Fraud protection configuration

End users’ credentials are vulnerable to hackers.
However, PortaBilling offers protection to users via its fraud prevention
tools.

The Fraud protection functionality is configured for
customers of Universal and Cloud PBX business models in three steps:

1. Fraud
   protection configuration in individual products, allowing IP verification
   to be performed for all accounts using this product.
2. Configuration
   at the customer level using customer sites that can be assigned
   to certain accounts.
3. Configuration
   at the account level (optional).

The Fraud protection functionality for customers who
use services within other business models is configured in two steps:

1. Fraud
   protection configuration in individual products, allowing IP verification
   to be performed for all accounts using this product.
2. Configuration
   at the account level (optional).

Let’s consider the following example: your customer’s
company is situated in Madrid, Spain. You would like to protect this customer
from potential fraud. Since the company is situated in Spain and its employees
mainly make calls from Madrid and other Spanish cities, you perform the
fraud protection configuration so that calls made from Spain can be completed
without restrictions. At the same time, calls made from other countries
are considered suspicious and therefore, forbidden or screened.

Print this page and
use it to check off the operations you have completed while performing
the system setup according to the instructions in this chapter. Please
be sure to perform all of the operations in the order designated (all
of the boxes should be checked); otherwise the service will not work.

Create a Geo profile so that calls made from
Spain will not be restricted and calls made from other countries will
be considered suspicious and therefore forbidden or screened.

1. On the navigation menu, select Sales,
   then Fraud prevention and click Geo profiles.
2. On
   the Create geo profile panel, specify the following details:
   • Name
     – type a geo profile name (e.g., Business customers).
   • Managed
     by – define whether this geo profile will be used by an administrator
     or one of your resellers:
   • Default
     approach to calls – specify
     the call processing approach that is applied to calls from any user location:
     • Trustful
       – calls are allowed
       unless user location is defined as an exception in the profile.
     • Cautious
       – 5 calls are allowed
       before redirection to the screening IVR unless user location is defined
       as an exception in the profile.
     • Paranoid
       – all calls are rejected
       unless user location is defined as an exception in the profile.
3. Click Save.

   

With Paranoid default approach to calls all
calls are rejected or screened. To allow calls from some country (e.g.,
Spain), you should add it to Exceptions.

1. On
   the Geo profile panel that opens, click Call processing approach.
2. On
   the Call processing approach panel, click the Add country
   button for Trustful approach.

   

3. On
   the dialog window that opens, select a country from the list (e.g., Spain)
   or type the name of the country in to Search country/entry field
   and click Add.

   

4. Go
   to the Approach actions panel and specify the parameters for each
   approach:
   • Paranoid
     – define how calls originating from countries specified in this approach
     will be processed:
     • Choose
       Immediately redirect the call to screening IVR to immediately redirect
       calls to the screening IVR. To continue to use the service, the caller
       must provide additional credentials to prove that they are indeed a legitimate
       user.
     • Choose
       Quarantine the account, bypass the screening IVR to immediately
       change the account’s status to Quarantined. After that, any call
       attempts from the account are automatically blocked.
     • Choose
       Reject calls without any further actions to immediately reject
       calls made from countries present in the list. Calls originating from
       trusted countries will come through without restrictions.
   • Cautious
     – define how calls originating from countries specified in this approach
     will be processed:
     • Choose
       Allow … calls before redirecting to screening IVR to still allow
       a customer to make a certain number of calls. The possible
       values are 3, 5 and 10. After that, any attempt to make an outgoing call
       from a country listed here will be screened, and the caller must provide
       additional credentials to prove that they are indeed a legitimate user.
     • Choose
       Reject calls without any further actions to immediately reject
       calls made from countries present in the list. Calls originating from
       trusted countries will come through without restrictions.

       

5. Click
   Save.

Assign the Geo profile that was created in
the previous step to the product that will be used by the employees of
the company.

1. On the navigation menu, select Service
   catalog and click Products.
2. Select
   the Product for which you would like to assign a Geo profile.
3. On
   the product’s panel, click Services, select Voice calls
   and go to Fraud detection page.
4. On
   Fraud detection configuration panel, specify the following details:
   • Geo-IP
     fraud detection – use a slider to enable this feature.
   • Allowed
     location change period, minutes – type 60 here, so that an end user
     can change location during an interval of 60 minutes without needing to
     re-input their PIN.
   • Allowed
     normal calls period after passing screening IVR, minutes – type 60
     here, so that an end user can make calls for 60 minutes after passing
     the screening IVR without needing to re-input the PIN.
   • Geo
     profile – assign the “Business customers” Geo profile that
     you created earlier.
5. Click Save.

Perform the fraud protection configuration on the
customer site so that the settings will be applied to all of this site’s
accounts.

1. On the navigation menu, select Sales
   and click Customers.
2. On
   the Customer panel, click Personal and select Sites.
3. On
   the Sites panel, click Add a site.
4. Specify
   the name of the new site in the Site name field and click Add.
5. On
   the Site panel, enable the Location information option and
   fill in the following fields:
   • Allowed
     mobility – choose Stationary user (permanent location) since
     the employees of this company always make calls from the same location.
   • Current
     location – select the country where the customer is located from the
     list. In our example it is Spain, since the customer is located in Spain.
6. Click
   Save.

Check an account’s fraud protection information and
current status. Change the status if necessary.

1. On
   the Account panel, click Fraud protection. Here you can
   view the Geo profile name and current status for this account.
2. In
   the Change status to field you can change the status of this account.
3. If
   you have modified the Change status to field, click Save
   to save changes.

Perform fraud protection configuration for an individual
user. Let’s assume that this account is used by this company’s sales manager,
whose office is situated in Toronto, Canada, although he travels around
the world from time to time.

1. Open
   the Account page.
2. Select
   Services and go to the Service configuration page.
3. On
   the Voice calls configuration panel, select the Fraud detection
   section.
4. Fill
   in the following fields:
   • IVR
     authentication – if the call has been made from a “suspicious” location,
     this feature will enable or disable a customer’s authentication when a
     legitimate customer attempts to make a call.
   • Location
     information – use a slider to enable this option to provide information
     about the end user’s current ‘default’ country and whether he is permitted
     to make calls from abroad.
   • Allowed
     mobility – only available when Geo-IP fraud detection is set
     to Enabled and a profile is selected in the Geo profile
     option for the account’s product. Select Roaming user (Changeable Location)
     since the user of this account frequently travels; in this case, a location
     change would be considered acceptable.
   • Current
     location – select the country where the customer is located from the
     list. In our example it is Canada, since the user of this account is located
     in Canada
5. Click
   the Save button to save the changes.

Internal subnets such as 10.x.x.x, 172.16.x.x, 192.168.1.x
do not belong to any specific country. However, there is an option called
GeoIPOverride that makes it possible:

• to mark the internal subnets as Internal Networks.
  The Billing Engine considers the Internal Network to be a separate country,
  so any fraud protection settings described previously can be applied to
  these internal subnets.
• to assign the internal subnets to a specific country.

This can be adjusted on the configuration server.

1. On the configuration server clone the currently
   active configuration.
2. Select BillingEngine on the Configuration
   Tree and then choose VoiceCallsRoaming among the Groups.
3. In the GeoIPOverride field mark the subnets
   with “!” to assign them to the Internal Network.
4. Use acountry code top-level domain format
   (e.g., FR for France, DE for Germany, etc.) to assign a
   subnet to a country.
   Each
   record must be written in a separate row.

   The configuration shown in the screenshot means that
   IP addresses from 10.x.x.x, 172.16.x.x, 192.168.1.x subnets are marked
   as Internal Networks. The customer may now move them to “No Restriction,”
   “Suspicious” or “High-risk” lists on the PortaBilling web interface. The
   192.168.222/24 subnet is now considered to be from the Netherlands. Further
   adjustments for this country must also be done on the PortaBilling web-interface.

5. Click
   the  Verify
   button to verify the changes.

   

6. Click
   the  Check/Apply
   button to apply the configuration.

   

The list of countries for each approach is divided
into 7 groups based on the continent they belong to – plus there is also
an extra Other group.

The Other group allows you to allow or restrict
calls coming from specific IP addresses based on the following categories:

• Not
  applicable – this category is used for private or indefinite IP addresses.
• Internal
  network – this category is used for handling private subnets. Please
  refer to the Fine-Tune Fraud Protection
  Settings for Private Networks step for the detailed configuration.
• Satellite
  provider – this category is used for IP addresses from Satellite ISPs
  that provide Internet service to multiple countries.
• Anonymous
  proxy – this category is used for IP addresses that are used as anonymizers
  or VPN services (e.g., Tor exit nodes, public proxies, etc.).
• Europe
  – this category is used for a set of IP addresses that has users all over
  Europe.
• Asia-Pacific
  region – this category is used for a set of IP addresses that has
  users all over the Asia/Pacific region.
  The
  "Europe" and "Asia-Pacific region" categories do not
  include all the IPs covered under those respective regions. Blocking "Europe"
  will only block a small portion of IP addresses. It will not affect
  all European countries. In other words, to block all IPs in Europe you
  must block each European country, individually, as well as the "Europe"
  category.