The Alarm Filters (Toll Fraud Detection)
Example 2: After Hours Long Distance Calls.
This clue counts long distance calls placed after 6:00 PM and before 7:00
am. This type of call could indicate that a hacker has obtained an access
code for an outside line and is using the line to dial long distance numbers
after work hours.
For this example, assume the Alarm Filter Format is defined as shown
in Figure 9.8. Note that the first three lines in Figure 9.8 are sample call
records, and the fourth line is the Alarm Filter Format. The variables B, C,
and E are not used for this clue.
A is the time the call was received or placed.
D is the first seven digits of the number dialed.
Match Parameters for this Alarm Clue would be defined as follows:
Counts calls placed after 18:00 or before 07:00.
* is the logical AND operator.
D=1------ Counts calls where the first digit of the number dialed is
"1". Note that the remaining 6 digits are entered as wild
card characters (-).
|19:18|067|R.JONES |OUT|12145551234 |25:36|04.75|
|19:20|092|J.SMITH |OUT|18008547226 |01:07|00.00|
|21:21|002|R.JONES |OUT|12135551212 |30:15|05.75|
Figure 9.8: Alarm Filter Format; Match Parameters Example 2
