What to expect when Bandwidth identifies a potential Fraud Event


Thomas Soroka


Bandwidth generally monitors customer traffic patterns to detect if potentially fraudulent activity may be present on customer accounts which are enabled for outbound calling.

This monitoring is primarily used to protect the Bandwidth network from fraudulent call traffic, and therefore is not meant to take the place of network security measures within your own systems.

As a courtesy, if our monitoring systems detect suspicious call traffic we may elect to notify you. If so, Bandwidth will generate a ticket as the means to notify you that our monitoring system has detected atypical traffic patterns associated with your account. 

In the event that unusual activity is detected, the Bandwidth NOC team may also elect to place restrictions on the IP addresses associated with the suspect traffic.  They will notify you via a ticket, informing you that a potential fraud event has occurred.

In this ticket, you will find Call Detail Records, also known as CDRs, providing details about the call traffic in question, along with any action we may have elected to take.


In order to have any IP restrictions removed, please take the following actions:

First, start out by reviewing the attached CDR’s to determine if the activity is indeed fraudulent.
  • If you determine that the traffic is fraudulent, isolate and remove the source of the traffic from your network, and update the ticket stating that you have done so.
  • Please be aware that regardless of the origin of the traffic, under the terms of your agreement Bandwidth customers remain responsible for any charges associated with the event.
  • If the traffic is determined to be legitimate, please update the ticket stating the traffic is not fraudulent, and that you accept the charges.
Once you have updated the ticket, our technicians will be notified to remove the restrictions which may have been applied to the affected IP addresses.


As a reminder: Bandwidth monitoring should never be used in place of security measures on your local network, and we encourage all customers to have adequate security features and monitoring in place to protect their networks from fraudulent calling.

Article is closed for comments.