Abstract: A call processing method is disclosed. A first station initiates a call to a second station. Call information associated with the initiated call is evaluated by comparing the call information with information in a fraud database. Completion of the call is prevented if the evaluation results in a finding of fraud. If the evaluation results in no finding of fraud, the call is completed to the second station via a routing path obtained from a routing database. If the call being completed is deemed to be a call of interest, the routing path obtained from the routing database for completing the call is stored.

Abstract: Trust ratings are embedded in certificates of calling devices in a Voice over Internet Protocol (VoIP) communications system. A method of managing trust ratings involves automatically accumulating complaints concerning VoIP calls initiated from calling devices, and comparing respective quantities of accumulated complaints associated with each calling device. When a quantity of accumulated complaints associated with a given calling device exceeds a given threshold, a trust rating of the given calling device is reduced. In subsequent VoIP calls the given calling device attempts to place, the reduced trust rating is included in the call request so that the subsequent calls are subject to more austere call screening operations than calls having the unreduced trust rating. Call recipients thus affect the calling device's trust rating simply by entering complaints associated with received calls. The method effectively combats spam over Internet telephony (SPIT) through participation of called parties.

Abstract: The present invention is a system and method for establishing a secure connection using a public a wireless telephone network. The method utilizes a proxy base station and establishes an encrypted session over the public wireless network between a wireless handset and the proxy base station. The proxy base station further establishes a connection with second communication station such as a landline phone. The proxy base station determines a most secure channel between the base station and the second communication station by consulting a database of channels and associated measures of security.

Abstract: A method, system and network element for tracing signaling messages related to a subscriber in a mobile communication system. In the solution according to the invention a functional entity of the mobile communication system receives a trace command which indicates the tracer and identifies at least one subscriber whose signaling messages are to be traced, and tracing is started, tracing comprising the steps of: copying the signaling message in response to reception or transmission of a signaling message related to the subscriber to be traced, and sending a copy to the tracer.

Abstract: A fraud detection method for generating a first fraud or fraud attempt probability, within an at least one captured or recorded interaction, is provided. The method comprises a scoring step for scoring an at least one voice belonging to an at least one tested speaker in the at least one captured or recorded interaction against an at least one voice print within an at least one entry in a voice print collection, the scoring step generating an at least one probability that the at least one voice in the captured or recorded interaction belongs to an at least one second speaker associated with the at least one voice print, said at least one probability represents the probability that the at least one captured or recorded interaction is fraudulent; and an auditing step for auditing the at least one probability and the at least one captured or recorded interaction.

Abstract: An approach provides fraud detection in support of data communication services. A threshold corresponding to a geographic location is set. The threshold corresponds to duration of a call supporting data communications. It is determined whether the call duration exceeds the threshold. A fraud alert is generated if the monitored call duration exceeds the threshold.

Abstract: An approach provides detection of unauthorized use of data services. A fraud case is created for a data call that is determined to be potentially fraudulent based on a fraud alert. A fraud score is determined for the case according to the fraud alert. The fraud score is adjusted according to adjustment criteria including an intermediate network involved with the data call, and an originating country of the data call.

Abstract: A method and device for preventing fraud in collect calls from a domestic origin point to an international terminating point through a long-distance telecommunications system is described. In the system and method, a Screening for International Calls database is added to the call processing platform. This Screening of International Calls database contains records keyed by country codes, and each record has a blocked collect call field listing destination numbers that are blocked from receiving collect calls. When a domestic-to-international collect call is made, the record corresponding to the country code of the international terminating point of the collect call is retrieved from the Screening for International Calls database. This record is checked to determine if the destination number of the collect call matches any destination numbers listed in the blocked collect call field of the country code database record. If there is a match, the call is blocked.

Abstract: A method and apparatus for detecting abnormal calling activity in a communications network is described. In one embodiment, usage data associated with at least one phone number is obtained from the communications network. The usage data is subsequently processed to determine if abnormal calling activity associated with the at least one phone number is exhibited.

Abstract: A method and device for preventing fraud in collect calls from a domestic origin point to an international terminating point through a long-distance telecommunications system is described. In the system and method, a Screening for International Calls database is added to the call processing platform. This Screening of International Calls database contains records keyed by country codes, and each record has a blocked collect call field listing destination numbers that are blocked from receiving collect calls. When a domestic-to-international collect call is made, the record corresponding to the country code of the international terminating point of the collect call is retrieved from the Screening for International Calls database. This record is checked to determine if the destination number of the collect call matches any destination numbers listed in the blocked collect call field of the country code database record. If there is a match, the call is blocked.

Abstract: A method for verifying access authorization for voice telephony in a fixed network line or mobile telephone line, as well as a communications network having such access authorization verification are described. The access authorization is verified by analysis of a voice signal which was entered by the subscriber placing the call, before or during a call in progress. In one variant, the voice signal is entered as a password before the connection is established; in another variant, voice signals are analyzed for voice recognition and subscriber identification, the same voice signals also being transmitted to the person being called, making concealed access verification possible which does not hamper the normal flow of conversation.

Abstract: An approach provides fraud detection in support of data communication services. A list of single-event attributes (e.g., hot or cold attributes) is generated and includes a network address of an end user host originating a data call or a calling party identification (e.g., Automatic Number Identification (ANI) or an originating Calling Line Identification (CLI)) for network access, wherein entries of the list specify values of the hot attributes. An attribute value associated with the data call is compared with the entries. A fraud alert is generated if the attribute value matches one of the entries.

Abstract: Embodiments of the present invention provide for reduction of the likelihood of fraud by having at least one of an identifier of a location from where a request is submitted or information that can lead to identification of the location, submitted with or in addition to a request. Then, determination is made whether to service the request, based at least in part on the location from where the request is submitted or processed. In various embodiments, the location may be compared against predetermined permissible location(s) or a current user location. The request may be a request to conduct a transaction, access data, access a physical or informational resource, or access a secured area.

Abstract: A system and method are provided for detecting extension attacks made to a communication enterprise, and taking appropriate remedial action to prevent ongoing attacks and future attacks. One or more attributes of a suspect call are analyzed, and a risk is associated with each analyzed attribute. An overall risk or assessment is then made of the analyzed attributes, attack attributes are logged, and one or more remedial actions may be triggered as a result of the analyzed call attributes. The remedial actions may include recording the call, notifying an administrator of a suspect call, or isolating the communication enterprise from the attack by terminating the call or shutting down selected communication endpoints to prevent calls being made to those extensions. Rules may be applied to the analyzed attributes in order to trigger the appropriate remedial action.

Abstract: A communication network is disclosed that uses voice authentication to provide call control. The communication network includes a call control function, a voice collection system, a voice authentication system, and a permission system. The voice collection system collects voice samples of a first party during the call to a second party, and transmits the collected voice samples to the voice authentication system. The voice authentication system compares the collected voice samples to stored voice samples to determine the identity of the first party. The permission system determines whether the first party is authorized for the call based on the identity of the first party. The permission system generates results based on the determination and transmits the results to the call control function. The call control function then processes the results, and interrupts the call if the first party is not authorized.

Abstract: Systems for monitoring, storage, and analysis of information in signaling messages, communicated from originating networks to a destination network through one or more intermediate networks are described. Correlation and comparison between signaling messages of interest sent from an origination network to signaling messages received by the destination network allows for the detection of inconsistent information, e.g., information fields in a communicated message that have been altered, either intentionally or unintentionally, by an intermediate carrier. The introduction of an additional communications path over which notification messages are forwarded from signaling monitoring equipment in the origination network to signaling monitoring equipment in the destination network allows for a significant reduction in the memory storage requirements at the destination network and in the amount of processing required to match, compare, and evaluate signaling messages.

Abstract: A system and method for processing gathered call data from a network monitoring system to prepare the call data for analyzing call routing across a network, not limited to call data associated with the transit portion of a call path. The system and method include correlating call data to form a correlated set, ordering the call data in the correlated set to form a compound CDR, and enriching the compound CDR by comparing CDRs within the compound CDR to each other.

Abstract: A method and apparatus for revealing business or organizational aspects of an organization in audio signals captured from interactions, broadcasts or other sources. The method and apparatus activate an efficient process to detect events within the audio signal, and then activate a more resource-consuming additional process around the detected events, thus enhancing efficiency of the process. The detected events and the output of the additional process are analyzed by an analysis process to reveal business aspects, terms, or other events in the audio signal. The analysis results, and possibly the events and output of the additional processing are optionally presented to a user.

Abstract: A system of evaluating automatic message accounting records associated with telephony calls is disclosed. The system includes correlation logic to collect originating AMA records having an originating call code to identify a record of an originating long distance call and further to collect terminating AMA records that correspond to the collected originating automatic message accounting records. The system also includes evaluation logic to determine when a call may be by-passing terminating access charges by identifying calls that have been correlated with an originating AMA record having the originating code and with a terminating AMA record having a local termination code.

Abstract: Real time detection of the fraudulent use of a telecommunications network is accomplished by analyzing data for each call that is occurring within the network. A signal protocol receiver is used to collect signaling protocol for each call that is occurring within the network. The signaling protocol data is collected, decoded and formatted into call information records (CIRs). The CIRs contain various operator specified parameters for each call that is occurring within the network. The CIRs are compared to operator defined thresholds. If any of the CIRs exceeds the thresholds, an alert is generated. The alerts are stored in a database where the operator can analyze them and take the appropriate corresponding action to resolve the alert. The alerts and the CIRs are archived in a database so that trends of fraudulent use can be detected and prevented. This method of fraud detection provides for the effective analysis of every call that is occurring within the network.

Abstract: Increasing use is being made of XML procedure calls to control and integrate telecommunications networks with other IT equipment. XML messages are verbose and include information which is not required merely to monitor activity in the network for purposes such as billing and authentication. The use of XPath or XQuery operations allow the XML messages to be dynamically and quickly analysed and filtered for relevant information.

Abstract: The present invention facilitates automated audits for systems storing travel services rates based on special or negotiated pricing structures. The invention provides a system and method by which a customer and/or broker of travel related services may invoke an audit against one or more global distribution systems which are commonly used by travel services providers to maintain rate and discount information specific to customers and/or brokers. In cases where a customer and/or broker has negotiated or arranged for a special discounted rate for travel services, it is the responsibility of the travel services provider to enter the rate or discount information into one or more global distribution systems. An audit is intended to examine rates stored within one or more global distribution systems and flag missing or inaccurate entries. Based on an audit report, customers and/or brokers may notify the service provider(s) and inform them of the discrepancies in order that they may perform the required corrections.

Abstract: A system is disclosed for the automatic detection of fraudulent activity on a transaction network, for which each transaction over the network has an associated identifier. In one embodiment, the system includes voice comparison means for comparing a first sampled voice of a user of a first transaction with a subsequently sampled voice of a user of a subsequent transaction having an identical identifier to that of the first transaction. Control means in the form of a voice-based fraud detection engine is provided for determining, from said comparison, a profile of user usage that is representative of a total number of different users of the associated identifier. In a preferred embodiment, the system also includes voice sampling means for sampling a voice of the user of the first transaction to generate a first voice sample.

Abstract: Disclosed are systems and methods which provide intelligent queuing with respect to processing transaction records. According to one embodiment, transaction records, such as collect calling records, are initially processed to a point that they are ready for release to an appropriate third party for further processing, billing, and/or collection, and are submitted to a queue. Queued transaction records preferably have initial queuing period information associated therewith. Embodiments dynamically change such queuing period information while a transaction record is pending in the queue, such as based upon further intelligence collected with respect to the party to the transaction, based upon subsequent transaction behavior, etcetera.

Abstract: The present invention is directed to a method for placing a call between a client in one network and a client in another network. The IP network includes a SIP server and a network gateway configured to provide access to a public switched network. The method includes receiving a SIP call request message from the first client. The SIP call request message is authenticated to thereby identify an authentic originating client. Subsequently, a database is searched to find client billing tag corresponding to the authentic originating client. The call is completed if the client billing tag is obtained, and not completed if the client billing tag cannot be obtained. Thus, the present invention provides an efficient method for billing phone calls that are placed from SIP enabled devices to a telephone connected to the Public Switched Telephone Network (PSTN). The method of the present invention also substantially eliminates certain types of fraud.

Abstract: In one embodiment, a method of configurably profiling data uses system comprising a pre-processor, a profiler, a post-processor and database. The pre-processor receives data and feedback data and performs configurable first calculations thereon to create data relating to profiling features. The profiler summarizes the profiling features data over a length of time by performing configurable second calculations thereon to create summarized data relating to profiled features. The post-processor performs configurable third calculations the profiled features data to create the feedback data and a profiled output data stream for further processing.

Abstract: The disclosure provides a wireless manager operable to receive a request from a mobile device to wirelessly communicate with an enterprise network, with the request including information operable to dynamically identify a location of the mobile device. The wireless manager is further operable to automatically associate an access zone with the mobile device with the access zone comprising at least one logical characteristic, compare the location information to the associated access zone, and, if the location information indicates that the mobile device does not violate the access zone, authorize wireless communications with the enterprise network.

Abstract: A predictive model system is used to detect telecommunications fraud. Call records (CDRs) provided by telephone companies are evaluated against specified rules. If one or more rules are matched, the system generates an alert. Pending alerts for a customer form a case, describing the caller's calling patterns. A predictive model determines a score that is predictive of the likelihood that the call involved fraud. Cases are queued for examination by analysts.

Abstract: A method and apparatus for providing a telecommunication service is disclosed wherein a call associated with a first prepaid services account identifier is received from a user. An offer is provided to the user to initiate a replacement service for the first prepaid services account identifier and, upon receiving an indication of an acceptance of the offer from the user, a replacement codeword associated with the first prepaid services account identifier is established. The call associated with the first prepaid services account may be any type of communication, including a telephone call, a message delivered via the internet, or any other voice or data message. Upon receipt of the codeword from the user, a second prepaid services account identifier is established and, in one implementation, the first prepaid services account identifier is deactivated.

Abstract: A system and method of telephony resource management and security for monitoring and/or controlling and logging access between an enterprise's end-user stations and their respective circuits into the public switched telephone network (PSTN). One or more rules are defined which specify actions to be taken based upon at least one attribute of a call. Calls are detected and sensed to determine attributes associated with each call. Actions are then performed on selected calls based upon their attributes in accordance with the defined rules.

Abstract: A system, method and computer program product for processing event records. The present invention includes a detection layer, an analysis layer, an expert systems layer and a presentation layer. The layered system includes a core infrastructure and a configurable, domain-specific implementation. The detection layer employs one or more detection engines, such as, for example, a rules-based thresholding engine and a profiling engine. The detection layer can include an AI-based pattern recognition engine for analyzing data records, for detecting new and interesting patterns and for updating the detection engines to insure that the detection engines can detect the new patterns. In one embodiment, the present invention is implemented as a telecommunications fraud detection system. When fraud is detected, the detection layer generates alarms which are sent to the analysis layer. The analysis layer filters and consolidates the alarms to generate fraud cases.

Abstract: A method for detecting unauthorized access is provided. The method includes receiving a voice input associated with a request to access an account. A request voice signature corresponding to the voice input associated with the request is generated. An authorized voice signature corresponding to the account is retrieved. The request voice signature corresponding to the voice input is compared with the authorized voice signature corresponding to the account. Unauthorized access is detected in response to the comparison.

Abstract: A method of identifying arbitrage includes determining whether originating and terminating call detail records (CDRs) are correlated and obtaining correlated candidate pairs from the determined CDRs; establishing whether a correlated candidate pair of the obtained correlated candidate pairs is a unique pair; and if established that a correlated candidate pair is unique, determining an amount of arbitrage based on the comparison of the originating and terminating CDR fields of the unique correlated candidate pair.

Abstract: A network-based verification of call connections is provided between a telecommunications subscriber terminal and a telecommunications service device selected by a service call number. This verification provides a way of enabling secure protection against an undesired selection of a service device and/or the selection of an undefined service device. A system and a method are provided in which during a call set-up, the selected call number is evaluated on the basis of at least one service call number stored in a communication network and/or at least one service call number area.

Abstract: Real time detection of the fraudulent use of a telecommunications network is accomplished by analyzing data for each call that is occurring within the network. A signal protocol receiver is used to collect signaling protocol for each call that is occurring within the network. The Signaling protocol data is collected, decoded and formatted into call information records (CIRs). The CIRs contain various operator specified parameters for each call that is occurring within the network. The CIRs are compared to operator defined thresholds. If any of the CIRs exceeds the thresholds, an alert is generated. The alerts are stored in a database where the operator can analyze them and take the appropriate corresponding action to resolve the alert. The alerts and the CIRs are archived in a database so that trends of fraudulent use can be detected and prevented. This method of fraud detection provides for the effective analyzation of every call that is occurring within the network.

Abstract: Methods, systems, and computer program products for automatically populating a signaling-based access control database based on output from a fraud detection application are disclosed. According to one method, a fraud detection application detects fraud based on call information received from monitoring points in a network. The fraud detection application produces output for identifying a calling party making a fraudulent call. The output is used to automatically populate a signaling-based access control database. A signaling-based access control application screens call signaling messages and performs a screening action, such as rerouting a call, using the information received from the fraud detection application.

Abstract: A method of evaluating automatic message accounting records associated with telephony calls that originate at a local exchange carrier telephony office and that are routed over an inter-exchange carrier telephony facility is disclosed. The method comprises collecting originating automatic message accounting records associated with the originating local exchange carrier telephony office, and collecting terminating automatic message accounting records that correspond to the originating automatic message accounting records. A first portion of the terminating automatic message accounting records have a terminating access code and a second portion of the terminating automatic message accounting records have a local termination code.

Abstract: A system and method that determines when fraudulent activity, such as relates to a credit card, etc., may be imminent. The system and method of the invention allows for warning a credit issuer of probable fraudulent activity at an early stage. Probable fraudulent activity is determined by: receiving at a receiving center an authorization request from a user for a dollar amount; and determining, using a fraud test, if the authorization request is likely to be indicative of fraudulent activity.

Abstract: An apparatus and method for detecting a fraud or fraud attempt in a captured interaction. The method comprising a selection step in which interactions suspected as capturing fraud attempts are selected for further analysis, and assigned a first fraud probability, and a fraud detection step in which the voice is scored against one or more voice prints, of the same alleged customer or of known fraudsters. The first fraud or fraud attempt probability is combined with the result of the scoring of the fraud detection step, to generate a total fraud or fraud attempt probability. If the total fraud or fraud attempt probability exceeds a threshold, a notification is issued. The selection, scoring and combination thereof are performed using user-defined rules and thresholds.

Abstract: Likelihood of fraud is reduced by having at least one of an identifier of a location from where a request is submitted or information that can lead to identification of the location, submitted with or in addition to a request. Then, determination is made to whether to service the request, based at least in part on the location from where the request is submitted. In various embodiments, the location may be compared against predetermined permissible location(s) or a current user location. The request may be a request to charge an amount against an account, such as a credit card account, a request to access a physical resource, such as a VPN, or an informational resource, such as account information, or a request to access a secured area.

Abstract: A method and device for preventing fraud in international calls in a long-distance telecommunications system, where selected customers can avoid fraud control blocks and greater granularity is achieved in blocking international destinations. In the method and device, an override flag is created in the records of the Billing Number Screening (BNS) database. When a call is made using a billing number whose corresponding record has the override flag set, the call is not stopped by fraud control blocks on certain international destinations. In addition, international destinations can be blocked with greater specificity because a Country Set Logic (CSET) field is added to the International City Code Database. The addition of CSET to this database allows particular international city destinations to be blocked from certain origin points.

Abstract: A method of billing a communication session between a user and a value-added service. A request is received from a user for a communication session, such as a circuit-switched call, a computer-network telephony call or a multimedia session, between the user and a value-added service. Information associated with a credit account is requested before the user is connected to the value-added service. The information associated with the credit account, such as credit card information, debit card information or checking account information, is received in real time. Credit account information, which includes the received information associated with the credit account and a predetermined amount that is to be charged to the credit account, is communicated to a payment authorization database, which can be located locally or remotely.

Abstract: A system and method for auditing and reconciliation of telecommunications billing data in real-time to prevent fraud. The system and method includes aggregation and maintenance of billing data records, from a service provider billing system database, its network elements and associated databases in one or more countries to a centralized directory system for the purpose of automatic auditing and reconciliation, and the mapping of billing data records between the billing system database and network elements database.

Abstract: A method for providing a wireless telephone service includes providing a wireless handset having an associated telephone number, and a dedicated programmable wireless switch coupled to a public switched telephone network and a billing server. The handset communicates with the switch to place and receive calls to and from selected telephone numbers on respective ones of a secured list, and optionally, a dependent list. Two billing accounts are associated with the handset, a secured account having a password and the telephone numbers of the secured list associated with it, and a dependent account having a password and the telephone numbers of the dependent list, if any, associated with it. Completed incoming calls to or from the handset in which the telephone number of the caller or the number being called corresponds to a number of the secured and dependent lists are debited to the secured and dependent accounts, respectively, and calls to and from other numbers are billed to the dependent account.

Abstract: A call processing method is disclosed. A first station initiates a call to a second station. Call information associated with the initiated call is evaluated by comparing the call information with information in a fraud database. Completion of the call is prevented if the evaluation results in a finding of fraud. If the evaluation results in no finding of fraud, the call is completed to the second station via a routing path obtained from a routing database. If the call being completed is deemed to be a call of interest, the routing path obtained from the routing database for completing the call is stored.

Abstract: A subscriber determines and verifies using a simple and reliable unit whether or not unauthorized use such as cloning, etc. A fraud audit mode (fraud detection mode, fraud verification mode, and fraud stop mode) is provided on the subscriber data of the HLR in the UE and the core network, and detect, verifies, and stops illegal use in the wireless communications depending on the mode.

Abstract: A system for performing skip tracing provides a first user interface including an area for presenting at least one telephone number associated with account information of a customer retrieved from a mainframe computer system, a documentation area for inputting skip tracing results, a user interface control for indicating that a telephone number presented in the area is bad, wherein selection of the user interface control causes the documentation area to be populated with data indicating that the telephone number is bad, a second user interface control for indicating that a second telephone number presented in the area is good, wherein selection of the second user interface control causes the documentation area to be populated with data indicating that the second telephone number is good, and a third user interface control for causing data populating the documentation area to be recorded in a skip tracing data structure of the mainframe computer system and for causing display of a fourth user interface control

Abstract: Real time detection of the fraudulent use of a telecommunications network is accomplished by analyzing data for each call that is occurring within the network. A signal protocol receiver is used to collect signaling protocol for each call that is occurring within the network. The Signaling protocol data is collected, decoded and formatted into call information records (CIRs). The CIRs contain various operator specified parameters for each call that is occurring within the network. The CIRs are compared to operator defined thresholds. If any of the CIRs exceeds the thresholds, an alert is generated. The alerts are stored in a database where the operator can analyze them and take the appropriate corresponding action to resolve the alert. The alerts and the CIRs are archived in a database so that trends of fraudulent use can be detected and prevented. This method of fraud detection provides for the effective analyzation of every call that is occurring within the network.

Abstract: A method for detecting unauthorized access is provided. The method includes receiving a voice input associated with a request to access an account. A request voice signature corresponding to the voice input associated with the request is generated. An authorized voice signature corresponding to the account is retrieved. The request voice signature corresponding to the voice input is compared with the authorized voice signature corresponding to the account. Unauthorized access is detected in response to the comparison.

Abstract: An apparatus for generating data for long duration calls includes: call sensors distributed across a network for detecting call messages, correlating call messages relating to a call, and for storing call message related information, including at least one of the call network endpoints in an at least partial correlated call record; a time detection module for determining which network endpoints are located in a time standard that has just passed, or is about to pass, a predetermined time; and a call record controller for providing a control signal instructing at least some call sensors to determine whether any correlated call records relate to a call that includes one of the determined network endpoints and that started more than a predetermined time period prior to the predetermined time. The call sensors generate and transmit for storage an interim call data record (CDR) for each of the determined correlated call records.