A system for the detection of fraudulent use of a wireless telephone system includes a signature analyzer to analyze the transmission characteristic of an unauthenticated transmitter. If the system authenticates the transmitter, based on stored records, the system establishes a customer call profile, based on the geographical location of the wireless telephone at the time of the calls, as well as a time period in which the communication occurs. The system uses these records to establish a customer call profile. The system analyzes a subsequent call and the customer call profile to designate the subsequent call as valid or invalid. The system overrides the decision of the signature analyzer that a particular unauthenticated wireless telephone is fraudulent if the values for call parameters of the subsequent call are sufficiently close to the corresponding parameter values in the customer call profile. The system is adaptive in that old call data records are periodically deleted, thus allowing their replacement with newer call data records
1. A system for the detection of wireless telephone fraud, the system comprising:
A signature analyzer to classify an unauthenticated wireless telephone as authorized or fraudulent based on a transmission characteristic of said unauthenticated wireless telephone in a communication with said unauthenticated wireless telephone;
an origin data storage area to store data related to a place of origin of a particular wireless telephone for each of a plurality of different communications with said particular wireless telephone classified by said signature analyzer as said authorized wireless telephone;
a timer to determine a time period associated with each of said plurality of different communications with said authorized wireless telephone;
a time storage area to store said time period in association with each of said plurality of different communications; and
a decision engine to analyze a communication with an unauthenticated wireless telephone classified by said signature analyzer as said fraudulent wireless telephone at a time subsequent to said plurality of different communications with said authorized wireless telephone, said decision engine designating said subsequent communication as valid regardless of whether said signature analyzer identified said unauthenticated wireless telephone as said fraudulent wireless telephone if a place of origin of said subsequent communication matches one of said places of origin in said origin data storage area and if a time period of said subsequent communication matches one of said time periods in said time storage area.