Home / News & Events / Articles, Educational Resources & Case Studies / A Closer Look at Domestic Traffic P...
This article was published in the 2nd Quarter 2020 Equinox Update Newsletter.
For the past few years, international revenue share fraud (IRSF) has been a hot topic at Equinox user groups and among telecom carriers in general. IRSF is a type of fraud that pumps traffic to international numbers with no intent to pay (unless arbitrage is possible) or that generates large numbers of calls to the number(s). While IRSF is still a problem, there is a different bane closer to home that is often overlooked. This article explores domestic arbitrage aka domestic traffic pumping and why you should not ignore this form of network abuse/fraud.
Traffic pumping is known by several names including access stimulation, arbitrage, and revenue share fraud. In years past, the most widely seen and discussed traffic pumping was IRSF. However, not all traffic pumping occurs outside the United States. In fact, a new fraud trend emerged in the U.S. several years ago. This trend involves a few local exchange carriers in rural U.S. locales bloating the incoming call volumes to their network(s) with the aim of profiting from the artificially inflated intercarrier compensation fees. This form of network abuse is termed domestic traffic pumping or domestic arbitrage. Some have also referred to it as “corn and porn”.
Although domestic traffic pumping is a form of fraud / network abuse, it’s often overlooked as a “real” contender. Perhaps it’s new enough on the fraud scene that it hasn’t garnered the credence it deserves. Maybe because domestic rates are lower than international rates, they are not considered as high risk or high impact. Or perhaps, folks aren’t sure exactly what to monitor or how to detect it. Even more likely though is that people discount it due to the FCC’s rule titled ‘Updating the Intercarrier Compensation Regime To Eliminate Access Arbitrage’ (Docket 2019-22447). Unfortunately, while that ruling was handed down in late 2019, compliance with its requirements has been delayed. As of this writing, no new compliance date is available. And without any consequences or penalties, there’s no incentive for those engaged in access stimulation to stop. As a result, you simply you can’t afford to ignore it.
Domestic traffic pumping typically uses one of your customer’s line numbers and begins with a few short test calls from that number to the rural area (which is outside your customer’s typical calling area)—these first few calls are random durations and less than a minute or not answered. The hacker never even attempts to call internationally. After the 1/2 dozen or so test calls, an autodialer uses that billing number to repeatedly dial numbers in a range. It is often a small number range, but the calls are long (with increasingly longer durations), all to high cost (by U.S. standards) local destinations. You may very well see calls terminated by the switch because they reached the allowed maximum limits.
First, don’t discount this type of fraud as a contender! We get calls asking for help with IRSF only to see examples of domestic arbitrage going for days simply because no one was looking for it. If in doubt, give us a call. We are happy to schedule an online review your system. Second, make sure your fraud management system/strategy includes checks for these events. Protector includes a standard ‘Domestic Traffic Pumping’ rule designed specifically to detect and alert you to these unwanted incidents. You can use this rule as is or edit it with different conditions. Beyond this rule, Protector’s profiling can alert you to this behavior quickly, as well. For accurate profiling, ensure your system defaults and domestic region thresholds are current and relevant. Next, knowing that hackers are adaptive, you must be vigilant and evaluate these scenarios regularly to fine tune as necessary. And finally, once you detect domestic arbitrage, add these numbers to the Hot List (or ranges of numbers to the Watch List).
To learn more about current actions aimed at eliminating arbitrage, review this FCC article https://www.federalregister.gov/documents/2019/10/28/2019-22447/updating-the-intercarrier-compensation-regime-to-eliminate-access-arbitrage.
On June 23, 2020, Christi Vanoye hosted a webinar exploring domestic traffic—how to spot it and what tools Protector offers (‘Domestic Traffic Pumping’ rule, profiling, region configuration, incident resolution tools) to combat it. If you’re a member of the Equinox community, you can watch that recording any time, by logging into the Equinox Online Library. You can also schedule online training or a review of the rules, regions, and configuration settings in your Protector system by contacting Training@Equinoxis.com. As always, you can email Support@Equinoxis.com with questions or reach them by calling (615) 612-1225 Monday—Friday from 7:30 to 5:00 (Central).
