4 Fraud Information Gathering System high level requirements

22.0313G Security3GPPFraud Information Gathering System (FIGS)Service descriptionStage 1TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

4.1 Description

It shall be possible for the HPLMN to request the VPLMN to supply certain information about a subscriber from the time the subscriber registers in that VPLMN to the time the last of the monitored activities is finished in that VPLMN, which can be after the subscriber’s de-registration from the VPLMN. The information received by the HPLMN shall be passed to the relevant network or service providers and used to instruct the VPLMN to act in an appropriate way.

Fraud information gathering is controlled by the HPLMN and can be activated and deactivated by the HPLMN only.

The information is received in the HPLMN and is forwarded to fraud detection and control systems. Such systems are out of the scope of this standard.

The subscriber is specified by the IMSI or MSISDN.

4.2 Applicability

This network feature applies to all subscribed Bearer Services and Teleservices and supplementary services of the subscriber. It is not possible to apply FIGS independently to individual Services.

The HPLMN shall be able to specify whether it would like call information on MO calls, MT calls, or both.

4.3 Normal Procedure

The HPLMN shall be able to request a VPLMN to monitor a subscriber.

See Annex A for the definition of the information to be sent for each call event.

If the VPLMN cannot monitor the subscriber, it shall indicate this as a response to the FIGS request.

The FDS will process this information and may then limit the activities of the subscriber using ODB or terminate the subscriber activities using IST, or may allow the subscriber to proceed.

When the home network no longer wishes the subscriber to be monitored by the VPLMN it requests the VPLMN to stop monitoring the activities of the subscriber.

Figure B.1 shows the sequence of FIGS messages passed during a normal case.