How Fraud Monitor Detects Fraud

The Session Monitor probes and Oracle Communications Session Border Controllers with the embedded probes software enabled send monitoring information to the Mediation Engines. The Mediation Engine (ME) then feeds call state information to Fraud Monitor. Fraud Monitor analyzes every incoming call and applies various rules to them. A single rule or a combination of multiple rules may add enough points to trigger a fraud alert. Alerts are on two levels: warning and critical. Warning level alerts should be investigated while critical level alerts can be considered proven fraud incidents, for example, due to hits on the blacklist which contains known incidents.

Note:

A user (also known as a subscriber to distinguish between users of the system and participants in monitored calls) is identified either by his IP address or by the local part of his From SIP URI. If the SIP URI is sip:2125551234@example.com, then the user is shown as 2125551234 in the GUI.