FIGS

Fraud Information Gathering System

Security
Introduced in Rel-4
A standardized system for collecting, exchanging, and analyzing fraud-related information across mobile network operators and financial institutions. It enables the detection and prevention of subscription fraud, payment fraud, and other malicious activities in telecommunications and associated services.

Description

The Fraud Information Gathering System (FIGS) is a 3GPP-defined framework for combating fraud in mobile networks. It is not a single physical system but a set of specifications defining data models, interfaces, and procedures for sharing fraud intelligence. The core concept involves Fraud Information Records (FIRs), which are standardized reports containing details about suspected or confirmed fraudulent events, such as subscription fraud (using stolen identities), payment fraud, or technical fraud (e.g., PBX hacking). These FIRs are exchanged between participating entities, typically via a central hub or directly between operators.

Architecturally, a FIGS implementation involves several key components: Fraud Detection Systems (FDS) within an operator's network that generate FIRs based on analyzed patterns; a FIGS database or repository that stores and manages these records; and interfaces (often based on standardized formats like X.500/LDAP or web services) for secure query and exchange. The process works by an operator's FDS detecting an anomaly—for example, a new subscription with unusual calling patterns matching known fraud characteristics. It creates a FIR detailing the involved identities (MSISDN, IMSI), equipment (IMEI), events, and fraud type. This FIR can be shared with the FIGS community.

Other operators can then proactively query the FIGS database when performing risk assessments, such as during a new customer credit check or when observing suspicious activity from a roaming subscriber. A match against a known FIR can trigger enhanced scrutiny or denial of service. The system's role is to create a collective defense by pooling fraud intelligence, dramatically reducing the time it takes for a fraud pattern detected in one network to be recognized and blocked in another. It operates across administrative boundaries, supporting both national and international fraud prevention initiatives, and is closely related to systems like the Equipment Identity Register (EIR) for tracking stolen devices.

Purpose & Motivation

FIGS was created to address the significant and growing financial losses caused by telecommunications fraud, which became more complex with the globalization of roaming and digital services. Prior to its standardization, operators relied on internal, proprietary fraud management systems and bilateral agreements to share information. This approach was slow, inefficient, and unable to keep pace with fraudsters who quickly moved their operations across operator boundaries. There was a critical need for a common, automated language and process for fraud intelligence sharing.

Its introduction in 3GPP Release 4 was motivated by the rise of GSM roaming fraud and subscription fraud. The system solves the problem of information asymmetry between the fraudster (who can attack multiple networks) and individual operators (who only see a fragment of the overall activity). By enabling rapid, standardized exchange of fraud data, FIGS allows an operator to leverage the collective experience of the entire community. This prevents fraud from simply migrating from one network to another after detection.

The evolution of FIGS has been driven by new fraud types, such as SMS phishing (smishing), IRSF (International Revenue Share Fraud), and fraud involving IoT subscriptions. It provides a foundational framework that adapts to new threats by extending the FIR data model. The purpose extends beyond direct loss prevention; it also protects brand reputation, maintains service quality for legitimate users, and supports regulatory compliance requirements related to security and financial crime. It is a key component of the telecom industry's collaborative security posture.

Key Features

  • Standardized Fraud Information Record (FIR) format for consistent data exchange
  • Supports multiple fraud types including subscription, payment, and technical fraud
  • Enables both proactive queries and reactive alerts between participating entities
  • Facilitates cross-operator and cross-border collaboration in fraud fighting
  • Integrates with operator-internal Fraud Detection Systems (FDS)
  • Provides data models for fraud-related identities (MSISDN, IMSI, IMEI, IP addresses)

Evolution Across Releases

Rel-4 Initial

Introduced the initial FIGS framework, defining the basic architecture for fraud information exchange. It specified the concept of Fraud Information Records (FIRs), the types of fraud data to be collected, and the motivations for a standardized system to combat subscription and roaming fraud across GSM/UMTS networks.

TS 22.031TS 22.032TS 23.031TS 23.035TS 41.031

Defining Specifications

SpecificationTitle
TS 22.031 3GPP TS 22.031
TS 22.032 3GPP TS 22.032
TS 23.031 3GPP TS 23.031
TS 23.035 3GPP TS 23.035
TS 41.031 3GPP TR 41.031