Friday, April 11, 2014

Managing Fraud Operations? Questions you should ask yourself..


Fraud management is not only tool or people, it is a comprehensive practice comprising of 8 different elements:

  • Influence
  • Organization
  • People
  • Process
  • Tools
  • Knowledge Management
  • Coverage
  • Continuous Improvement

If you are a fraud manager, you should be worried about the health of each one of these operational elements.

The purpose of this post is not to list any measurement methods (see this post for FM KPIs) around these, but to provide you with a list of targeted questions which you should ask yourself to gauge each operational element.

Each of the below written questions can be a discussion point in itself which may help you get a first hand picture for a much detailed open table brainstorming or introspection sessions & further actions.

Influence:
  • Is my FM function on a driver seat or secondary role & working as a support function ?
  • How should I enhance the influence of my FM function ?

Organization:
  • How to ensure FM awareness keeps pace with the upgrading business dynamics ?
  • How to enhance internal & external collaboration with FM function ?
  • How to get higher return of investment from FM ?
  • How to further reduce the fraud impact on the bottom line ?
  • How to build proactive fraud management function ?

People:
  • How to enhance resource competency & knowledge against current & future services ?
  • Is resource acquisition better or resource development ?
  • How do I safeguard myself from attrition ?

Process:
  • How is my performance management ? Do I have effective SLAs and KPIs ?
  • Are we creating & maintaining effective fraud policies, processes and SoPs ?
  • Are we adopting and implementing best practices ?

Tools:
  • Is the FM tool adapted to my business environment ?
  • How do I ensure that the FM tool is fed accurate, complete and timely data ?
  • Are my fraud controls effective & efficient ? How do I reduce false positives ?

Knowledge Management:
  • Is my team using the FM tool effectively & efficiently ?
  • Is there sufficient attention on upgrading to the required skill sets ?
  • Is my team keeping pace with constant fraud mutations ?

Coverage:
  • Is my current fraud coverage adequate ?
  • What needs to be done to ensure new services are covered through fraud controls ?
  • Am I ready for converged frauds such as financial services, entertainment etc.  ?

Continuous Improvement:
  • How can we improve the fraud function’s effectiveness & maturity continuously ?
  • What metrics should I use to measure health of the overall FM function ?
  • Are we conducting sufficient & periodic RCA & decision analysis ?
  • How to gather accumulated wisdom & actionable intelligence for improvement?

Wednesday, January 22, 2014

Bypass Fraud Detection - When accuracy meets higher coverage and flexibility!

There have been so many discussions within the industry to identify method which is best suited to combat bypass fraud, specially ones conducted through the means of SIM Boxes. And, without argument, there have been the following 2 clear leaders:
  • TCG (Test Call Generator)
  • FMS (Fraud Management System) Analysis
While it is true that most of the operators (across tiers) around the world are relying on TCG or FMS for the detection of bypass fraud, these methods are not without their shortcomings.


TCG Approach (Test Call Generation)

Advantages
  • High Infection Rate: Because the major TCG vendors are experienced in terms of the detection of rouge/grey routes, the fraud hits sometimes are as high as 90% & above against the total test calls generated
  • Possibility of faster detection: Sometimes fraudulent MSISDNs can be detected even when no or extremely low Bypass traffic is generated. There is no criteria of minimum amount of traffic to enable detection.

Disadvantages

  • Susceptible to counter attacks: TCGs may become less effective just after few days of operation as the bypass racket operator may program the node to reject (or leave) calls originating from the TCGs after some experience or pattern analysis around provisioned (barred) MSISDNs
  • Minimum learning out of Fraud Hit: In absence of call details against the hits encountered, only route information is available to TCG vendors to tune & focus their call campaigns. E.g. If route A has provided only 20% infection rate & route B has provided 70%, TCG is going to concentrate more on route B, even if there is higher amount of bypass occurring on route A which can be revealed by inducing more test calls. 
  • Fraud Hit Coverage: A maximum of one fraudulent MSISDN can be identified per test call. Hence, if there is an agreement of 10,000 test calls between a TCG vendor & Operator, the maximum fraudulent MSISDNs which can be detected in the network will not be more than 10,000. Ideally, more hits will attract more investment, in the absence of which related, but unidentified MSISDNs will continue to exist in the network.
  • Incomplete coverage: Practically, it is not possible to cover all rouge routes across the world. Coverage of routes is also coupled with number of test calls agreed in the contract.


FMS Approach (Statistical Analysis)

Advantages
  • Higher Potential Coverage: With the availability of CDRs, call profile and pattern based detection, accompanied by advanced analytics, FMS has the potential to cover all fraudulent MSISDNs
  • Higher Control & Flexibility: Any bypass fraud specific call patterns can easily be converted to fraud controls for higher & accurate detection 

Disadvantages

  • Reactive monitoring: The pattern based detection techniques provided by FMS tend to be more reactive than TCGs due to the criteria of minimum (threshold) based detection. Unless there is a usage made doesn't match or cross the configured pattern configured for detection, the MSISDN will remain undetected
  • Latency in detection: Reactive method of detection followed by the investigation process involved to confirm the fraud, FMS leads to a high detection & provisioning latency.
  • Constantly Updating Calling Patterns: Fraudsters also review the programmed calling patterns out of the SIM Boxes and them constantly to avoid detection. This makes FMS statistical analysis approach also highly susceptible to counter attacks. With the evolution of Bypass fraud through programmable equipments, Inter connection voice and SMS, Data usage, actual subscriber usage pattern mimicking etc., fraud detection through FMS rules has become more difficult than ever as it is sometimes impossible to keep track of and configure the dynamically changing calling patterns as rules.
  • Higher False Positives 'or' Higher Leakage: With constantly changing calling patterns accompanied by actual subscriber usage pattern mimicking, FMS based statistical rule based analysis generally leads to high false positives. It has also been observed that if certain controls are made highly stringent to capture specific calling pattern to control false positives, it ends up 'leaking' or not-covering majority of bypass rackets existng in the network.

With the strengths and weaknesses of the FMS and TCG approach known, what can be the solution to the ever increasing Bypass Fraud problem faced by the operators?

How about bringing both the approaches under a single complementing solution which will eradicate the deficiencies faced by each of them individually ?


Eradicating Deficiencies: TCG + FMS Integration

Integrating the accuracy offered by a TCG solution with flexibility and higher coverage offered by a FMS may prove to be the perfect weapon in this current fight against Bypass fraud.

With the same thought process, Subex, the leading provider of Telecom Fraud Management solutions, has come up with the highly effective "TCG + FMS Integration Approach" to help operators around the world combat the menace of Bypass Fraud, more effectively than ever.

Figure below details the high level approach of the integrated solution proposed by Subex:




The idea behind integration is to generate a maximum impact on the whole Bypass Fraud racket using every confirmed fraud MSISDN identified either by TCG or FMS, with both the systems sharing actionable intelligence.

The FMS analytics part of the solution works on the dynamic profiles generated on each and every confirmed fraud case reported by TCG which helps detect other MSISDNs exhibiting similar calling patterns in the network.
This trick of dynamic profiling helps keep pace with the constantly changing calling patterns of the fraudulent MSISDNs being programmed by the fraudsters.

This approach ensures that with every confirmed fraudulent MSISDN identified by TCG, there is a much deeper level of penetration and impact done over the whole Bypass Fraud racket with the large scale detection of it's associated MSISDNs.

The FMS analytics findings, in the means of 'TCG case amplification rates obtained in FMS' can then be fed back to TCG as an intelligence mechanism for better call campaign tuning & more focused test calls generation.

More details around the "TCG + FMS Integration approach" can be obtained here under the section "Whitepapers".

Does This Approach Really Works ? Field Results

A latest POC conducted by Subex for a middle eastern Tier 1 customer for a duration of 1 month showcased the excellent capabilities of the "TCG + FMS Integration approach".

Few major findings of the POC helped the operator with the following revelations:
  • 45-50% of the incoming international traffic is being bypassed through illegal routes

  • FMS Analytics provided an impressive average detection amplification rate of 35 times. It means that every confirmed fraud MSISDNs TCG reported, FMS analytics was able to reveal atleast 35 other MSISDNs associated to the same Bypass racket

  • A sum total of 120,000+ MSISDNs were reported, over and above TCG reported cases, using FMS analytics during the course of the POC

Conclusion: My Views


The "TCG + FMS Integrated Solution" surely shows a potential of becoming the next big thing in the telecom operator's fight against bypass fraud. But, it will be interesting to see how quickly it is adopted as the primary method of detection & protection.

Tuesday, January 21, 2014

Direct & lesser known indirect impacts of bypass fraud

Presence of Bypass Fraud, ON-NET or OFF-NET is known to have negative impacts on operators, regulators and customers alike.

While the impacts are generally tied to direct revenue losses, there are others which are lesser known, but impose their own set of consequences and are equally important to be taken into consideration while the effects of bypassed calls are talked about.

Few major direct or indirect impacts of bypass fraud are found to be the following:

Revenue loss due to call redirection

International calls are intercepted, redirected and terminated whilst being re-conducted via the fraudulent route, creating a cost / revenue shifting along the way.
In the most extreme cases it is claimed that bypass fraud can account for a 50% reduction in international termination revenues. Reductions of $250K/month in revenues are certainly commonplace, and reported losses up to $200M per annum have been known at a single operator and regulator.


On-Net Bypass Revenue Loss
For On-Network terminating calls (connections used for Bypass Fraud belong to the home operator), the revenue loss per call is directly related to the difference between the international interconnect termination price and the retail price of on-network call.

Off-Net Bypass Revenue Loss
For Off-Network terminating calls (connections used for Bypass Fraud belong to competitor), the revenue loss per call is directly related to the difference between the international interconnect termination price and the local interconnect termination price of off-network calls.

Revenue loss due to service inaccessibility & missing call backs

Bypass Fraud has the negative effect that multiple popular services, e.g. voice mailbox, may not be available. Revenue loss and unhappy customers is the consequence. Also, due to the redirection of calls, none or wrong CLIs will be displayed at the recipient’s side; immediate impact is the inability to “call back” resulting in high opportunity loss of retail revenue.

Call Hijacking and lack of Lawful Interception

Bypassing involves hijacking call traffic and routing them over unauthorized channels. This act is identified as illegal in many countries not only in terms of route bypassing, but also in terms of possible national/personal security intrusion.
Also, due to the lack of the original CLI, Lawful Intercept (LI) of the bypassed call is not completely possible. This leads to a failure in terms of national regulatory compliance.

Additional Investment

Sometimes traffic hot-spots and congestion caused by bypassed traffic can lead to substantial unnecessary site acquisition and roll-out costs for new radio access equipment (BTSs, Node Bs, and even BSCs).

Image loss due to bad QoS

Bypass Fraud generally is based upon redirecting calls over inadequate, highly compressed IP connections, resulting in poor voice quality and increased call failure rates because of congestion caused through use of a bypass. Call setup time or routing delays are extended which also leads to the impression of an overall bad service quality by the home network operator.