The architects of the Global System for Mobile Communication (GSM) anticipated that mobile networks would need to know the type of connecting devices, the capabilities of the devices, and the limitations of those devices in order to ensure seamless services. As a result, many provisions were made in the original European Telecommunications Standards Institute (ETSI) GSM protocol specifications to support this need. As the specifications matured and expanded to UMTS and LTE, the protocols continued to allow for an exchange of detailed information about the connected device and the serving network.

LATRO’s patent-pending Protocol Signature™ technology takes advantage of this information to proactively detect fraud. Unlike conventional usage-based detection methods including Call Detail Record (CDR) analysis, LATRO’s analytics systems process a much deeper data set from the mobile network signaling transaction records. We refer to this real-time processing as Signaling Analytics. Protocol Signature is one of the detection methods LATRO’s analytics systems employ through Signaling Analytics.

I thought all Fraud Management Systems used IMEI for SIM Box detection?

Protocol Signature does not use the device IMEI (International Mobile Equipment Identity). This is a common misconception. Although IMEI is meant to uniquely identify a mobile device, IMEI spoofing and tumbling are common anti-detection techniques fraudulent SIM Boxes use to fool usage-based CDR analysis. Instead, Protocol Signature characterizes each mobile device connecting to the network according to the mandatory information exchanged in the signaling messages, which cannot be tampered with or modified by fraudsters or subscribers. This information is not contained in CDR records.

The device characterization results from LATRO’s Protocol Signature flag known SIM Box devices as soon as they attempt to register with the mobile network. This empowers mobile operators to proactively control services requested by the SIM cards within the SIM Boxes, leading to pre-emptive blocking in order to prevent costly fraud losses. When bundled with a robust set of additional controls within Signaling Analytics, Protocol Signature detection gives RAFM professionals the edge they need to beat bypass fraud.

What happens when a Fraudster uses a new SIM Box device?

It is certainly common for new SIM Box devices to show up on a given network. LATRO maintains a living database of device Protocol Signatures. The database is updated continuously, and new information is pushed to online systems through maintenance connections. This allows all of LATRO’s customers to benefit from our global visibility to worldwide devices and continuous learning of new device characteristics. Any time a new SIM Box device is detected through any control method, the LATRO system determines and records its Protocol Signature. All subsequent SIM Cards used by the device can be instantly blocked.

LATRO’s team of expert RAFM professionals are ready to help you integrate Signaling Analytics and the benefits of Protocol Signature detection into your SIM Box bypass fraud control strategy. We are happy to work with your team to assess your network environment in order to define a customized and cost-optimized solution that will empower you and your team to exceed their most challenging KPIs.