Tags Posts tagged with "Business Intelligence"

Business Intelligence

0 381

Operators and global industry forums continue to wrestle with the question of whether or not to merge their fraud and security teams/work-groups to cope better with criminals who are breaking in through IP-based networks in order to derive profit for themselves (or their causes), or just to wreak havoc and disruption on their “enemies”.  Fraudsters are not just partaking in the traditional crimes of bypass fraud, roaming, Dial Through, AIT/PRS, Call Selling fraud etc., but also the exciting new stuff…. Phishing, malware, spoofing, DDoS, Trojans etc.

One can be forgiven for thinking that fostering closer links between fraud and security domains is breaking new ground in terms of responding to the threats posed by 4G/LTE, NextGen, the continued growth of e/m-commerce and the proliferation of data passing over networks.   I guess it is a sign of my advancing years that I can’t help feeling that we have been here before…

15 years ago, when I was prepping for an interview for my first job in the fraud management arena, I was listening open-mouthed as a fraud expert was explaining to me the finer points of PBX Hacking.  Thinking back, two things were very clear:-

  1. The Operator in the UK already had a merged fraud and security group (which they later separated out, then subsequently re-merged again, by the way).
  2. The main advice to combat PBX Hacking was prevention, not detection… and that meant security prevention. The operator was keen to tell its business customers that they needed to physically lock away their PBX equipment, protect their passwords, switch off unnecessary/vulnerable services such as DISA/Voicemail, carry out security awareness training for switchboard operators, support staff, suppliers, use barring at switch or extension level, keep PBX call logging records to see hacking attempts before they succeed, shred old copies of internal directories, vet their security/cleaning staff, etc. etc.   The FMS only stepped in when all the prevention activities failed and the PBX was breached.  By the time that happened, operators were already losing money directly, if they were responsible for the switch, or indirectly if their customers were liable.  Customers may have been unwittingly facilitating the fraud by their lack of security awareness etc. but even so, if a small business – used to paying perhaps $1000 a month for calls, suddenly gets a bill for $20000, they are going to fight it, refuse to pay it or be unable to pay it.  The indirect cost to the operator of customer complaints, disputes, potential court cases, damage to the brand, bad publicity, negotiated settlements, debt write-off and churn etc. can cost far more than the original bill.  It was a lose/lose situation… unless you were the fraudster.

These days, with the emergence of 4G/LTE, IP-based Networks, perpetrators are still committing the same underlying crime for the same motives as before, but now they are breaking in through a host of different entry points, wearing better disguises, carrying bigger SWAG bags and using faster getaway vehicles.  In truth, many operators are struggling to keep up with the high number and seemingly unpredictable nature of these attacks.

Security teams are traditionally very good at preventing access to networks, but they are not perfect.  The pace at which network elements, components, interfaces and transactions are increasing is making it impossible for all the preventative measures to be in-situ from day one.  Not to mention the surfeit of off-the shelf tools that fraudsters can use to break in to more and more lucrative areas of daily commerce.

In practice, Prevention alone cannot succeed.  Detection, Analysis and Response are also essential elements of the fraud management cycle.

Cycle

 

So, my point is this…. security and fraud teams cannot operate in silos.  Security teams must continue to try and prevent malicious intrusion as much as possible.  That requires taking in a lot of real-time data from the access points, identifying the nature of the content and the data patterns and quickly blocking anything that looks dubious.  But when the intruder gets in (and they do in their numbers), that is when the fraud team can also play their part.

Whilst the security team controls corporate IT networks, how well can they police the mobile workers and the homeworkers, the tablet users, the App Store/Android Users etc.?  And if you think that profiling subscribers was difficult historically, how much harder is it when you can’t even define what a subscriber is, let alone track their behaviour.  In the new world, the relationship between account holder, subscriber and product/service is not always obvious.  Also, the billing relationships for transactions can be mind-boggling.  Couple this with the speed at which these transactions are taking place and the value of services and content being passed across a proliferation of bearers, and you have a minefield to negotiate.

This is where a good Fraud Management System can supplement an operator’s security tools.  An FMS must now be equipped to take in much larger volumes of data than before, in many different forms and process it much quicker.   Any reputable FMS vendor will now be offering solutions with large scale, flexible data handling tools (including probe / deep packet inspection events), internal/sales partner audit logs/feeds, inline service/transaction monitoring, exhaustive rules engines (real-time, in-line and statistical), subscriber grouping & profiling features, reference data including Hotlists/Blacklists, fraud and device “fingerprinting” capabilities, ID verification, alarm prioritisation and established, flexible workflows, with a range of analytics tools and visualisation features.  All these components – in the hands of an experienced and well-managed fraud operations outfit – will help to choke fraudsters and drive them out to look for easier targets.

So, in summary, don’t let the security guys take all the strain at the prevention stage.  Share the data, share the knowledge and spread the load to the fraud team for a more comprehensive response.

To get more information about Subex Fraud products please click here.

People of a certain “vintage” will remember well the speech by former US Secretary of Defence, Donald Rumsfeld when questioned on the lack of evidence linking the Iraqi government with the supply of chemical weapons to terrorists. For many of us it took a second hearing to fully appreciate the difference between our “known knowns” and our “known unknowns”, and if you are anything like me then the concept of ‘unknown unknowns’ – well that took a little bit longer!

The speech has been the source of much discussion through the years and the basic principle has been applied to many situations and domains, including Fraud Management.  However, one of the most interesting parts of the speech has largely been overlooked in all of the focus on the “knowns” and “unknowns”. In responding to the question Rumsfeld’s first sentence was;
“Reports that say that something hasn’t happened are always interesting to me”.

Fraud management, as with most other operational functions, is largely focused on something happening, whether that is in relation to configuring rules in the Fraud Management System or in working out the effectiveness of your business function (people &  process). The emergence of certain fraud types through the years has started us on the track of reaping the benefits from looking at things that have not happened as a detection method but for many organizations the principle has not been fully embraced.

Most organizations are now looking into more detailed analytics, but within these analytics programs, how much emphasis is put on things that didn’t happen?  Additionally, in a dynamic environment such as Telecoms Fraud Management even what we “think” we know (“known knowns”) may be rapidly out-dated or superseded.

In the “Big Data” era things are likely to be even more challenging for Fraud Professionals as the haystack just got a lot bigger, so even trying to keep on top of what we think we know is going to be a challenge. To start trying to uncover our “Known Unknowns” and “Unknown unknowns”,  – that will take INSIGHT.

To get more information about Subex Insight please click here.

0 128

In my last post, I tried to highlight the “revenue” aspect for RA and the way KRA’s should be worked on. In continuation to that post, here are 5 questions that should be considered before starting of the RA activities:

  1. Who is responsible for RA?  It has to be a collective responsibility across the organization where every team/department has their role to play. Being in the Revenue Assurance department, is almost as good as being a Product Manager- where the individuals do not have a lot of control on the rest of the organization, yet they are suppose to own and be “solely responsible” for the role/product in the company. Hence, aiding in RA activities is as much a responsibility of Marketing and Network departments as it is for the core RA team.

  1. What should be viewed as the tactical task for the RA department?  All actions/activities that has the ability to allow the operator to generate revenue needs to be monitored to make sure there are no leakages.

  1. What is the ideal number of controls that should be worked on by the RA teams? This depends on the maturity of the organization in terms of organization, influence, people, process and tools. Hence it is always preferable to perform a quick maturity analysis, based on which primary focus areas would be identified and controls created. Not all controls would necessarily impact revenue. Understanding the maturity enables the creation of a roadmap for improvement across the organization. Typically there is NO need to have hundreds of KPIs to monitor each segment or process. This is because of the 80-20 rule. 80% leakages can be found by 20% of appropriate controls. Hence it is essential to work on controls/KPis that have maximum impact, rather than trying to monitor hundreds of them.

 

  1. 4.       Is Cost Management a part of RA activities? Only when the RA team is capable enough to secure the top-line for the organization, should they focus their activities on more strategic objectives like cost and margin assurance and management. Revenue maximization should ideally not be a part of RA department activities.  Most RA teams should venture into this area solely to ensure they provide ample Business Intelligence for marketing and sales departments to take the information to the market to generate more revenues.

 

  1. 5.       What are the most important parameters to report on?  RA departments should look to quantify the findings from data analysis to provide view of
    1. a.       leakage detected
    2. b.      leakage corrected and recovered
    3. c.       leakage corrected and recovered as percentage of detected
    4. d.      leakage detected as percentage of revenue
    5. e.      leakage detected as percentage of EBIDTA
    6. f.        time to recover from detection of leakage.

In a nutshell, RA is not rocket science, but it is an extremely important and challenging aspect of business- not only telecoms but across other industry verticals as well. The effect in telecoms is much more because of the complexity of operations.

In following articles, we would talk more on RA, scope, new horizons and verticals for RA. Stay tuned.

Follow Us