Managing Fraud Operations? Questions you should ask yourself..

Fraud management is not only tool or people, it is a comprehensive practice comprising of 8 different elements:

• Influence
• Organization
• People
• Process
• Tools
• Knowledge Management
• Coverage
• Continuous Improvement

If you are a fraud manager, you should be worried about the health of each one of these operational elements.

The purpose of this post is not to list any measurement methods (see this post for FM KPIs) around these, but to provide you with a list of targeted questions which you should ask yourself to gauge each operational element.

Each of the below written questions can be a discussion point in itself which may help you get a first hand picture for a much detailed open table brainstorming or introspection sessions & further actions.

Influence:

• Is my FM function on a driver seat or secondary role & working as a support function ?
• How should I enhance the influence of my FM function ?

Organization:

• How to ensure FM awareness keeps pace with the upgrading business dynamics ?
• How to enhance internal & external collaboration with FM function ?
• How to get higher return of investment from FM ?
• How to further reduce the fraud impact on the bottom line ?
• How to build proactive fraud management function ?

People:

• How to enhance resource competency & knowledge against current & future services ?
• Is resource acquisition better or resource development ?
• How do I safeguard myself from attrition ?

Process:

• How is my performance management ? Do I have effective SLAs and KPIs ?
• Are we creating & maintaining effective fraud policies, processes and SoPs ?
• Are we adopting and implementing best practices ?

Tools:

• Is the FM tool adapted to my business environment ?
• How do I ensure that the FM tool is fed accurate, complete and timely data ?
• Are my fraud controls effective & efficient ? How do I reduce false positives ?

Knowledge Management:

• Is my team using the FM tool effectively & efficiently ?
• Is there sufficient attention on upgrading to the required skill sets ?
• Is my team keeping pace with constant fraud mutations ?

Coverage:

• Is my current fraud coverage adequate ?
• What needs to be done to ensure new services are covered through fraud controls ?
• Am I ready for converged frauds such as financial services, entertainment etc.  ?

Continuous Improvement:

• How can we improve the fraud function’s effectiveness & maturity continuously ?
• What metrics should I use to measure health of the overall FM function ?
• Are we conducting sufficient & periodic RCA & decision analysis ?
• How to gather accumulated wisdom & actionable intelligence for improvement?

Bypass Fraud Detection - When accuracy meets higher coverage and flexibility!

There have been so many discussions within the industry to identify method which is best suited to combat bypass fraud, specially ones conducted through the means of SIM Boxes. And, without argument, there have been the following 2 clear leaders:

• TCG (Test Call Generator)
• FMS (Fraud Management System) Analysis

While it is true that most of the operators (across tiers) around the world are relying on TCG or FMS for the detection of bypass fraud, these methods are not without their shortcomings.

TCG Approach (Test Call Generation)

Advantages

• High Infection Rate: Because the major TCG vendors are experienced in terms of the detection of rouge/grey routes, the fraud hits sometimes are as high as 90% & above against the total test calls generated

• Possibility of faster detection: Sometimes fraudulent MSISDNs can be detected even when no or extremely low Bypass traffic is generated. There is no criteria of minimum amount of traffic to enable detection.

Disadvantages

• Susceptible to counter attacks: TCGs may become less effective just after few days of operation as the bypass racket operator may program the node to reject (or leave) calls originating from the TCGs after some experience or pattern analysis around provisioned (barred) MSISDNs

• Minimum learning out of Fraud Hit: In absence of call details against the hits encountered, only route information is available to TCG vendors to tune & focus their call campaigns. E.g. If route A has provided only 20% infection rate & route B has provided 70%, TCG is going to concentrate more on route B, even if there is higher amount of bypass occurring on route A which can be revealed by inducing more test calls. 

• Fraud Hit Coverage: A maximum of one fraudulent MSISDN can be identified per test call. Hence, if there is an agreement of 10,000 test calls between a TCG vendor & Operator, the maximum fraudulent MSISDNs which can be detected in the network will not be more than 10,000. Ideally, more hits will attract more investment, in the absence of which related, but unidentified MSISDNs will continue to exist in the network.

• Incomplete coverage: Practically, it is not possible to cover all rouge routes across the world. Coverage of routes is also coupled with number of test calls agreed in the contract.

FMS Approach (Statistical Analysis)

Advantages

• Higher Potential Coverage: With the availability of CDRs, call profile and pattern based detection, accompanied by advanced analytics, FMS has the potential to cover all fraudulent MSISDNs

• Higher Control & Flexibility: Any bypass fraud specific call patterns can easily be converted to fraud controls for higher & accurate detection 

Disadvantages

• Reactive monitoring: The pattern based detection techniques provided by FMS tend to be more reactive than TCGs due to the criteria of minimum (threshold) based detection. Unless there is a usage made doesn't match or cross the configured pattern configured for detection, the MSISDN will remain undetected

• Latency in detection: Reactive method of detection followed by the investigation process involved to confirm the fraud, FMS leads to a high detection & provisioning latency.

• Constantly Updating Calling Patterns: Fraudsters also review the programmed calling patterns out of the SIM Boxes and them constantly to avoid detection. This makes FMS statistical analysis approach also highly susceptible to counter attacks. With the evolution of Bypass fraud through programmable equipments, Inter connection voice and SMS, Data usage, actual subscriber usage pattern mimicking etc., fraud detection through FMS rules has become more difficult than ever as it is sometimes impossible to keep track of and configure the dynamically changing calling patterns as rules.

• Higher False Positives 'or' Higher Leakage: With constantly changing calling patterns accompanied by actual subscriber usage pattern mimicking, FMS based statistical rule based analysis generally leads to high false positives. It has also been observed that if certain controls are made highly stringent to capture specific calling pattern to control false positives, it ends up 'leaking' or not-covering majority of bypass rackets existng in the network.

With the strengths and weaknesses of the FMS and TCG approach known, what can be the solution to the ever increasing Bypass Fraud problem faced by the operators?

How about bringing both the approaches under a single complementing solution which will eradicate the deficiencies faced by each of them individually ?

Eradicating Deficiencies: TCG + FMS Integration

Integrating the accuracy offered by a TCG solution with flexibility and higher coverage offered by a FMS may prove to be the perfect weapon in this current fight against Bypass fraud.

With the same thought process, Subex, the leading provider of Telecom Fraud Management solutions, has come up with the highly effective "TCG + FMS Integration Approach" to help operators around the world combat the menace of Bypass Fraud, more effectively than ever.

Figure below details the high level approach of the integrated solution proposed by Subex:

The idea behind integration is to generate a maximum impact on the whole Bypass Fraud racket using every confirmed fraud MSISDN identified either by TCG or FMS, with both the systems sharing actionable intelligence.

The FMS analytics part of the solution works on the dynamic profiles generated on each and every confirmed fraud case reported by TCG which helps detect other MSISDNs exhibiting similar calling patterns in the network.

This trick of dynamic profiling helps keep pace with the constantly changing calling patterns of the fraudulent MSISDNs being programmed by the fraudsters.

This approach ensures that with every confirmed fraudulent MSISDN identified by TCG, there is a much deeper level of penetration and impact done over the whole Bypass Fraud racket with the large scale detection of it's associated MSISDNs.

The FMS analytics findings, in the means of 'TCG case amplification rates obtained in FMS' can then be fed back to TCG as an intelligence mechanism for better call campaign tuning & more focused test calls generation.

More details around the "TCG + FMS Integration approach" can be obtained here under the section "Whitepapers".

Does This Approach Really Works ? Field Results

A latest POC conducted by Subex for a middle eastern Tier 1 customer for a duration of 1 month showcased the excellent capabilities of the "TCG + FMS Integration approach".

Few major findings of the POC helped the operator with the following revelations:

• 45-50% of the incoming international traffic is being bypassed through illegal routes

• FMS Analytics provided an impressive average detection amplification rate of 35 times. It means that every confirmed fraud MSISDNs TCG reported, FMS analytics was able to reveal atleast 35 other MSISDNs associated to the same Bypass racket

• A sum total of 120,000+ MSISDNs were reported, over and above TCG reported cases, using FMS analytics during the course of the POC

Conclusion: My Views

The "TCG + FMS Integrated Solution" surely shows a potential of becoming the next big thing in the telecom operator's fight against bypass fraud. But, it will be interesting to see how quickly it is adopted as the primary method of detection & protection.

Direct & lesser known indirect impacts of bypass fraud

Presence of Bypass Fraud, ON-NET or OFF-NET is known to have negative impacts on operators, regulators and customers alike.

While the impacts are generally tied to direct revenue losses, there are others which are lesser known, but impose their own set of consequences and are equally important to be taken into consideration while the effects of bypassed calls are talked about.

Few major direct or indirect impacts of bypass fraud are found to be the following:

Revenue loss due to call redirection

International calls are intercepted, redirected and terminated whilst being re-conducted via the fraudulent route, creating a cost / revenue shifting along the way.

In the most extreme cases it is claimed that bypass fraud can account for a 50% reduction in international termination revenues. Reductions of $250K/month in revenues are certainly commonplace, and reported losses up to $200M per annum have been known at a single operator and regulator.

On-Net Bypass Revenue Loss

For On-Network terminating calls (connections used for Bypass Fraud belong to the home operator), the revenue loss per call is directly related to the difference between the international interconnect termination price and the retail price of on-network call.

Off-Net Bypass Revenue Loss

For Off-Network terminating calls (connections used for Bypass Fraud belong to competitor), the revenue loss per call is directly related to the difference between the international interconnect termination price and the local interconnect termination price of off-network calls.

Revenue loss due to service inaccessibility & missing call backs

Bypass Fraud has the negative effect that multiple popular services, e.g. voice mailbox, may not be available. Revenue loss and unhappy customers is the consequence. Also, due to the redirection of calls, none or wrong CLIs will be displayed at the recipient’s side; immediate impact is the inability to “call back” resulting in high opportunity loss of retail revenue.

Call Hijacking and lack of Lawful Interception

Bypassing involves hijacking call traffic and routing them over unauthorized channels. This act is identified as illegal in many countries not only in terms of route bypassing, but also in terms of possible national/personal security intrusion.

Also, due to the lack of the original CLI, Lawful Intercept (LI) of the bypassed call is not completely possible. This leads to a failure in terms of national regulatory compliance.

Additional Investment

Sometimes traffic hot-spots and congestion caused by bypassed traffic can lead to substantial unnecessary site acquisition and roll-out costs for new radio access equipment (BTSs, Node Bs, and even BSCs).

Image loss due to bad QoS

Bypass Fraud generally is based upon redirecting calls over inadequate, highly compressed IP connections, resulting in poor voice quality and increased call failure rates because of congestion caused through use of a bypass. Call setup time or routing delays are extended which also leads to the impression of an overall bad service quality by the home network operator.

Geographical Distribution - CFCA Fraud Loss Survey 2013

CFCA (Communications Fraud Control Association) has been one of the most respected anti-fraud organization in Telecom since 1985.

Every two years they survey telecom operators and carrier around the world to gain insight on the situation of fraud in different regions and publish results which have been widely accepted and well received by the whole industry.

Recently, CFCA published the results of their "Global Fraud Loss Survey" for the year 2013, which had the following high level results:

• CFCA estimate annual fraud losses are $46.3 billion for 2013, up 15% from 2011
• Fraud losses make upto 2.09% percent of global telecom revenues
• The top five methods for committing fraud were identified as:

• The top five types of fraud reported by operators were identified as:

The survey results made me a little curious in terms of visualizing how the numbers are distributed against every region. Hence, I did a small exercise of breaking up survey results to get a feel of fraud presence in each region. Findings of this exercise is what this post is based upon.

Few points to note before you start:

• The major fraud risks I reported against each region is based upon my experience in the industry and not CFCA.
• My apologies for any inconsistencies in the maps. They are not intentional. The maps were obtained through a regular Google image search.
• I am not sure but there seems to be a little inconsistency related to fraud loss numbers posted by CFCA against the "South Pacific" & "Central & South America" as they look absolutely same. Anyways, I have used the statistics posted by CFCA.

North America

Western Europe

Eastern Europe

Africa

Middle East

South Pacific

Central & South America

Asia

Reference: CFCA (www.cfca.org)

Wholesale Carriers – What if they go beyond protecting only their customers against fraud?

Fraudsters in telecom have always been attracted towards conducting cross border (international) frauds. Reasons such as lack of any country’s jurisdiction, anonymity, cross country non-cooperation and to top it inter operator & inter carrier competition have always provided the much exploited environment to conduct frauds.

Let us start with some industry recognized fraud loss statistics posted by CFCA. The top 4 fraud loss categories reported by CFCA in 2011 were:

• $4.96 Billion (USD) – Compromised PBX/Voicemail Systems
• $4.32 Billion (USD) – Subscription/Identity Theft
• $3.84 Billion (USD) – International Revenue Share Fraud
• $2.88 Billion (USD) – By-Pass Fraud

Considering a well accepted fact in telecom that “Subscription/Identity Theft” fuels other fraud types such as IRSF, all fraud types in the list somewhat end up generating (mostly) international traffic. Domestic traffic involvement in these frauds is found to be minimal.

Whenever an international fraud is identified by an operator at the source of traffic generation, it is generally followed by blocking the traffic to that destination as a preventive action. As an additional step, which is quite rare, a legal action is also carried out against some local goons involved in generation of the traffic identified as fraudulent. But, as we all know, the actual masterminds and the owners of the destinations identified as fraudulent remain free to explore another way of generating traffic to these destinations through any other operator, located anywhere in this world.

To make situation worse, a retail operator, sometimes is not even able to identify the root cause of the suspect spike or pattern seen to some of the non-risky or non-hot numbers/destinations as the traffic might be generated by exploiting certain arbitrage, FAS or other rogue interconnect revenue generation scenarios occurring down in the call transmission. Result, the operators give it a pass all because they do not detect any direct impact to their revenues.

But, what if the wholesale carriers, who carry traffic to these destinations also join this unending fight against fraud, with a goal of not even notifying and protecting their direct customers to avoid contractual disputes, but with a higher goal of sharing their intelligence with all of their customers, suppliers and standard fraud forums, whenever a potential fraud case is identified.

Let us see how a wholesale carrier is better placed than a retail operator in identifying and protecting against the overall fraud chain which flourish on inflation of traffic to cross border (international) destinations:

Wholesale operator sits in the middle of fraud source and fraudulent destinations which provide it a capability of having a holistic bird’s eye view over the fraudulent traffic from different customers (originations) to different suppliers (terminations) and can pin point the exact destination or number series which is receiving fraudulent traffic.

Carrier can block the traffic to that destination or a specific number series within that destination, thereby not only protecting one customer to which the traffic belonged to, but all of them who may push a similar traffic anytime in future.

Post blocking, the wholesale carriers are also capable of pressurizing the suppliers (other carriers or operators) to take action on the fraudulent parties or number series involved in the fraud racket by stopping the payments or the whole traffic to that supplier rather than individual series. Sharing information and risks against a rogue supplier in the wholesale market can also help avoid supplier to switch the partnership with other carrier.

A wholesale carriers is also better placed than retail operators in identifying any specific suspect international traffic for fraud and fraud proofing the entire customer/supplier base through feedback. Intelligence collected through any fraud case identified over any customer traffic can be seamlessly passed on to all customers and suppliers in order to protect them from similar threat. This will specially empower the customers who are retail operators by helping them stop or reduce generation of fraudulent traffic at the source itself.

The following figures will help understand how the intelligence flow will help fight cross border telecom frauds: 

Presence of a fraud identification and analysis mechanism in the wholesale carrier hands will also help the carrier meet the “anti fraud” clauses present in modern RFP requirements posted by the potential customers and will also help develops confidence to get into anti fraud amendments and best efforts based loss repayment contracts with the customers/suppliers, thereby earning more customers.

Said that, the approach will only be successful when there is enough participation from the wholesale carriers around the world, who because of the current telecom scenario, are also suffering from diminishing margins and dropping profits due to the cut throat competition.

This approach requires investment in order to empower the carriers with fraud analysis capability, which is not going to be made by medium and small players, unless there is a huge value add shown to them or there is a direct pressure from majority of the customers and suppliers to act against frauds. And this can only happen when all the parties involved are determined for a fraud free environment and are able to create an environment of seamless intelligence sharing.

Measure & track health of your Fraud Management function

If you don't track it, you won't crack it!

Q- Is our fraud management function operating efficiently ?

Q - How is our performance management framework ? Are we using effective metrics ?

Q - What are the KPIs to measure the performance of the overall FM operations and also the individuals ?

Well, I have faced questions similar to above during numerous customer meetings, conference calls and internal discussions within my organization.

I have also seen operators struggling and making 'not-so-effective' decisions based upon some handful KPIs which do not showcase accurate health of the fraud management operations.

It also breaks my heart sometimes to see CxOs trying to make sense out of some technical cum operational level KPIs which have been supplied to them. Do they really need them, always ?

So, what are the set of KPIs which can provide the much needed, audience specific insights on the ongoing fraud management operations ? KPIs, which collectively provide a fuller, much elaborate picture of the current state and when created a trend, can work as an effective tool in tuning the operational performance and maturity further ?

With whatever limited experience I have had till now being part of telecom fraud management, I have tried to come up with my own list of "Base KPIs" which I feel are important to capture in terms of measuring the overall health of fraud management operations and also can help derive 'KPIs.

What more ? If the 'historical' results against these KPIs are preserved, they may prove to be useful as an inputs to that 'let's-optimize' analytics programme which your top line management is so interested in.

For the same reason, with the KPI list, I am also providing the recommended trending cycle.

So, lets get to the KPIs.

I have distributed KPIs in two large buckets - Executive (CxO Level) and Fraud Operations (Lead & Manager Level)

Bucket A - Executive KPIs

Executives, considering they mainly deal with the numbers revolving around finance, I have defined the following 2 categories of KPIs for their use:

Category 1 - Fraud Loss & RoI: High Level

This category deals with one of the most exciting but controversial numbers out of fraud management like fraud loss and fraud loss avoided. I will not be gong into details on how to calculate the FL & FLA against a fraud case as part of this blog, but will definitely cover them sometime in future.

The KPIs which I made part of 'Fraud Loss & RoI' category are:

• Fraud losses encountered vs. number of fraud cases identified - daily, weekly & monthly trend
• Fraud loss avoided vs. number of fraud cases identified - weekly & monthly trend
• Fraud losses encountered vs. fraud loss avoided - weekly & monthly trend

Category 2 - Revenue & Bad Debt vs. Fraud

This category helps executives view the impact of fraud & fraud management operations on a much larger scale. These are the statistics which most of the industry studies concentrate on. It covers:

• Revenue stream revenue vs. revenue stream fraud loss - monthly trend
• Total bad debt vs. fraud loss encountered - monthly trend
• Total never pay vs. fraud loss encountered - monthly trend
• Total bad debt vs. Total never pay - monthly trend

One point to note here is that these KPIs depend on KPIs (Bad debt, Never Pay, Revenue etc.) available outside fraud management (Analytics Team, Credit Risk team etc.) purview and because of this dependency, it is better to set documented interfaces with teams responsible for the delivery of the required statistics which can help govern the periodicity & timelines of the data being delivered.

Bucket B - Fraud Operations KPIs

Managers and leads who are responsible to guide fraud operations on a day to day basis need to track the ground level KPIs and work with the more more complex numbers to make improvements in terms of individual performances, fraud run times, fraud coverage and operational efficiency & maturity.

KPIs to be tracked by managers and leads have the following categories of KPIs to deal with:

Category 1 - Fraud Loss & RoI: Low Level

While this category is similar to the 'Fraud Loss & RoI' category under Executive KPIs, the intent is to get to more granular level of identifying where the FL or FLA is concentrated:

• Fraud loss per fraud type - weekly & monthly trend
• Fraud loss avoided per fraud type - weekly & monthly trend

Category 2 - Efficiency

This category of KPIs are an indicator of fraud management function efficiency. Any improvement in the performance if a direct sign of improvement in fraud operations. But mind it, any large deviations (both +ve or -ve) in trend can also be an indicator of glaring issues and anomalies:

• Average Total Case Run time - weekly & monthly 
• Average Fraud Case Run time - weekly & monthly 
• Average Fraud Case Run time: business hours vs. non business hours - monthly 
• Average Fraud Case Run time per fraud type - weekly & monthly 
• Average Non Fraud Case Run time - weekly & monthly 
• Average Non Fraud Case Run time: business hours vs. non business hours - monthly 
• Average Fraud Loss per Case - weekly & monthly 
• Average Fraud Loss per Case per fraud type - weekly & monthly 
• Max. Fraud loss per case - weekly
• Max. Fraud loss per case per fraud type - weekly
• Total cases decisioned to fraud hit ratio (Count & %age) - weekly & monthly 
• Total cases decisioned to Non fraud ratio (Count & %age) - weekly & monthly 

Category 3 - Violations/Cases

These set of KPIs measure fraud function's performance in terms of identifying total cases generated and decisioned by the analysts. This helps identify any anomalies with respect to timely case closure:

• Case creation rate - hourly, daily, weekly and monthly
• Total cases generated vs. total cases decisioned (Fraud/Non Fraud) - daily
• Total open cases - Snapshot

Category 4 - Rules

Identifying and controlling the efficiency of fraud controls/rules is one of the most tedious task for a fraud manager or his SME/Lead. Rules are hard to interpret. They require a much larger theater to guess their actual performance. Hence the following KPIs use much larger data set than usual:

• Rule health & RoI: Covering Rule Name, Total Closed cases, case participation against total cases closed, Fraud cases, Fraud Participation against total cases declared as fraud, Fraud Hit Ratio, Fraud Loss Identified, Fraud Loss Avoided
• Detailed Rule trend: Periodic (Daily,Weekly, Monthly) trend of each rule covering Total cases generated, case participation against total cases generated, Total Closed cases, case Participation against total cases closed, Fraud cases, Fraud Participation against total cases declared as fraud, Fraud Ratio, Non Fraud Ratio, Open case Ratio, Total Risk Identified (Value of total cases generated), Fraud Loss/Risk Identified (Value of total fraud cases), Non Fraud Risk Identified (Value of total non fraud cases), Open Risk Identified (Value of total open cases), Fraud Loss Avoided, case Run Time, Fraud Run Time

Category 5 - Analyst Performance

Analysts are the souls of any fraud operations. Judging their performance is a complicated and sensitive matter. Data against the below provided KPIs must be collected on a much higher frequency (atleast daily) than any other KPIs:

• Individual analyst work rate - daily, weekly and monthly
• Team work rate - daily, weekly and monthly
• Individual analyst Non Fraud vs. Fraud - daily, weekly and monthly
• Individual analyst fraud hit %age - daily, weekly and monthly
• Analyst wise under investigation cases snapshot
• Individual Analyst Average Case Investigation Time - daily, weekly & monthly 
• Individual analyst Average Total Case Run time - daily, weekly & monthly 
• Individual analyst Average Fraud Case Run time - daily, weekly & monthly 
• Individual analyst Average Non Fraud Case Run time - daily, weekly & monthly 
• Individual Analyst Average case Investigation Time - daily, weekly & monthly 

Additional Trends

While KPIs provided above may provide satisfactory coverage in terms of fraud management function's performance metrics, there are certain trends which I feel are worth capturing and can come handy in times of quick decision making or to visualize certain 'not-so-critical' items, when the operations demand:

Trends 1 - Cases

• Fraud Case Count - daily, weekly and monthly 
• Non Fraud Case Count - daily, weekly and monthly 
• Business hours vs. Non business hours cases - monthly
• Business hours vs. Non business hours fraud cases - monthly

Trends 2 - Rules

• Average Latency per rule - Average time passed between first CDR participated and case generation
• Rulewise business hours vs. non business hours case generation - monthly
• Rulewise business hours vs. non business hours fraud case generation - monthly

Trends 3 - Subscriber

• Fraud loss per subscriber category - weekly & monthly 
• Subscriber Deviation: Status wise (Active, suspended, disconnected) subscriber count deviation between Billing & FMS - Monthly
• Subscriber Count: Total subscribers in each category within FMS - Monthly
• Subscriber category coverage: Number of rules monitoring the group/category - Monthly
• Subscriber category Wise Total case Generation - Monthly
• Subscriber category Wise Fraud case Generation - Monthly
• Subscriber category Wise Non Fraud case Generation - Monthly
• Subscriber categories not covered as part of any rules - Monthly
• Subscriber categories exclusion (not covered) against fraud type - Monthly

Trends 4 - Traffic

• Total Traffic per revenue stream according to record type (MOC, MTC etc.) and Service Type (Data, SMS, MMS, Voice) - daily, weekly and monthly 
• Total International Country Wise Outgoing & Incoming Traffic per service type - daily, weekly and monthly
• Total VPMN Wise Outroamer Outgoing & Incoming Traffic per service type - daily, weekly and monthly 
• Total Inroamer Outgoing & Incoming Traffic per service type & operator code - daily, weekly and monthly

Trends 5 - Reference Data

• Phone Numbers with no subscriber information - daily & weekly
• Cellsites (Geographic Position) not configured in FMS but being received as part of CDRs - monthly
• Rate plans not configured in FMS but being received as part of Subscriber Information - monthly

Trends 6 - TopX

• Top 5-10 fraud types - weekly & monthly 
• Top 5-10 high risk subscriber/account groups/categories - weekly & monthly 
• Top 10-20 high risk regions (geographic positions) - weekly & monthly 
• Top 5-10 high risk international destinations (countries) incoming - weekly & monthly 
• Top 5-10 high risk international destinations (countries) outgoing - weekly & monthly 
• Top 5-10 high risk national destinations (prefixes) - weekly & monthly 
• Top 10-20 high risk dealers/outlets/agents - weekly & monthly 
• Top 10-20 high risk accounts - weekly & monthly 
• Top 10-20 high risk accounts - weekly & monthly 
• Top 10-20 high risk rate plans/packages/bundles - weekly & monthly 
• Top 10-20 high risk IMEI series - weekly & monthly 
• Top 10-20 high risk IMSI/CCID series - weekly & monthly 
• Top 10-20 high risk Phone Number series - weekly & monthly 
• Top 10-20 highest value fraud incidents - monthly
• Top 10-20 longest run fraud incidents - monthly
• Top 10-20 highest traffic regions (geographic positions) for voice & sms - weekly & monthly  
• Top 5-10 performing rules w.r.t. fraud to non fraud ration - weekly & monthly
• Top 5-10 performing rules with total frauds identified - weekly & monthly
• Top 5-10  rules with highest fraud loss and fraud loss avoided identified - weekly & monthly
• Bottom 5-10 rules with highest case run times - weekly & monthly
• Bottom 5-10 rules with highest fraud run times - weekly & monthly
• Bottom 5-10 rules with highest false positives - weekly & monthly