Abstract: An approach provides detection of unauthorized use of data services. The number of data calls for access to a data network is tracked over a predetermined time period, and the cumulative duration of the data calls is determined. Thereafter, a determination is made as to whether the number of the data calls and the cumulative duration satisfy, respectively, a first threshold and a second threshold. A potential fraudulent use of the account is determined, if the thresholds are satisfied.

Abstract: An approach provides fraud detection in support of data communication services. A list of single-event attributes (e.g., hot or cold attributes) is generated and includes a network address of an end user host originating a data call or a calling party identification (e.g., Automatic Number Identification (ANI) or an originating Calling Line Identification (CLI)) for network access, wherein entries of the list specify values of the hot attributes. An attribute value associated with the data call is compared with the entries. A fraud alert is generated if the attribute value matches one of the entries.

Abstract: An approach provides detection of unauthorized use of data services. A determination is made as to whether connections supporting remote access to a data network are completed. The number of completed connections associated with a selected attribute is tracked over a time period. It is then determined whether the number of completed connections satisfies a connection frequency threshold. A fraud alert is generated if the connection frequency threshold is satisfied.

Abstract: An approach provides fraud detection in support of data communication services. A usage pattern associated with a particular account for remote access to a data network is monitored. The usage pattern is compared with a reference pattern specified for the account. A fraud alert is selectively generated based on the comparison.

Abstract: An approach provides detection of unauthorized use of data services. A determination is made as to whether connections supporting remote access to a data network are completed. The number of completed connections associated with a selected attribute is tracked over a time period. It is then determined whether the number of completed connections satisfies a connection frequency threshold. A fraud alert is generated if the connection frequency threshold is satisfied.

Abstract: An approach provides fraud detection in support of data communication services. A list of single-event attributes (e.g., hot or cold attributes) is generated and includes a network address of an end user host originating a data call or a calling party identification (e.g., Automatic Number Identification (ANI) or an originating Calling Line Identification (CLI)) for network access, wherein entries of the list specify values of the hot attributes. An attribute value associated with the data call is compared with the entries. A fraud alert is generated if the attribute value matches one of the entries.

Abstract: An approach provides fraud detection in support of data communication services. A threshold corresponding to a geographic location is set. The threshold corresponds to duration of a call supporting data communications. It is determined whether the call duration exceeds the threshold. A fraud alert is generated if the monitored call duration exceeds the threshold.

Abstract: An approach provides detection of unauthorized use of data services. A fraud case is created for a data call that is determined to be potentially fraudulent based on a fraud alert. A fraud score is determined for the case according to the fraud alert. The fraud score is adjusted according to adjustment criteria including an intermediate network involved with the data call, and an originating country of the data call.

Abstract: An approach provides fraud detection in support of data communication services. A list of single-event attributes (e.g., hot or cold attributes) is generated and includes a network address of an end user host originating a data call or a calling party identification (e.g., Automatic Number Identification (ANI) or an originating Calling Line Identification (CLI)) for network access, wherein entries of the list specify values of the hot attributes. An attribute value associated with the data call is compared with the entries. A fraud alert is generated if the attribute value matches one of the entries.