Understanding IRSF Fraud: Protecting Against International Revenue Share Fraud
Vien Van, Senthil Sivasubramanian
BSidesSF 2025 — Here Be Dragons · Day 2 · Main
International Revenue Share Fraud (IRSF) is a largely unknown but financially devastating attack vector in which fraudsters abuse SMS and voice OTP endpoints to generate traffic to premium-rate phone numbers, splitting the resulting revenue with unregulated telecom operators. Companies can lose tens or even hundreds of thousands of dollars before they notice the spike. The good news: it is detectable and mitigable with the right combination of anomaly detection, rate limiting, and operational playbooks. ---
AI review
Solid practitioner talk from Gusto engineers who got hit by IRSF and lived to document it. The attack mechanics are well-explained and the mitigations are real. Not groundbreaking research, but exactly the kind of field-tested knowledge that prevents other companies from learning this lesson the expensive way.