Telecom fraud in 2027: integrating antifraud with billing and softswitch

The increasing penetration of 5G and the development of new network technologies present new challenges for telecom operators, particularly in the area of fraud prevention. According to Ericsson’s forecast, 5G will become the dominant mobile access technology by subscription count by the end of 2027. This means operators will face a significant increase in data volumes, network interaction complexity, and consequently, new vectors for attacks. Today, effective antifraud cannot exist in isolation. It must be deeply integrated with the operator’s core systems—billing and softswitch—to ensure comprehensive protection and minimize financial losses.

Challenges of telecom fraud in the era of 5G and new technologies

The evolution of the telecommunications landscape is defined by several key trends. The Ericsson Mobility Report November 2025 indicates that approximately 360 service providers have already launched commercial 5G services, with over 90 of them offering 5G Standalone. This report also forecasts 6.4 billion 5G subscriptions by the end of 2031. Concurrently, satellite broadband access is growing, which, according to Ericsson’s forecast, will increase from around 9 million subscriptions at the end of 2025 to 30 million by the end of 2031. Subscriptions for Fixed Wireless Access (FWA) in mobile networks are also expected to reach 350 million by 2031.

These changes are transforming network architectures, making them more distributed, software-defined, and virtualized. This opens up opportunities for new services but simultaneously creates numerous new points of vulnerability. Traditional antifraud approaches, based on static rules and analysis of limited datasets, are becoming ineffective. Fraudsters are adapting faster, employing more complex schemes that masquerade as legitimate traffic. Customer data scattered across different systems—CRM, billing, network elements (e.g., softswitch), OSS/BSS—creates blind spots. The absence of a unified view of customer behavior complicates the timely detection of anomalies.

Why integrating antifraud, billing, and softswitch is the foundation of security

To effectively counter fraud, operators need a holistic approach that unifies data and functionality from key systems. Softswitch, as the central element for routing and processing voice and signaling traffic, is the first line where anomalous behavior can be detected. The billing system contains information about charging, service consumption, and the customer’s financial history. Integrating these systems with an antifraud platform allows for:

• Real-time monitoring: The antifraud system receives call, session, and network activity data directly from the softswitch, enabling instant detection of suspicious patterns.
• Financial anomaly analysis: Data from billing helps identify unusual changes in service consumption, atypical charging, or attempts to bypass payment mechanisms.
• Data enrichment: Combining information from the softswitch (technical call parameters, routing) and billing (tariff plan, payment history) creates a more complete context for decision-making.
• Automated actions: Upon detecting fraud, the integrated system can automatically block calls via the softswitch or suspend services via billing, minimizing losses.

It is precisely this approach, where the antifraud platform is an integral part of the operational infrastructure, that ensures robust protection.

A common mistake: ignoring business processes when selecting integration platforms

When selecting integration platforms or antifraud solutions, telecom operators often focus solely on technical specifications, neglecting the role of business processes. The mistake lies in attempting to integrate systems without a clear understanding of how data flows between departments, how customers interact with the operator at various stages of the service lifecycle, and which business events can be indicators of fraud.

For example, a system might be technically integrated, but if the business process for activating a new customer does not include verifying their data through the antifraud module before providing services, the integration will be ineffective. The correct approach begins with a detailed modeling of business processes that encompass customer-operator interaction. This allows for the identification of all potential fraud points, determination of the data needed for their detection, and identification of the systems that are the sources of this data. Only then can the integration architecture be designed. Companies like Softengi have experience in designing and implementing such complex integration solutions that consider not only technical but also business aspects.

Practical case: building a unified customer profile for fraud prevention

Consider a telecom operator facing fraud related to unauthorized use of roaming services. Traditionally, the softswitch records calls, billing charges them, and the antifraud system analyzes only aggregated data. The problem arises when fraud occurs through short but numerous calls to premium numbers, which might not raise suspicion when analyzed in isolation.

Integrated systems enable the creation of a unified customer profile (Customer 360), which combines data from:

• Softswitch: Information on all calls, duration, direction, connection type. For example, DooxSwitch (a platform for managing telecom infrastructure) can provide detailed Call Detail Records (CDRs) in real-time.
• Billing: Payment history, tariff plan, spending limits, service consumption history.
• CRM: Contact details, interaction history, customer type, connection date.
• OSS/BSS: Technical connection parameters, service status.

Thanks to this unified profile, the antifraud system can detect anomalies that are invisible in disparate data. For instance, if a new customer with a budget tariff plan suddenly starts making a large number of calls to expensive international numbers, this could be an indicator of fraud. The system can compare this behavior with historical data, consider the geographical location, and react instantly—temporarily blocking international calls or sending an alert to the operator.

Key components of an effective antifraud strategy for 2027

To successfully combat fraud, telecom operators need to focus on several key components:

1. Deep integration: Unifying the antifraud platform with billing, softswitch, CRM, and other systems to create a single source of truth about the customer and their activity.
2. Real-time analytics: The ability to process and analyze large volumes of data from the softswitch and other network elements for instant threat detection and response.
3. AI/ML utilization: Employing machine learning algorithms to detect complex fraud patterns that are not identified by traditional rules. AI/ML allows the system to learn from new types of attacks.
4. Flexibility and scalability: Solutions must adapt to new types of fraud and handle the growing data volumes associated with 5G expansion. Platforms like DooxSwitch provide the necessary flexibility for integration and functional expansion.
5. Response automation: The capability to automatically take action in response to detected fraud, such as blocking services or changing traffic routing.

Business outcomes: robust protection and improved customer experience

Implementing an integrated antifraud strategy brings direct financial loss reduction for telecom operators. Rapid detection and blocking of fraudulent activities minimize damages. Simultaneously, it enhances the operator’s reputation and increases customer trust, as security is a loyalty factor for customers.

Furthermore, integrated systems allow for the optimization of operational costs by reducing staff workload. Automation frees up resources for more strategic tasks. A unified customer profile not only helps combat fraud but also provides valuable data for service personalization and improving customer experience. This allows operators not only to protect themselves but also to grow.

Readiness checklist for an integrated antifraud strategy