HOW TO PREPARE YOUR FMS FOR NEW SERVICES AND NEW NETWORKS SPONSORED BY
INTRODUCTION
NEW BUSINESS MODELS + NEW TECHNOLOGY + A BIT OF IMAGINATION = NEW FRAUDS The telecoms industry has always suffered from the malicious impacts of fraudsters. Whether it was bashing the edges of coins to make coin operated phones accept lower value coins, dealer frauds at calling card vendors or the emergence of mobile malware usage, the industry has come to an acceptance that some revenue will be lost to fraud. As the economic environment in the telecoms industry tightened at around the turn of the millennium, communications service providers (CSPs) started to focus on how much they could prevent and recover of the tens of billions of dollars of telecoms fraud they suffer each year. The figures are substantial. In its 2015 Fraud Loss Survey, the Communications Fraud Control Association (CFCA) found that CSPs lose US$38 billion to fraud each year. To combat statistics such as this, CSPs made the investment in fraud and analytical tools to identify and prevent frauds of a bewildering number of types, detailed in Figure 1, which shares the results of the CFCA survey. These give a reflection of the current types of fraud that CSPs have to battle. However, we expect this to change. Despite the change in technology and new business models we tend to see almost the same fraud types appearing at the top of the rankings every year.
2
Figure 1: What do you view as the top fraud methods at your company? 0%
2%
4%
6%
8%
10%
12%
PBX Hacking IP PBX Hacking Subscription Fraud (Application) Dealer Fraud Subscription Fraud (Identity) Abuse of Networ, device or cinfiguration weakness Account Takeover Subscription Fraud (Credit Muling/Proxy) Abuse of Service Terms and Conditions Internal Fraud / Employee Theft Wangiri (Call Back Schemes)
Source: CFCA, 2015
These early systems – often deployed ten years or more ago – proved effective at uncovering previously unchecked frauds and rapidly proved their value in the form of stemming revenue losses. Vendors were able to make highly attractive claims regarding the revenue their systems could protect from fraud, which far outweighed the cost of the systems themselves. However, the success of such systems led to diminishing returns as easy-to-identify frauds were halted. CSPs continued along the upgrade path, periodically moving to later versions of systems but the industry is now at a break point where traditional systems no longer provide comprehensive ability to address new forms of frauds and frauds on new services. Many ageing systems are still in operation and have not been replaced with newly-designed systems, leaving CSPs’ newer revenue streams open to malicious activity. The problem the industry faces with this lack of replacement is that in the intervening ten to 15 years, the nature of the telecoms business has changed and, inevitably, so have the habits and techniques of fraudsters. It’s important to recognise this is a cat and mouse game in which fraudsters respond rapidly. For example, the introduction of IP network technology led to PBX hacking. Most probably, old systems can't cope with the diversified service arena that now encompasses on-demand, premium services, and the new dynamic, virtualised network arena, enabled by software defined networking (SDN) and network functions virtualisation (NFV). These technologies are enabling a more agile era in which the configuration of the network and the orchestration of services will change continuously producing new doors for fraudsters to enter and at the same time making it far more difficult to track and identify frauds that CSPs are blind to with the new generation of attacks.
3
DIGITAL TRANSFORMATION MEANS FRAUD TRANSFORMATION Digital transformation has seen traditional telecoms services such as metered voice minutes and SMS be replaced by flat rate packages and one-time download fees for content such as video, games and music. These new services open CSPs up to new types of fraud and the stakes are higher for CSPs because they are not just losing out on revenue from unpaid utilisation of their network; they are also responsible for paying content owners fees for fraudulently accessed premium content, video in particular. Where the old systems fall down is that they were designed for an era in which CSPs monitored fraud by analysing call details records (CDRs). These were useful for determining unusual usage or spikes in behaviour that warranted further investigation. Now and further into the virtualised network era, CDRs won’t exist because there is no call to have a detail record of. Although other detail records do exist, these come from sources within CSP IT infrastructure and are challenging to collate and analyse. The arrival of Voice over LTE (VoLTE), for example, means mobile calls are even more exposed to fraud because signalling is implemented in the mobile operating system instead of in the mobile-based broadband network, as it is for 2G/3G telephony. Many of these vulnerabilities can then be exploited remotely through mobile malware to profit fraudsters.
COULD FRAUD MANAGEMENT BECOME A BOTTLENECK? In the absence of CDRs and other types of xDR, fraud management systems need to analyse other data to gain granular insights into suspicious behaviours. The problem is that there are so many areas to assess, as detailed in Figure 1, and such insights need to be generated automatically from a vast array of disparate systems. That situation in exacerbated because Figure 1 only reveals data concerning the frauds that were specifically being looked for. It doesn’t take into account fraud types and methods that were not searched for. As US Defence Secretary Donald Rumsfeld memorably said: “There are known knowns. These are the things we know we know. There are known unknowns. That is to say, there are things we don’t know. But there are also unknown unknowns. There are things we don’t know we don’t know.” Fraud is sometimes like this: an unknown unknown. Traditional fraud management processes don’t address the changed market place and they are also inadequate for securing new types of offering and handling the sheer scale of data involved. There is therefore a real danger that fraud management can become a bottleneck, impeding CSPs’ ability to offer services until fraud can be managed. The systems of a decade ago simply don’t address capabilities that are essential to enable the automated analysis of such large volumes of data. Among the missing capabilities of decade-old fraud management systems are: • Machine learning • Self service analytics • Processing capabilities for Hadoop • Visual interfaces that help make sense of data faster and more meaningful, as we have today • Mobility
4
All of these are required to fully handle the complexity of a multi-network, multiservice infrastructure that is continually changing its function. Technology to support fraud management operations has therefore changed significantly, with an increased reliance on business intelligence (BI) and analytics as a means for uncovering and identifying fraud. Figure 2 below details the hype cycle of BI and analytics and demonstrates the technologies that CSPs are deploying to operate their businesses. Critically, the ability to harness predictive analytics to identify fraudulent behaviour in advance of fraud being committed is being enabled by this technology cycle. This is enabling departments and other CSPs to share insights into frauds so specific instances of fraud are not able to proliferate globally if they have been identified in one location. Figure 2: The hype cycle for business intelligence and analytics, 2015 expectations Business Analytics PaaS (baPaas)
Governed Data Discovery Predictive Analytics
Geospatial and Location Intelligence Event Stream Processing Prescriptive Analytics Decision Management
Logical Data Warehouse Natural-Language Question Answering
Search-Based Data Discovery Tools Self-Service Data Preparation Open Data Smart Data Discovery Graph Analysis Hadoop-Based Data Discovery
Big Data Visual Data Discovery
Operational Intelligence Platforms Context Brokering Platforms Personal Analytics Natural-Language Generation
Text Analytics Mobile BI
R
Business Analytics Service
As of August 2015
Innovation Trigger
Peak of Inflated Expectations
Trough of Disillusionment
Slope of Enlightenment
Plateau of Productivity
Source: Gartner, 2015
The pressure CSPs are under is compounded because of the proliferation of services they are involved in the delivery of. These are often outside the CSP’s control but the CSP is best placed to identify that fraud is occurring because of its insight into the traffic it carries over its networks. For example, with new services such as Internet of Things (IoT) and sensor networks that have fraudulent apps installed, CSPs need the capability to rapidly add new data sources, such as risky IP feeds, for fraud detection to be performed and enable data scientists to model data or advanced analytics for going beyond rule-based detection. There are advantages in combining the two approaches of traditional fraud indicator analytics and the new skills of data scientists but the sheer volume involved means that anything achieved in near realtime or predictively must be done in an automated way.
BREAKING THE RULES Fraud management vendors have been delivering rule-based systems for years because they offer a way of delivering encoded human experts’ knowledge in a fairly narrow way to deliver automation. Even if you have a highly trained fraud management team, having a system from a known vendor will utilise the human expert's knowledge that is built into it to make it available to a very large range of people that work on fraud management within the CSP. Another advantage is that the expertise of an expert in a field can be captured and any knowledge which they might have, will be retained if they leave the CSP.
5
The downside of this approach it that rules are only effective for detecting simple, fixed, known patterns such as validating black lists from fraudsters. Over time, technology has changed to allow fraud managers to address fraud more quickly and efficiently. Machine learning using anomaly detection is just the start for creating actionable intelligence from petabytes of information within the CSP and their surrounding ecosystem. For example, machine learning can identify unusual patterns and correlations from disparate data sources, going far beyond traditional rule-based fraud management. Advanced fraud management systems are even able to deliver a unique visualisation of verification results based on factors such as social network activities. In addition, machine learning algorithms can enable the targeting of more complex risks, including both known and new, unknown threats, and with digitalisation continually breeding new and evolved fraud types, being able to identity and react to different, complicated threats as they arise is key to protecting revenues and reputations.
Figure 3: A Wangiri Attack Blue Lines are calls from a Single Number in Cuba to Brazil
UPGRADE OR REPLACE? CSPs therefore face the traditional challenge of whether to upgrade or replace their fraud management systems for this new era of the telecoms business. The decision is constrained by the availability of resources but also by where their vendor is in terms of its product innovation. Depending on the system that is already in deployment, for many, the upgrade path has reached its end and a new solution and approach is required. The step change in fraud management that is already underway means that system upgrades are so extensive that they do, in effect, represent a new approach and a new product,
6
although legacy capabilities and features are expected to continue to be provided to support traditional services. For many, replacement will make the most sense and have the most attractive business case. After all, there’s little upside in fighting the integration and deployment battles of a system upgrade if it results in force-fitting a system to an environment that it has not been designed to address. Instead, a fit for purpose system that has been designed to address the challenges of the next decade makes far greater sense.
THE FRAUD MANAGEMENT BUSINESS CASE As always in telecoms, a strong return on investment (ROI) case has to be made for either upgrade or investment. Vendors therefore need to arm their customers with the information they need to be able to construct a compelling internal business case for system investment. These customers are in competition in their own businesses to win investment dollars so fraud management system capabilities must not only illustrate the value of fraud management savings but also align fraud management system capabilities with the needs of other departments. CSPs now typically require a sub-12 month ROI timeframe so fraud managers are challenged develop an attractive business case for investment in fraud management. Fortunately, an advanced fraud management system, developed for this new era has additional value to add to the CSP than simply addressing lost revenues.
THE WIDER FRAUD MANAGEMENT OPPORTUNITY Much of the capability required, largely in terms of analytics, to address fraud is re-usable by other parts of the business. The analytics that power fraud management can generate useful business insights for marketing, network planning and operations and service assurance. In this way a business case can be constructed that makes greater sense of the investment requirements of a fraud management system. An ideal situation for a fraud manager would be to win buy-in from the customer experience or marketing department who could share fraud management data in their own departments. This would strengthen the internal business case and move fraud management up the corporate investment agenda. However, this is complex to achieve and necessitates greater internal communication and relationships than have existed within CSPs until very recently. It’s all part of CSPs’ long-term efforts to break down their internal siloes. This hasn’t happened yet but is certainly a goal for CSPs. Extracting intelligence from CSP data depends on the sharing of information at every level within an organisation, and between departments. Different departments must therefore pool their combined knowledge resources and information at the national and international level must also be shared between CSPs to enable them with the power to combat emerging global threats such as new types of fraud and malware.
7
In this new environment, the intelligence passed to the fraud department may come from a wide variety of sources. Sales functions, for example, may identify concerns with a customer whilst conducting credit checks. Staff here should be encouraged to pass on the details when they suspect someone has tried to socially engineer them into deviating from normal procedures.
DEPLOYMENT CHALLENGES & MODELS Given the need to enable greater integration between different departments, it’s clear that fraud management systems can no longer be considered as isolated environments. They need to integrate with other systems and other sources of data likely to lead to fraud identification. This will also see the need to expose fraud insights to other CSPs which presents challenges because, as systems start to get outdated, departments start to conduct their own investigations. For example, if collections aren’t integrated with fraud, the collections department will start its own investigations, replicating work and making findings difficult to share. This fragmentation is one of the reasons why business intelligence (BI) has started to live side-by-side with fraud management departments. However, this results in an ad hoc approach and not a coherent fraud and risk management corporate strategy. Fraud is global and multi-CSP so fraud management must also be fought in the same way, bringing together insights from multiple CSPs, across the world. Organisations such as GSMA and CFCA have been doing a good job to address this need but such efforts need to become automated and not isolated in these organisations’ intranets but open for consulting. This is a cultural shift for CSPs and, although the data would be anonymised and give no financial insight into a CSP’s own operations, a mechanism for data sharing will need to be constructed. CSPs also face challenges in deciding how to deploy fraud management. 20 years ago the in-house team of a national telecoms operator would have developed a system but in most markets those days are long gone and homegrown development is over. A more current question is whether a fraud management system should be deployed by an in-house team or whether it should be deployed as a managed service. A managed service has advantages because it would not require upfront capex and the CSP could move to an opex model. Alternatively, some providers have sold fraud management systems based on a share of revenue recovered or fraud prevented. This model is reliant on accurate reporting and complete trust between CSP and vendor.
CASE STUDY WeDo Technologies’ Fraud Operations Center is assuring the ongoing configuration, operation and training of fraud specialists at Unitel in Angola. "In addition to the implementation of RAID FMS, Unitel has developed, in partnership with WeDo Technologies, an effective programme where the WeDo Fraud Operations Center is assuring the ongoing configuration, operation and training of our fraud specialists, bringing added value at the increase of human skills, knowledge and aptitude for fraud management, contributing also for a complete change of the security paradigm at the company," explains José Carlos Sobreira Martins, the Risk Management, Fraud & Security director at Unitel.
8
CONCLUSION With CSPs now releasing services at a faster rate than they can protect them, fraud management should be part of the digital transformation agenda. CSPs are spending millions on their networks in order to deliver higher value services but they are not matching this by investing a proportionally small amount to protect the new revenues network investments are designed to generate. The increased variety and number of services, and their higher value, are leading to greater CSP consequences for fraud. It’s no longer unbilled network utilisation that worries risk managers, its theft of digital products such as video that they may be liable for. This has raised the stakes but systems are available that can handle the additional stresses of the new environment. Advances in business intelligence and analytics are enabling fraud management systems to analyse the vast volume of data being generated in automated ways. They’re also accelerating the delivery of insights by using techniques such as machine learning to spot trends early and enable predictions of impending fraud to be made. This predictive analytics is re-invigorating the battle against fraud and, coupled with greater sharing of information, the telecoms industry is starting to arm itself for an environment of heightened risk. New threats will come from new sources and attack new service revenues. CSPs need new fraud management systems to combat them because what has worked before won’t work in this new environment.
MARKET INSIGHTS The Global Fraud Report 2015 commissioned by Kroll and conducted by The Economist Intelligence Unit found that the dominant feature of fraud in the technology, media and telecoms industry in the last year was an outsized problem in the area of information theft. Other results in the sector are often positive relative to the rest of the survey.
9
Only 52% of technology, media and telecoms executives say their firms are moderately or highly vulnerable to information theft, just above the survey average of 51%. Investment in IT security software and training of all employees is more widespread than average, yet in both cases the sector is not the leader despite its substantially bigger problem than most, the report adds. Figure 4: Vulnerability to fraud in the telecoms, media and technology sector, 2015 Corruption and Bribery Theft of Physical Assets or Stock Money Laundering Regulatory or Compliance Breach Internal Financial Fraud or Theft Misappropriation of Company Funds Information Theft, Loss or Attack IP Theft, Piracy or Counterfeiting Vendor, Supplier or Procurement Fraud Management Conflict of Interest Market Collusion 0
10
20
30
40
50
60
70
80
90
100
Highly Vulnerable Moderately Vulnerable
The communications industry ranks in the top five industries most threatened by economic crime according to the Global Economic Crime Survey 2016, published by PWC. Telecoms ranks below banking, public, media and transport/logistics. CSPs lose US$38billion to fraud each year, according to last year’s CFCA survey. Top methods are typically (IP) PBX hacking, subscription application fraud, dealer fraud and subscription identity fraud. Not only traditional telecoms is affected: cable, satellite and IPTV providers are targeted by fraudsters with unlawful card sharing and illegal streaming. Editor’s Note: These reports only talk about the known knowns so they may only go some of the way in reporting on the scale of the fraud problem the telecoms industry faces. If tools don’t help to look for additional fraud instances outside the known, traditional areas, such statistics may not provide a complete picture.
ABOUT THE REPORT SPONSOR WeDo Technologies is the worldwide leader in the consolidated market of Revenue Assurance and Fraud Management according with three independent market analyst firms.
www.wedotechnologies.com
10
WeDo provides software and expert consultancy, to intelligently analyze large quantities of data from across an organisation helping to negate or minimise operational or business inefficiencies and allowing businesses to achieve significant return on investment via revenue protection and cost savings. More information available in: www.wedotechnologies.com