Fraudsters redirect international call legs into OTT apps (WhatsApp, Skype, Viber) to skim the termination spread. Calls appear to terminate on your network but bypass the international settlement. We detect it from the call records.
Traditional SIM box fraud terminates international calls as local via GSM gateways. OTT bypass is the next-generation variant: fraudsters route the international leg into an OTT app, the OTT terminates the call as data on the destination MNO. International settlement is never raised. The MNO sees local data traffic, not an international call.
OTT-originated calls have a distinctive signature, short durations, clustered A-numbers, repeated B-number patterns. We flag them within minutes.
OTT-originated calls often present a domestic CLI on a call that should be international. We cross-check CLI against expected routing.
Per-corridor baselines on ACD, ASR and CLI presentation. OTT bypass shows up as deviation from the corridor’s normal traffic shape.
OTT bypass is hard to catch with firewall rules, the traffic looks like OTT data, not international voice. The detection happens in the CDR stream, comparing observed behaviour against per-corridor baselines.
Real-time ingestion of call records. We correlate the international leg, the OTT leg and the terminating leg, and flag the gap.
Each corridor has its own normal. ACD below two minutes on a corridor where the baseline is six, with a cluster of identical A-numbers, is the OTT bypass signature.
Automatic rules throw false positives, typically around 30% of flagged traffic. Our analysts review before the route is hard-blocked, so legitimate OTT calls are not collateral damage.
OTT bypass patterns shift as fraudsters adapt. We re-baseline every quarter and ad-hoc when an anomaly persists.
OTT voice traffic overtook international TDM in volume years ago. Some of it is legitimate OTT termination. Some of it is bypass dressed up as OTT. The job is to tell the difference.
The cost
Margin spread
OTT bypass does not appear on the fraud loss line of the P&L. It appears as revenue you never saw, calls that should have generated international settlement but instead rode OTT and paid you nothing.
You cannot reconcile what was never billed.
Field note
Fraud teams that focused for years on SIM box detection now spend an increasing share of their time on OTT bypass. The mechanics are different; the loss is the same, termination revenue that should have been collected and was not.
We detect both.
Send us 48 hours of CDRs. We will flag the calls that look like OTT termination dressed up as direct.
Español