FIB Documentation

Appearance

Orillion logo
Soramitsu logo

Fraud events

Fraud event — an occurrence that is suspected or confirmed to be fraudulent.

FIB peers and users can submit data related to these fraud events—contributions—to help identify and prevent future fraudulent activities. By sharing information and collaborating with other participants in the network, contributors can help create a more secure and trustworthy ecosystem that is resistant to fraud and other types of malicious activities.

Types of fraud events

Any given fraud event can be of one of the following types:

  • Wangiri — type of fraud that is mostly referred to as “missed call scam”; these are usually detected by FMS that uploads the details of a fraud event, e.g., MSISDN and country codes of the involved parties.
  • IRSF — type of fraud that generates revenue and traffic by inflating the volume of international traffic to a particular destination; these are usually detected from unusual call patterns.
  • StolenDevice — any fraud that involves a stolen device; these are usually reported either by customers or law enforcement.
  • IPFraud — any fraud that involves a specific IP address; these are usually detected by means of behavioral analysis, geolocation checks, and overall action velocity of any given IP address.
  • SMSA2P — type of fraud that utilizes the rerouting of SMS through SIM boxes, disguising them as legitimate messages; these are regularly spotted manually by operators monitoring traffic patterns, contents and sending rates of any given phone number.

Fraud event data model

Every fraud event that is submitted and stored on the blockchain adheres to the following model:

DataDescription
Fraud IdentifierThe main identifier of the fraud event.
Could be one of the following:
  1. A range of phone numbers (or a single one) compliant with the E.164 international standard and containing a valid National Destination Code.
  2. A range of IP addresses (or a single one).
  3. A unique IMEI identifier of a device.
Fraud TypeThe type of the fraud event.
Could be one of the following:
  1. Wangiri
  2. IRSF
  3. StolenDevice
  4. IPFraud
  5. SMSA2P
Event OriginationThe two-letter code of the country the fraud event originated from (Alpha-2, ISO 3166).
Event DestinationThe two-letter code of the country the fraud event was identified as such (Alpha-2, ISO 3166).
Event ContributorThe unique Domain ID of the peer that contributed the data.
Event StatusThe status of the event at the time of observing.
Could be one of the following:
  1. Active — the event is stored on the blockchain and has not yet expired.
  2. Expired — the event is stored on the blockchain, but is no longer relevant.
  3. Flagged — the event is stored on the blockchain and is flagged by one of the peers.
Event Expiry DateThe exact time and date until which the event is considered relevant.
Event TimestampThe exact time and date of when the event was submitted.
Event Flag TimestampThe exact time and date of when a contribution has been flagged. Only stored if a contribution has been flagged at the time of observing.
Event FlaggerThe unique ID of the peer that flagged the data. Only stored if a contribution has been flagged at the time of observing.
Confidence IndexThe predicted fraud likelihood score in the range from 1 to 100.
Privileged StatusThe definition of whether a contribution is privileged.

INFO

For a more technical outlook on what data related to any given fraud event is stored on the network, see Contributions: API data structures.