Real-time detection of SIM box, Wangiri, IRSF and roaming fraud. Signalling and mediation feeds scored as events arrive, correlated with your rated CDRs on a Kafka-compatible streaming core. Deployed in weeks.
Tier-1 carriers run Subex, Mobileum, or custom-built fraud stacks staffed by 20-person teams. If you're an operator serving 1-20M subscribers, the licensing alone prices you out. Meanwhile SIM box bypass is draining your international termination revenue, Wangiri bots hit your subscribers overnight, and IRSF quietly inflates wholesale invoices you pay 60 days later.
Kafka-compatible ingestion from your mediation layer, rated-CDR exporters, and signalling probes. Flexible ingest adapters with governed Avro contracts once feeds are onboarded, so we adapt to your data rather than the other way around.
Tier-2/3 CDR rates, load-tested beyondOur stateful core joins voice, signalling, and subscriber-profile signals in a single pass. Rule engines catch known fraud patterns, ML scoring surfaces the novel ones.
Sub-150ms end-to-endTrigger a block, rate limit, step-up review, network-policy action or case-management workflow. Every decision is logged with the signals that triggered it, so analysts can see why.
Explainable by defaultTellaris is a real-time decision layer that runs in parallel to the call flow, marrying the signalling layer with the commercial reality of your rated CDRs. It's the glue between systems that don't talk to each other, not another rip-and-replace.
We consume parallel feeds, never inline. Rated and mediation CDRs today; GGSN / PGW, Diameter on the DRA, and SS7/SIGTRAN light up as you publish them. If Tellaris stops, every call still completes.
Tellaris runs next to Subex, Mobileum, clearing-house feeds, and in-house tooling. It correlates the signalling layer with the commercial reality of your CDRs, the silos those systems can't see across.
Decisions map to your own BSS endpoints, ALLOW / TIGHTEN_RULES / CAP_SPEND / BLOCK, via the Triggers page. Fail-closed allowlist, bearer or HMAC auth, no surprise destinations.
Inline enforcement is an upgrade once trust is established, never the starting position. You decide if and when to move from monitoring to action.
Because these typologies share substrate features (velocity, fan-out, destination risk, subscriber deltas), a single streaming pipeline covers them all and extends to new variants as they emerge, alongside your existing systems and not one project per fraud type.
International voice traffic re-terminated over GSM gateways to evade settlement. We detect by correlating call patterns with HLR location, velocity, and CDR signatures.
Missed-call bots seeding callbacks to premium-rate numbers. We catch the campaign footprint in seconds, not after complaints land at customer care.
PBX compromise → high-value calls to IPRN destinations. We rate-limit and alert before the first full-hour session completes.
Impossible-velocity country flips and high-cost roaming abuse. We correlate location, velocity, and destination risk to catch it before the roaming invoice lands.
Runaway consumption from PBX hijack, compromised SIMs, and tariff arbitrage. We cap spend before the loss compounds, rather than after the bill is cut.
Phishing campaigns and A2P grey-route abuse. Metadata-first detection on originator reputation and velocity, with optional content classification where legally enabled, flags new campaigns within minutes.
Every layer of Tellaris is open-source or open-standard. The streaming fraud-detection blueprint (Kafka-compatible ingest, stateful operators, ML scoring) is a proven carrier-grade pattern. Tellaris productizes it: deployable in weeks for operators who don't have a 20-person streaming team.
| Layer | Technology | Note |
|---|---|---|
| Orchestration | Helm on k3s or vanilla Kubernetes | Self-host or managed |
| Detection engine | Stateful in-process decisioning · rules + ML scoring | Sub-150ms end-to-end |
| Ingestion | Kafka-compatible streaming · Avro schemas + registry | Backward-compatible CDR contracts |
| Enrichment | PostgreSQL + in-memory cache | Subscriber + destination risk features |
| Observability | Prometheus · Grafana · OpenTelemetry | Per-rule SLO dashboards |
Tellaris productises a detection approach with a track record in research and at carrier scale, on infrastructure operators already trust. The evidence, not a pitch.
Independent benchmark for ML-based international bypass detection. An industry reference, not a Tellaris result, and the accuracy bar our scoring is built to clear.
Every event is scored and acted on as it streams in, not surfaced in tomorrow's batch report. That is the gap static, after-the-fact tooling leaves open.
The scale of the problem, climbing yearly while prevention spend stays structurally underfunded. The case for getting ahead of it, not chasing it.
Belgian-incorporated. No third-party data brokers. Every decision is logged for analysis, audit and compliance review.
Bring one hour of anonymized CDRs to the demo call. We'll show you the fraud patterns our pipeline finds, which rules trigger, and which ML scores surface the non-obvious cases. 30 minutes, no slides.