Abstract: A fraud monitoring system is disclosed for a communications system. The fraud monitoring system analyzes records of usage activity in the system and applies fraud pattern detection algorithms to detect patterns indicative of fraud. The fraud monitoring system advantageously accommodates transaction both records resulting from control of a packet-switched network and those from a circuit-switched network gateway.

Abstract: A predictive model system is used to detect telecommunications fraud. Call records (CDRs) provided by telephone companies are evaluated against specified rules. If one or more rules are matched, the system generates an alert. Pending alerts for a customer form a case, describing the caller's calling patterns. A predictive model determines a score that is predictive of the likelihood that the call involved fraud. Cases are queued for examination by analysts.

Abstract: A method, system, and program providing identification usage fraud protection are provided. A context for a use of an identification via a communication line is detected at a fraud protection service. The context for use of the identification is analyzed in view of multiple previous uses of the identification. A level of suspicion of fraudulent use of the identification is specified according to the analysis of the context. Depending on the level of suspicion, further use of the identification may require additional authentication or may be barred. The identification may include a user name, an account number, a password, or other identifier that may be utilized to represent an individual in accessing products and services.

Abstract: Methods, apparatuses and systems for detecting a fraud event on a distributed network are disclosed. A fraud event is indicated if data analysis reveals that there is a lack of consistency between elements in the network.

Abstract: In a telephone network, a service control point is called by a switching center, if a flag has previously been set by some event (e.g. call charges crossing a threshold or the leaving of a voice mail message) when a call is being established or terminated. The switching center then operates in accordance with commands returned by the service control point. If no flags have been set, the service control point is not called and the call is treated by the switching center in a default manner.

Abstract: A method for identifying tracking accounts belonging to a customer of a service provider using profiles indicating customer patterns of use of the service. The profiles distinguish the account of the service provider customers from each other. Those profiles that substantially match are considered to belong to the same customer.

Abstract: A method and device for preventing fraud in international calls in a long-distance telecommunications system, where selected customers can avoid fraud control blocks and greater granularity is achieved in blocking international destinations. In the method and device, an override flag is created in the records of the Billing Number Screening (BNS) database. When a call is made using a billing number whose corresponding record has the override flag set, the call is not stopped by fraud control blocks on certain international destinations. In addition, international destinations can be blocked with greater specificity because a Country Set Logic (CSET) field is added to the International City Code Database. The addition of CSET to this database allows particular international city destinations to be blocked from certain origin points.

Abstract: A variety of methods and systems can be used to achieve electronic surveillance when a call is directed to a destination as a result of service processing. For example, in a system involving a redirecting switch and a service platform switch, correlation between calling party identities for outgoing and incoming call legs can be done to identify a hairpin loop scenario. Upon detection of such a scenario, an appropriate electronic surveillance message can be sent to a monitoring device indicating the call's destination. Correlation information can be collected from available call setup signaling parameters. The methods and systems can be applied, for example, to systems involving directory assistance call completion, voice-activated dialing, voicemail callback, and prepaid services.

Abstract: Real time detection of the fraudulent use of a telecommunications network is accomplished by analyzing data for each call that is occurring within the network. A signal protocol receiver is used to collect signaling protocol for each call that is occurring within the network. The Signaling protocol data is collected, decoded and formatted into call information records (CIRs). The CIRs contain various operator specified parameters for each call that is occurring within the network. The CIRs are compared to operator defined thresholds. If any of the CIRs exceeds the thresholds, an alert is generated. The alerts are stored in a database where the operator can analyze them and take the appropriate corresponding action to resolve the alert. The alerts and the CIRs are archived in a database so that trends of fraudulent use can be detected and prevented. This method of fraud detection provides for the effective analyzation of every call that is occurring within the network.

Abstract: Disclosed are systems and methods which provide techniques providing account setup, management and transaction authorization determinations in real-time using transaction interrupt messaging. Embodiments preferably take into consideration the quality of one or more parties to the transaction and the means by which charges may be rendered to them when making account setup, management, and/or transaction authorization determinations. Accordingly, transactions, such as collect calls, meeting at least some minimal risk threshold may be completed on a first call attempt, even where a pre-arranged billing agreement or other business relationship is not previously in place.

Abstract: A method for verifying access authorization for voice telephony in a fixed network line or mobile telephone line, as well as a communications network having such access authorization verification are described. The access authorization is verified by analysis of a voice signal which was entered by the subscriber placing the call, before or during a call in progress. In one variant, the voice signal is entered as a password before the connection is established; in another variant, voice signals are analyzed for voice recognition and subscriber identification, the same voice signals also being transmitted to the person being called, making concealed access verification possible which does not hamper the normal flow of conversation.

Abstract: Methods and systems for detecting intrusion events, such as war dialing events are disclosed. According to one method, signaling messages associated with calls being made or attempted in a telecommunications network are analyzed. Based on the signaling messages, it is determined whether a war dialing event has occurred or is in progress. In response to determining that a war dialing event has occurred or is in progress, a war dialing event mitigating action is performed.

Abstract: A method of providing collect call service includes receiving a request for a collect call from a calling party (18). A selected number to call is received. A call is placed to a receiving party (20). Agreeability of the receiving party (20) to accept the credit card billing for the collect call is determined. The calling party (18) is connected to the receiving party (20) in response to the acceptance.

Abstract: A method of billing a communication session between a user and a value-added service. A request is received from a user for a communication session, such as a circuit-switched call, a computer-network telephony call or a multimedia session, between the user and a value-added service. Information associated with a credit account is requested before the user is connected to the value-added service. The information associated with the credit account, such as credit card information, debit card information or checking account information, is received in real time. Credit account information, which includes the received information associated with the credit account and a predetermined amount that is to be charged to the credit account, is communicated to a payment authorization database, which can be located locally or remotely.

Abstract: A system for service control and operations for a telecommunications network. In particular, an architecture and method for a service control and operations element system. The system communicates with a plurality of interconnected telecommunications network elements via a switching and signaling subsystem. The system provides and controls the various functions of the telecommunications network, such as call processing and routing, automatic fault detection and correction, providing services to customers in an interactive manner, fraud detection and control, identification of patterns of abuse of the network, collecting data regarding call activity at each network element, and producing a record of each call placed within the network.

Abstract: A method and system for facilitating collection of past due balances. A control entity such as a call server or collections server receives a signaling message such as a SIP INVITE that seeks to set up a call between a calling party and called party. The control entity determines that the calling party has a past due balance, i.e., that the calling party owes the carrier money. In response, the control entity changes the signaling message to designate a collections system as the called party, and the signaling message is then used to set up a call between the calling party and the collections system.

Abstract: A method of identifying fraud in a telecommunications system. The method includes receiving data related to a current call placed from an originating automatic number indicator (ANI), where the received data includes at least the originating ANI, a billing number and an identification code. A threshold number and a time interval corresponding to the identification code for the originating ANI are retrieved, for example, from a memory. In addition, billing numbers for prior calls from the originating ANI, if any, and corresponding indicia of the times of the calls are retrieved. A determination is made of whether the number of billing numbers used for the current and prior calls from the originating ANI over a prior period of time equal to or less than the time interval exceeds the threshold number. If the threshold number is exceeded, a fraud alert is generated.

Abstract: A process for a transfer of funds for payment for goods and/or services in which a purchaser of the goods and/or services requests that a financial services organization generate a financial certificate in an amount equal to the payment. The requester receives the requested certificate and then transmits the certificate to the provider of good and/or services. Upon validation of the certificate by the provider, the transaction is completed and the purchaser so notified. The purchaser is subsequently billed by the financial services organization for the cost of the certificate.

Abstract: The invention relates to equipment for call-completion analysis on high speed data links in an SS#7 network. A pyramidal structure service observing system processes data packets from all high speed SS#7 data links communicates directly with other service observing systems in order to create real-time call detail records and statistical reports. The first system which receives an initial address message signal has jurisdiction over a call. If a second service observing system receives data on the same call, that data is forwarded to the first service observing system in real-time so that interim call detail records may be generated while calls are still in-progress. While any suitable and available path may be used to forward the data, a wide area network or a local area network provides the preferred path.

Abstract: A predictive model system is used to detect telecommunications fraud. Call records (CDRs) provided by telephone companies are evaluated against specified rules. If one or more rules are matched, the system generates an alert. Pending alerts for a customer form a case, describing the caller's calling patterns. A predictive model determines a score that is predictive of the likelihood that the call involved fraud. Cases are queued for examination by analysts.

Abstract: A telecommunications service implements an account code reporting feature by storing an account code associated with a subscriber at a service control point (SCP) in the public switched telephone network (PSTN). When a call is initiated from the subscriber's terminal, the SCP receives outgoing call data, including the subscriber's telephone number, a called party number and an account code entered from the subscriber's terminal. The SCP determines whether the call is subject to the account code reporting service and, if so, stores the call data. The SCP transmits the call data to a service management system accessible by the subscriber via a graphical user interface through a packet switched data network and an interactive voice response through the PSTN. The call is subject to the account code reporting service when the called party number is in the same local access and transport area as the subscriber's telephone number.

Abstract: In a telecommunication network, there is provided a system for monitoring a plurality of telephone calls to a common private branch exchange, PBX) in order to detect fraudulent activity. In particular, fraudulent activity is detected in calls made to and originating from a PBX that uses a common billing number. If fraudulent activity is found, an alert message is provided to a fraud analyst for further review. Call detail records corresponding to each of the calls, are retrieved and stored in a queue. The billing number and a call time associated with each call detail record are analyzed. Each call detail record, billing number and call time is compared with at least one predetermined threshold relating to billing numbers and call times.

Abstract: In order to detect fraudulent or potentially fraudulent usage of a telecommunications network, each call connected by way of one of the digital main switching units of the network (3a to 3c) has an associated billing record transferred to a fraud management system (4). The fraud management system compares the origin and destination of the call with a known usage pattern for the originator and, if other indications are that the call is of a fraudulent nature, and the call deviates from the known usage pattern an alarm can be forwarded to an operator. The user profile used to determine normal calling behaviour is updated over a period of time in respect of calls determined as not fraudulent. An initial user profile may be generated from historic billing records.

Abstract: A method and apparatus for providing prepaid local telephone services is provided. The method includes determining if a subscriber is making a qualified local telephone call, checking to see if a maximum number of calls have been made by the subscriber and decrementing a call counter if a telephone call in connected. The system includes a switch for receiving telephone calls and identifying subscribers and qualified telephone calls. In addition, the system includes a telephone network element in communication with the switch, the telephone network element having logic for identifying local telephone calls, a notification timer configured to remove the telephone network element from a telephone call after a predetermined period of time, and a call counter for monitoring a number of local calls permitted to a subscriber.

Abstract: A device and method of intercepting in-progress calls whose billing numbers have been marked fraudulent subsequent to the initial authorization and validation of the same in-progress calls. The device and method uses criteria to define certain calls as “suspect” and parks all suspect calls after the initial call processing. Because the suspect calls are parked and not released to the general switching elements of the telephone network, the suspect calls can be torn down if the associated billing number is marked fraudulent after call processing. The criteria can maintain a fine granularity by using various Call Park Flags in various databases. In addition, the suspect calls can remain parked for varying amounts of time based on the category and type of call.

Abstract: In one embodiment, this invention analyzes demographic data that is associated with a specific street address when presented as an address change on an existing account or an address included on a new account application when that address is different from the reference address (e.g., a credit bureau type header data). The old or reference address and the new address, the new account application address or fulfillment address demographic attributes are gathered, analyzed, compared for divergence and scaled to reflect the relative fraud risk.

Abstract: A system and method of telephony resource management and security for monitoring and/or controlling and logging access between an enterprise's end-user stations and their respective circuits into the public switched telephone network (PSTN). A set of security rules is defined for each of the extensions which specify actions to be taken based upon at least one attribute of the call on the extension. Calls are detected and sensed on the extensions to determine attributes associated with each call. Actions are then performed on selected calls based upon their attributes in accordance with the security rules defined for those extensions.

Abstract: A method for assessing the performance of a data classifier operable to generate an element of output data in response to an element of input data, such as a neural network, is disclosed. The method includes steps of using the data classifier to generate elements of result output data in response to elements of test input data, determining a measure of difference between each element of test output data and each corresponding element of result output data, forming a distribution function of said measures of difference and forming a measure of performance from said distribution function.

Abstract: Disclosed is a system and method for using third party billing of point of sale transactions. Transaction information is received from a merchant, and the transaction information comprises a telephone number. The system determines if an account associated with the telephone number is activated. If the account is activated, the transaction information is formatted and transmitted to a telephone company for placement on a telephone bill. If the account is not activated, an account is established and activated by capturing the ANI of a telephone call and verifying the ANI against the provided telephone number.

Abstract: A method and apparatus for discovery of inmate-employee fraternization includes correlating inmate identification records and employee information data from a plurality of correctional facilities in a central database with call detail records from inmate telephone activities.

Abstract: An apparatus for identifying multiple accounts belonging to a customer of a service provider using profiles indicating customer patterns of use of the service. The profiles distinguish the accounts of the service provider customers from each other. Those profiles that substantially match are considered to correspond to the same customer.

Abstract: A method and device for preventing fraud in international calls in a long-distance telecommunications system, where selected customers can avoid fraud control blocks and greater granularity is achieved in blocking international destinations. In the method and device, an override flag is created in the records of the Billing Number Screening (BNS) database. When a call is made using a billing number whose corresponding record has the override flag set, the call is not stopped by fraud control blocks on certain international destinations. In addition, international destinations can be blocked with greater specificity because a Country Set Logic (CSET) field is added to the International City Code Database. The addition of CSET to this database allows particular international city destinations to be blocked from certain origin points.

Abstract: A system comprises a wireless interface coupled to a transaction manager. The wireless interface receives user information, including a user speech sample and a user account code, from a wireless communication device over a wireless communication link. The transaction manager transfers the user speech sample and the user account code to a validation system. The transaction manager receives and displays validation information from the validation system. The validation information indicates if the user is authentic and if the account code is valid. The validation information may include a picture of the user that is displayed by the transaction manager.

Abstract: A system and method for processing telephone calls and providing enhanced services is presented. The call processing system includes a network control processor for controlling the processing and routing of the calls and for providing enhanced features, and a matrix switch for routing calls from an originating location to a terminating location. Operator consoles can be included to provide operator assistance to the caller. The network control processor comprises a central message processor that receives call data, determines the type of call, determines the processing required, and determines whether operator assistance is required. A call route distributor allocates an operator console to the call if required. A billing server is used to track billing information for the call while it is in progress. A database server is provided for database look-ups and storage.

Abstract: The present invention is a system and method that allows a calling party to call a destination number and, upon approval of the called party, reverse the billing of the telephone call so that it is deducted from an account owned and maintained by the called party other than the account associated with the destination number. The method of the present invention includes the steps of receiving a predetermined access number from a calling party; prompting for a destination number; notifying a called party of the call they are receiving; allowing the called party to accept the call and enter a number associated with an account other than the telephone service account of the destination telephone number; verifying the account number and whether the account has sufficient value available; completing the telephone call to the destination number; and processing the charges associated with the call to be charged against the account.

Abstract: A method for using at least one Bad Billed Number Record (BBN) to detect fraud in a telecommunication system includes the steps of generating the at least one BBN for each call attempt made using a billing product, when the call attempt satisfies any one of a plurality of fraud criteria; storing the at least one BBN in a storage queue for later retrieval; and retrieving and analyzing the at least one BBN to increment a plurality of fraud control counters according to the analysis. A system for using a plurality of BBNs to detect fraud in a telecommunications system includes a network operator service platform (OSP) for generating BBNs based on received call attempts; a network information concentrator (NIC) for temporarily storing the generated BBNs; and a fraud monitoring system for retrieving the stored BBNs, filtering out unidentifiable BBNs, analyzing identifiable BBNs, and generating alarms based on the analysis.

Abstract: In order to detect fraudulent or potentially fraudulent usage of a telecommunications network, each call connected by way of one of the digital main switching units of the network (3a to 3c) has an associated billing record transferred to a fraud management system (4). The fraud management system compares the origin and destination of the call with a known usage pattern for the originator and, if other indications are that the call is of a fraudulent nature, and the call deviates from the known usage pattern an alarm can be forwarded to an operator. The user profile used to determine normal calling behaviour is updated over a period of time in respect of calls determined as not fraudulent. An initial user profile may be generated from historic billing records.

Abstract: A method and device for preventing fraud in international calls in a long-distance telecommunications system, where selected customers can avoid fraud control blocks and greater granularity is achieved in blocking international destinations. In the method and device, an override flag is created in the records of the Billing Number Screening (BNS) database. When a call is made using a billing number whose corresponding record has the override flag set, the call is not stopped by fraud control blocks on certain international destinations. In addition, international destinations can be blocked with greater specificity because a Country Set Logic (CSET) field is added to the International City Code Database. The addition of CSET to this database allows particular international city destinations to be blocked from certain origin points.

Abstract: A predictive model system is used to detect telecommunications fraud. Call records (CDRs) provided by telephone companies are evaluated against specified rules. If one or more rules are matched, the system generates an alert. Pending alerts for a customer form a case, describing the caller's calling patterns. A predictive model determines a score that is predictive of the likelihood that the call involved fraud. Cases are queued for examination by analysts.

Abstract: Database-driven methods and systems for database driven real time call tracing are disclosed. Signaling messages are copied from signaling link interface modules. The copied messages are sent to a database. A server located remotely from the database sends a query to the database for a real time call trace. The database is searched for messages that match the search criteria. If no messages are located in the historical data stored in the database, data entering the database is analyzed in real time.

Abstract: A method is described of providing validation data associated with a subscriber line of a telecommunication network. The method includes obtaining line data of the subscriber line wherein the line data is suitable for interrogating a line identification database (LIDB). The method interrogates the LIDB with the line data to obtain reference subscriber data associated with the line data, and processes the reference subscriber data to obtain validation data associated with the subscriber line. The invention extends to a subscriber line validation system to validate a subscriber line of a communication network.

Abstract: A predictive model system is used to detect telecommunications fraud. Call records (CDRs) provided by telephone companies are evaluated against specified rules. If one or more rules are matched, the system generates an alert. Pending alerts for a customer form a case, describing the caller's calling patterns. A predictive model determines a score that is predictive of the likelihood that the call involved fraud. Cases are queued for examination by analysts.

Abstract: A system for preventing telecommunications fraud, the system comprising a database, at least one processor and related software, the at least one processor receives and stores numbers representing terminating ANIs in the database that have generated a fraud alert. The stored numbers include at least a portion of the terminating ANI and at least one variable length character, and are accessible to block subsequent calls directed at the respective terminating ANIs. The at least one processor receives a dialed terminating ANI representing a subsequently dialed call and checks the database to determine if the dialed terminating ANI matches a stored number. The at least one variable length character matches any corresponding character in the dialed terminating ANI. One variable length character may also match one or more subsequent characters in the dialed terminating ANI. A match between the dialed terminating ANI and a stored number initiate a block of the dialed call.

Abstract: A system for analyzing fraud in a telecommunications system, where the system comprises at least one processor, software and calling records stored in a database. The at least one processor has input that receives a user selection of a revenue source and one or more streams of revenue that contribute to the revenue source. The system retrieves and processes the calling records pertaining to the selected revenue source or stream of revenue. The system then generates at least one graphical display pertaining to the revenue generated and losses due to fraud for the selected revenue source or stream of revenue. A method for analyzing fraud in a telecommunications system presents a user with graphic data pertaining to fraud and revenue for a revenue source. The user is then presented with a selection of one or more streams of revenue of an nth level that contribute to the revenue source, where n is greater than or equal to one. The user provides a selection for one of the one or more nth level streams of revenue.

Abstract: A system and method for blocking uncollectible random call traffic of a telecommunication network. The system includes a database that stores a plurality of customer and call data, a fraud detection server that extracts from the database a plurality of customer and call data pertaining to uncollectible random call traffic and generates a call block list; at least one switch lookup table; and at least one telecommunication switch located within the telecommunication network that routes or prohibits telecommunication network traffic over the telecommunication network based upon information contained in the at least one switch lookup table.

Abstract: A method and device for suppressing threshold alerts in a telecommunication fraud control system is disclosed. Threshold alerts are generated when the count of a certain category of call exceeds a certain threshold. These counts are maintained in relation to particular accounts. A fraud analyst determines whether or not a particular account will have alert suppression enabled, based on the type of account and its history. Once alert suppression is enabled, the count is multiplied by a coefficient before determining whether to issue a threshold alert. If the multiplied count still exceeds the threshold, an alert is generated. If not, no alert is generated.

Abstract: Real time detection of the fraudulent use of a telecommunications network is accomplished by analyzing data for each call that is occurring within the network. A signal protocol receiver is used to collect signaling protocol for each call that is occurring within the network. The Signaling protocol data is collected, decoded and formatted into call information records (CIRs). The CIRs contain various operator specified parameters for each call that is occurring within the network. The CIRs are compared to operator defined thresholds. If any of the CIRs exceeds the thresholds, an alert is generated. The alerts are stored in a database where the operator can analyze them and take the appropriate corresponding action to resolve the alert. The alerts and the CIRs are archived in a database so that trends of fraudulent use can be detected and prevented. This method of fraud detection provides for the effective analyzation of every call that is occurring within the network.

Abstract: A method and device for preventing fraud in special service calls from an international origin point to a domestic terminating point through a long-distance telecommunications system is described. In the system and method, a Screening for International Calls database is added to the Integrated Services Network (ISN) platform. The records in the Screening for International Calls database are keyed by the country code and contain a field for blocked terminating regions. When an international call is made, the record corresponding to the international origin point is retrieved from the Screening for International Calls database. This record is checked to determine if there are terminating regions indicated in the blocked exchange field. If there are no terminating regions indicated in the blocked exchange field, call processing continues.

Abstract: A method for using at least one Bad Billed Number Record (BBN) to detect fraud in a telecommunication system includes the steps of generating the at least one BBN for each call attempt made using a billing product, when the call attempt satisfies any one of a plurality of fraud criteria; storing the at least one BBN in a storage queue for later retrieval; and retrieving and analyzing the at least one BBN to increment a plurality of fraud control counters according to the analysis. A system for using a plurality of BBNs to detect fraud in a telecommunications system includes a network operator service platform (OSP) for generating BBNs based on received call attempts; a network information concentrator (NIC) for temporarily storing the generated BBNs; and a fraud monitoring system for retrieving the stored BBNs, filtering out unidentifiable BBNs, analyzing identifiable BBNs, and generating alarms based on the analysis.

Abstract: A system and method for minimizing fraudulent usage of a mobile telephone, wherein data regarding an authorized user's prior usage of a mobile telephone is accumulated, data regarding a current user's usage of the mobile telephone is accumulated, the statistical variation in usage between the authorized user's prior usage and the current user's usage is analyzed, and the mobile telephone is deactivated if the variation in usage exceeds a predetermined threshold.