Bypass Fraud Detection - When accuracy meets higher coverage and flexibility!
There have been so many discussions within the industry to identify method which is best suited to combat bypass fraud, specially ones conducted through the means of SIM Boxes. And, without argument, there have been the following 2 clear leaders:
- TCG (Test Call Generator)
- FMS (Fraud Management System) Analysis
While it is true that most of the operators (across tiers) around the world are relying on TCG or FMS for the detection of bypass fraud, these methods are not without their shortcomings.
TCG Approach (Test Call Generation)
Advantages
- High Infection Rate: Because the major TCG vendors are experienced in terms of the detection of rouge/grey routes, the fraud hits sometimes are as high as 90% & above against the total test calls generated
- Possibility of faster detection: Sometimes fraudulent MSISDNs can be detected even when no or extremely low Bypass traffic is generated. There is no criteria of minimum amount of traffic to enable detection.
Disadvantages
- Susceptible to counter attacks: TCGs may become less effective just after few days of operation as the bypass racket operator may program the node to reject (or leave) calls originating from the TCGs after some experience or pattern analysis around provisioned (barred) MSISDNs
- Minimum learning out of Fraud Hit: In absence of call details against the hits encountered, only route information is available to TCG vendors to tune & focus their call campaigns. E.g. If route A has provided only 20% infection rate & route B has provided 70%, TCG is going to concentrate more on route B, even if there is higher amount of bypass occurring on route A which can be revealed by inducing more test calls.
- Fraud Hit Coverage: A maximum of one fraudulent MSISDN can be identified per test call. Hence, if there is an agreement of 10,000 test calls between a TCG vendor & Operator, the maximum fraudulent MSISDNs which can be detected in the network will not be more than 10,000. Ideally, more hits will attract more investment, in the absence of which related, but unidentified MSISDNs will continue to exist in the network.
- Incomplete coverage: Practically, it is not possible to cover all rouge routes across the world. Coverage of routes is also coupled with number of test calls agreed in the contract.
FMS Approach (Statistical Analysis)
Advantages
- Higher Potential Coverage: With the availability of CDRs, call profile and pattern based detection, accompanied by advanced analytics, FMS has the potential to cover all fraudulent MSISDNs
- Higher Control & Flexibility: Any bypass fraud specific call patterns can easily be converted to fraud controls for higher & accurate detection
Disadvantages
- Reactive monitoring: The pattern based detection techniques provided by FMS tend to be more reactive than TCGs due to the criteria of minimum (threshold) based detection. Unless there is a usage made doesn't match or cross the configured pattern configured for detection, the MSISDN will remain undetected
- Latency in detection: Reactive method of detection followed by the investigation process involved to confirm the fraud, FMS leads to a high detection & provisioning latency.
- Constantly Updating Calling Patterns: Fraudsters also review the programmed calling patterns out of the SIM Boxes and them constantly to avoid detection. This makes FMS statistical analysis approach also highly susceptible to counter attacks. With the evolution of Bypass fraud through programmable equipments, Inter connection voice and SMS, Data usage, actual subscriber usage pattern mimicking etc., fraud detection through FMS rules has become more difficult than ever as it is sometimes impossible to keep track of and configure the dynamically changing calling patterns as rules.
- Higher False Positives 'or' Higher Leakage: With constantly changing calling patterns accompanied by actual subscriber usage pattern mimicking, FMS based statistical rule based analysis generally leads to high false positives. It has also been observed that if certain controls are made highly stringent to capture specific calling pattern to control false positives, it ends up 'leaking' or not-covering majority of bypass rackets existng in the network.
With the strengths and weaknesses of the FMS and TCG approach known, what can be the solution to the ever increasing Bypass Fraud problem faced by the operators?
How about bringing both the approaches under a single complementing solution which will eradicate the deficiencies faced by each of them individually ?
How about bringing both the approaches under a single complementing solution which will eradicate the deficiencies faced by each of them individually ?
Eradicating Deficiencies: TCG + FMS Integration
Integrating the accuracy offered by a TCG solution with flexibility and higher coverage offered by a FMS may prove to be the perfect weapon in this current fight against Bypass fraud.
With the same thought process, Subex, the leading provider of Telecom Fraud Management solutions, has come up with the highly effective "TCG + FMS Integration Approach" to help operators around the world combat the menace of Bypass Fraud, more effectively than ever.
Figure below details the high level approach of the integrated solution proposed by Subex:
The idea behind integration is to generate a maximum impact on the whole Bypass Fraud racket using every confirmed fraud MSISDN identified either by TCG or FMS, with both the systems sharing actionable intelligence.
The FMS analytics part of the solution works on the dynamic profiles generated on each and every confirmed fraud case reported by TCG which helps detect other MSISDNs exhibiting similar calling patterns in the network.
This trick of dynamic profiling helps keep pace with the constantly changing calling patterns of the fraudulent MSISDNs being programmed by the fraudsters.
This approach ensures that with every confirmed fraudulent MSISDN identified by TCG, there is a much deeper level of penetration and impact done over the whole Bypass Fraud racket with the large scale detection of it's associated MSISDNs.
The FMS analytics findings, in the means of 'TCG case amplification rates obtained in FMS' can then be fed back to TCG as an intelligence mechanism for better call campaign tuning & more focused test calls generation.
More details around the "TCG + FMS Integration approach" can be obtained here under the section "Whitepapers".
Does This Approach Really Works ? Field Results
A latest POC conducted by Subex for a middle eastern Tier 1 customer for a duration of 1 month showcased the excellent capabilities of the "TCG + FMS Integration approach".
Few major findings of the POC helped the operator with the following revelations:
- 45-50% of the incoming international traffic is being bypassed through illegal routes
- FMS Analytics provided an impressive average detection amplification rate of 35 times. It means that every confirmed fraud MSISDNs TCG reported, FMS analytics was able to reveal atleast 35 other MSISDNs associated to the same Bypass racket
- A sum total of 120,000+ MSISDNs were reported, over and above TCG reported cases, using FMS analytics during the course of the POC
Conclusion: My Views
The "TCG + FMS Integrated Solution" surely shows a potential of becoming the next big thing in the telecom operator's fight against bypass fraud. But, it will be interesting to see how quickly it is adopted as the primary method of detection & protection.
