Data stream based event sequence anomaly detection for mobility customer fraud analysis is presented herein. A system obtains a sequence of events comprising respective modalities of communication that correspond to a subscriber identity associated with a communication service—the sequence of events having occurred within a defined period. Based on defined classifiers representing respective fraudulent sequences of events, the system determines, via a group of machine learning models corresponding to respective machine learning processes, whether the sequence of events satisfies a defined condition with respect to likelihood of representing a fraudulent sequence of events of the respective fraudulent sequences of events. In response to the sequence of events being determined to satisfy the defined condition, the system sends, via a user interface of the system, a notification indicating that the sequence of events has been determined to represent the fraudulent sequence of events.

A subscriber information authentication system that compares network-obtained and device-obtained information to verify that a device being used in connection with a user account is authenticated for that account. Certain subscriber information may be associated with the account during a registration process. In subsequent attempts to access the account, the registered subscriber information may be used in conjunction with information obtained from a telecommunication network and from a device to verify that the device is authorized. The information from the telecommunication network may be queried using Signaling System No. 7 (“SS7”) protocols. The device authorization may be performed, for example, to ensure that a device being used for device-based verification is the device a user purports it to be.

When an SIP server (24) receives a call signal addressed to a callee side terminal (31), a number conversion history set by an SIP server (22) that has transferred the call signal in a transfer service involved with a number conversion is read from the call signal, and if the number conversion history meets a specific condition, a warning signal is transmitted to the callee side terminal (31) before the call signal is transmitted to the callee side terminal (31). The SIP server (24) transmits a warning signal to the callee side terminal (31) if the number of times of number conversion is equal to or greater than a predetermined number as a specific condition.

In some implementations, a device may receive a SIP invite associated with a call to a first user device from a second user device. The first user device may be associated with a first network and the second user device may be associated with a second network that is separate from the first network. The SIP invite may include an identity header that indicates a carrier identifier associated with the second network. The device may authenticate the call based on a caller identification associated with the second user device and the carrier identifier. The device may send, based on authenticating the call, the SIP invite to the first user device to indicate, in association with receiving the call and via a user interface, an authorized entity associated with the carrier identifier according to the SIP update.

A method for processing messages by a device of a Voice over IP (VoIP) network. The method includes, following receipt of a message initiating a VoIP call coming from a terminal: determining whether the message contains a public telephone identity allocated to a user by the VoIP network; if so, triggering setting-up the VoIP call with a recipient of the message; otherwise: setting up a VoIP channel between the terminal and a voice server hosted by the device; obtaining, by the server via this channel, an authentication code of a user of the terminal; if the authentication code is associated at VoIP network level with a public telephone identity allocated by the network to a user, providing to the terminal the public telephone identity and authentication data associated at VoIP network level with this identity for making VoIP calls and being authenticated to the VoIP network.

A computer captures a voice of a user. The computer determines a frequency spectrum and a voice pattern of the voice. The computer identifies one or more topics of the voice by transcribing the voice by a natural language processing. The computer identifies the user based on matching the frequency spectrum of the voice to the frequency spectrum of the conversation and the pattern of the voice to the pattern of the conversation when a conversation is intercepted and determines a trust score based on comparing the one or more topics to the one or more topics extracted from the conversation.

This disclosure relates to generating telecommunication network measurements. In one aspect, a method includes presenting, by a client device, a digital component that, when interacted with, initiates a call by the client device to a phone number specified by the digital component. A trusted program stores, in a presentation event data structure, a presentation event data element specifying the phone number and resource locator for a reporting system to which reports for the digital component are sent. The trusted program detects a phone call by the client device to a given phone number. The given phone number is compared to one or more presentation event data elements stored in the presentation event data structure. A determination is made that the given phone number matches the phone number specified by the digital component. In response, an event report is transmitted to the reporting system.

The present disclosure provides a computer system, method, and computer-readable medium for a computer processor to detect, prevent and counter potentially fraudulent communications by proactively monitoring communications and performing multi-step analysis to detect fraudsters and alert communication recipients. The present disclosure may implement artificial intelligence (AI) algorithms to identify fraudulent communications. The AI model may be trained by real world examples to become more efficient.

Systems for and methods of training a spoofing detection model include receiving a plurality of customer call interactions; classifying each of the plurality of customer call interactions as a spoofed call or a non-spoofed call using a spoofing detection model; generating a voiceprint for each of the plurality of customer call interactions; comparing the generated voiceprints; grouping the generated voiceprints into one or more clusters based on the comparing, wherein each cluster represents a single speaker; locating a cluster containing a spoofed call and a non-spoofed call, thereby indicating that the non-spoofed call was misclassified by the spoofing detection model; and updating the spoofing detection model with the non-spoofed call.

A system can be operable to receive a call from a communication device and identify whether the call is a spoofed based on, for example, whether a caller party user equipment associated with a caller identification number (caller ID number) is in an “idle” status, whether there are inconsistencies in the geographic location associated with a calling party's network and the geographic location determined to be associated with the caller ID number presented, and whether the phone number presented as the caller ID number is registered with a calling party's network.