GB2517276A - Detecting porting or redirection of a mobile telephone number - Google Patents

Detecting porting or redirection of a mobile telephone number Download PDF

Info

Publication number
GB2517276A
GB2517276A GB1410841.9A GB201410841A GB2517276A GB 2517276 A GB2517276 A GB 2517276A GB 201410841 A GB201410841 A GB 201410841A GB 2517276 A GB2517276 A GB 2517276A
Authority
GB
United Kingdom
Prior art keywords
telephone number
mobile telephone
mobile
porting
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB1410841.9A
Other versions
GB2517276B (en
GB201410841D0 (en
Inventor
Jonathan Mark Alford
John Petersen
Patrick Carroll
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Validsoft UK Ltd
Original Assignee
Validsoft UK Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Validsoft UK Ltd filed Critical Validsoft UK Ltd
Priority to GB1410841.9A priority Critical patent/GB2517276B/en
Publication of GB201410841D0 publication Critical patent/GB201410841D0/en
Priority to PCT/GB2014/053498 priority patent/WO2015193629A1/en
Publication of GB2517276A publication Critical patent/GB2517276A/en
Application granted granted Critical
Publication of GB2517276B publication Critical patent/GB2517276B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/108Remote banking, e.g. home banking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/04Recording calls, or communications in printed, perforated or other permanent form
    • H04M15/06Recording class or number of calling, i.e. A-party or called party, i.e. B-party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/70Administration or customization aspects; Counter-checking correct charges
    • H04M15/705Account settings, e.g. limits or numbers or payment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M17/00Prepayment of wireline communication systems, wireless communication systems or telephone systems
    • H04M17/10Account details or usage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M17/00Prepayment of wireline communication systems, wireless communication systems or telephone systems
    • H04M17/10Account details or usage
    • H04M17/103Account details or usage using SIMs (USIMs) or calling cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/16Communication-related supplementary services, e.g. call-transfer or call-hold
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support

Abstract

A method of detecting porting or redirection of a mobile telephone number comprises: receiving a response message from a mobile device after a telephone call has been placed to a first mobile telephone number, or a message has been sent to the first mobile telephone number, the response message including an apparatus identifier (IMEI, MEID) associated with the mobile device and a subscriber identifier (IMSI) associated with the mobile device. The method further comprises comparing the received apparatus identifier to an apparatus identifier associated with the first mobile telephone number and comparing the received subscriber identifier to a subscriber identifier associated with the first mobile telephone number. The results of the comparisons are indicative of porting or redirection of the first mobile telephone number. The method is used to detect fraudulent interception of an authentication telephone call to a user in an internet banking transaction.

Description

DETECTING PORTING OR REDIRECTION OF A MOBILE TELEPHONE NUMBER
[0001] This invention relates to a method and apparatus for detecting porting or redirection of a mobile telephone number. In particular, the method and apparatus are arranged to detect whether a telephone call placed to a mobile telephone number, or a message sent to the mobile telephone number, has been redirected or received by a mobile device having a different subscriber identity due to porting.
[0002] Porting of a mobile telephone number comprises associating a mobile telephone number with a new subscriber identifier. For a 3 Generation Partnership Project (3GPP) compliant network and mobile device, the subscriber identifier is usually stored upon a Subscriber Identity Module (SIM) card connected to the mobile device. Alternatively, the subscriber identifier can be stored within the mobile device itself in hardware or software.
Mobile telephone number porting may alternatively be referred to herein as a SIM swap, though this term should be construed broadly to refer to all forms of mobile telephone number porting. A SIM swap may legitimately occur if a mobile phone customer changes Mobile Network Operator (MNO) or if the SIM card has to be replaced.
[0003] Certain embodiments of the invention relate to detecting misuse of a transaction authentication system. The transaction authentication system may comprise placing an authentication telephone call or sending an authentication message to a registered mobile telephone number in connection with an Internet banking or mobile banking application.
Certain embodiments of the present invention are able to detect fraudulent interception of the authentication telephone call or message by detecting redirection or porting of the mobile telephone number.
BACKGROUND
[0004] With the increase in both the volume and sophistication of fraudulent attacks against electronic commerce, and in particular Internet banking applications, many providers have been forced to adopt greater security protection.
[0005] One such form of protection, which has been widely deployed by banks to protect Internet banking applications, is known as Out-of-Band (OOB) Authentication. OOB authentication requires the authentication of the customer, and optionally the verification of the transaction content, to be performed on an COB channel, as distinct to the channel (for instance, the Internet) on which the transaction is being transmitted. The OOB channel is typically a mobile telephone channel in which a customer is asked to respond by either by speaking or by pressing telephone buttons, or otherwise, to generate Dual Tone Multiple Frequency (DTMF) signals. Alternatively, a Simple Messaging System (SMS) message may be sent. Other protocols may be used to send messages through the mobile telephone channel, including Multimedia Messaging System (MMS).
[0006] The OOB authentication call or messaging is typically performed automatically by telecommunications based software operated by the bank or other organisation, such as an outbound Interactive Voice Response (IVR) system. A mobile telephone number which has previously been registered with the bank can be selected by the bank customer, for instance through an Internet bank portal, during an attempt to access bank account details, or to make a transaction. Selection of the mobile telephone number triggers the IVR platform to place a call to that mobile telephone number. This pre-registration of the mobile telephone number to be used comprises a "second factor" in the authentication process. Alternatively, the telephone call may be placed by the IVR platform at any time, with the IVR platform selecting the telephone number to call. For the example of accessing bank details through a bank Internet portal, the online authentication process usually requires some form of knowledge such as a username and password combination to initially access the Internet banking portal (this knowledge being the "first factor" in the authentication process). Typically this form of two-factor authentication provides the user with a onetime-pass-code (OTP) through the Internet channel with which to complete the transaction during the authentication call placed by the IVR platform to the bank customer.
Alternatively, the OTP code may be provided through the authentication call, for the user to enter using the bank Internet portal.
[0007] However, a fraudster may try to compromise this form of two-factor authentication, by using techniques to gain effective control of a registered mobile telephone number associated with a customer for completion of a fraudulent transaction (for instance assuming that the fraudster has also, separately, fraudulently accessed the bank account details of the customer through the bank Internet banking portal).
Accordingly, it is then possible for the fraudster to provide or receive the authentication information during the telephone authentication call and then perform a transaction to defraud the customer or the bank.
[0008] A first way in which a fraudster may try to gain effective control of a registered mobile telephone number of a bank customer (or more generally, a user of any organisation or service which places authentication telephone calls) is to identify a MNO for which the customer is a subscriber. The fraudster can then impersonate the subscriber to the MNO and request from the MNO that the telephone number be ported from the current subscriber identifier to a new subscriber identifier. For a 3GPP MNO this involves porting the mobile telephone number from the current SIM to a new SIM that has been acquired by the fraudster. This is the same process, known as a SIM swap, that would be performed legitimately if a subscriber changed MNO or required a new SIM for instance due to having lost their existing telephone or damaged the SIM. The only difference is that the fraudster is, in effect, carrying out the process on behalf of the legitimate subscriber by impersonating that subscriber before the MNO.
[0009] Having ported the user's mobile telephone number to the fraudster's subscriber identifier, a fraudster can then complete fraudulent transactions as described above. The fraudster simply selects the ported telephone number to use for authentication and the authentication call or message will be received automatically at the fraudster's mobile telephone. The genuine subscriber will only be aware of the mobile telephone number being ported to another subscriber identifier when they realise that they are not receiving telephone calls and messages, and contact their MNO. By this stage, however, the fraud has been perpetrated and the funds stolen. Similarly, the fraudster may perform a transaction over another banking channel, such as telephone banking or card-not-present transactions, in the knowledge that the bank's risk engine (used to detect potentially fraudulent transactions based upon the properties of the transaction) may well trigger an attempt to contact the customer prior to authorisation to seek to confirm that the transaction is genuine. In this situation, the fraudster can intercept this follow up call and falsely confirm to the bank that the fraudulent transaction as genuine.
[0010] An existing technique for detecting a mobile telephone number porting (which may indicate fraud) before, during or after placing an authentication telephone call or sending an authentication message to a mobile telephone number is to send an independent Mobile Application Part (MAP) protocol request to a Home Location Register (HLR) of the bank customer's MNO. The HLR returns a subscriber identifier, which may be compared with a subscriber identifier associated with the mobile telephone number and stored by the authentication system. The associated subscriber identifier may be locally stored. This subscriber identifier information is always present within the HLR. If the subscriber identifiers do not match, this indicates that the mobile telephone number has been ported (potentially fraudulently). In response to detecting mobile telephone number porting a mobile telephone based strong authentication system may then prevent a successful authentication and therefore also prevent transaction authorisation occurring using the mobile telephone number in question. Alternatively, a different form of authentication call may proceed in which additional security information is requested.
[0011] For a mobile telephone, the subscriber identifier may be an International Mobile Subscriber Identity (IMSI) or equivalent unique subscriber identifier. As noted above, typically, the IMSI or other subscriber identifier is stored on a smart card located within the mobile device, for instance on the SIM card for 3GPP networks and within the phone direction or on a Removable User Identity Module (R-UIM) for cdmaOne and CDMA2000 networks. Strictly, the subscriber identifier does not identify the actual subscriber; rather it identifies a network account, which in turn is associated with a mobile device and a mobile telephone number. Typically, the MNO stores subscriber details in association with the subscriber identifier. When reference is made in the present specification to a subscriber identifier it should be understood that this refers to an account identifier that may be matched to an actual subscriber only if that information is held by the MNO.
(0012] A second way in which a fraudster may try to gain effective control of a registered mobile telephone number is by redirecting the mobile phone number to the fraudster's mobile device. Call-Forward Unconditional (CFU) is a standard industry term for the redirection of telephone calls including mobile telephone calls from one telephone number to another at the network level. A fraudster may illegitimately set up CFU for a customer's mobile telephone number by identifying the customer's MNO. The fraudster can then impersonate the customer to the telephone network operator and request that all calls to the customer's number are forwarded to another telephone number associated with the fraudster. As for the above described fraud via mobile telephone number porting, the genuine customer may only become aware of their telephone calls being forwarded by speaking to their MNO to query why calls are not being received.
(0013] An existing technique for an organisation to detect whether a telephone call has been, or will be, redirected (which may indicate fraud, but may also indicate that the user has legitimately set up CFU) is to send an independent MAP protocol request to a HLR of the bank customer's MNO. The HLR contains an indicator showing this whether CFU is active for that mobile telephone number along with the actual call-termination telephone number. This information is always present within the HLR. If a (potentially fraudulent) CFU is detected, then an authentication call may proceed as outlined above.
(0014] The existing techniques described above seek to identify mobile telephone number porting or redirection use real-time access to a HLR. In the case of a mobile telephone number porting, the subscriber identifier obtained may be compared either to an initial baseline (the subscriber identifier stored when the mobile telephone number is registered) or the subscriber identifier prevailing at the time of the last known genuine transaction. The trigger event for performing this lookup is some form of transaction authentication or follow-up contact to the customer's mobile telephone, via either a telephone call or a sent message.
(0015] One potential drawback to using HLR network data is that some MNOs use a technique known as Home Routing to ensure that all SMS traffic for their subscribers flows through their own network. A by-product of this is that they may mask or scramble the IMSI obtained from the HLR, rendering it impossible to detect mobile telephone number porting using HLR information. Another potential drawback to using HLR network data is the reliance on MNOs to provide access to the HLR without demanding unreasonable fees. This may make it impossible to provide a reliable and cost effective service for detecting CFU status and mobile telephone number porting.
(0016] Accordingly, it is an aim of certain embodiments of the invention to solve, mitigate or obviate, at least partly, at least one of the problems and/or disadvantages associated with the prior art. Certain embodiments aim to provide at least one of the advantages described below. In particular, it is an aim of certain embodiments of the present invention to provide a method and apparatus capable of detecting redirection of a mobile telephone call or mobile telephone number porting. At least one embodiment of the present invention aims to provide a smart-phone resident application to protect mobile telephones based authentication systems from fraudulent misuse through mobile telephone number porting or redirection.
BRIEF SUMMARY OF THE DISCLOSURE
[0017] According to a first aspect of the present invention there is provided a method of detecting porting or redirection of a mobile telephone number, the method comprising: receiving a response message from a mobile device after a telephone call has been placed to a first mobile telephone number, or a message has been sent to the first mobile telephone number, the response message including an apparatus identifier associated with the mobile device and a subscriber identifier associated with the mobile device; comparing the received apparatus identifier to an apparatus identifier associated with the first mobile telephone number; and comparing the received subscriber identifier to a subscriber identifier associated with the first mobile telephone number; wherein the results of the comparisons are indicative of porting or redirection of the first mobile telephone number.
[0018] Fraud may be reduced by providing the ability for a bank or other organisation to detect redirection of a telephone call or mobile telephone number porting during a telephone call to a customer or user or when a message is sent to the customer using a previously registered telephone number. Additionally, advantageously certain embodiments of the present invention are able to distinguish between some types of legitimate mobile telephone number porting and potentially fraudulent mobile telephone number porting.
[0019] The method may further comprise: receiving a request to detect porting or redirection of the first mobile telephone number; and returning a result indicating whether porting or redirection of the first mobile telephone number is detected; wherein the request includes an apparatus identifier and a subscriber identifier associated with the first mobile telephone number, or the method further comprises retrieving an apparatus identifier and a subscriber identifier associated with the first mobile telephone number.
[0020] The response message may further include a second mobile telephone number, and the method further comprises: matching the second mobile telephone number received in the response message to the first mobile telephone number used to place the telephone call or to send the message; and retrieving the apparatus identifier and the subscriber identifier associated with the first mobile telephone number.
[0021] According to a second aspect of the present invention there is provided a transaction authentication method comprising receiving a request for authentication of a transaction from a remote user; placing a telephone call to the first mobile telephone number, or sending a message the first mobile telephone number; and performing a method of detecting porting or redirection of a mobile telephone number according to any one of the preceding claims; wherein the telephone call comprises an authentication call, or the message comprises an authentication message, within a transaction authentication system; and wherein the results of the comparisons are indicative of potentially fraudulent porting or redirection of the first mobile telephone number.
[0022] The method may further comprise: if at least one of the received apparatus and subscriber identifiers matches a corresponding identifier associated with the first mobile telephone number, determining that there is no fraudulent porting or redirection of the first mobile telephone number; and if neither of the received apparatus and subscriber identifiers matches a corresponding identifier associated with the first mobile telephone number, determining that there is potentially fraudulent porting or redirection of the first mobile telephone number.
[0023] The method may further comprise: determining if a response message is received from a mobile device after a telephone call has been placed to the first mobile telephone number, or a message has been sent to the first mobile telephone number; and if no response message is received, determining that there is potentially fraudulent porting or redirection of the first mobile telephone number.
[0024] The method may further comprise: communicating authentication information through the authentication call or the authentication message; and authenticating a transaction based upon the communicated authentication information and whether it is determined that there is potentially fraudulent porting or redirection of the first mobile telephone number.
[0025] If a first one of the apparatus and subscriber identifiers received in the response message matches a corresponding first identifier associated with the first mobile telephone number, and a second one of the received apparatus and subscriber identifiers fails to match a corresponding second identifier associated with the first mobile telephone number, the method may further comprises: replacing the second identifier associated with the first mobile telephone number with the second identifier received in the response message.
[0026] If neither of the received apparatus and subscriber identifiers matches a corresponding identifier associated with the first mobile telephone number, the method may further comprise: requesting additional identifying information from the remote user; receiving additional identifying information from the remote user; verifying the received additional identifying information; and replacing the identifiers associated with the first mobile telephone number with the identifiers received in the response message.
[0027] According to a third aspect of the present invention there is provided a method of operating a mobile device, the method comprising: receiving a telephone call or a message; and sending a response message to a porting and redirection detection system, the response message including an apparatus identifier associated with the mobile device and a subscriber identifier associated with the mobile device.
[0028] The response message may further include a second mobile telephone number.
[0029] The method may further comprise: determining whether the telephone call or the message originates from a predetermined source; wherein the response message is only sent if the telephone call or the message originates from the predetermined source.
[0030] Each mobile telephone number may comprise a Mobile Subscriber Integrated Services Digital Network Number, MSISDN; each apparatus identifier may comprise an International Mobile Station Equipment Identifier, IMEI, an IMEI Software Version, IMEISV, or a Mobile Equipment Identity, MElD; and each subscriber identifier may comprise an International Mobile Subscriber Identity, IMSI.
[0031] The response message is received from the mobile device as a message sent through the mobile channel or as a message sent through a data network connection.
[0032] According to a fourth aspect of the present invention there is provided a porting and redirection detection system arranged to implement the above method.
[0033] According to a fifth aspect of the present invention there is provided a transaction authentication system arranged to implement the above method.
[0034] According to a sixth aspect of the present invention there is provided a mobile device arranged to implement the above method.
[0035] Another aspect of the invention provides a computer program comprising instructions arranged, when executed, to implement a method in accordance with any one of the above-described aspects. A further aspect provides machine-readable storage storing such a program.
BRIEF DESCRIPTION OF THE DRAWINGS
[0036] Embodiments of the invention are further described hereinafter with reference to the accompanying drawings, in which: Figure 1 is a schematic drawing of a normal IVR call flow; Figure 2 is a schematic drawing of an 1W call flow when a mobile telephone number has been ported or redirected illegitimately by a fraudster; Figure 3 is a schematic drawing of a system for detecting porting or redirection of a mobile telephone number, forming part of a transaction authentication system, in accordance with an embodiment of the piesent invention; Figure 4 is a flowchart illustrating a method of operating a porting and redirection server in accordance with an embodiment of the present invention; Figure 5 is a flowchart illustrating a method of operating a mobile device in accordance with an embodiment of the present invention; and Figure 6 is a flowchart illustrating a method of authenticating a user during a telephone call, including detecting porting or redirection of a mobile telephone number, according to an embodiment of the present invention.
DETAILED DESCRIPTION
[0037] Certain embodiments of the present invention relate to a method and system for identifying whether a call which has been placed to a called party has been redirected from the mobile telephone number which was used to place the call or if mobile telephone number porting has been peiformed. The call forwarding may be through a CFU status set by the network operator.
[0038] The present invention is of particular relevance to mobile telephone calls or messages placed by or sent by a bank or other financial services provider to perform COB authentication, for instance to authenticate a bank customer attempting to peiform a transaction through an Internet banking portal. An authentication message may comprise an SMS message or a MMS message sent to the mobile telephone nuniber, or other messaging protocols in which a message is sent directly to a mobile telephone number using the mobile telephone channel. This scenario comprises an outbound call or message being placed or sent by an initiating party (for example a bank or other organisation) to a mobile telephone number associated with a mobile telephone previously registered by a customer when an attempt is made to access that customer's account (or make a transaction) using an Internet banking portal. The call may be placed and processed by an automated system and/or a human operator. Alternatively, a message such as an SMS message may be automatically sent.
[0039] Typically, an automated call managed by an IVR platform. An IVR call may make take several forms. For instance, an authentication code may be provided to a customer accessing an Internet bank portal and the IVR platform asks the called party to provide the code. Alternatively, the process may be reversed and the IVR platform may provide an authentication code to the called party, which may then be entered using the Internet bank portal. More generally, an IVR platform may ask the customer to confirm identity and account details, whether using voice commands and/or by providing DTMF signals to choose from multiple menu options. IVR calls are not restricted to authenticating access to an Internet bank portal, and in particular they are not restricted to authenticating access at the time that access is being made. For instance, an IVR call to a bank customer may be placed at any time to resolve previously noted potentially fraudulent account activity, or for other interactions between an organisation and its customers or users (typically where some level of effective authentication and security is appropriate).
[0040] The term "mobile device" as used within the present specification is intended to refer to all mobile devices including telephones capable of accessing wireless communications networks including terrestrial networks such as cellular networks and satellite networks. The mobile device may be a cell phone, mobile telephone, smartphone, PDA, computing device, tablet or the like. A mobile device conventionally carries multiple identifiers, including an apparatus identifier to identify the mobile device itself, and a subscriber identifier to identify a MNO customer. A mobile telephone number is associated with the subscriber identity and used to place telephone calls and send messages to that subscriber. A subscriber identifier may comprise an IMSI as described above. For mobile devices for accessing 3GPP networks the apparatus identifier may comprise an International Mobile-Station Equipment Identifier (IMEI) or IMEI Software Version (IMEISV) which is stored within the device itself in hardware or software. For a cdmaOne or CDMA2000 network the apparatus identifier may comprise a Mobile Equipment Identifier (MElD). The mobile telephone number associated with the subscriber identifier may comprise a Mobile Subscriber Integrated Services Digital Network Number (MSISDN).
[0041] Referring to Figure 1, this shows a conventional IVR authentication call path, which would be undertaken when an outbound IVR call is placed to a user 116. It will be appreciated that in the event of an authentication message, the message path will be the same. An IVR platform 110 places a call to a mobile telephone number associated with a mobile telephone 114 owned or used by user 116. Specifically, Figure 1 shows the call being connected to an MNO 112 associated with the mobile telephone number used to place the call. The MNO 112 in turn connects the call to the associated mobile telephone 114, which is answered bythe user 116 as the called party. In the example of Figure 1, the outbound placed authentication call (alternatively, a resolution call if it relates to resolving the authentication of the called party) is answered legitimately by the user 116 as the called party. The term "called party" refers to the person who actually answers a telephone call. In the event of an authentication message, the equivalent to the called party is the message recipient. In the example of Figure 1 there is no forwarding of the call to another telephone number or SIM swap.
[0042] Referring to Figure 2, this shows a conventional IVR call path in the event of the telephone call being redirected to another end point as a result of a CFU request or as a result of mobile telephone number porting. As before, the IVR platform 110 places a call to the mobile telephone number associated with mobile telephone 114, except this time the call is redirected to a mobile telephone 118 by the network operator 112 as a result of a fraudulent CFU or mobile telephone number porting request made by a fraudster 120 to the MNC 112. The call is answered by the fraudster 120 as the called party. In the event of an authentication message, the authentication message is received by the fraudster 120 in the event of a SIM swap operation. For some MNOs, the CFU status affects only telephone calls and not the delivery of messages. It will be appreciated that the call forwarding request or SIM swap request may have been legitimately made by the user 116, for instance if the user 116 is away from the location of their normal mobile telephone 114 (e.g. for a CFU request) or because they have changed MNO (for a SIM swap request).
[0043] Referring to Figure 3, this illustrates components of a transaction authentication system (alternatively referred to as a fraud detection system). The transaction authentication system includes components for detecting porting and redirection of a mobile telephone number in accordance with an embodiment of the invention.
Advantageously, the present invention is not reliant on MNO HLR data, and so is not affected by home routing networks or masked IMSIs, and does not require any payment to MNOs. This results in certain embodiments of the present invention having better reliability and availability than known techniques for detecting CFU and porting. The porting and redirection detection system is capable of detecting mobile telephone number porting and a CFU status, which may be indicative of attempted fraud (but may have legitimate explanations). Advantageously, the porting and redirection system is able to distinguish certain types of non-fraudulent porting of a mobile telephone number. The system is arranged to determine whether an authentication call or authentication message placed to or sent to a mobile telephone number, as described above in connection with Figures 1 and 2, has been redirected (for instance, but not exclusively) through the use of a CFU status or subjected to mobile telephone number porting.
[0044] Figure 3 shows a transaction server 200 arranged to conduct a remote transaction with remote user (a customer) across a network such as the Internet (customer and network not shown). It will be understood that the operation of the transaction server and its interaction with the customer, for instance via a point of sale or the customer's computer may be entirely conventional. The transaction may comprise accessing an Internet banking portal, performing a banking transaction using an Internet banking portal, making an online or shop purchase, performing a transaction at an Automatic Teller Machine (ATM) or any other form of transaction in which a transaction server is required to authorise and I or execute a transaction made by a remotely located customer. Indeed, the present invention is not limited to banking transactions and is applicable to the detection of fraud for any GOB authentication system based upon a mobile telephone channel. The transaction server 200 may incorporate the IVR platform 110 shown in Figures 1 and 2, or may be separate from the IVR platform 110 (as shown) and communicate with the IVR platform 110 in order to perform OOB authentication of the remote user. The IVR platform 110 places an authentication telephone call, or sends an authentication message, to a mobile telephone number registered and associated with the customer purportedly requesting the remote transaction. The authentication telephone call or message is placed or sent via the MNO 112 associated with the registered mobile telephone number. Figure 3 shows the authentication telephone call or message being received by a mobile device 206. In the absence of fraud, the mobile device 206 will be a mobile device owned or used by the customer requesting the remote transaction.
However, in the event of fraud the mobile device 206 that receives the authentication call or the authentication message is owned or used by the fraudster who is attempting to perform a fraudulent transaction.
[0045] The transaction server 200 communicates transaction information to a bank risk engine 202. The bank risk engine is responsible for determining whether a remotely executed transaction is genuine or fraudulent (or a probability of fraud). It will be understood that in the case of transaction authentication other than for banks, a similar form of risk engine is used. The bank risk engine 202 may be entirely conventional, and may perform a risk assessment based upon factors including the size and location of the transaction and previous account activity for the bank customer. The bank risk engine 200 determines whether a transaction is likely to be fraudulent or not, based on variables, strategies and various data sources. The risk engine or server 200 may be provided by a bank or other financial institution. In certain embodiments of the invention, the bank risk engine 202 and the transaction server 200 may be combined (optionally including the IVR platform 110). In certain embodiments, the transaction server 200 may not be considered to be part of the fraud detection system, and may communicate requests for an assessment of the risk of fraud to the fraud detection system (specifically the bank risk engine 202).
[0046] The fraud detection system further comprises a mobile telephone number porting and redirection detection server, referred to hereafter as a porting and redirection detection server 204. The porting and redirection detection server 204 is arranged to receive a request from the bank risk engine 202 for an indication of whether mobile telephone number porting or redirection has taken place (or an indication that is may have taken place) affecting the authentication call or authentication message placed to or sent to the mobile device 114 associated with the bank customer 118 (not shown) via the bank customer's MNO 112. Alternatively, the porting and redirection detection server 204 may return a result indicating that the authentication telephone call or message has been (or it probably has been) received by the customer, or whether potentially the authentication telephone call or message has been fraudulently intercepted. This result is based upon detecting changes in apparatus and subscriber identifiers at the mobile device receiving the authentication call or message and identifying changes indicative of potential fraud.
[0047] In some embodiments of the invention, the bank risk engine 202 and the porting and redirection detection server 204 may be combined or collocated and operated by the bank (or other organisation implementing an authentication system). In other embodiments the porting and redirection detection server 204 may be operated by a separate organisation as a service to the bank, and may be remotely located. Requests from the bank risk engine 202 may be received through a packet data network such as the Internet, for instance as a web service request through a web service API.
[0048] In some embodiments a request is sent from the bank risk engine 202 in respect of every transaction for which the bank risk engine 202 performs a risk assessment. In other embodiments the request may be made only where the bank risk engine 202 determines that the risk of fraud exceeds a threshold. It will be appreciated that the bank risk engine 202 and the porting and redirection detection server 204 may be combined.
Alternatively the bank risk engine 202 may be omitted such that the porting and redirection detection server 204 is solely responsible for detecting possible fraudulent attempts to intercept the COB authentication telephone call or message. If the bank risk engine 202 is omitted, then optionally the porting and redirection detection server 204 and the transaction server may be combined (and optionally also the IVR platform). It will be appreciated that the present invention is not dependent upon any one particular hardware configuration.
[0049] The porting and redirection detection server 204 is a first component of the present invention for detecting mobile telephone number porting or redirection. A second component comprises software installed upon the mobile device 206. The software may comprise an "always on" smart-phone resident application running in a background mode and only triggered by certain events. The smart-phone application is preinstalled by a bank customer as part of a registration process for using the transaction authentication system. The term "smart-phone application" as used herein should be interpreted broadly to include a software application installed upon a mobile device, for instance resident within the operating system of the device, or running within an environment provided by the operating system. The application may alternatively reside within a SIM card. No particular hardware or software configuration of the mobile device is intended or should be assumed, beyond the ability to transmit apparatus and subscriber identifiers to the porting and redirection detection server 204, as will be described below. The software application may also be an application (or "app") of the kind commonly downloaded to smartphones or other mobile devices, or the software may be resident as a component of the underlying operating system of the mobile telephone or smartphone itself.
(0050] According to one embodiment, the smart-phone application is installed upon a subscriber's phone. This may form pad of an existing internet banking application installed on the subscriber's phone or it may be separate. The functionality desciibed within the present document may form pad of an extension to an existing smart-phone application.
The installed application is able to monitor, profile and report back on the device to the porting and redirection detection server. The application is arranged to monitor received phone calls and messages and detect when a phone call or message is received from a specific origination address, for instance a bank fraud centre. The application is arranged to send a message to the porting and redirection server in the event that such a phone call or message is received. The application is arranged to include device and subscriber information, for instance the IMEI and the IMSI within the message.
(0051] When a device is called or a message is received the application installed on the phone may first send a message to the porting and redirection server to indicate the device has just received an incoming call or message, before the subscriber and device information is sent. This will verify that the specific enrolled device has received the call from the expected origination address and then the customer has therefore been contacted.
(0052] Both the device address (mobile number) and the application are tied to the IMEI and IMSI combination on the device at installation and registration. The IMSI is verified by both the application itself and by the network. The mobile number must correlate to the customer's account. To install the application on another phone the fraudster would have to perform a SIM Swap and reenrolment of the application on a new device. In order to secure the application, in certain embodiments a strong form of authentication may be used at enrolment, such as a biometric test.
(0053] According to certain embodiments the application exchanges a stream of unique sequencing numbers with the porting and redirection server to ensure spoofed messages cannot be injected into the message exchange.
(0054] In order to compare the IMEI and IMSI information received from the application, the porting and redirection server must separately obtain this information from the bank risk engine or the transaction server.
(0055] The trigger events for the smart-phone application are the receipt of an authentication message (such as an SMS or MMS message) or receipt of an authentication telephone call where the sender or telephone call originator is identified as a predetermined party, such as specific bank or one of a number of specific banks. Upon the event trigger the smart-phone application obtains from the mobile device (including a SIM or U-SIM if provided) an apparatus identifier and a subscriber identifier. The apparatus identifier may, for instance, be an IMEI and the subscriber identifier may, for instance, be an IMSI. The smart-phone application transmits these identifiers to the porting and redirection detection server 204 as part of a response message. The response message may further include the mobile telephone number associated with the subscriber identity (for instance the MSISDN associated with the IMSI). Including the mobile telephone number within the response message makes it easier for the redirection detection server 204 to cross match a response message to a request received from the bank risk engine 202. The response message may be sent, for instance, as an SMS or MMS message. Alternatively, it may be sent via a packet data network connection.
[0056] The porting and redirection detection server 204 is aware to expect a response message from a mobile device 206 as a result of a request from the bank risk engine 202.
The request includes the mobile telephone number (used for the authentication call or message). If a response message is received then the mobile telephone number contained within the request can be used to retrieve an apparatus identifier and a subscriber identifier associated with the mobile telephone number. Alteinatively, the identifier information may be retrieved as soon as the request is received from the bank risk engine 202. The apparatus identifier, subscriber identifier and mobile telephone number information can be stored locally by the porting and redirection server 204, or retrieved from a remote location. As a further option, this information may be received as part of the request from the bank risk engine 202. This stored information may comprise either the apparatus and subscriber identifiers provided at the time of the customer registering for the transaction authentication system (a base line set of information) or the identifiers prevailing at the time of the last known legitimate transaction (if the system allows for this information to be updated without re-registration by the customer, to take account of legitimate changes in the identifiers as discussed below).
[0057] If a response message is received, the received apparatus and subscriber identifiers in the response message can be compared with the identifiers associated with the mobile telephone number and retrieved by the porting and redirection detection server 204. If the response message includes the mobile telephone number associated with the subscriber identifier at the mobile device, this makes it easier to correlate response messages and retrieved identifier information.
[0058] If an expected response message is not received by the porting and redirection detection server 204 it may be that the authentication telephone call or message never reached the bank customers mobile device due to being redirected to another telephone at the network level (potentially fraudulently). In the event of fraudulent mobile telephone number porting, no received response message indicates that the fraudster has not installed the smart-phone application on their mobile device. Alternatively, in the absence of fraud, the bank customer's mobile device may be temporarily unable to send the response message, or the smart-phone application may not be working. The porting and redirection detection server 204 may return a message to the bank risk engine 202 indicating that potentially the mobile telephone number used for the authentication call or message has been fraudulently ported or redirected.
[0059] If the porting and redirection detection server 204 cannot locate stored apparatus and subscriber identifiers for the mobile telephone number contained within the request from the bank risk engine, then it returns an error message to the bank risk engine 202. In certain embodiments if no identifiers are stored then any identifiers received from a mobile device within a response message may be newly stored as part of an authentication registration process. If a response message is received without any corresponding request being received from the bank risk engine 202 then any response message received may be ignored, or used to store identifier and mobile telephone number information. This situation could arise where the customer has registered for the smart-phone application but the bank doesn't consider a particular transaction of high enough risk to perform a SIM swap check.
[0060] If a request for porting and redirection detection is received, and a response message is received, then the received identifier information is compared with the identifier information associated with the mobile telephone number used for the authentication call or message. A message is returned to the bank risk engine 202 identifying whether there is potential fraud according to the results of the comparison, as shown in Table 1.
Subscriber Apparatus Potential Explanation identifiers identifiers Fraud? Same Same No Legitimate: no change from the registered subscriber and apparatus identifiers for the mobile telephone number associated with the bank customer.
Same Different No Legitimate: the bank customer has transferred their registered subscriber identifier to a new mobile device.
Different Same No Legitimate: the bank customer has ported their mobile telephone number to a new subscriber identifier, but continues to use the same mobile device.
Different Different Yes Legitimate: the bank customer has ported their mobile telephone number to a new subscriber identifier at the same time as obtaining a new mobile device (and has installed the smart-phone application on the new device, but has not informed the bank or other organisation).
Fraudulent: a fraudster has ported the mobile telephone number to their own device (and the fraudster has installed the smart-phone application).
Fraudulent: a fraudster has performed a redirection operation (and the fraudster has installed the smart-phone application).
[0061] Table 1
[0062] As can be seen from Table 1, advantageously an embodiment of the present invention is able to distinguish between one type of legitimate mobile telephone number porting (where the same mobile device continues to be used) and fraudulent attempts to gain control over the mobile telephone number. The embodiment of the present invention cannot distinguish between fraud and a customer legitimately changing their subscriber identifier and their mobile device (for instance when changing MNO) while retaining their mobile telephone number. However, under those circumstances, a separate mechanism may be provided for the customer to update their identifiers held by the transaction authentication system, for instance by providing additional identifying information through an authentication telephone call.
[0063] Typically, redirection through changing a CFU status has no effect on messages; it only pertains to voice calls. In the event of an authentication message when a fraudster has changed the CFU status of a bank customer's mobile telephone number, the bank customer will receive the authentication message, and not the fraudster. The response message sent to the porting and redirection detection server 204 will not trigger a fraud alert. However, the bank customer is likely to be aware that no transaction has been requested, and their further investigations may reveal the fraudulent redirection of their mobile telephone number. Furthermore, the fraudster will not receive the information they require to complete the fraudulent transaction.
[0064] In the event that one received identifier matches and one received identifier differs from the identifiers stored in association with the mobile telephone number, (the second and third lines in Table 1, indicated as being legitimate), the porting and redirection server 204 may be arranged to store the updated identifier information. This storage may be local, in the event that the server 204 locally stores identifier and mobile telephone number information, remote in the event of remote storage, or comprise the server 204 returning this information to the bank risk engine 202, together with an indication that there is no suspected fraud and an instruction to update the identifier information stored at the bank risk engine 202.
[0065] In the event that both identifiers differ, the transaction authentication system, and specifically the IVR platform, may be arranged to perform a different or an extended authentication process (in place of simply refusing the transaction). If the transaction is ultimately authenticated, this indicates that bank customer has legitimately changed both their subscriber identifier and their apparatus identifier. Again, this updated identifier information may be used to replaced stored identifier information.
[0066] Each bank customer may have more than one mobile telephone number (which they may select from to receive an authentication call or message). The database of stored identifier and mobile telephone information may further include details of the bank customer to reflect this possibility of multiple entries.
[0067] Referring now to Figure 4, a method of operating a porting and redirection server 204 will now be described in accordance with an embodiment of the present invention. At step 400 a request for detection of porting or redirection is received from a bank risk engine 202. At step 402 a check is made whether a response message is received from a mobile device 206 (in response to the initiation of an authentication call or sending of an authentication message by the IVR platform 110. It will be appreciated that in some embodiments the response message may be received before the request. If no response message is received, then at step 404 an error message is returned to the bank risk engine 202.
[0068] If a response message is received at step 402, then at step 406 the porting an redirection server 204 retrieves apparatus and subscriber identifiers stored for a mobile telephone number contained within the request (unless the identifiers are contained within the request). At step 408 apparatus and subscriber identifiers received within the response message are compared to the corresponding identifiers stored in connection with the mobile telephone number. At step 410 a result of the comparison and I or an indication of whether fraud is potentially present is returned to the bank risk engine. Optionally, at step 412 if either identifier did not match then the bank risk engine 202 may return updated identifiers to be stored in association with the mobile telephone number.
[0069] Referring now to Figure 5, a method of operating a mobile device 206 will now be described in accordance with an embodiment of the present invention. At step 500 the mobile device receives a telephone call or a message. At step 502 a check is made to determine whether the telephone call or message is from a predetermined source. If not, then the method stops at step 504. However, if the telephone call or message is from a predetermined source, then at step 506 an apparatus identifier and a subscriber identifier for the mobile device are obtained. At step 508 the obtained identifiers are sent to the porting and redirection server 204.
[0070] Referring now to Figure 6, an authentication method implemented by a transaction authentication system will now be described in accordance with an embodiment of the present invention. At step 600 the transaction server 200 receives a request for authentication of a transaction. At step 602, in response to an instruction from the transaction server 200, the IVR platform 110 places an authentication telephone call to a registered mobile telephone number. At step 604 the transaction server 200 sends a request for a determination of whether the transaction is genuine or fraudulent to bank risk engine 202. As part of this determination the bank risk engine 202 instructs the porting and redirection server 204 to determine whether the mobile phone number has been ported or redirected, in accordance with the method shown in Figure 4. At step 606 the transaction server 200 receives from the bank risk engine 202 an indication regarding whether fraud is suspected. If fraud is suspected then at step 610 a script indicating that the IVR call cannot proceed is played and the call ended at step 612. In alternative embodiments the fact that a call is determined to have been redirected or the mobile number ported may not be sufficient evidence, on its own, to suspect fraud and to not proceed with the IVR call. Alternatively, if no fraud is suspected, or the risk is judged to be acceptably low, then at step 614 a normal IVR call flow continues, which may include at step 616 either receiving or transmitting an OTP code. At step 618 the telephone call is ended.
[0071] It will be appreciated that embodiments of the present invention can be realized in the form of hardware, software or a combination of hardware and software. Any such software may be stored in the form of volatile or non-volatile storage, for example a storage device like a ROM, whether erasable or rewritable or not, or in the form of memory, for example RAM, memory chips, device or integrated circuits or on an optically or magnetically readable medium, for example a CD, DVD, magnetic disk or magnetic tape or the like. It will be appreciated that the storage devices and storage media are embodiments of machine-readable storage that are suitable for storing a program or programs comprising instructions that, when executed, implement embodiments of the present invention.
[0072] Accordingly, embodiments provide a program comprising code for implementing apparatus or a method as claimed in any one of the claims of this specification and a machine-readable storage storing such a program. Still further, such programs may be conveyed electronically via any medium, for example a communication signal carried over a wired or wireless connection and embodiments suitably encompass the same.
[0073] Throughout the description and claims of this specification, the words "comprise" and "contain" and variations of them mean "including but not limited to", and they are not intended to (and do not) exclude other components, integers or steps. Throughout the description and claims of this specification, the singular encompasses the plural unless the context otherwise requires. In particular, where the indefinite article is used, the specification is to be understood as contemplating plurality as well as singularity, unless the context requires otherwise.
[0074] Features, integers or characteristics described in conjunction with a particular aspect, embodiment or example of the invention are to be understood to be applicable to any other aspect, embodiment or example described herein unless incompatible therewith.
All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and/or all of the steps of any method or process so disclosed, may be combined in any combination, except combinations where at least some of such features and/or steps are mutually exclusive. The invention is not restricted to the details of any foregoing embodiments. The invention extends to any novel one, or any novel combination, of the features disclosed in this specification (including any accompanying claims, abstract and drawings), or to any novel one, or any novel combination, of the steps of any method or process so disclosed. It will be also be appreciated that, throughout the description and claims of this specification, language in the general form of X for Y" (where Y is some action, activity or step and X is some means for carrying out that action, activity or step) encompasses means X adapted or arranged specifically, but not exclusively, to do Y. [0075] The reader's attention is directed to all papers and documents which are filed concurrently with or previous to this specification in connection with this application and which are open to public inspection with this specification, and the contents of all such papers and documents are incorporated herein by reference.

Claims (17)

  1. CLAIMS: 1. A method of detecting porting or redirection of a mobile telephone number, the method comprising: receiving a response message from a mobile device after a telephone call has been placed to a first mobile telephone number, or a message has been sent to the first mobile telephone number, the response message including an apparatus identifier associated with the mobile device and a subscriber identifier associated with the mobile device; comparing the received apparatus identifier to an apparatus identifier associated with the first mobile telephone number; and comparing the received subscriber identifier to a subscriber identifier associated with the first mobile telephone number; wherein the results of the comparisons are indicative of porting or redirection of the first mobile telephone number.
  2. 2. A method according to claim 1, further comprising: receiving a request to detect porting or redirection of the first mobile telephone number; and returning a result indicating whether porting or redirection of the first mobile telephone number is detected; wherein the request includes an apparatus identifier and a subscriber identifier associated with the first mobile telephone number, or the method furthel comprises retrieving an apparatus identifier and a subscriber identifier associated with the first mobile telephone number.
  3. 3. A method according to claim 1 or claim 2, wherein the response message further includes a second mobile telephone number, and the method further comprises: matching the second mobile telephone number received in the response message to the first mobile telephone number used to place the telephone call or to send the message; and retrieving the apparatus identifier and the subscriber identifier associated with the first mobile telephone number.
  4. 4. A transaction authentication method comprising: receiving a request for authentication of a transaction from a remote user; placing a telephone call to the first mobile telephone number, or sending a message the first mobile telephone number; and performing a method of detecting porting or redirection of a mobile telephone number according to any one of the preceding claims; wherein the telephone call comprises an authentication call, or the message comprises an authentication message, within a transaction authentication system; and wherein the results of the comparisons are indicative of potentially fraudulent porting or redirection of the first mobile telephone number.
  5. 5. A method according to claim 4, further comprising: if at least one of the received apparatus and subscriber identifiers matches a corresponding identifier associated with the first mobile telephone number, determining that there is no fraudulent porting or redirection of the first mobile telephone number; and if neither of the received apparatus and subscriber identifiers matches a corresponding identifier associated with the first mobile telephone number, determining that there is potentially fraudulent porting or redirection of the first mobile telephone number.
  6. 6. A method according to claim 5, further comprising: determining if a response message is received from a mobile device after a telephone call has been placed to the first mobile telephone number, or a message has been sent to the first mobile telephone number; and if no response message is received, determining that there is potentially fraudulent porting or redirection of the first mobile telephone number.
  7. 7. A method according to claim 5 or claim 6, further comprising: communicating authentication information through the authentication call or the authentication message; and authenticating a transaction based upon the communicated authentication information and whether it is determined that there is potentially fraudulent porting or redirection of the first mobile telephone number.
  8. 8. A method according to any one of claims 4 to 7, wherein if a first one of the apparatus and subscriber identifiers received in the response message matches a corresponding first identifier associated with the first mobile telephone number, and a second one of the received apparatus and subscriber identifiers fails to match a corresponding second identifier associated with the first mobile telephone number, the method further comprises: replacing the second identifier associated with the first mobile telephone number with the second identifier received in the iesponse message.
  9. 9. A method according to any one of claims 4 to 8, wherein if neither of the received apparatus and subscriber identifiers matches a corresponding identifier associated with the first mobile telephone number, the method further comprises: requesting additional identifying information from the remote user; receiving additional identifying information from the remote user; verifying the received additional identifying information; and replacing the identifiers associated with the first mobile telephone number with the identifiers received in the response message.
  10. 10. A method of operating a mobile device, the method comprising: receiving a telephone call or a message; and sending a response message to a porting and redirection detection system, the response message including an apparatus identifier associated with the mobile device and a subscriber identifier associated with the mobile device.
  11. 11. A method according to claim 10, wherein the response message further includes a second mobile telephone number.
  12. 12. A method according to claim 1001 claim 11, further comprising: determining whether the telephone call or the message originates from a predetermined source; wherein the response message is only sent if the telephone call or the message originates from the predetermined source.
  13. 13. A method according to any one of the preceding claims, wherein each mobile telephone number comprises a Mobile Subscriber Integrated Services Digital Network Number, MSISDN; wherein each apparatus identifier comprises an International Mobile Station Equipment Identifier, IMEI, an IMEI Software Version, IMEISV, or a Mobile Equipment Identity, MElD; and wherein each subscriber identifier comprises an International Mobile Subscriber Identity, IMSI.
  14. 14. A method according to any one of the preceding claims, wherein the response message is received from the mobile device as a message sent through the mobile channel or as a message sent through a data network connection.
  15. 15. A porting and redirection detection system arranged to implement the method of any one of claims ito 3 and claims 14 and 15 when dependent upon claims 1 to 3.
  16. 16. A transaction authentication system arranged to implement the method of any one of claims 4 toG and claims 14 and 15 when dependent upon claims 4 to 9.
  17. 17. A mobile device arranged to implement the method of any one of claims 10 to 12 and claims 14 and 15 when dependent upon claims 10 to 12.
GB1410841.9A 2014-06-18 2014-06-18 Detecting porting or redirection of a mobile telephone number Active GB2517276B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB1410841.9A GB2517276B (en) 2014-06-18 2014-06-18 Detecting porting or redirection of a mobile telephone number
PCT/GB2014/053498 WO2015193629A1 (en) 2014-06-18 2014-11-26 Detecting porting or redirection of a mobile telephone number

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1410841.9A GB2517276B (en) 2014-06-18 2014-06-18 Detecting porting or redirection of a mobile telephone number

Publications (3)

Publication Number Publication Date
GB201410841D0 GB201410841D0 (en) 2014-07-30
GB2517276A true GB2517276A (en) 2015-02-18
GB2517276B GB2517276B (en) 2015-09-30

Family

ID=51266774

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1410841.9A Active GB2517276B (en) 2014-06-18 2014-06-18 Detecting porting or redirection of a mobile telephone number

Country Status (2)

Country Link
GB (1) GB2517276B (en)
WO (1) WO2015193629A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2016204016B2 (en) * 2015-06-17 2020-11-05 Truteq International (Pty) Ltd A method and system for authenticating a messaging route with a mobile subscriber of a mobile device
GB202110600D0 (en) 2020-08-05 2021-09-08 Oxygen8 Communications Ireland Ltd A SIM fraud detection method and apparatus
US11317282B2 (en) 2019-12-19 2022-04-26 Bank Of America Corporation Intelligent method for sim-swap fraud detection and prevention
EP4085592A4 (en) * 2020-01-02 2023-04-19 Visa International Service Association Security protection of association between a user device and a user

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112351441B (en) * 2019-08-06 2023-08-15 中国移动通信集团广东有限公司 Data processing method and device and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010035224A2 (en) * 2008-09-23 2010-04-01 Virtual Payment Solutions (Pty) Ltd A transaction method and system
WO2010056969A2 (en) * 2008-11-14 2010-05-20 Visa International Service Association Payment transaction processing using out of band authentication
GB2492312A (en) * 2011-06-07 2013-01-02 Validsoft Uk Ltd Authorising a transaction

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006122364A1 (en) * 2005-05-18 2006-11-23 Mobileglobal Pty Ltd Transaction device, system and method
GB0804803D0 (en) * 2008-03-14 2008-04-16 British Telecomm Mobile payments
GB2479131A (en) * 2010-03-29 2011-10-05 It Consultancy Solutions Ltd Fraud detection system for determining fraud risk associated with a transaction
GB2492973B (en) * 2011-07-15 2015-10-14 Validsoft Uk Ltd Authentication system and method therefor
EP3813403A1 (en) * 2012-03-15 2021-04-28 Phonovation Limited Mobile phone takeover protection system and method
US20150073987A1 (en) * 2012-04-17 2015-03-12 Zighra Inc. Fraud detection system, method, and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010035224A2 (en) * 2008-09-23 2010-04-01 Virtual Payment Solutions (Pty) Ltd A transaction method and system
WO2010056969A2 (en) * 2008-11-14 2010-05-20 Visa International Service Association Payment transaction processing using out of band authentication
GB2492312A (en) * 2011-06-07 2013-01-02 Validsoft Uk Ltd Authorising a transaction

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2016204016B2 (en) * 2015-06-17 2020-11-05 Truteq International (Pty) Ltd A method and system for authenticating a messaging route with a mobile subscriber of a mobile device
US11317282B2 (en) 2019-12-19 2022-04-26 Bank Of America Corporation Intelligent method for sim-swap fraud detection and prevention
EP4085592A4 (en) * 2020-01-02 2023-04-19 Visa International Service Association Security protection of association between a user device and a user
US11861582B2 (en) 2020-01-02 2024-01-02 Visa International Service Association Security protection of association between a user device and a user
GB202110600D0 (en) 2020-08-05 2021-09-08 Oxygen8 Communications Ireland Ltd A SIM fraud detection method and apparatus
WO2022028924A1 (en) 2020-08-05 2022-02-10 Oxygen8 Communications Ireland Limited A sim fraud detection method and apparatus
GB2602532A (en) 2020-08-05 2022-07-06 Oxygen8 Communications Ireland Ltd A SIM fraud detection method and apparatus

Also Published As

Publication number Publication date
GB2517276B (en) 2015-09-30
GB201410841D0 (en) 2014-07-30
WO2015193629A1 (en) 2015-12-23

Similar Documents

Publication Publication Date Title
US11700529B2 (en) Methods and systems for validating mobile devices of customers via third parties
US11856132B2 (en) Validating automatic number identification data
US20200334673A1 (en) Processing electronic tokens
US9384479B2 (en) Mobile phone takeover protection system and method
US20140172712A1 (en) Transaction Authorisation
WO2015193629A1 (en) Detecting porting or redirection of a mobile telephone number
CN102415119A (en) Managing undesired service requests in a network
CN107710725B (en) Method and system for authenticating a user by a telephone number
EP3993471B1 (en) Sim swap scam protection via passive monitoring
US20140223552A1 (en) Authentication system and method therefor
KR102171294B1 (en) Apparatus for providing tursted caller information and method thereof
US20220232036A1 (en) Systems and methods for providing social engineering and malware alerts
KR101787072B1 (en) System for detecting illegal internet international originating call using teminal double registration detection and method for detecting illegal internet international origination call
IE20140006U1 (en) Mobile phone SIM takeover protection
KR20160029650A (en) System for Authentication a Caller based Authentication Contents
IE20130096U1 (en) Mobile phone SIM takeover protection

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20180222 AND 20180228

PCNP Patent ceased through non-payment of renewal fee

Effective date: 20220618

S28 Restoration of ceased patents (sect. 28/pat. act 1977)

Free format text: APPLICATION FILED

S28 Restoration of ceased patents (sect. 28/pat. act 1977)

Free format text: RESTORATION ALLOWED

Effective date: 20230601