If you’ve ever checked your phone’s call history to see when someone last rang, you’ve probably seen information such as the caller’s name, the call time, and the call duration. These are just a few of the fields that phone services capture in call detail records (CDRs).

Complete call detail records store much more data, such as the route the call traveled, which device it came from, and any errors encountered during the call. This data is used by your phone provider to make sure their network is working properly, and could be used by law enforcement during an investigation.

In businesses and call centers with large phone systems, CDRs are an important place to look for signs of fraud. Hackers routinely target VoIP and landline phone systems that do not have safeguards in place to prevent unwanted calls.

I’ll walk you through how to find CDRs on your phone system, how to interpret the information they contain, and how to detect fraudulent call schemes like traffic pumping and toll fraud.

How to read call detail records

Unless you are hosting your own phone system, call detail records are available in the same web portal you use to sign into your Voice over Internet Protocol (VoIP) phone system or call center software. How you access CDRs varies depending on your provider, but you can most likely find them under a setting called Call Logs, Call Records, or Call History. There may be more than a dozen fields contained in the records; here are some of the most commonly visible.

  • Origin number: The number that made the call.
  • Receiver number: The number that received the call.
  • Date of call: When the call was made.
  • Time of call: At which time it was made.
  • Call duration: How long each call lasted.
  • Call type: Whether it was an inbound or outbound call.
  • Location: From where the call originated geographically.

What you see depends on your organizational role and your phone provider. An admin, IT personnel, or VoIP system provider can access a much wider range of information, with varying levels of granularity depending on the system and regulations.

For example, they might be able to see the device type, software model used, user information, and call quality metrics such as errors or delays. These details are handy for tracking a call’s origin, troubleshooting VoIP systems, and even detecting potential fraud.

Automated call detail records analysis

The sheer volume of information inside the average CDR database would be overwhelming for anyone to analyze manually; modern call center software can process this data at scale and extract insights to guide operations.

Here’s how it works: First, the software gathers vast amounts of CDRs and stores them in central data hubs, where it cleans them for analysis. Specialized tools then sift through this data, searching for patterns, trends, and hidden clues.

These insights are displayed on dashboards and reports. Those easy pie charts and stats you see on your call center reporting dashboard? This is the software doing its job.

Call center software automates CDR analysis for many purposes, including accurately tracking and billing customers, providing personalized customer service based on call history, optimizing call routing and staffing levels, and tracking and recording calls for compliance purposes.

Call detail records and fraud prevention

Call detail records have another use case that go beyond optimizing your call center performance: fraud prevention.

How exactly does this work? By taking a quick look at the data supplied by your call detail records, you can spot anomalies in call traffic patterns. This might look like sudden spikes in call volume, especially during off-peak hours, or a surge in calls to high-risk destinations.

Here are three common call center fraud schemes and how to use data from CDRs to avoid them.

Private Branch Exchange (PBX) hacking

Even though basic VoIP security best practices are widely known, company phone systems are exploited all the time. Known as PBX hacking, fraudsters will gain access to a central business phone system and start blasting out expensive calls. These hackers often make off with 5-6 figures easily before they are caught. The business is left holding the bill.

To help prevent this from happening, you can set up real-time alerts that warn you when CDRs show a high volume of calls outside normal business hours, for example. You can also automatically block certain high-risk destinations.

SEE: 7 PBX facts every company should know

International Revenue Share Fraud (IRSF)

Fraudsters might equally exploit your system to make long-distance calls using unauthorized numbers. Usually these are premium-rate, expensive calls, and the fraudster receives a share of those revenues.

CDRs can expose discrepancies between the calling party’s location and the call’s origin, allowing you to block unauthorized numbers and prevent further losses.

All of the information you need to recognize and respond to the most common forms of IRSF and other forms of toll fraud are contained in a CDR. If your business doesn’t need to call outside North America, for example, set guardrails in your system.

Domestic traffic pumping

In this scenario, bad actors within the telecom industry artificially inflate the volume of calls to specific phone numbers to generate revenue. This type of fraud takes advantage of the way intercarrier compensation works in the telecom industry where call termination fees are higher in rural or low-traffic areas.

The bad actors in these cases could be Local Exchange Carriers (LECs), fraudulent call centers, or service providers (like adult chat lines, fax, or conference calls). Similar to IRSF, the fraudster pumps lots of traffic to the bad actor, and they share the revenue gained from increased termination fees.

If you suspect domestic traffic pumping, look for large numbers of calls being routed to the same number, particularly if it is a toll-free number or located in a rural area. Lots of times, hackers use many short duration calls to fly under the radar, padding the numbers gently so a phone system admin doesn’t catch on.

By analyzing CDR data, businesses can identify suspicious call patterns, detect traffic pumping early, and take preventative actions to avoid financial losses.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday