VoIP Fraud Prevention on a Softswitch: SIP Security & FAS

VoIP fraud can drain a prepaid balance in minutes. A carrier softswitch is the first control point when routing, lists, and monitoring live together.

Common fraud types

• Toll fraud / traffic pumping — stolen credentials to high-rate destinations
• IRSF — collusion on expensive termination
• PBX hacking — weak customer credentials abused to originate calls
• FAS — billing for calls that never connected properly
• CLI spoofing / SIM-box — manipulated A-numbers bypass pricing or quality rules

Losses appear as sudden balance drops, ASR anomalies, or margin collapse on specific prefixes.

Edge security

• Strong SIP authentication and IP ACLs
• SIP firewall with rate limits and geo blocks
• DDoS and INVITE-flood protection on signaling
• TLS/SRTP where partners support it

Routing controls

• Per-account credit and CPS limits
• Destination allow/deny lists for premium ranges
• Maximum call duration caps
• Dynamic white/black lists on CLI/CLD with expiry and bulk import

Detection

Fraud often shows in metrics before invoices:

• ASR/ACD/PDD thresholds with actionable alerts (not unreadable email floods)
• Margin alerts when a destination turns negative
• Scheduled autotests with recordings to catch FAS
• Auto-block or deprioritize routes when quality fails

Response playbook

• Freeze account or set CPS to zero
• Add hot prefixes to network-wide blacklists
• Capture SIP trace/PCAP for disputes
• Rotate credentials and force re-registration
• CDR review to find the first fraudulent pattern

On prepaid traffic, speed beats the attacker’s dialer.

Summary

Effective fraud control combines edge security, routing policy, real-time monitoring, and route testing — integrated on the switch, not spread across disconnected tools.