Tag Archives: Fraud Management

Digital Advertisement Frauds: A Telco Story (Part 2/3)

[quote_box_center]

This is the 2nd part of the 3 part blog series and covers how the digital advertisement ecosystem works along with understanding how big is the problem of fraud in that ecosystem.

This 3 part blog series puts a light on relevance of Digital Advertisements in telecom space along with providing a high level understanding of it’s ecosystem and fraud risks it injects. Idea is to give readers a basic knowledge of the digital advertisement space and the inherent risks.

The 1st part of this blog series was published on Jan 21, 2016 and you can read the same here.

[/quote_box_center]


Part 2 – Digital Advertisement Ecosystem & the problem of fraud

Advertisement Ecosystem is divided into 9 major components, as shown in the image below:

1

1. Advertiser:

Advertisers are ‘Brands’. Brands which are the source of promotions for a specific product, service etc. This is the entry point of money into the ecosystem – A demand feeder.

2. Ad Agency:

Ad Agencies are the entities who plans marketing & ad campaigns on behalf of the advertiser. They are, generally, also the ad creators, or outsource the creative bit to a media agency.

Ad Agency designs the ad strategy and works with publishers, ad networks and other industry participants making the demand meet the rest of the ecosystem.

3. DSP:

Demand side platform. These are the demand side aggregation platform solution providers. They may be part of an Ad Exchange or maybe separate entities. They allow buyers of digital advertising inventory to manage multiple ad exchange and data exchange accounts through single interface.

4. Ad Exchange:

Like the stock exchanges we all are aware of, Ad Exchanges act as a advertisement digital marketplace that enables advertisers and publishers to buy and sell advertising space, often through real-time auctions/bidding.

These are the points where the demand side generally meets the supply side.

5. SSP:

Similar to DSP, the Supply Side Platform are the aggregation platform solution providers at the supply side who enable publishers to manage their advertising impression inventory and maximize revenue from digital media.

6. Ad Network:

The Googles and InMobis of the world, Ad Networks connects advertisers to web sites that want to host advertisements. The key function of an ad network is aggregation of ad space supply from publishers and matching it with advertiser demand.

The Ad Networks are commonly known to manage most of the data exchange in the ecosystem, while earning most of the revenues.

7. Publisher:

The ad space owner. This is an entity which owns the medium (website, app, content service etc.) to deliver ads to intended end consumers/ad viewers. Commonly known as the consumer touch point.

More touch points, better touch points, better the ranking of the publisher.

8. Consumer:

The ad consumers. Customers. Us. The target entity for the whole Ad Ecosystem.

9. Data Aggregators:

The data crunchers of the ecosystem, Data Aggregators serve as the independent measurement entities for the other players in the ecosystem. Aggregators collect and compile data from individual sites to derive big picture and sell to others.

 

The Payout Models

There are 3 main payout models in the advertisement ecosystem:

2

1. Pay Per Click:

Pay per click, also called cost per click (CPC), is a payout model in which advertisers or ad network pays the publisher when the ad is clicked by the consumer. It is defined simply as the amount spent to get an advertisement clicked.

2. Pay Per Impression:

Pay per impression (CPI), or “pay per thousand impressions” (CPM), refers to the payout model where advertisers or ad networks pays a publisher each time an ad is displayed on its inventory. CPI is the cost or expense incurred for each potential consumer who views the advertisement, while CPM refers to the cost or expense incurred for every thousand potential consumers who view the advertisement(s).

3. Pay By Lead:

Cost per Lead (CPL), also known as cost per conversion, is a payout model where the advertiser pays for each specified action which the advertiser can consider as a business ‘lead’ with verified interest – for example, a form submit (e.g., contact request, newsletter sign up, registration etc.), feedback, double opt-in, sale etc.

[quote_box_center]

The influencer of each payout model, which governs the actual payout while governing the quality rating of a publisher, is CTR (Click Through Rate).

Click through rate is defined as the rate of consumer taking the intended action – click, form fill, registration etc. over the advertisements being displayed to him.

In simple terms, higher the CTR of a publisher, higher is its quality rating. This when mixed with volume of ad traffic, directly influences the revenue for a publisher.

CTR also helps gauge the quality of ads itself – in terms of its creativity, contextuality & relevancy.

[/quote_box_center]

 

Role of a Telco

While traditionally Telcos have been playing a role of an advertiser, they have been slowing growing as publishers too, utilizing their web portal space for the purpose.

But, as I wrote in the first part of this blog series, Telcos are now riding on a significant ‘ad capable’ inventory being generated by their next generation product & services, specially content related.

This significant inventory at their disposal has a capability of turning Telcos into a small or mid sized Ad Network, while setting up advertisements as one of the key revenue source or service adoption enabler over the coming years.

3

 

Fraud Risk Levels in Advertisement Ecosystem

Before we move to the 3rd part in this blog series, let’s look at the existing fraud levels in the Advertisement Ecosystem.

[quote_box_center]

Let me tell you, if you are all concerned about the 1-3% fraud loss levels against traditional telecom services, the fraud levels in the advertisement domain is going to give you sleepless nights.

[/quote_box_center]

To give you an example, one study by MediaPost reveals that, if a company has an online display ad budget of $100,000, then only $8,000 of that ad spend has the “chance” to put advertisements in front of human eyeballs.

That means, if you are paying $0.10 per impression, then the $10,000 that you will pay for 100,000 impressions will result in “chance” of only 8,000 human views—meaning that the effective Cost per Impression will actually be $1.25.

Pushes an organization’s ad investments of the track completely, isn’t it ?

Below are some industry statistics around existing levels of advertisement frauds published by the likes of SunTrust Robinson Humphreys, Ad-fraud prevention firm Pixalate & Forensiq:

4

 

Now, if a Telco’s Fraud Management team were to analyse frauds in the digital advertising domain, it will need to focus on 3 different areas:

5

 

  • Safeguarding your organization’s marketing investments & sales targets: It is more relevant when you see the Telco you are working for, as an advertiser or a brand.
  • Protecting the revenues from AD business & also safeguarding your publisher rating: This is relevant when a Telco acts as a Publisher or an Ad Network
  • Lastly, your own subscriber’s satisfaction & security levels: Now, this one is a bit confusing. But, to understand how advertisement frauds affect Telco’s end subscribers directly, let’s watch a short video courtesy Forensiq:

 

As shown in this interesting video by Forensiq, advertisement frauds not only impacts a Telco’s investments and expected revenues, but also influences customer satisfaction directly.

Recently Three, a leading telecom operator from the UK & Italy, decided to install network level ad-block solution with the below mentioned intent:

“Irrelevant and excessive mobile ads annoy customers and affect their overall network experience. We don’t believe customers should have to pay for data usage driven by mobile ads. The industry has to work together to give customers mobile ads they want and benefit from.”

If Three are successful, I can only imagine similar actions becoming widespread over the coming years or the sane players of the advertisement ecosystem gearing up to counter the problem of fraud like never before.

Clearly, there are two sides of the coin – while advertisements open up new exciting revenue avenues for Telcos, the fraud problem in the ecosystem is so widespread that it has potential to disrupt the whole revenue model built upon it.

[pull_quote_center]In the next part of the blog, we will cover the most interesting bit and understand the presence of digital advertisement fraud risks in the ecosystem along with looking at a few case studies. You will not have to wait far too long, that I promise![/pull_quote_center]

Digital Advertisement Frauds: A Telco Story (Part 1/3)

[quote_box_center]

Look around you and you see posters, hoardings & stand-ins. Look at whatever screen you carry or face and you will see videos, popups & banners. These are “Advertisements” and they are everywhere!

I will not be going overboard when I say advertisements are the fulcrum of relationship between every business and its consumers. Organizations put significant investments into their marketing functions which in turn enables advertisements.

While earlier advertisements were statics in nature – channel run time, physical hoardings etc., they were easy to track to ensure the investments are protected. But, with the advertisements becoming digital, increasingly dynamic & internet driven – There has been an increasing need for measuring & protecting the advertiser’s or brand’s money and even the publisher’s real estate which is used for ad delivery & consumption.

Like it or not – In Telecom space, Digital Advertisements are coming to steal sleep off every fraud manager’s eyes.

From the risk perspective, the domain is complex and different from the traditional Telecom frauds, but the most important point is that advertisements from the internet space bring fraud exposure levels which are much higher than what Telco’s are used to. And containing that, will be a real challenge!

This 3 part blog will put a light on relevance of Digital Advertisements in telecom space along with providing a high level understanding of it’s ecosystem and fraud risks it injects. Idea is to give readers a basic knowledge of the digital advertisement space and the inherent risks.

This is the 1st part of the 3 part blog and covers why telecom industry is looking at Digital Advertisements as their next enabler. 

[/quote_box_center]


Part 1 : Digital Advertisement and Telcos: A match made in heaven

When we think about internet or technology, there are 4 names which cross mind – Google, Apple, Facebook & Amazon.

What the 2 of these 4 giants, Google & Facebook, have taught us that AD revenues are a big deal when it comes to the digital world. With Apple & Amazon also planning to jump the advertisement bandwagon, the belief only gets stronger.

No surprise that Google & Facebook earn 90% of their revenues from advertisements. Also, most of the Apps, specially communication apps also have advertisements at the centre of their revenue model.

Considering this, it was just a matter of time our own Telecom industry shifts its focus on exploring the digital advertisements as one of their primary source of revenue.

The likes of Verizons, Axiatas & Singtels have already invested big in the area of advertisements.

1

Also, some other leading operators like Vodafone, Telefonica, Etisalat and France Telecom have also openly agreed for a bright future of advertisements in telecom industry.

Digital advertisements: Attracting attention within Telcos

If you look at telecom industry as an advertiser, you will find telcos spending 10-15% of their total yearly revenues as marketing budget, out of which 46% is only on digital advertising like website banner ads, video ads etc.

That is quite higher than any other comparable industry sector.

2

And if we believe certain studies conducted by industry experts like Adobe, spend on advertisements is only set to grow:

3

It only shows that telco industry agrees that this spending will only increase with mobile advertisements leading the pack.

4

What will drive this spending on Advertisements further ?

Now lets look at what are the factors which are going to drive the investments in the area of advertisements further.

If you look at the areas marked in yellow in the chart below, you will find that digital Advertisements are among the fastest growing revenue streams for Telecom Industry.

And, if you look at the elements which are marked with red circles, you will see a list of services on which telcos are currently betting big on.

5

These services, which include M2M, Gaming, Music, Video etc., interestingly are set to become the “enabler platforms” to drive advertising revenues further.

And not only that, these services also ensure that Telcos have sufficient advertisement inventory for them to upgrade from just an advertiser to become a big ticket publisher or a small AD Network.

This is the reason why you will find that these services have “Ad Delivery” inbuilt as a core functionality within their framework.

[quote_box_center]

Digital Advertisements are key to make upcoming & exiting product & services more affordable to a Telco’s subscriber base and in turn boost adoption

[/quote_box_center]

Apart from this, we all are aware that content services are set to become a big ticket to monetize the large investments Telcos have been making towards infrastructure & quality of data services.

There are researches from the likes of eMarketer which indicate that content is set to make up 66% of the total traffic in Telco data pipes by the year 2017.

6

Driving on content services, advertisements are set to attract 100 billion dollars in next 1 year and an increase of 233% increase mobile ad spending in next couple of years.

Now, there is little doubt that advertisements are set to become one of the major source of revenues for Telcos or power that next big idea which will be a star of their upcoming annual report!


[pull_quote_center]

In the next part of the blog, we will understand how the digital advertisement ecosystem works along with understanding how big is the problem of fraud in that ecosystem. You will not have to wait far too long, that I promise! [/pull_quote_center]

Key is to ask the ‘right questions’

“In school, we’re rewarded for having the answer, not for asking a good question”

This quote from Richard Saul Wurman rightly describes how a normal human mind, as part of it’s social development process, adapts to the guidelines of “finding the answers”, rather than exploring the possibilities of asking the “right questions”.

And this mindset also reflects in our place of work. We are humanly tailored to explore satisfaction in having answers to all the questions. And in the process of being ‘answer ready’, we tend to become left brain heavy than the right. We become target driven and focus less and less on fresh set of questions which could challenge us further to drive improvement and innovation.

Fraud Management ‘function’ is no different. Being a ‘revenue protection’ function in a large ‘organization’ it is expected to act similar to a small, but important organ in human body.
Like hormone levels of an organ, health of an FM function is also measured in terms of subjective financial targets – either monthly, quarterly or yearly. And the corrective action starts when the achievements are found to be ‘less than optimum’.

But, as an experienced doctor would say – It’s the lifestyle you need to keep in check and not hormone levels to remain healthy!
Constant self-assessing questions such as – “Am I eating right ?”, “Am I sleeping right ?”, “Am I sitting right ?”, “Am I exercising right ?” etc. go a long way in guaranteeing you a healthy life. Periodic check-ups then becomes a method to confirm your good health rather than just means to detect illness or deficiencies.

Keeping healthy is a continuous process – be it human body or fraud management. It is actually a practice, than just a function.
And to setup a continuously improving fraud practice in your organization it is essential to keep asking relevant & timely questions across the following 8 pillars of this practice:

  • Influence
  • Organization
  • People
  • Process
  • Tools
  • Knowledge Management
  • Coverage
  • Continuous Improvement

While the questions could be an organization, risk or region specific, I personally always start with the following:

Influence:

  • Is our FM function on a driver seat or secondary role and working as a support function ?
  • How should we enhance the influence of our FM function ?
  • How do we keep showcasing enhanced value from FM function ?
  • How do we extend our internal & external interfacing and make the existing interfacing stronger ?

Organization:

  • How do we ensure fraud awareness keeps pace with the upgrading business dynamics ?
  • How do we enhance internal & external collaboration with FM function ?
  • How do we get higher return of investment from FM function ?
  • How to further reduce the fraud impact on the bottom line ?
  • How to make our fraud management practice more proactive ?

People:

  • Is resource acquisition better or resource development ?
  • How do we safeguard ourselves from attrition ?
  • Is our team structure agile enough while following industry standards ?
  • Do we have all the required roles and are the responsibilities clearly defined ?
  • Are we right, under or over staffed ?

Process:

  • Are my processes effective and easily exercisable ?
  • Are my processes future ready ?
  • Are my processes agile enough to adapt to any changes with acceptable TAT ?
  • Are we adopting and implementing industry best practices ?
  • What parts of my processes can be automated ?

Tools:

  • Is the Fraud Management tool adapted to my business environment ?
  • How do I ensure that the FM tool is fed accurate, complete and timely data ?
  • Are my fraud controls effective & efficient ? How do I reduce false positives ?
  • How do I ensure 100% automated fraud risk coverage ?
  • What capabilities do we need to acquire on tool front to be future ready ?
  • Are we ready against enormous data surge likely to be seen over next few years ? How do we benefit from it ?
  • Are we constantly learning from the industry in terms of fraud detection & prevention methods ?

Knowledge Management:

  • Is there sufficient attention on upgrading to the required skill sets ?
  • How do we enhance resource competency & knowledge against current & future services ?
  • Is our team keeping pace with constant fraud mutations ?
  • Is our team using the tools effectively & efficiently ?
  • Is our team knowledgeable and comfortable with processes ?
  • What are the top 5 areas of learning for the whole fraud function ?

Coverage:

  • Are we aware of all the fraud risks we are exposed to ? What is our current coverage levels ?
  • Do we know the gaps in terms of fraud risks coverage ? How can we improve ?
  • What is our strategy to become compliant to fraud risks introduced by new products and services ?
  • Are we ready for fast converging cross industry environment and the risks it introduces ?
  • What is our stand on customer and partner only risks ? How relevant they are for our business ? Is our current stand obsolete ?

Continuous Improvement:

  • What is our performance management strategy ?
  • Do we have effective KPIs ? Are these business relevant ?
  • How can we improve the fraud function’s effectiveness & maturity continuously ?
  • What metrics should I use to measure health of the overall FM function ?
  • Are we conducting sufficient & periodic RCA & decision analysis ?
  • How do we gather accumulated wisdom & actionable intelligence for improvement ?

Each of these questions can be a healthy point of discussion within your organization.
While these may give you a first hand view of health of your current fraud practice, more importantly, it may also open doors for a much detailed open table introspective sessions, enabling you to come up with much better & effective questions.

Remember, the key to remain healthy is to keep asking the ‘right’ questions.

As Albert Einstein rightly said – “If I had an hour to solve a problem and my life depended on the solution, I would spend the first 55 minutes determining the proper question to ask, for once I know the proper question, I could solve the problem in less than five minutes.”

The threat of Signalling!

Signalling level risks, specially fraudulent accesses from connected SS7 networks, is one area which is making a lot of noise in the assurance and security functions of Telecom organizations today.
The focus on the matter is such that most of the industry conferences talking about the current and next gen threats have a lot of matter being presented and shared on this topic – both from the operators and vendors alike.

What is it ?
The signalling level risks generally refer to SS7 (2G/3G) and Diameter (4G) level vulnerabilities (inherent or configuration based) which exposes operators to hacks/frauds through signalling control commands specially in roaming and interconnect scenarios. The scenario becomes more risky considering a normally configured SS7 infrastructure of an operator is accessible to any other operator in this world, either directly or through certain number of hops.
Now, just consider a situation where a rogue operator exists or a group of hackers with a malicious intent have got access to SS7 signalling of any less-secure operator in this world.
The losses due to signalling risks, while are still quite speculative, are expected to run in billions every year. Artificial inflation of traffic (specially A2P & P2A SMSes), Spamming, Spoofing, Refiling, profile modification, unlawful tracking, unethical disruptive activities from competition etc. are examples of some risks which have been found to be existing NOW with an estimated 100% infection rate.

Why is it happening ?
The SS7 signalling based vulnerabilities have been existing since very long, but have become part of news headlines recently due to certain revelations made by famous ethical hackers at certain high profile security conferences.
Some industry pundits make a point, which most of my industry connections agree with, is that these risks exist mostly due to the fact that operators tend to create unreliable partnerships and configure unregulated access (like open GT access, acceptance of any signalling command etc.) which enables malicious parties to connect to operators networks and conduct fraudulent activities very easily.
There have also been discussions around existence of services exploiting these signalling level vulnerabilities being offered in the grey markets through rougue hacking communities for a price.

Can you eradicate these risks ?
Ideal Solution: Operators need to sanitize their access configuration on SS7. Rethink, Reidentify, Reevaluate and Reconfigure the access levels.
But this is really difficult or maybe nearly impossible to achieve due to some practical issues on the ground, such as:

  • Most of the SS7 networks were configured long time back – There is an expertise issue operators are facing wrt SS7 networks now which limits their capability in terms of reconfiguration of SS7 based networks
  • It is a time consuming activity, which, would also lead to a lot of efforts on re-testing connectivity with all the partners, attracting a lot of investment
  • It may lead to reconfiguration of the signalling level configuration at the network level, and in certain instances, would require network downtime – A complete NO-NO for a lot of players out there. Situation becomes even more problematic for countries where Telecom Networks are considered a National Infrastructure.
  • Lastly, not every operator will take up this activity for many different reasons including the reasons like operators not participating in the awareness meetings/conferences being organized around the world or even like some rogue operators participating in malicious activities deliberately.

The problem becomes much more trickier from the fact that even one infected, unsecure or rogue operator in the world will continue to pose a threat to everyone else. And sanitizing each operator against these threats is a feat which is very unlikely to be achieved.

It is now unanimously being accepted that SS7 signal based networks are here to stay (atleast 10 years in developed markets and 20-25 in developing or lesser developed countries) and even their vulnerabilities, which are expected to grow by huge amounts considering the limelight it has received recently.

The bigger problem which has started giving sleepless nights to the fraud & security functions in operators moving towards 4G and setting up their networks over diameter protocol (provides 4G signalling framework) does not have native security standards inbuilt, but requires security mechanisms to be implemented on top, a practice always found susceptible to gaps). Also, the access methods are similar to SS7, so it exposes 4G networks to similar signalling risks as SS7.

What can be done now ?
For now, an approach of detection would be ideal until the industry identifies a way to plug these vulnerabilities around the world, which is definitely a few years away with a lot of research hours of investment.
An approach of detecting malicious signalling requests in your network still has few complexities to manage:

  • High false positive rates – A lot of signalling requests appearing to be malicious come out as configuration issues from the partners. Hence, domain expertise is essential to filter out ‘needle from the haystack’.
  • Sheer size of signalling data to be analyzed – big data support is required.
  • Skill set – This activity will surely require a knowledge upscaling and may be difficult for the traditional teams like fraud and risk management to absorb. Even teams like security, with less focus on fraud domain know how, is expected to find it difficult to add this activity in their set of responsibilities.

I feel industry partnerships with vendors, possessing both the domain knowledge, right skill set and technology built on big data platform is the way to go.

These partnerships, considering no-one has a complete answer to this rampant problem of signalling vulnerabilities as of now, need to be built on solid vendor capabilities, while being both liberal and experimental to give room for exploration.

The Re-Emergence of Convergence

Operators and global industry forums continue to wrestle with the question of whether or not to merge their fraud and security teams/work-groups to cope better with criminals who are breaking in through IP-based networks in order to derive profit for themselves (or their causes), or just to wreak havoc and disruption on their “enemies”.  Fraudsters are not just partaking in the traditional crimes of bypass fraud, roaming, Dial Through, AIT/PRS, Call Selling fraud etc., but also the exciting new stuff…. Phishing, malware, spoofing, DDoS, Trojans etc.

One can be forgiven for thinking that fostering closer links between fraud and security domains is breaking new ground in terms of responding to the threats posed by 4G/LTE, NextGen, the continued growth of e/m-commerce and the proliferation of data passing over networks.   I guess it is a sign of my advancing years that I can’t help feeling that we have been here before…

15 years ago, when I was prepping for an interview for my first job in the fraud management arena, I was listening open-mouthed as a fraud expert was explaining to me the finer points of PBX Hacking.  Thinking back, two things were very clear:-

  1. The Operator in the UK already had a merged fraud and security group (which they later separated out, then subsequently re-merged again, by the way).
  2. The main advice to combat PBX Hacking was prevention, not detection… and that meant security prevention. The operator was keen to tell its business customers that they needed to physically lock away their PBX equipment, protect their passwords, switch off unnecessary/vulnerable services such as DISA/Voicemail, carry out security awareness training for switchboard operators, support staff, suppliers, use barring at switch or extension level, keep PBX call logging records to see hacking attempts before they succeed, shred old copies of internal directories, vet their security/cleaning staff, etc. etc.   The FMS only stepped in when all the prevention activities failed and the PBX was breached.  By the time that happened, operators were already losing money directly, if they were responsible for the switch, or indirectly if their customers were liable.  Customers may have been unwittingly facilitating the fraud by their lack of security awareness etc. but even so, if a small business – used to paying perhaps $1000 a month for calls, suddenly gets a bill for $20000, they are going to fight it, refuse to pay it or be unable to pay it.  The indirect cost to the operator of customer complaints, disputes, potential court cases, damage to the brand, bad publicity, negotiated settlements, debt write-off and churn etc. can cost far more than the original bill.  It was a lose/lose situation… unless you were the fraudster.

These days, with the emergence of 4G/LTE, IP-based Networks, perpetrators are still committing the same underlying crime for the same motives as before, but now they are breaking in through a host of different entry points, wearing better disguises, carrying bigger SWAG bags and using faster getaway vehicles.  In truth, many operators are struggling to keep up with the high number and seemingly unpredictable nature of these attacks.

Security teams are traditionally very good at preventing access to networks, but they are not perfect.  The pace at which network elements, components, interfaces and transactions are increasing is making it impossible for all the preventative measures to be in-situ from day one.  Not to mention the surfeit of off-the shelf tools that fraudsters can use to break in to more and more lucrative areas of daily commerce.

In practice, Prevention alone cannot succeed.  Detection, Analysis and Response are also essential elements of the fraud management cycle.

Cycle

 

So, my point is this…. security and fraud teams cannot operate in silos.  Security teams must continue to try and prevent malicious intrusion as much as possible.  That requires taking in a lot of real-time data from the access points, identifying the nature of the content and the data patterns and quickly blocking anything that looks dubious.  But when the intruder gets in (and they do in their numbers), that is when the fraud team can also play their part.

Whilst the security team controls corporate IT networks, how well can they police the mobile workers and the homeworkers, the tablet users, the App Store/Android Users etc.?  And if you think that profiling subscribers was difficult historically, how much harder is it when you can’t even define what a subscriber is, let alone track their behaviour.  In the new world, the relationship between account holder, subscriber and product/service is not always obvious.  Also, the billing relationships for transactions can be mind-boggling.  Couple this with the speed at which these transactions are taking place and the value of services and content being passed across a proliferation of bearers, and you have a minefield to negotiate.

This is where a good Fraud Management System can supplement an operator’s security tools.  An FMS must now be equipped to take in much larger volumes of data than before, in many different forms and process it much quicker.   Any reputable FMS vendor will now be offering solutions with large scale, flexible data handling tools (including probe / deep packet inspection events), internal/sales partner audit logs/feeds, inline service/transaction monitoring, exhaustive rules engines (real-time, in-line and statistical), subscriber grouping & profiling features, reference data including Hotlists/Blacklists, fraud and device “fingerprinting” capabilities, ID verification, alarm prioritisation and established, flexible workflows, with a range of analytics tools and visualisation features.  All these components – in the hands of an experienced and well-managed fraud operations outfit – will help to choke fraudsters and drive them out to look for easier targets.

So, in summary, don’t let the security guys take all the strain at the prevention stage.  Share the data, share the knowledge and spread the load to the fraud team for a more comprehensive response.

To get more information about Subex Fraud products please click here.

Factors Complicating Assurance in 4G Environments

GSMA has a vision for 2020 for Telecommunications Industry around connected living which focuses on main pillars which are expected to drive the industry forward, namely – Network 2020, Personal Data, Internet of Things and Digital Commerce.

As per my view, the single most important take away from that vision is the rise of Telco 2.0.

Telco 2.0 are those telecom operators which are expected to expand transformationally by taking risks to chase higher rewards in both known and as yet unknown new parts of the value chain. These are expected to be the most advanced & disruptive Telecom Operators.

1

The most important enabler of these, so called, Telco 2.0 operators would be the ‘platform’ which would allow them to explore & experiment with those unknowns and expand services while ensuring higher customer experience which will help them achieve that visionary status.

One of such platforms is 4G, which riding on the inability of 3G-3.5G networks in delivering the required quality of service, has shown tremendous adoption rate within operators over the years.

What has made 4G enabled networks so popular is its proven capability as an ideal platform for cross domain services convergence & all access technologies.

A comparison between 4G LTE & HSPA (~3G) based network and service delivery capabilities can be seen below:

2

The bitmap above also provides a crude reasoning around lower adoption rate of certain services which were also rolled out over 3G enabled networks, but did not meet the consumer expectations around quality, reliability and price.

4G based networks provide the ability to the operators to become the ‘Real’ converged service providers, which until 3G was more theory than practicality. Operators are now becoming OTT service providers including communication, social media, social network, content, advertisement etc., connected living enablers, enterprise enablers etc. which was, until now, being offered mostly by 3rd parties.

With operator owning the converged service offerings (or at-least controlling some part of the service delivery like quality etc.), the increase in traffic over its pipes has shown potential of increase in direct revenues, that too proportionately.

Factors influencing complexity in 4G environment

Yes. 4G is great! But, not without the share of complexities it injects in the area of assurance (RA & Fraud) operations.

The following variables are identified to be the main influencers with respect to complexity and uncertainty in 4G environments:

New Network Elements

4G introduces new set of network elements and O/BSS systems generally being customized in terms of design or implementation as per the operator raising concerns around interfacing, data availability or quality. This also points to increase in complexity & volume of RA & FM activities to be performed due to increased data sources and controls.

Also, a lot of components in 4G implementations are still not COTS and provide different logging & access levels which raising concerns around capability around identification of internal frauds and external access attempts/brute force attacks.

Parallel Networks

Traditional networks including certain components adopted from 2G, 3G environment and running in parallel to enable backward compatibility and interconnection leads to further increase in risk, complexity and number of controls to be managed.

Non Standard Implementations

Some areas of 4G network, O/BSS systems and interface partnerships (operator, content providers etc.) are being implemented in customized non-standard fashion to enable interconnections (including roaming approach) and support complex products and service offerings (like VoLTE or VoLTE roaming etc.). The situation is more of an experiment and working towards developing a standard rather than following one.

Lack of reference 4G RA & FM practices combined with custom implementations, RA & FM activities are expected to be driven by non standard data sets and frequencies until stability/maturity.

Initially in 4G space, RA & FM practices may be exposed to the scenario of ‘Incident induced learning’ or ‘reactive RA & FM’.

Higher Convergence

Higher convergence of ‘core’ telecom operator provided services introduces more ‘direct’ risks to the operator and an increased need to manage RA & fraud risks introduced by the new services, which in an earlier setting, was a headache of the third party service provider.

New Pricing Models

Conversion to charging policies from minutes to bytes (sessions) and bytes to service subscription & access mixed with complex bundling packs & rate plans is expected to change the traditional mindset of conducting RA & FM, especially around charging, discounting, billing & invoicing.

Disruptive roaming charging policies are also expected to be introduced which will change the perspective further.

For session based charging policy, verification of policy implementation is also expected to impose its own set of challenges.

Complex service offerings

Telecom operators are going beyond their traditional service offerings (Apart from voice and data – TV / content / cloud etc.) and venturing into the modern areas revenue generation such as content, advertisements, connected living etc.

Rich content (VoD, music, messgaging, magazines etc.) management & delivery to become the fulcrum 4G revenues. Also, with various channels of content delivery at hand, advertisement revenues will also play an important role for mature 4G operators

But, service based subscriptions, validity & dynamic delivery along with innovative & complex content and partner agreements are expected to complicate the RA & FM activities like never before.

Increase in transaction volumes

4G subscriptions is expected to increase 3.5 folds to 1.3 billion and data traffic by 6 folds to 17 Exabytes by Dec 2018. Operators will be dealing with many fold increase in data per unit of earned Revenue.

Considering revenues are tied to data sessions, transaction volume mgmt. for the purpose of RA & FM is expected to introduce a big challenges and would require advance data treatment, management & analysis techniques (e.g. Big data).

Responsiveness & Scalability is expected to be one of the main talking points with respect to volume management

Rapid Product & Services Launch

New product, package and service launch across the breath of 4G enabled service platforms are expected to see a considerable rise in throughput due to shortened development, delivery & release cycle.

The agility of RA & FM departments in terms of proactive assessment and risk readiness is expected to keep pace with the higher number of products, services and packages being launched at the breakneck speed across the breath of business offerings

Margin Management & Revenue Enhancement

With increased competition, Revenues are expected to be driven by high volumes and low margins and not high margins. Product performance measurement in terms of adoption and revenue generation against target will have to be carried out at much higher frequency.

With RA having and access to all cost items, charging, payins/payouts, usage records, quality parameters and first visibility to trends and anomalies, margin management and revenue enhancement activities are expected to take center stage

Skill set and technology within the team will have to be enhanced or absorbed to enable and handle increased cross functional interfacing , analytics and product management

Lack of Skill Set

Lack of mature reference 4G implementations is also expected to lead to lack of required skill set which is needed to manage and continuously improve the RA & FM operations. There will be focus on more laborious, reactive & risk prone approach of skill ‘creation’ rather than ‘absorption’

Updated Network Access Authentication Methods

Operators need risk readiness against newer authentication methods which are different for different services – ISIM, USIM, Single Sign On etc. Considering device authentication & security is in the hands of the manufacturer or the OS provider,  any security flaw is a direct risk to the subscriber base of the operator

Also, 3rd party firmwares & apps are readily available for the assistance of hackers. This situation increases the device or OS takeover further.

Increased UE & CPE Types

Exponential increase in multi vendor UE & CPE types has increased user exposure to IP frauds like takeovers (Accounts or UE) enhanced by ‘easy’ service access methods such as ‘single sign on’ for single or multiple services.

While user equipments are highly exposed to malicious Apps, URLs, Malwares etc., readily available custom firmware for Customer Premise Equipment are found to expose them to the same level of risks.

To top it off, high profile sensitive customer information hacking cases by external sources are on the rise both against individual subscriber and enterprise networks, calling for much more robust, secure and continuously improving infrastructure and detection capabilities.

Power user exploits

Power users or technology aware users are expected to exploit any loopholes in the implementation of service access, newer pricing models etc. through the use of various complex techniques such as URL masking etc. to bypass charging and gain free access to services

Spoofing or device configuration updates like MAC Address may also gain popularity to help divert charging to someone else in absence of adequate authentication and multi level device binding mechanisms

 

Movement to 4G or a higher capability environment is inevitable.

I believe, if traditional approach to manage RA & FM operations is continued as it is even for 4G environments, these functions are expected to attract steep investments to manage complexity factors mentioned above (including increase in network elements & O/BSS systems, data streams, data loads, controls, resourcing, technology requirements etc.).

There is an immediate need of shifting from current mindset and adopting “Smart” & “Agile” RA & FM practices across the operational spectrum (of people, process, measurement, organization & technology) to contain costs and risks much more efficiently.

Taking a cue from Game of Thrones – “Winter is coming! and this one will be long. God help us all if we’re not ready!”

The Dark Side of the Moon

In discussing the 1969 Apollo Moon landing, Neil Armstrong once said “We tried very hard not to be overconfident, because when you get overconfident, that’s when something snaps up and bites you”.

Apart from the occasional lack of atmosphere, the overlap between being a Fraud Manager and being an Astronaut isn’t that obvious. However, the dangers of being overconfident very much apply to both roles and it is essential that a Fraud Manager never sits still and assumes that all risks are covered.

The life of a Fraud team is always hectic and it can be very difficult just to keep on top of all the alarms, reports and referrals coming your way. Finding time to take a step back and look at the full spectrum of fraud risks is not a luxury that many, if any, Fraud Managers have at their disposal.

Common fraud types such as Subscription Fraud, Bypass, IRSF and PBX Hacking generate a huge number of cases and can be difficult to investigate and take preventative action against. In fact, just those 4 fraud types alone keep many Fraud teams more than busy throughout the week.

This is quite understandable given the losses associated with these frauds. However, when you consider that there are more than 40 fraud types listed in the GSMA FF Manual, the potential for a Fraud team to end up exposed to some significant risks is clear.

Furthermore, it’s not just the fraud types which are not addressed that can present a problem. There is also the risk that one of your core frauds mutates and leaves you blindsided. If we take the example of Subscription Fraud, there are so many variants that it can be very difficult to keep track and ensure that you have the appropriate prevention and detection in place.

Insight is what you need to avoid major fraud risks being left on ‘The Dark Side of the Moon’.

One of the many benefits of Subex Insight is that it includes tools that help Fraud Managers to identify fraud risk areas that are not covered or where gaps exist in existing coverage. The highly flexible nature of Insight allows it to identify both high level risks (e.g. whole fraud types which are not addressed) and lower level issues (e.g.  Individual Fraud Analysts who are not working specific types of alarms).

Subex Insight will provide the confidence you need to get you covered.

To get more information about Subex Insight please click here.

There’s No Business Like “Know” Business!!

People of a certain “vintage” will remember well the speech by former US Secretary of Defence, Donald Rumsfeld when questioned on the lack of evidence linking the Iraqi government with the supply of chemical weapons to terrorists. For many of us it took a second hearing to fully appreciate the difference between our “known knowns” and our “known unknowns”, and if you are anything like me then the concept of ‘unknown unknowns’ – well that took a little bit longer!

The speech has been the source of much discussion through the years and the basic principle has been applied to many situations and domains, including Fraud Management.  However, one of the most interesting parts of the speech has largely been overlooked in all of the focus on the “knowns” and “unknowns”. In responding to the question Rumsfeld’s first sentence was;
“Reports that say that something hasn’t happened are always interesting to me”.

Fraud management, as with most other operational functions, is largely focused on something happening, whether that is in relation to configuring rules in the Fraud Management System or in working out the effectiveness of your business function (people &  process). The emergence of certain fraud types through the years has started us on the track of reaping the benefits from looking at things that have not happened as a detection method but for many organizations the principle has not been fully embraced.

Most organizations are now looking into more detailed analytics, but within these analytics programs, how much emphasis is put on things that didn’t happen?  Additionally, in a dynamic environment such as Telecoms Fraud Management even what we “think” we know (“known knowns”) may be rapidly out-dated or superseded.

In the “Big Data” era things are likely to be even more challenging for Fraud Professionals as the haystack just got a lot bigger, so even trying to keep on top of what we think we know is going to be a challenge. To start trying to uncover our “Known Unknowns” and “Unknown unknowns”,  – that will take INSIGHT.

To get more information about Subex Insight please click here.

Hindsight – the Superpower everybody possesses?

As a child, I dreamed of having a superpower. Invisibility, flying, incredible strength, teleporting – any would have been just fine, I wasn’t choosy! Unfortunately it didn’t take too long for me to realise I was not ‘on the list’ so I went to work for BT instead and started on the road to a career in Fraud Management!

Over 25 years later it suddenly became clear to me, as I watched events unfold in Brazil over the last two weeks, that I may have been wrong all along.  In fact I DID have a superpower. I was, in fact, “Hindsight Man”! Unfortunately my hindsight powers did seem to have limitations in that they only worked in connection with the performance of the England Football (Soccer) team – but you have to start somewhere! However, once I realised I may possess this power I quickly noticed that nearly everyone else I came into contact with also seemed to be blessed with this ability – and it is always completely accurate (20:20), right? A pretty useful Superpower for a fraud professional then!

Before investing in the cape and mask, I decided to do some further research on the subject of Hindsight.  So, what is hindsight?  It is defined as ‘the ability to understand, after something has happened, what should have been done or what caused the event’. As I delved deeper, I realised that I, as with many others, am most likely suffering from something psychologists call Hindsight Bias…. also known as the ‘Knew-it-all-along effect’.

It appears we humans have a tendency to suggest predictability even in events where there is little or no evidence to support the prediction prior to the event. Unfortunately, it gets worse….even where some evidence may be present in order to validate our ‘Hindsight’ we may change our recollections to support newly provided information. The level of memory distortion this involves is not just affected by whether there is a positive or negative outcome, but also the severity of the negative outcome. Dangerous Stuff!

So it looks like I may not possess the power of hindsight after all and looking at it from a Fraud Management perspective that may be a good thing. Hindsight, as we have seen, can be based on no factual evidence and, even where there is some basis in fact, is prone to a significant number of external factors that can have a hugely negative impact on our assessment/judgement.

No, it’s clear to me now, to be a better fraud professional I don’t need Hindsight – I need Insight!

Read about Subex Insight here.

Asset Assurance: Leveraging our Experience, Maximizing the Network

Over the years we have gained a deep understanding of the culture within telcos. We are best known, through the ROC, as specialists in Revenue Assurance and Fraud Management. As such, we know how to deliver different views of the same data.

Having successfully done this in the BSS world, we have turned our attention to the networking side of the business. Controlling costs and optimizing network capital investment are priorities for the business and managed by the CFO’s office. Optimal usage of the network assets and manage traffic effectively are under the control of the CTO’s office.

Both offices need access to the same information but in different ways. With different priorities, sharing the same information without interpretation or tailored analytical choices would make communications between the two entities very difficult.

A CFO needs to know how many assets are stranded and therefore not producing revenue. Right now, the status and whereabouts of only 75 percent of a telco’s assets are known. Knowing where assets are, knowing how long an asset is in place before it is revenue producing and knowing that delaying an investment for a month makes financial sense is of huge importance to a CFO.

Understanding which assets can be re-used in other parts of the network, or which need to be retired can help the CTO with his priorities. Some assets can be effectively re-sold, so what is a retirement to the CTO becomes a possible source of revenue for the CFO.

We believe that creating a view into network assets will benefit both offices and create a better collaboration between them. Revenue Assurance can provide a financial view of IT assets, which adds a new and effective dimension to that craft. So, too, Asset Assurance adds the tools to the network capex side of the business to actively manage it. We not only believe it, we know it. Working with one of our customers we found $17 million of stranded assets in a single week. Better yet, Asset Assurance also benefits the customer.

Talk to a Telecoms Manager about what he would like from his telecoms provider and he will not say more accurate bills as a priority. He accepts that billing is complex and accepts that his comms bill will never be 100 percent accurate. What he would like more than anything is to know what inventory is in place in his organization, where it is, whether it is still live and whether he is paying for it. This can be discovered with Revenue Assurance tools, but now the communication providers can actively manage the whole inventory issue with the new Asset Assurance solution.

By leveraging our experience in Revenue Assurance and Fraud Management in the OSS world, we are now proud to be able to offer solutions and expertise to operators in all of the vital parts of their business, including network. And we are already proving that this concept of asset assurance is important in managing assets more effectively and efficiently.  We also believe, like many such solutions, that we will discover uses for Asset Assurance that we cannot quite see yet. We will keep you up to date with the story as it unfolds.