See our Frequently Asked Questions

General

How would my company best use the platform in our fraud prevention and investigations?

The GSMA Fraud Intelligence Service provides a central global database and exchange platform for operators to analyse fraud-related incidents efficiently, and with more accuracy. For the first time, all relevant information from primary sources is in one place, it’s curated for quick comprehension, and it’s automated – meaning the data is updated in real time.

How much fraud does GSMA report?

It is difficult to quantify how much fraud is reported however for the first time GSMA Fraud Intelligence Service brings together in one central location a place where we hope all GSMA operator members will share their fraud intelligence in a more timely fashion for all to action to reduce the cost of fraudulent traffic for all.

How accurate is the data?

Only data that is worthy of investigation should be uploaded to the platform. The data is then validated through cross-referencing with a number of other data points so as to build confidence within our community that this is a platform worthy of joining and contributing too so as to reduce the financial impact of roaming and interconnect fraud.

High Risk Number / Range entry-level service

What are high risk numbers / ranges?

High risk numbers (HRN) and ranges of numbers are hot numbers, which have been reported by operators who have seen fraudulent traffic to these destinations from their networks.

What is the source of the GSMA Fraud Intelligence Service High Risk Number data?

Mobile operators are the key data source as this new platform enables them to contribute their high risk numbers and ranges in a more timely and efficient manner.

GSMA will also continue to share the TUFF (Telecommunications UK Fraud Forum) and the CFCA (Communications Fraud Control Association) data.

How can I contribute HRN data?

Only GSMA operator members can contribute. Just complete the application form to get your account setup and activated. Once activated you can submit data, in bulk or single format, as frequently as required. See our User Guide for full details.

Can I remove HRN data from this database?

General rules first: yes if you supplied it, no if you didn’t.
If you see your home network numbers are listed in the Fraud alerts page, in error, or you have already cleared the underlying fraud issue use the “Report issue” link in the column, farthest to the right. You can directly edit or remove the numbers added by your own organisation.

When a number or range of numbers is added to the high. risk numbers area, what data enrichment takes place?

All numbers and ranges submitted are subject to the following processes to confirm a number/ range is valid:
• Country codes are determined automatically
• Check for matches with IR.21 number ranges
• Check if a high risk number falls under predefined (customer-specific) CC/NDC priority ranges

Does the service indicate the type of fraud associated with HRN?

Yes the data may be tagged. Users can do this themselves or GSMA may do it as part of the data enrichment process, using the fraud label type.

How do I decide whether or not to block numbers that are listed in the system?

The GSMA recommends that any unusual or high usage to these HRN destinations is investigated. Before blocking traffic to hijacked (or any) number ranges, operators should first compare the fraud risk against the potential disruption to legitimate customers, traffic and revenue in both the originating and the intended terminating networks. For more detailed advice, GSMA members are recommended to review the GSMA Fraud Manual available from fasg@gsma.com.

Full Subscription Service

What additional information is available in the full GSMA Fraud Intelligence Service?

The full service provides a 360-degree view of the GSMA IR.21 data, including your partner mobile number ranges, operator IP addresses and MCC/MNC codes.

What is IR.21 data?

GSMA RAEX IR.21 is the information that operators exchange to establish international roaming at a technical level. Procedures and data formats are laid out so all have a common view. A key benefit of this new service is that the data and documents from your GSMA IC2 RAEX Inbox and IR.21 Catalogue are fetched automatically and then enriched in this platform.

How do I use IP address information contained in the service?

The IP addresses related to fraud are enriched with ipdata’s geolocation information, the OSINT’s 200 + threat feeds and ASN data. These layers of information can be collated into an intelligence report to support your fraud detection decision making; displaying all data conflicts will help prompt further investigation.

What value is MCC MNC information within the service?

IMSI data is checked to establish if it is associated with the expected source, i.e. operator subscription. Mismatches can be quickly spotted for further investigation.

What additional High Risk Numbers (HRN) coverage does the subscription service offer?

The full service subscribers benefit from data correlation and enrichment. This is done by checking against IR.21 number ranges as well as using other verified sources.

NB There is no verification/enrichment done on the free HRN version