wiki:Security/FraudPreventionFeatures

Fraud Prevention Features

Synopsis

RADIUS protocol is client-server protocol where client (switch, NAS device, gateway) will send AAA requests to RADIUS server. It is normally initiated by client only, and therefore status of the NAS is only known to RADIUS server at given time points, and not on continuous basis. Authorization requests are usually issued before call is started, and Accounting information is updated only after call is finished. Therefore in cases when it is possible for particular user or account to initiate more than one call at a time, special measures need to be taken to limit accounts from overrunning their credit limits.

Implementation

ArrowBilling introduces concept of "effective call amount limit". This is dynamically calculated value which limits maximum money available for each call session. It is calculated by following formula:

effective_amount = max_duration * rate_per_minute - rate_per_call
max_duration
maximum duration of the call. It is either system global or account group specific, whichever is smaller
rate_per_minute
tariff rate per minute to call this destination
rate_per_call
tariff fixed connection fee to call this destination

This effective amount can be reduced by administrator setting it lower in Account Groups Security tab (Usage):

One can think of the effective_amount as money blocked in users account while making this call. This is similar to credit card purchases when buyer pays for goods or services which total value is not known in advance.

The final effective amount will be lowest from set by administrator and calculated.

Next the system will calculate possible number of simultaneous calls (sessions):

user_simcalls = ( user_balance + dynamic_credit ) / effective_amount
effective_amount
effective amount, as described above
user_balance
remaining balance for user, including credit limit
dynamic_credit
extra risk credit given to customer. See note below.

Finally, system will check number of current sessions (calls) and if that is less than possible number of simultaneous calls, only then call will be allowed

Note: Dynamic Credit is system feature which will allow more number of simultaneous calls when users balance is getting low. Setting Dynamic Credit to zero, the system will work in most conservative mode, by reducing number of allowed simultaneous calls very early. Setting Dynamic Credit to higher value will allow more simultaneous calls, but carries a risk of credit overrun if users calling pattern is very aggressive towards end of credit. Maximum theoretical overrun value is equal to Dynamic Credit value.

Usage

To control fraud prevention features, use "Security" tab in Clients > Account Groups page.

Maximum Number of Simultaneous Calls
controls minimum allowed simultaneous calls per account. If left on "Do Not Change", no changes will be applied. If any value is selected, then it will override Simultaneous calls setting on each Account page.
Maximum Call Duration, sec
Maximum duration of one call, in seconds. Change will affect all accounts in the group.
Maximum Amount Available for one Call, account money units
This is maximum amount applied to one call. No call can consume more than this amount in one call. This value is used to reduce "effective_amount" explained in section above. Change will affect all accounts in the group.
Dynamic Credit, Account Money Units
Please see explanation above. Change will affect all accounts in the group.
Last modified 6 years ago Last modified on Oct 13, 2011, 7:48:11 AM

Attachments (1)

Download all attachments as: .zip