Abstract: An apparatus and method are disclosed that enables detecting the spoofing of a telephone number. To validate the identity of a calling terminal, some techniques in the prior art rely on exchanging data that only the legitimate calling system and the called system know about. In contrast, the illustrative embodiment of the present invention validates the identity of the calling terminal by assessing characteristics other than the calling terminal's telephone number, such as the telephone type and the signaling protocol. By using characteristics other than telephone number to validate the identity, the data-processing system of the illustrative embodiment makes it more difficult to spoof a legitimate telephone's number.

Abstract: A method and apparatus for providing a telecommunication service is disclosed wherein a call associated with a first prepaid services account identifier is received from a user. An offer is provided to the user to initiate a replacement service for the first prepaid services account identifier and, upon receiving an indication of an acceptance of the offer from the user, a replacement codeword associated with the first prepaid services account identifier is established. The call associated with the first prepaid services account may be any type of communication, including a telephone call, a message delivered via the internet, or any other voice or data message. Upon receipt of the codeword from the user, a second prepaid services account identifier is established and, in one implementation, the first prepaid services account identifier is deactivated.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: Trust ratings are embedded in certificates of calling devices in a Voice over Internet Protocol (VoIP) communications system. A method of managing trust ratings involves automatically accumulating complaints concerning VoIP calls initiated from calling devices, and comparing respective quantities of accumulated complaints associated with each calling device. When a quantity of accumulated complaints associated with a given calling device exceeds a given threshold, a trust rating of the given calling device is reduced. In subsequent VoIP calls the given calling device attempts to place, the reduced trust rating is included in the call request so that the subsequent calls are subject to more austere call screening operations than calls having the unreduced trust rating. Call recipients thus affect the calling device's trust rating simply by entering complaints associated with received calls. The method effectively combats spam over Internet telephony (SPIT) through participation of called parties.

Abstract: A prepaid messaging solution which uses open networking standards (e.g., TCP/IP) and which supports pre-payment of enhanced Internet messaging services. The disclosed prepaid architectures and methods accurately determine if a subscriber has sufficient account balance to deliver a complete short message, prior to delivery of the message. The short message may be prevented from being delivered (either at the source end or at the destination end) if insufficient funds are in the subscriber's account. A prepaid tariff engine is preferably extensible over a TCP/IP network, and supports remote interaction with the SMSC and web chat servers for the purpose of applying a real-time billing charge for each message. A service provider may create subscriber classes of service that define and uniquely identify subscriber rate and/or tariffing plans used to apply real-time billing charges for sending or receiving of messages. The prepaid short message tariff engine determines the appropriate message billing based upon, e.

Abstract: An approach provides fraud detection in support of data communication services. A list of single-event attributes (e.g., hot or cold attributes) is generated and includes a network address of an end user host originating a data call or a calling party identification (e.g., Automatic Number Identification (ANI) or an originating Calling Line Identification (CLI)) for network access, wherein entries of the list specify values of the hot attributes. An attribute value associated with the data call is compared with the entries. A fraud alert is generated if the attribute value matches one of the entries.

Abstract: A fraud detection method for generating a first fraud or fraud attempt probability, within an at least one captured or recorded interaction, is provided. The method comprises a scoring step for scoring an at least one voice belonging to an at least one tested speaker in the at least one captured or recorded interaction against an at least one voice print within an at least one entry in a voice print collection, the scoring step generating an at least one probability that the at least one voice in the captured or recorded interaction belongs to an at least one second speaker associated with the at least one voice print, said at least one probability represents the probability that the at least one captured or recorded interaction is fraudulent; and an auditing step for auditing the at least one probability and the at least one captured or recorded interaction.

Abstract: An approach provides fraud detection in support of data communication services. A threshold corresponding to a geographic location is set. The threshold corresponds to duration of a call supporting data communications. It is determined whether the call duration exceeds the threshold. A fraud alert is generated if the monitored call duration exceeds the threshold.

Abstract: A method and device for preventing fraud in collect calls from a domestic origin point to an international terminating point through a long-distance telecommunications system is described. In the system and method, a Screening for International Calls database is added to the call processing platform. This Screening of International Calls database contains records keyed by country codes, and each record has a blocked collect call field listing destination numbers that are blocked from receiving collect calls. When a domestic-to-international collect call is made, the record corresponding to the country code of the international terminating point of the collect call is retrieved from the Screening for International Calls database. This record is checked to determine if the destination number of the collect call matches any destination numbers listed in the blocked collect call field of the country code database record. If there is a match, the call is blocked.

Abstract: The present invention provides systems and methods for dynamic detection and prevention of electronic fraud and network intrusion using an integrated set of intelligent technologies. The intelligent technologies include neural networks, multi-agents, data mining, case-based reasoning, rule-based reasoning, fuzzy logic, constraint programming, and genetic algorithms. The systems and methods of the present invention involve a fraud detection and prevention model that successfully detects and prevents electronic fraud and network intrusion in real-time. The model is not sensitive to known or unknown different types of fraud or network intrusion attacks, and can be used to detect and prevent fraud and network intrusion across multiple networks and industries.

Abstract: Embodiments of the present invention provide for reduction of the likelihood of fraud by having at least one of an identifier of a location from where a request is submitted or information that can lead to identification of the location, submitted with or in addition to a request. Then, determination is made whether to service the request, based at least in part on the location from where the request is submitted or processed. In various embodiments, the location may be compared against predetermined permissible location(s) or a current user location. The request may be a request to conduct a transaction, access data, access a physical or informational resource, or access a secured area.

Abstract: A system and method are provided for detecting extension attacks made to a communication enterprise, and taking appropriate remedial action to prevent ongoing attacks and future attacks. One or more attributes of a suspect call are analyzed, and a risk is associated with each analyzed attribute. An overall risk or assessment is then made of the analyzed attributes, attack attributes are logged, and one or more remedial actions may be triggered as a result of the analyzed call attributes. The remedial actions may include recording the call, notifying an administrator of a suspect call, or isolating the communication enterprise from the attack by terminating the call or shutting down selected communication endpoints to prevent calls being made to those extensions. Rules may be applied to the analyzed attributes in order to trigger the appropriate remedial action.

Abstract: A communication network is disclosed that uses voice authentication to provide call control. The communication network includes a call control function, a voice collection system, a voice authentication system, and a permission system. The voice collection system collects voice samples of a first party during the call to a second party, and transmits the collected voice samples to the voice authentication system. The voice authentication system compares the collected voice samples to stored voice samples to determine the identity of the first party. The permission system determines whether the first party is authorized for the call based on the identity of the first party. The permission system generates results based on the determination and transmits the results to the call control function. The call control function then processes the results, and interrupts the call if the first party is not authorized.

Abstract: Systems and methods for evaluating transactions to determine if suspicious activities are possibly present. Various methods include providing a reference designator list with information associated with one or more suspicious activities. Using the reference designator list, a first and a second transaction systems are evaluated. Various systems include two or more transaction systems utilizing information from a fraud detection system.

Abstract: A system and method for processing gathered call data from a network monitoring system to prepare the call data for analyzing call routing across a network, not limited to call data associated with the transit portion of a call path. The system and method include correlating call data to form a correlated set, ordering the call data in the correlated set to form a compound CDR, and enriching the compound CDR by comparing CDRs within the compound CDR to each other.

Abstract: A system of operating a wireless handset capable of making clear and secure calls is claimed. A secure call may be made by pressing a key for a predetermined amount of time. The handset enters a secure mode if the key is held for a time period greater than the predetermined amount of time. The handset enters a clear mode if the key is held for a time period less than the predetermined amount of time.

Abstract: A system of evaluating automatic message accounting records associated with telephony calls is disclosed. The system includes correlation logic to collect originating AMA records having an originating call code to identify a record of an originating long distance call and further to collect terminating AMA records that correspond to the collected originating automatic message accounting records. The system also includes evaluation logic to determine when a call may be by-passing terminating access charges by identifying calls that have been correlated with an originating AMA record having the originating code and with a terminating AMA record having a local termination code.

Abstract: In one embodiment, a method of configurably profiling data uses system comprising a pre-processor, a profiler, a post-processor and database. The pre-processor receives data and feedback data and performs configurable first calculations thereon to create data relating to profiling features. The profiler summarizes the profiling features data over a length of time by performing configurable second calculations thereon to create summarized data relating to profiled features. The post-processor performs configurable third calculations the profiled features data to create the feedback data and a profiled output data stream for further processing.

Abstract: A predictive model system is used to detect telecommunications fraud. Call records (CDRs) provided by telephone companies are evaluated against specified rules. If one or more rules are matched, the system generates an alert. Pending alerts for a customer form a case, describing the caller's calling patterns. A predictive model determines a score that is predictive of the likelihood that the call involved fraud. Cases are queued for examination by analysts.

Abstract: A method and apparatus for providing a telecommunication service is disclosed wherein a call associated with a first prepaid services account identifier is received from a user. An offer is provided to the user to initiate a replacement service for the first prepaid services account identifier and, upon receiving an indication of an acceptance of the offer from the user, a replacement codeword associated with the first prepaid services account identifier is established. The call associated with the first prepaid services account may be any type of communication, including a telephone call, a message delivered via the internet, or any other voice or data message. Upon receipt of the codeword from the user, a second prepaid services account identifier is established and, in one implementation, the first prepaid services account identifier is deactivated.

Abstract: A method for detecting unauthorized access is provided. The method includes receiving a voice input associated with a request to access an account. A request voice signature corresponding to the voice input associated with the request is generated. An authorized voice signature corresponding to the account is retrieved. The request voice signature corresponding to the voice input is compared with the authorized voice signature corresponding to the account. Unauthorized access is detected in response to the comparison.

Abstract: A method of evaluating automatic message accounting records associated with telephony calls that originate at a local exchange carrier telephony office and that are routed over an inter-exchange carrier telephony facility is disclosed. The method comprises collecting originating automatic message accounting records associated with the originating local exchange carrier telephony office, and collecting terminating automatic message accounting records that correspond to the originating automatic message accounting records. A first portion of the terminating automatic message accounting records have a terminating access code and a second portion of the terminating automatic message accounting records have a local termination code.

Abstract: An apparatus and method for detecting a fraud or fraud attempt in a captured interaction. The method comprising a selection step in which interactions suspected as capturing fraud attempts are selected for further analysis, and assigned a first fraud probability, and a fraud detection step in which the voice is scored against one or more voice prints, of the same alleged customer or of known fraudsters. The first fraud or fraud attempt probability is combined with the result of the scoring of the fraud detection step, to generate a total fraud or fraud attempt probability. If the total fraud or fraud attempt probability exceeds a threshold, a notification is issued. The selection, scoring and combination thereof are performed using user-defined rules and thresholds.

Abstract: Likelihood of fraud is reduced by having at least one of an identifier of a location from where a request is submitted or information that can lead to identification of the location, submitted with or in addition to a request. Then, determination is made to whether to service the request, based at least in part on the location from where the request is submitted. In various embodiments, the location may be compared against predetermined permissible location(s) or a current user location. The request may be a request to charge an amount against an account, such as a credit card account, a request to access a physical resource, such as a VPN, or an informational resource, such as account information, or a request to access a secured area.

Abstract: A method and device for preventing fraud in international calls in a long-distance telecommunications system, where selected customers can avoid fraud control blocks and greater granularity is achieved in blocking international destinations. In the method and device, an override flag is created in the records of the Billing Number Screening (BNS) database. When a call is made using a billing number whose corresponding record has the override flag set, the call is not stopped by fraud control blocks on certain international destinations. In addition, international destinations can be blocked with greater specificity because a Country Set Logic (CSET) field is added to the International City Code Database. The addition of CSET to this database allows particular international city destinations to be blocked from certain origin points.

Abstract: In general, a portable unit and method are described for storing user information for subsequent recovering. For one embodiment, the portable unit comprises a casing, an antenna and logic employed within the casing. The logic may comprise a wireless transceiver coupled to the antenna, a processing unit coupled to the wireless transceiver, and a remote transceiver coupled to a plurality of device drivers and a memory unit. The memory unit is configured to store remote codes, user identification information and user transaction information.

Abstract: Systems and methods for evaluating transactions to determine if suspicious activities are possibly present. Various methods include providing a reference designator list with information associated with one or more suspicious activities. Using the reference designator list, a first and a second transaction systems are evaluated. Various systems include two or more transaction systems utilizing information from a fraud detection system.

Abstract: A method for detecting unauthorized access is provided. The method includes receiving a voice input associated with a request to access an account. A request voice signature corresponding to the voice input associated with the request is generated. An authorized voice signature corresponding to the account is retrieved. The request voice signature corresponding to the voice input is compared with the authorized voice signature corresponding to the account. Unauthorized access is detected in response to the comparison.

Abstract: A predictive model system is used to detect telecommunications fraud. Call records (CDRs) provided by telephone companies are evaluated against specified rules. If one or more rules are matched, the system generates an alert. Pending alerts for a customer form a case, describing the caller's calling patterns. A predictive model determines a score that is predictive of the likelihood that the call involved fraud. Cases are queued for examination by analysts.

Abstract: A method, system, and program providing identification usage fraud protection are provided. A context for a use of an identification via a communication line is detected at a fraud protection service. The context for use of the identification is analyzed in view of multiple previous uses of the identification. A level of suspicion of fraudulent use of the identification is specified according to the analysis of the context. Depending on the level of suspicion, further use of the identification may require additional authentication or may be barred. The identification may include a user name, an account number, a password, or other identifier that may be utilized to represent an individual in accessing products and services.

Abstract: Methods, apparatuses and systems for detecting a fraud event on a distributed network are disclosed. A fraud event is indicated if data analysis reveals that there is a lack of consistency between elements in the network.

Abstract: A method and device for preventing fraud in international calls in a long-distance telecommunications system, where selected customers can avoid fraud control blocks and greater granularity is achieved in blocking international destinations. In the method and device, an override flag is created in the records of the Billing Number Screening (BNS) database. When a call is made using a billing number whose corresponding record has the override flag set, the call is not stopped by fraud control blocks on certain international destinations. In addition, international destinations can be blocked with greater specificity because a Country Set Logic (CSET) field is added to the International City Code Database. The addition of CSET to this database allows particular international city destinations to be blocked from certain origin points.

Abstract: Disclosed are systems and methods which provide techniques providing account setup, management and transaction authorization determinations in real-time using transaction interrupt messaging. Embodiments preferably take into consideration the quality of one or more parties to the transaction and the means by which charges may be rendered to them when making account setup, management, and/or transaction authorization determinations. Accordingly, transactions, such as collect calls, meeting at least some minimal risk threshold may be completed on a first call attempt, even where a pre-arranged billing agreement or other business relationship is not previously in place.

Abstract: Methods and systems for detecting and mitigating call routing arbitrage in a telecommunications network are disclosed. A network routing node, such as a signaling gateway (SG), intercepts call setup signaling messages. An arbitrage detector/processor examines parameters contained in an intercepted message to identify the presence of call routing arbitrage. For messages that indicate the presence of call routing arbitrage, the arbitrage detector/processor may perform a mitigating action, including redirecting the call to an interactive voice response (IVR) node, blocking the call, and/or inserting missing information in the call setup message and completing the call.

Abstract: Methods and systems for detecting intrusion events, such as war dialing events are disclosed. According to one method, signaling messages associated with calls being made or attempted in a telecommunications network are analyzed. Based on the signaling messages, it is determined whether a war dialing event has occurred or is in progress. In response to determining that a war dialing event has occurred or is in progress, a war dialing event mitigating action is performed.

Abstract: A system for tracking billing escalation records includes a processing device configured to provide for creating, tracking and forwarding escalation records, and databases adapted to communicate with the processing device. The databases are configured to provide data on the escalation records. In one embodiment, the databases include tables that are configured to provide data on escalation records such as current escalations, priority codes, investigators, department codes, investigation center department codes, case status, archives, among others. Other systems and methods are also provided.

Abstract: A method of providing collect call service includes receiving a request for a collect call from a calling party (18). A selected number to call is received. A call is placed to a receiving party (20). Agreeability of the receiving party (20) to accept the credit card billing for the collect call is determined. The calling party (18) is connected to the receiving party (20) in response to the acceptance.

Abstract: A method of identifying fraud in a telecommunications system. The method includes receiving data related to a current call placed from an originating automatic number indicator (ANI), where the received data includes at least the originating ANI, a billing number and an identification code. A threshold number and a time interval corresponding to the identification code for the originating ANI are retrieved, for example, from a memory. In addition, billing numbers for prior calls from the originating ANI, if any, and corresponding indicia of the times of the calls are retrieved. A determination is made of whether the number of billing numbers used for the current and prior calls from the originating ANI over a prior period of time equal to or less than the time interval exceeds the threshold number. If the threshold number is exceeded, a fraud alert is generated.

Abstract: A tele/datacommunications network has a service node (TSN) (30) which facilitates payment/transfer from a customer account of a customer financial institution (80) to a merchant account of a merchant financial institution (90). The TSN (30) acquires a merchant identifier and transaction amount from a customer mobile station (60). The TSN (30) sends a transaction verification request message to both the customer mobile station (60) and the merchant terminal (70). Upon receipt of transaction verification, the TSN (30) requests transfer of the transaction amount from the customer account to the merchant account.

Abstract: An intelligent vending system such as a pay telephone provides local/remote diagnostics, fraud prevention, capability of facilitating local coin overtime operation, complete cash box accounting, and detailed reporting. Information regarding each transaction is recorded and is useful in verification, by way of example. The system includes a delta-sigma driver for reducing circuit complexity and improving circuit reliability, and a one-wire, high speed communication controller which facilitates high speed downloading and uploading of data, records, and operating program code. Battery management techniques, memory management, and coin detection circuits add to the system's capabilities and reliability. Firmware security techniques and operating system formats also promote product firmware security and configuration control.

Abstract: A predictive model system is used to detect telecommunications fraud. Call records (CDRs) provided by telephone companies are evaluated against specified rules. If one or more rules are matched, the system generates an alert. Pending alerts for a customer form a case, describing the caller's calling patterns. A predictive model determines a score that is predictive of the likelihood that the call involved fraud. Cases are queued for examination by analysts.

Abstract: Non-toll calls originating from payphones may be blocked. An intelligent node is provided within the telecommunications network to identify whether a non-toll call originated from a payphone. The intelligent node may apply a number of different criteria to determine whether to block a non-toll call that is determined to have originated from a payphone. The intelligent node may be customized to apply criteria based upon customer request. The customer may also identify additional processing that is to be performed when a call is to be blocked.

Abstract: To prevent fraud perpetrators from using a public pay telephone to illicitly collect account numbers, authorization codes or personal identification numbers from an unsuspecting user of the telephone, the instant invention disables the keypad of the telephone if an incoming call is being received at the time that the handset is lifted from the phone by the user. In one method, the ringing signal and the off-hook condition are detected and a control output is provided which disengages the dialing tone generating circuits of the telephone until the handset is placed back on-hook. According to an alternative method, after the handset is lifted, a dial tone is sensed and evaluated by a dial tone discriminator to determine whether the dial tone is likely to be a valid dial tone from a legitimate service provider. If the dial tone is determined to be invalid, then the keypad of the telephone is disabled until the handset is placed back on-hook.

Abstract: A method and device for preventing fraud in international calls in a long-distance telecommunications system, where selected customers can avoid fraud control blocks and greater granularity is achieved in blocking international destinations. In the method and device, an override flag is created in the records of the Billing Number Screening (BNS) database. When a call is made using a billing number whose corresponding record has the override flag set, the call is not stopped by fraud control blocks on certain international destinations. In addition, international destinations can be blocked with greater specificity because a Country Set Logic (CSET) field is added to the International City Code Database. The addition of CSET to this database allows particular international city destinations to be blocked from certain origin points.

Abstract: A system and method for preventing fraud. The method typically includes identifying one or more fraud indicators and examining past transactions and/or a pending transaction associated with the account for the presence of the fraud indicators. The method also includes, by said examining, detecting at least one of the fraud indicators. The method also includes calculating a cumulative fraud risk level associated with the pending transaction based on the detected fraud indicators. The method may also include determining whether the cumulative fraud risk level meets or exceeds a predetermined threshold, and if the cumulative fraud risk level meets or exceeds the predetermined threshold, verifying the request for the transaction with an owner of the account. The method may further include assigning a weighted value to each of the fraud indicators. The account is typically a telephone calling account, such as a calling card account.

Abstract: A method and device for preventing fraud in international calls in a long-distance telecommunications system, where selected customers can avoid fraud control blocks and greater granularity is achieved in blocking international destinations. In the method and device, an override flag is created in the records of the Billing Number Screening (BNS) database. When a call is made using a billing number whose corresponding record has the override flag set, the call is not stopped by fraud control blocks on certain international destinations. In addition, international destinations can be blocked with greater specificity because a Country Set Logic (CSET) field is added to the International City Code Database. The addition of CSET to this database allows particular international city destinations to be blocked from certain origin points.

Abstract: A communication and refund center comprises a lockable cabinet structure having an access panel disposed on the cabinet structure cooperating to form a sealed enclosure when the access panel is engaged with the cabinet, a power supply to the interior of the cabinet, a coin chute accessible from the exterior of the cabinet structure, a coin magazine comprising a coin sleeve and a remotely actuated coin solenoid disposed above the coin chute, a telephone dialer, a digital voice modulator connected with and operative in response to the telephone dialer, a relay circuit operatively associated with the voice modulator and the coin solenoid, the relay circuit operating the coin solenoid in response to commands from the voice modulator to provide a specified number of coins to the coin chute. A modular mounting plate carries the power supply, telephone dialer, and voice modulator.

Abstract: A system for preventing telecommunications fraud, the system comprising a database, at least one processor and related software, the at least one processor receives and stores numbers representing terminating ANIs in the database that have generated a fraud alert. The stored numbers include at least a portion of the terminating ANI and at least one variable length character, and are accessible to block subsequent calls directed at the respective terminating ANIs. The at least one processor receives a dialed terminating ANI representing a subsequently dialed call and checks the database to determine if the dialed terminating ANI matches a stored number. The at least one variable length character matches any corresponding character in the dialed terminating ANI. One variable length character may also match one or more subsequent characters in the dialed terminating ANI. A match between the dialed terminating ANI and a stored number initiate a block of the dialed call.

Abstract: A method and device for suppressing threshold alerts in a telecommunication fraud control system is disclosed. Threshold alerts are generated when the count of a certain category of call exceeds a certain threshold. These counts are maintained in relation to particular accounts. A fraud analyst determines whether or not a particular account will have alert suppression enabled, based on the type of account and its history. Once alert suppression is enabled, the count is multiplied by a coefficient before determining whether to issue a threshold alert. If the multiplied count still exceeds the threshold, an alert is generated. If not, no alert is generated.

Abstract: A method and device for preventing fraud in special service calls from an international origin point to a domestic terminating point through a long-distance telecommunications system is described. In the system and method, a Screening for International Calls database is added to the Integrated Services Network (ISN) platform. The records in the Screening for International Calls database are keyed by the country code and contain a field for blocked terminating regions. When an international call is made, the record corresponding to the international origin point is retrieved from the Screening for International Calls database. This record is checked to determine if there are terminating regions indicated in the blocked exchange field. If there are no terminating regions indicated in the blocked exchange field, call processing continues.