Toll Fraud Prevention and STIR/SHAKEN

Agenda About TransNexus Toll fraud prevention A brief history of robocall legislation STIR/SHAKEN overview Robocall prevention Questions and answers

Software for the telecommunications industry since 1997 Solutions for Toll fraud prevention Robocall prevention TDoS protection STIR/SHAKEN Jurisdictional least cost routing Analytics and reporting

Toll fraud prevention

What does it cost you? Data: CFCA 2017 Fraud Loss Survey 23.3% 2017 % Var Estimated Global Revenues $2.30 Trillion (USD) +2.2% Estimated Global Fraud Loss $29.2 Billion (USD) -23.3% % Loss* 1.27% -0.4% Proprietary and Confidential

How does it happen? Data: CFCA 2017 Fraud Loss Survey Top Fraud Methods: $2.03 B – Subscription Fraud (Identity) $1.94 B – PBX Hacking $1.94 B – IP PBX Hacking $1.93 B – Subscription Fraud (Application) $1.75 B – Subscription Fraud (Credit Muling/Proxy) $1.66 B – Abuse of Service Terms & Conditions $1.66 B – Account Take Over $1.47 B – Internal Fraud / Employee Theft $1.38 B – Phishing / Pharming Fraud Method – is how they access the network or service to enable revenue gain from the attack Top Fraud Types*: $6.10 B – International Revenue Share Fraud (IRSF) $4.27 B – Interconnect Bypass (e.g. SIM Box) $3.26 B – Arbitrage $3.02 B – Theft / Stolen Goods $2.39 B – Premium Rate Service $2.10 B – Device / Hardware Reselling $1.35 B – Domestic Revenue Share (DRSF) $1.30 B – Wholesale Fraud Fraud Type – is how they use the service or network to generate revenue from the attack Proprietary and Confidential

Where is the risk? Data: CFCA 2017 Fraud Loss Survey Top 10 Countries where Fraud Terminates Proprietary and Confidential

Too Close to Home? Data: NANP Destinations Largest Risk Proprietary and Confidential

The Layers of Fraud Management If your customer base doesn’t need to call, block it Many carriers are changing to not allow international for end users by default, it must be requested Know your definition of international, NANPA destinations are a large issue and most International blocks will not stop this. Proactive Destination Blocking Block calling number when thresholds are triggered/fraud is alerted.  Inteliquent Example: Blocks all International (allows US50/Canada/Puerto Rico): Reactive ANI Monitoring/Blocking Same as ANI, if you have a customer with a PRI/Dedicated connection and they have a large issue, block at the higher level so the impact doesn’t continue to grow. Inteliquent Example: If 5 ANIs alert for blocking in a 3 hour period trunk group will automatically be blocked for all International (allows US50/Canada/Puerto Rico) Reactive Trunk Group Monitoring/Blocking Based on customer spend, credit limits, etc. implement blocks or work with them when thresholds are reached to prevent large impact and disputes. Inteliquent Example: Thresholds are in place for all of our customers to stop international traffic at set dollar amount.  When breached the system doesn’t allow calls.   Realtime Dollar Thresholds Inteliquent Examples of some extras: Channel & CPS Limits Maximum Destination Rate White Listing Alerting/Reporting Customized CDR Rules Customizable options to customer needs: Proprietary and Confidential

A brief history of robocall legislation

A brief history of robocall legislation Do-Not-Call Act FCC authorizes limited blocking Canadian CRTC 2018-32 PA selected in U.S. FCC allows blocking by default 2000 2005 2010 2015 2020 August 2016 - Robocall Strike Force Kick-off meeting January 2018 - CRTC Decision SHAKEN for SIP Networks May 2019 – icinective selected as Policy Administrator June 2019 – Blocking by default Truth In Caller ID Act Robocall Strike Force FCC chairman Pai calls for SHAKEN/STIR without delay

“I’ve been clear that I expect major voice service providers to implement SHAKEN/STIR by the end of 2019… I’ve also made clear that if this deadline is not met, the FCC will act to ensure that SHAKEN/STIR is implemented.” -- Ajit Pai, FCC Chairman (June 11, 2019)

STIR/SHAKEN overview

STIR/SHAKEN doesn’t prevent robocalls STIR/SHAKEN doesn’t prevent robocalls. It prevents caller ID spoofing so you can answer more calls you want while avoiding spam robocalls. STIR/SHAKEN call flow Certificate repository Authentication service Verification service Originating telephone service provider Terminating telephone service provider SIP network Calling party Called party

Certificate infrastructure Authority Certificate repository Key management service Originating telephone service provider

Triangle of trust Governance Authority Policies Policy Administrator iconectiv Telephone Service Providers Certificate Authorities

SIP INVITE with Identity header INVITE sip:18001234567@example.com:5060 SIP/2.0 Via: SIP/2.0/UDP example.com:5060 From: "Alice" <sip:14045266060@5.6.7.8:5060>;tag=123456789 To: "Bob" <sip:18001234567@1.2.3.4:5060> Call-ID: 1-12345@5.6.7.8 CSeq: 1 INVITE Max-Forwards: 70 Identity: eyJhbGciOiAiRVMyNTYiLCJwcHQiOiAic2hha2VuIiwidHlwIjogInBhc3Nwb3J0IiwieDV1IjogImh0dHBzOi8vY2VydGlmaWNhdGVzLmNsZWFyaXAuY29tL2IxNWQ3Y2M5LTBmMjYtNDZjMi04M2VhLWEzZTYzYTgyZWMzYS83Y2M0ZGI2OTVkMTNlZGFkYTRkMWY5ODYxYjliODBmZS5jcnQifQ.eyJhdHRlc3QiOiAiQSIsImRlc3QiOiB7InRuIjogWyIxNDA0NTI2NjA2MCJdfSwiaWF0IjogMTU0ODg1OTk4Miwib3JpZyI6IHsidG4iOiAiMTgwMDEyMzQ1NjcifSwib3JpZ2lkIjogIjNhNDdjYTIzLWQ3YWItNDQ2Yi04MjFkLTMzZDVkZWVkYmVkNCJ9.S_vqkgCk88ee9rtk89P6a6ru0ncDfSrdb1GyK_mJj-10hsLW-dMF7eCjDYARLR7EZSZwiu0fd4H_QD_9Z5U2bg;info=<https://certificates.clearip.com/b15d7cc9-0f26-46c2-83ea-a3e63a82ec3a/7cc4db695d13edada4d1f9861b9b80fe.crt>alg=ES256;ppt=shaken

Decoded Identity token "header": "alg": "ES256" "typ": "passport" "ppt": "shaken" "x5u": https://certificates.clearip.com/4a8eb5-461b.crt "payload": "attest": "A" "dest": { "tn": [ "14695858065" ] } "iat": 1529071382 "orig": { "tn": "12013776051" } "origid": "4aec94e2-508c-4c1c-907b-3737bac0a80e" Attestation level Called number Timestamp Calling number Origination identifier

Out-of-Band STIR/SHAKEN Certificate repository Call Placement Service Authentication service Verification service Originating telephone service provider Terminating telephone service provider Network Calling party Called party

Rich Call Data Additional information about the caller that can be displayed to the called party, such as: Display name Hyperlinks to related info, e.g., image of the caller or company logo Flexible set of caller information, e.g., address, email, birthday, etc. Similar to enhanced CNAM Except done at origination instead of termination Cryptographically secure Gives source party greater control over info presented

Robocall prevention

Robocall prevention methods work well with SHAKEN Dynamic fraud analysis Reputation service Shield database Blacklisting CAPTCHA

Nuisance call detection methods Manual blacklisting On-net calls from external networks By OCN (correctly handles number porting) By DID Invalid calling numbers High risk calling numbers Calling numbers with poor reputation Real time traffic analysis STIR/SHAKEN verification

Nuisance call treatment options per subscriber Report only Block Send to voicemail Send to CAPTCHA gateway Send to a honeypot Modify caller display name (CNAM) Can be configured for each subscriber

Questions and answers Get started now! Contact us transnexus.com info@transnexus.com 1-404-526-6060