is advantageously stored in said list L3, either by creating a new entry in the list L3 when the impacted user number is not contained in the latter, or by incrementing statistics linked to said impacted user when the latter has already been identified in the past.
- each new entry or incrementation of statistics in the list L3 is timestamped.
- said list L3 of impacted user numbers may also include, in relation to each of the impacted user numbers thus listed, statistics relating in particular, for example: to suspicious telephone calls identified to said user number impacted: total number of suspicious telephone communications identified, total duration of telephone communications (in the case of telephone communications in the form of voice telephone calls), date and time of the first identified suspicious telephone communication, date and time of the last identified suspicious telephone communication, etc.
- any telephone communications issued from said impacted user number in response to suspicious telephone communications number of telephone communications, total duration of telephone communications (in the case of telephone communications in the form of voice telephone reminders), and/or even to any telephone communications sent from said impacted user number to one or more customer service telephone numbers of the telephone operator (which customer service telephone numbers may have been listed beforehand in a dedicated list).
- the system 1 advantageously comprises software and/or hardware means for implementing the operations 027 and 028 of the method described above.
- the detection platform 5 is advantageously configured to identify, for each suspicious telephone communication detected, a telephone number of a user to whom said suspicious telephone communication is addressed, and to transmit to the first server 6 information relating to the destination number thus identified.
- Said first server 6 advantageously comprises a list management module for storing information relating to recipient numbers thus transmitted by the detection platform 5 in a list L3 of impacted user numbers, as mentioned above.
- the process preferably includes, alternatively or additionally, and for each suspicious telephone communication detected:
- An operation 030 for storing said original number in a list L4 of original numbers is contained, as such, in the network signaling data collected in relation to the suspicious telephone communication concerned.
- Each original number of a suspicious telephone call is advantageously stored in a list L4 of original numbers, either by creating a new entry in the list L4 when the original number is not contained in the latter , or by incrementing statistics linked to said original number when the latter has already been identified in the past.
- each new entry or incrementation of statistics in the list L4 is timestamped.
- the same operations 029 and 030 can be carried out for each telephone communication (requesting communication) received by one and/or the other of the first and second telephone robots 8, 9, for example by analyzing a detailed recording of call (CDR) generated.
- CDR detailed recording of call
- said list L4 of original numbers may further comprise, in relation to each of the original numbers thus listed, statistics relating to the suspicious telephone communications detected which were sent or routed by said original number, such as for example: a total number of suspicious telephone communications detected which were sent or routed by the originating number, and for each of which a corresponding suspicious number has therefore been identified and stored; a timestamp of the detection of the first of the detected suspicious telephone communications that were originated or routed by the originating number; timestamps of the detection of the most recent detected suspicious telephone communications originated or routed by the originating number, for which the corresponding suspicious number has been identified, in its risk profile, as corresponding to: o a suspicious number only ( "Suspect” parameter with value "Yes”), o a certified target number ("Certified” parameter with value "Yes”).
- the system 1 advantageously comprises software and/or hardware means for implementing the operations 029 and 030 of the method described above.
- the detection platform 5 is advantageously configured to identify, for each suspicious telephone communication detected, a telephone number from which the communication originated. used to issue or route said suspicious telephone communication, and to transmit to the first server 6 information relating to the originating number thus identified.
- the second server 7 can be configured to identify, for each requesting communication received by one and/or the other of the first and second telephone robots 8, 9, a telephone number from which the communication originated. As already explained, the latter may optionally be different from the corresponding target number identified for said requesting communication.
- the second server 7 is then advantageously configured to transmit to the first server 6 information relating to the origin numbers thus identified.
- said first server 6 then advantageously comprises a list management module for memorizing, in a list L4 of original numbers as mentioned above, information relating to original numbers thus transmitted by the platform 5 detection and/or by the second server 7.
- control method therefore makes it possible to obtain at least the following lists, among those described previously; a list L1 of suspicious numbers, identified for telephone communications detected as suspicious among telephone communications carried out via said telephone network 2, and for each of which suspicious numbers a risk profile has been defined.
- the suspect numbers are typically sender numbers, as explained previously; a list L2 of certified target numbers and/or ranges of certified target numbers, identified for telephone communications (soliciting communications) received by one and/or the other of the first and second telephone robots 8, 9, and/or corresponding to reported numbers and/or ranges of numbers; a list L3 of (potentially) impacted user numbers, that is to say of telephone numbers to the recipients of telephone communications detected as suspicious among telephone communications made via said telephone network 2; - a list L4 of origin numbers associated at least with telephone communications detected as suspicious among telephone communications carried out via said telephone network 2, and preferably also, of origin numbers associated with telephone communications (requesting communications) received by one and/or the other of the first and second telephone robots 8, 9.
- the aforementioned lists L1 and L2 constitute one and the same list L1 L2 of suspected numbers and/or certified targets, so that the method of combating therefore advantageously makes it possible to obtain at least three lists , namely the lists L1 L2, L3 and L4.
- the method for combating fraud comprises an operation 031 of sending or requesting the sending of a warning message, preferably a text message (message in SMS format), to a number contained in said list L3 of impacted user numbers, according to a predefined warning rule based on the risk profile of said suspicious number.
- said warning message may include the following text or any other suitable text: “Be careful when calling back an unknown number that has called you in the past. Calling back an unknown number, especially to an international destination, may incur additional charges. ".
- Said operation 031 therefore aims to prevent a user, who has received a communication detected as suspicious, from sending in return a voice telephone call or a message (text or multimedia) to a telephone number which has been identified as likely to be used for fraudulent purposes.
- the predefined warning rule may possibly concern any suspicious number, regardless of its risk profile, so that any user who has received a telephone communication detected as suspicious will be sent a message of 'Warning.
- the predefined warning rule is also based on a time criterion with respect to a suspicious telephone communication received by the user, so as to issue a warning message only to a user having received a suspicious telephone communication within a given past time range (for example within ten minutes of detecting a suspicious telephone communication).
- each transmission or request for transmission of a warning message is timestamped, and statistics relating to the transmission of warning message(s) are added or updated in the list L3 of telephone numbers.
- impacted users For example, a "Warning history" field is integrated or updated within the L3 list, for each of said impacted user numbers, and can include any or part of the following parameters: date and time of the first warning message transmission, date and time of the most recent warning message transmission, total number of warning messages transmitted, etc.
- said predefined warning rule can then be based on a time criterion with respect to a previous warning message transmission to a given impacted user number, so as to only transmit a warning message only if the impacted user number concerned has not already been the recipient of such a warning message within a given past time range (for example within twenty-four hours following the issuance of a previous warning message) 'Warning).
- Said operation 031 of sending or requesting the sending of a warning message therefore advantageously comprises the establishment, from the list L3 of numbers of users affected and by application of said predefined warning rule, of a sub-list L31 of numbers of users to warn for which a warning message must be transmitted.
- said sub-list L31 is established, then updated, according to a predefined frequency, typically by the telephone operator (for example, every five minutes).
- Said sub-list L31 can then be transmitted, at the above-mentioned frequency, to a message transmission device via, for example, a list dispatcher.
- the system 1 advantageously comprises software and/or hardware means for implementing the operation 031 described above.
- the first server 6 is advantageously configured to implement the aforementioned operation 031, from said list L3 of impacted user numbers.
- the first server 6 is advantageously configured to establish said sub-list L31 of user numbers to be notified and, even more advantageously to transmit said sub-list L31 to a message transmission device 11 via example of a list dispatcher that can then advantageously include the first server 6 of the system 1 .
- said message transmission device 11 does not belong, as such, to the system 1 for combating fraud.
- said system 1 may on the contrary comprise said message transmission device 11 .
- the method for combating fraud comprises an operation 032 of blocking or blocking request, preferably temporarily, of at least one (incoming) telephone call sent or routed by at least one original number contained in said list L4 from original numbers to at least one number of a user (subscriber or roaming user) of the telephone network 2, according to a predefined reception blocking rule based on the risk profile of said suspicious number.
- Said blocking operation 032 or blocking request therefore aims to protect, at least temporarily, the users of the telephone network against receiving soliciting communications, by blocking upstream telephone communications which would be addressed to them and which would come from a number of origin who has been identified as having originated or routed a suspicious telephone communication.
- said operation 032 can be implemented in the same way against at least one telephone call sent or routed by at least one originating number identified for a soliciting call received by one and/or the other of the first and second telephone robots 8, 9, and this even if this originating number has not been identified, as such, for a suspicious telephone communication detected from signaling data collected .
- the predefined reception blocking rule may possibly concern only certain suspicious numbers, whose risk profile is deemed to be particularly high.
- the reception blocking rule may concern only suspicious numbers which have been effectively certified as target numbers at the end of step E4 of comparison with at least one certified target number and/or at least a range of certified target numbers contained in the certification database.
- the blocking rule in reception could introduce a distinction according to the degree of certification mentioned above, and for example according to the source from which the certified target number comes and/or the range of certified target numbers which made it possible to certify a number. suspect given as target number.
- the predefined reception blocking rule is also based on a criterion of the number of suspicious telephone communications detected, over a given past time range, in connection with a given original number, in order not to block telephone communications sent or routed by the latter only beyond a predefined threshold of suspicious telephone communications detected.
- Said operation 031 therefore advantageously comprises the establishment, from list L4 of original numbers and by application of said blocking rule in reception, of a sub-list L41 of original numbers for which telephone calls sent must be blocked for at least a given blocking duration (if the blocking is not permanent).
- said sub-list L41 of original numbers to be blocked is established, then updated, according to a predefined frequency, typically by the telephone operator (for example, every five minutes).
- Said sub-list L41 can then be transmitted, at the above-mentioned frequency, to a device for blocking communications in reception 12 via, for example, a list dispatcher.
- each blocking or request for blocking of (incoming) telephone communication sent or routed by an origin number contained in said list L4 of origin numbers is timestamped, and statistics relating to the blocking or blocking request are added or updated in the L4 list of original numbers.
- a "Blocking history" field is integrated or updated within the L4 list, for each of said original numbers, and may include all or part of the following parameters: date and time of the first blocking or first blocking request, date and time of most recent blocking or most recent blocking request, number of blockings or blocking requests, total blocking duration, etc.
- the method preferably comprises a deactivation operation of a subscription associated with said original number.
- a certified target number contained in the certification database is a telephone number managed by said telephone operator, the method preferably comprises a deactivation operation of a subscription associated with said certified target number.
- the system 1 advantageously comprises software and/or hardware means for implementing the operation 031 described above.
- the first server 6 is advantageously configured to implement the operation 031 referred to above, from said list L4 of original numbers.
- the first server 6 is advantageously configured to establish said sub-list L41 and, more advantageously still to transmit said sub-list L41 to a communication blocking device in reception 12 by way of, for example, a list dispatcher which can then advantageously comprise the first server 6 of system 1 (as mentioned above).
- said reception communications blocking device 12 does not belong, as such, to the system 1 for combating fraud.
- said system 1 can on the contrary comprise said device for blocking communications in reception 12.
- the method for combating fraud comprises an operation 033 of blocking or blocking request, preferably temporarily, of at least one (outgoing) telephone call sent by a user (subscriber or user in a roaming situation) of the telephone network 2 to at least one suspicious number, according to a predefined transmission blocking rule based on the risk profile of said suspicious number.
- Said operation 033 therefore aims to protect, at least temporarily, the users and the operator of the telephone network 2 by blocking telephone communications sent by the users of the telephone network 2 to a suspicious number which has been identified for a suspicious telephone communication.
- said blocking operation 033 or blocking request can be implemented in the same way against at least one telephone call sent by a user of the telephone network 2 to at least one certified target number known and/or to a telephone number belonging to a known range of certified target numbers, contained in the certification database, even if this number has not been identified, as such, for suspicious telephone communication detected from collected signaling data.
- the predefined outgoing blocking rule may possibly concern only certain suspicious numbers, whose risk profile is considered particularly high.
- the transmission blocking rule may concern only suspect numbers which have been effectively certified as target numbers at the end of step E4 of comparison with at least one certified target number and/or at least a range of certified target numbers contained in the certification database.
- the blocking rule could introduce a distinction according to the source from which the certified target number comes and/or the range of certified target numbers which allowed to certify a given suspicious number as a target number.
- the predefined sending blocking rule is also based on a criterion of the number of suspicious telephone communications detected, over a given past time range, in connection with a given suspicious number, in order not to block telephone communications sent to said suspicious number only beyond a predefined threshold of suspicious telephone communications detected.
- each blocking or blocking request of outgoing telephone communication is timestamped.
- statistics relating to the blocking or blocking request are added or updated in the list L1 of suspicious numbers (or in the list L1L2 of suspicious numbers and/or certified targets).
- a "Blocking history" field is integrated or updated within the L1 list (or in the L1L2 list), for each of said suspicious numbers (or even each of the certified target numbers), and can include all or part of the following parameters: date and time of the first blocking or of the first blocking request, date and time of the most recent blocking or of the most recent blocking request, number of blockings or blocking requests, total blocking duration , etc.
- Said blocking operation 033 or blocking request therefore advantageously comprises the establishment, from the list L1 of suspicious numbers (or from the list L1L2 of suspicious numbers and/or certified target numbers) and by application of said blocking rule in transmission, of a sub-list L11 of suspect numbers (or even also of numbers or ranges of certified target numbers) to which outgoing telephone calls, sent by users of the telephone network, must be blocked for at least one blocking period given (if the blocking is not permanent).
- said sub-list L11 is established, then updated, according to a predefined frequency, typically by the telephone operator (for example, every five minutes). Said sub-list L11 can then be transmitted, at the above-mentioned frequency, to a device for blocking communications in transmission 13 via, for example, a list dispatcher.
- the system 1 advantageously comprises software and/or hardware means for implementing the operation 033 described above.
- the first server 6 is advantageously configured to implement the aforementioned operation 033, from the L1 list of suspicious numbers (or the L1L2 list of suspicious numbers and/or certified targets).
- the first server 6 is advantageously configured to establish said sub-list L11 and, even more advantageously to transmit said sub-list L11 to a device for blocking communications in transmission 13 via, for example, a dispatcher. list that can then advantageously include the first server 6 of the system 1 (as mentioned above).
- said transmission blocking device 13 does not belong, as such, to the system 1 for combating fraud.
- said system 1 can on the contrary comprise said device for blocking communications in transmission 13.
- the method and system 1 allow rapid and precise detection of soliciting, fraudulent communications, and the rapid and effective implementation consequently of adapted and targeted remedies against fraud.
- These new method and system are advantageously substantially transparent or particularly low impact for legitimate users of telephone networks.
- Particularly effective these new processes and systems are nevertheless relatively simple to deploy and implement with any telephone operator in the world, based in particular on telecommunications standards.
- said method and system 1 for combating telephone fraud are particularly adaptable to the needs and strategies of telephone operators in terms of combating fraud
- the invention finds its application in the general technical field of telecommunications, and in particular telephone communications. More specifically, the invention finds its application in the technical field of methods and systems for combating telephone fraud.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Telephone Function (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR2012082A FR3116688B1 (fr) | 2020-11-24 | 2020-11-24 | Procede et systeme de lutte contre la fraude telephonique aux appels-pieges |
PCT/FR2021/052072 WO2022112706A1 (fr) | 2020-11-24 | 2021-11-23 | Procede et systeme de lutte contre la fraude telephonique aux appels-pieges |
Publications (1)
Publication Number | Publication Date |
---|---|
EP4252407A1 true EP4252407A1 (fr) | 2023-10-04 |
Family
ID=74553996
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP21823979.6A Pending EP4252407A1 (fr) | 2020-11-24 | 2021-11-23 | Procede et systeme de lutte contre la fraude telephonique aux appels-pieges |
Country Status (4)
Country | Link |
---|---|
US (1) | US20240031492A1 (fr) |
EP (1) | EP4252407A1 (fr) |
FR (1) | FR3116688B1 (fr) |
WO (1) | WO2022112706A1 (fr) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115278687B (zh) * | 2022-07-27 | 2023-08-15 | 联通(山东)产业互联网有限公司 | 一种基于时空网络和图算法的电话号码诈骗检测的方法 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
SG11201808725VA (en) * | 2016-04-11 | 2018-11-29 | Tata Communications America Inc | System and method for real time fraud analysis of communications data |
US9729727B1 (en) * | 2016-11-18 | 2017-08-08 | Ibasis, Inc. | Fraud detection on a communication network |
EP3817351A1 (fr) * | 2019-10-28 | 2021-05-05 | Sigos Bvba | Système permettant d'effectuer une analyse et de bloquer des identités d'abonnés frauduleuses dans un réseau de communication |
-
2020
- 2020-11-24 FR FR2012082A patent/FR3116688B1/fr active Active
-
2021
- 2021-11-23 US US18/254,130 patent/US20240031492A1/en active Pending
- 2021-11-23 EP EP21823979.6A patent/EP4252407A1/fr active Pending
- 2021-11-23 WO PCT/FR2021/052072 patent/WO2022112706A1/fr active Application Filing
Also Published As
Publication number | Publication date |
---|---|
FR3116688B1 (fr) | 2023-11-03 |
WO2022112706A1 (fr) | 2022-06-02 |
US20240031492A1 (en) | 2024-01-25 |
FR3116688A1 (fr) | 2022-05-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10628797B2 (en) | Online fraud solution | |
US7870608B2 (en) | Early detection and monitoring of online fraud | |
US8041769B2 (en) | Generating phish messages | |
KR101129752B1 (ko) | 통합 전화 네트워크에서의 원치않는 전화 통화 활동의 검출 방법 및 배제 방법 | |
US7913302B2 (en) | Advanced responses to online fraud | |
US20150237061A1 (en) | Methods and systems for analyzing data related to possible online fraud | |
US20070107053A1 (en) | Enhanced responses to online fraud | |
US20070299915A1 (en) | Customer-based detection of online fraud | |
US20220201117A1 (en) | System and method for determining unwanted call origination in communications networks | |
WO2006019539A2 (fr) | Procedes, systemes et produits-programmes informatiques destines a charger automatiquement une base de donnees de controle d'acces base sur la signalisation | |
EP1931105A1 (fr) | Procédé et système de gestion de sessions multimédia, permettant de contrôler l'établissement de canaux de communication | |
FR2908572A1 (fr) | "procede et systeme pour generer des operations de communication planifiees sur des reseaux et systemes d'information, et mise en oeuvre de ce procede dans un processus de verification de facturation" | |
EP4252407A1 (fr) | Procede et systeme de lutte contre la fraude telephonique aux appels-pieges | |
EP1247389B1 (fr) | Procede et plateforme pour evaluation de qualite vocale de communications telephoniques | |
WO2011083226A1 (fr) | Procédé de détection d'un détournement de ressources informatiques | |
EP2361466A1 (fr) | Procède pour optimiser la détection de contournements d'un réseau de télécommunications | |
EP3890287A1 (fr) | Procédé et dispositif de gestion des appels entrants dans un terminal de communication | |
US20220182486A1 (en) | System and method for detecting fraud in international telecommunication traffic | |
KR20150047378A (ko) | 보이스 피싱 방지 장치 | |
EP3499858B1 (fr) | Procédé et système de détection de numéros d'appel utilisés par des simbox pour solliciter des communications téléphoniques | |
CN113286035B (zh) | 异常呼叫检测方法、装置、设备及介质 | |
AU2021309476A1 (en) | System and method for determining unwanted call origination in communications networks | |
EP2464068B1 (fr) | Système de gestion globale de filtrage personnalisé basé sur un circuit d'échange d'informations sécurisé et procédé associé | |
EP3472999A1 (fr) | Procédé et système de détection de contournement dans un réseau de téléphonie mobile | |
WO2008017776A2 (fr) | Procede et systeme d'authentification d'utilisateurs dans un reseau de communication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20230602 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: VIAVI SOLUTIONS FRANCE SAS Owner name: ARAXXE |