By 2027, telecom fraud will remain one of the most critical risks for communication service providers. 5G, eSIM, VoLTE/VoNR, satellite access, IoT connectivity, and API-driven services increase the number of entry points through which fraudsters can attack the network or monetize traffic. Therefore, an anti-fraud system can no longer operate as an isolated module that analyzes events retroactively. It must be integrated with billing, softswitches, CRM, OSS/BSS, and network elements to view not just the occurrence of a call or session, but the entire context of subscriber behavior, routing, and charging.
Which Types of Telecom Fraud Are Becoming Critical
Modern telecom fraud is not limited to fake calls or unpaid bills. Operators face a wide range of schemes that can quickly generate financial losses:
- IRSF fraud: generating international traffic to expensive destinations or premium numbers.
- Wangiri fraud: massive short calls that provoke the subscriber into calling back a premium number.
- SIM-box and bypass fraud: replacing international traffic with local SIM cards to bypass legal termination.
- Roaming fraud: exploiting delays in roaming billing to quickly accumulate debt.
- PBX hacking: breaching corporate telephony to subsequently generate paid traffic.
- CLI spoofing: masking the caller ID to bypass filters or for social engineering purposes.
- SMS pumping and AIT fraud: artificially generating SMS or verification traffic to earn revenue on fraudulent routes.
- eSIM and digital onboarding fraud: exploiting weak identity verification procedures during remote onboarding.
Why Anti-Fraud Must Work Alongside Billing and Softswitches
A softswitch or other voice infrastructure elements see the technical side of the event: call direction, duration, route, SIP signaling, completion status, and connection attempt frequency. Billing sees the financial side: tariff plan, service cost, balance, credit limit, payment history, and charges. Separately, this data provides only a partial picture. Together, they allow anomalies to be detected much faster.
For example, a single international call might not appear suspicious. But if a new subscriber with a minimum tariff plan generates a series of short calls to expensive international destinations within a few minutes, and the billing system shows no payment history, the anti-fraud system must react immediately. It can automatically restrict international calls, change the route, create an incident for an operator, or request additional subscriber verification.
A Typical Mistake: Integration Without Business Processes
One common mistake is treating anti-fraud purely as a technical project. An operator might connect CDRs, billing, and CRM, but the system will still underperform if business processes are not defined: subscriber activation, tariff changes, roaming activation, credit limit increases, corporate telephony setup, complaint handling, and service blocking.
The correct approach starts not with selecting technology, but with modeling risk scenarios. It is necessary to determine which events can indicate fraud, which systems are the sources of this data, and what actions the anti-fraud platform must execute. This is exactly where the role of an integrator becomes crucial. Companies like Softengi can help design not only the technical integration but also the interaction logic between systems, processes, and operator teams.
Practical Scenario: Detecting a Wangiri Campaign
Imagine an operator registering a wave of short missed calls from international numbers. To the subscriber, this looks like a normal missed call. A portion of users calls back, which then generates expensive international traffic. If the anti-fraud system only analyzes billing events after charging occurs, the operator learns about the problem too late.
An integrated architecture works differently. The softswitch transmits data about short incoming calls, destinations, repetition frequency, and routes. Billing adds information about the callback cost and potential financial risks. The CRM shows whether there are mass customer complaints. The OSS/BSS provides technical context regarding services and subscriber status.
The anti-fraud system correlates these events and identifies a pattern: many short calls from a single international destination, short duration, high probability of callbacks, and an expensive rate. In response, the system can automatically add the destination to a high-risk list, restrict callbacks, modify routing, create an incident for the NOC, or notify subscribers of the risk.
What the Anti-Fraud Architecture Should Look Like in 2027
An effective anti-fraud platform should operate not as a separate reporting module, but as part of the operator’s operational infrastructure. It must receive events in real time, enrich them with data from billing and CRM, analyze behavioral patterns, and trigger automated actions.
- Real-time event processing: processing CDRs, SIP events, sessions, SMS, roaming, and billing events without critical latency.
- Rule-based detection: basic rules for known schemes, such as Wangiri, IRSF, or PBX hacking.
- Behavioral analytics: analyzing the normal behavior of a subscriber, corporate client, or route.
- Graph analytics: detecting relationships between SIM cards, numbers, devices, destinations, and suspicious routes.
- AI/ML models: finding atypical patterns not covered by static rules.
- Automated response: blocking, rate-limiting, changing routing, creating an incident, or requesting a manual review.
- Audit trail: saving the history of decisions for investigations, disputes, and internal control.
The Role of the Softswitch and Billing in Automated Response
A softswitch or telecom infrastructure management platform must be not only a data source but also a point of action execution. Through integration with the anti-fraud system, the operator can restrict certain destinations, block suspicious calls, change routes, or apply special rules for high-risk numbers. For example, DooxSwitch can act as part of such an infrastructure if its events and control mechanisms are integrated with billing and anti-fraud logic.
Billing, for its part, allows for assessing financial risk in real time. If the system detects a rapid increase in costs, exceeding the normal consumption profile, or atypical activity from a new subscriber, it can automatically apply a limit, suspend the service, or escalate the incident to customer support.
Business Results for the Operator
Integrated anti-fraud reduces direct financial losses, shortens incident response times, and lightens the workload on support, billing, and network operations teams. But its value is not limited to security. Such a system helps to better understand subscriber behavior, route quality, risky destinations, and weak spots in business processes.
For customers, this means fewer erroneous charges, faster incident response, and a higher level of trust in the operator. For the business, it means more controlled costs, more transparent processes, and a lower risk of revenue loss due to fraudulent schemes.
Integrated Anti-Fraud Readiness Checklist
| Criterion | Status |
|---|---|
| Described main types of fraud risks: IRSF, Wangiri, SIM-box, roaming fraud, PBX hacking, SMS pumping. | |
| Identified data sources: softswitch, billing, CRM, OSS/BSS, CDRs, SIP events, SMS events, roaming events. | |
| Built logic for real-time monitoring and event processing. | |
| Configured rules for known fraud scenarios. | |
| Implemented behavioral analytics and graph analytics for complex schemes. | |
| Defined automated actions: blocking, limits, routing changes, incident creation. | |
| Described business processes for activation, roaming, tariff changes, corporate telephony setup, and incident handling. | |
| Established an audit trail for investigations, disputes, and decision control. |