menu-close
search-icon
banner

Category Archives: Fraud Management

The growing interest in big data technologies for Fraud Management & Revenue Assurance

Fraud Management, Revenue Assurance

Leave a comment

The telecommunications sector is no stranger to big data. As a premier vendor for Revenue Assurance and Fraud Management solutions, Subex is no stranger to big data too. Traditionally, our RA & FM applications process billions of transactions every single day. The past few years have been particularly demanding – with the proliferation of 4G, LTE and the upcoming 5G, data has exploded and continues to. Change seems to be the only constant.

The bid management team, I’m part of, is a witness to the change. We are at the helm of affairs in serving our customers needs that come via an RFP.  Over the past year, we are witnessing a key ask in the RFP —

“Does your tool comply with big data technologies like Hadoop”?

The Trend

Request for proposals (RFXs), are one of the modes, through which Subex periodically receives the customer requirements. A key component in Subex RA & FM solution is the database. For many years, RDBMS like Oracle, MYSQL, Vertica, have been the preferred choice for telcos. There is a new trend now – Hadoop.

Telcos are now considering big data technologies like Hadoop. Looking into the trend of RFPs over the past years, gives an understanding of the future. The requirement for big data technologies have gone up two times in the past 2 years.

GROWTING TREND IN BIG DATA ASK

GROWTING TREND

A further drill-down of the requirements is also a testimony to the changing face of RA & FM functions. Few of the key requirements taking shape are:

  • Data lake: Data lake is becoming de-facto ask. With the explosion of data volumes and data types (structured and un-structured), telcos are increasingly preferring to set-up a common data lake to feed multiple downstream systems
  • Data quality: Given the importance telcos are now placing for the quality of data, expectation is to procure systems that provide high level of data integrity and sanctity of the underlying data
  • Analytics & Machine Learning: Clearly, RA & FM functions are now including analytics, insights and pattern recognitions to their repertoire of tools at disposal to combat fraud and leakages. The RFPs are now focusing beyond transaction monitoring and entering the realm of business intelligence and machine learning

Subex Big Data Solution

Recognising the importance of big data and its’ relevance to the RA & FM teams, Subex started offering Hadoop as a platform of choice a few years back. Today, we are hosts to many live implementations around the world, processing billions of transactions every single day.

Subex RA & FM solutions with Hadoop as a technology, delivers value on the 4-fronts:

  • Volume: Capability to handle large volumes of data loads and deliver at scale
  • Velocity: Forget the days of “T+n” monitoring. Real-time assurance is becoming the norm
  • Variety: Gleam insights from the good old structured to semi-structured and un-structured data, using traditional rule engines and new age ML & AI capabilities
  • Veracity: Highest quality of output with high integrity

Big data is empowering RA & FM teams with big possibilities. To learn how you can benefit, talk to us.

Are you 5G Assured? 4 Game-changing Business Assurance trends to evolve with 5G

Fraud Management, General, Revenue Assurance

Leave a comment

Even before we could be content with 4G and its value offerings, the 5th wave of telecom evolution is already here. Telecom giants from Middle East Asia, the Americas and the European geographies have already built their first publicly available prototypes in the 5G environment and are aggressively working towards building newer service models to drive unparalleled customer experiences. All said and done it is still in silos since the very process of conceiving the 5G ecosystem is underway. OEMs and integrators like Nokia and Qualcomm have also created enablement environments for the CSPs to progress with their 5G on-going projects.

Release 16, one of the much-hyped releases by 3GPP aims to complete the IMT 2020 vision of building a fully functional 5G working environment is in progress. This, in turn, is going to change the entire scenario of business assurance.

Here are four forecasts which are going to change the perception of looking at Business Assurance.

  1. Business Assurance practices will be services driven and customer focused.

5G is a service driven architecture. The basic objective of 5G is to develop an integrated communications environment for driving scalability of services and Man-to-Machine interactions a reality. The evolution of 5G offerings, services and niches will be around 3 major value propositions as described in the IMT Vision 2020:

  • Enhanced Mobile Broadband
  • Ultra-Reliable Low Latency Communications
  • Massive Machine Type Communications

More such use-cases can be seen in the diagram proposed by ITU-T for enabling IMT 2020 vision.

ITU-T

The “switch to bill” outlook towards revenue assurance will soon be replaced by revenue enhancement and monetization of these freemium models of service delivery. With the first line of controls already being built and integrated into the BSS systems, the focus of business assurance will shift towards customer experience while maintaining the required financial bandwidth for sustenance and monetization of services offered.

  1. Managed services will converge for the OSS and BSS spaces.

Managed services have evolved separately for OSS and BSS parts of the telecom ecosystem and have required special resources (manpower & machinery) for execution. However, that will no longer be the case. 5Gs service-oriented architecture with network slicing capabilities would cause business assurance functions to be staffed with professionals who have a sound understanding of networks and the business aspect of services associated with it. Strong data interpretation and the ability to co-relate, interpret and present a business outcome with a network performance measure would be in demand. Also, new areas such as Network Asset Assurance, Spectrum and Capacity Assurance, (which were previously on the edge) would now be an integral part of the overall business model.

  1. Use of Advanced Statistical Methods and Analytics for Assurance Practices

5G, with its ability to support multiple service environments, will offer a great platform for the proliferation of Machine learning (ML) practices, both in the networks as well as the business domains. For example, ML may find use in enhancing self-organization feasibility through cognitive network management while in the business domain ML’s role would be to support QoS management in highly automated slicing environments.

  1. Integrated Security Practices will drive a whole new outlook for combating fraud

Cyber-security and traditional fraud management practices, until now have had different paths of evolution. Since 5G will be an end to end IP based delivery platform, this will cause cyber security and fraud management practices in telecom to converge to counter new fraud scenarios that threaten the confidentiality, availability and security of the business.

Bottomline Question: How do I ensure business readiness for venturing into 5G?    

The readiness matrix for venturing into the 5G space can be broken into three major pillars:

  • Technology and Risk Readiness:

While venturing into the new generation of technology, it must be ensured the current network and systems are not cannibalized. One good way to start with is to ensure backward technology integration. This, in-turn, will ensure seamless onboarding. It is also required to premeditate necessary risk controls (business, operational, compliance and financial) involved in the different stages of migration to quantify the overall risk appetite to arrive at basic business decision of “to be or not to be”!

  • Business Model Readiness:

As stated earlier, the IMT – 2020 vision is to create business models best suited for the targeted customers. Depending on the existing value chain arrangements, the CSP can start identifying what kind of revenue stream partnerships can it afford to get into to roll-out services best suited to the proposed customer segment. It is suggested that in an economy that is cost-sensitive, sharing of capabilities (technology, manpower and resources) is the best way to start with.

  • Customer Readiness:
    Knowing the present capabilities, limitations, interests and desires of the customer is important and correlating these with the business model deliveries is imperative to the sustainability of the business. This not only helps the business earn more from the customer but also helps understand the changing patterns in their behavior much sooner and with visible effect.

What to look in a 5G transformation assurance partner?

To sum it up, it’s important to have an assurance partner that can support you in driving a technology transformation course that is so complex. The partner should be able to provide support at any leg of the transformation – from choosing the right model of delivery to helping realize monies out of it. The partner should be capable enough to drive decisions on risk treatment and help the business attain long term sustainability with an optimal amount of investment.

5 Key Reasons Why Telcos Should Turn to Digital Methods to Combat Fraud

Fraud Management, General

Telcos are losing millions of dollars every year to frauds. Of late, we see that fraudsters have become smarter and the tactics used by them have evolved into a more sophisticated level aided by the smart technologies. Further, with digital services entering the new mix of offerings, traditional strategies no longer fit the bill. Digital services, especially those offered on IP networks, are more susceptible to attacks as evident from the recent hike in SIP-based attacks.

The growing complexity in the digital services ecosystem demands a future-proof approach to secure the networks and prevent revenue losses.

Let’s look at the top five reasons why you should invest in digital fraud prevention technologies.

  1. Proactive versus Reactive

Traditional fraud management systems are post facto; they rely on transaction records such as CDRs, payment vouchers, provisioning details, etc., which are generated post an event. Hence, fraud teams can never get ahead of an attack and can only react to it. However, with digital methods, the network is monitored in near real time and fraud teams can tear down a call and prevent frauds before they occur.

  1. Increased coverage to prevent frauds

SIP attacks are inherently complex; they range from Layer 3 based IP attacks, all the way to Layer 7 based SIP protocol attacks. All of the Layer 3 attack reconnaissance need not translate to a breach, but by keeping track of the origination of these attempts and then correlating it to high-risk behavior at the higher network layers, modern digital fraud prevention techniques can automatically prevent such attacks.

  1. Combat Zero-Day Threats

Of late, fraudsters are increasingly exploiting the vulnerabilities in fraud detection mechanisms and duping the system with malicious inputs. To avert such frauds, you need to employ an intelligent system that can detect such attacks in real time and prevent them before they impact the customers. With advanced Machine Learning (ML), you can create a defense against such attacks and future-proof the algorithm.

  1. Scenario Planning

Security and Fraud is an afterthought while new digital products are launched by telcos as the focus is initially on product functionality and the rush to go to market. This makes new digital services highly susceptible to attacks and breaches which are more often than not exploited very quickly by fraudsters. It is important that new digital services are put through vulnerability assessments and scenario planning so that obvious holes are plugged, and then continuous monitoring is put in place to detect any new threats to ensure profitability and prevent revenue leakages from fraud.

  1. Future Proofing to address the complex scenarios

As the digital framework grows complex, threat management becomes even more challenging.  With advanced ML capabilities, the new threat management systems allow you to gather threat intelligence from across the globe covering a wide range of digital products. This will help you identify new trends and malicious patterns. Further, it also gives insights on the specific tools and tactics employed by hackers, so you can bolster the system well in advance.

Stay tuned to get more updates from Subex.

To know more about our Digital Fraud prevention Solution Click here !

Selling devices – A boon or bane for Telcos?

Fraud Management, General, Revenue Assurance

Leave a comment

Smartphone flashes in mind, when device is mentioned.  Devices, however, are a large ecosystem beyond smartphones – a range of equipment like dongles, routers, customer premise equipment (CPE) and IP phones, to name a few.  Devices are a great tool for telco to lock their customers in. For instance, the bundled offers with contracts spanning months provide predictable revenues for the telco’s.

The next wave of opportunity

With IoT and 5G making inroads, telco’s are preparing for the next-generation devices for home and office networks. A lucrative opportunity for telcos, as devices are critical to the IoT/5G penetration. Newer devices will be introduced, like small cells to boost network capacity and improve indoor coverage. It’s no wonder that telcos are investing into devices.

Are telcos benefiting from devices ?

Devices are an attractive opportunity as they improve customer stickiness and ARPU. Devices are good promotional tools to attract new customers and gaining traction even in emerging economies. Many customers extend their relationship with telcos beyond contract period.

Yet, procuring, selling and managing devices is riddled with risks. Fraud, leakages and unmanageable debt are hampering the revenues and profits.

A survey across telco’s states:

telcos stats

What are the risks?

Telco’s on an average spends 20% of their OPEX on procuring and servicing devices. The entire supply chain covering the forward and reverse logistics is prone to risks. The supply chain not only involves stakeholders within the telco (marketing, sales, operations, logistics, finance), but many external parties –manufacturer, supplier, financing partner, distributor, shipping partner, warehousing network, retail agents, repair/refurbish partner, and the end-customer.

risk

The technology stack is complex with at least 10 different applications and platforms involved. Leakages of stock in ordered vs received, inventory gaps, devices ageing at inventory, gaps at POS are a few technological risks to highlight.

Bane to boon – Manage the risks

How could telco’s control the risks & leakages, and make the best of the opportunity? It is important that Telcos have Device Assurance strategy in place to manage the device related risks. Stay tuned for more updates about Device Assurance Solution.

8 Simple Strategies for Telcos to counter Wangiri Fraud

Fraud Management

Leave a comment

Wangiri is not new rather; it is one of the most commonly occurring telecom fraud. In a recent case, a fraudster gave a missed call to several users of different countries. When the users viewed the missed call on their mobiles, they thought that it was a genuine missed call and called the number back. That is where they got tricked! The fraudulent numbers were unusually long and originated from an array of exotic countries. These were premium rated numbers so when the users called back, the fraudster’s intention to extract maximum payment out of them was successful.

In such scenarios, it is not just the subscribers but their operators as well who bear the losses. There is both a direct and an indirect loss for the operator. As per the latest CFCA 2017 global fraud loss survey, Telcos have lost close of 1 Billion USD to Wangiri Fraud alone, which is quite a lot!

In my point of view, Wangiri cannot be eliminated entirely for two main reasons- there is no proper regulation on the carrier business, and there is lack of visibility on the end carrier who is terminating the call. The end carrier who terminates a fraudulent missed call is not aware of the fraudster details and whether the country from which call has originated is a high-risk destination or not.

So, let’s look at how can telcos protect revenue and provide great customer experience?

  • Subscriber Awareness

A pro-active approach to minimize Wangiri fraud would be, making the consumers aware of the fraud scheme. If a number appears to be suspicious, a quick search of the number in several free apps available online, would tell the customer if the number is a part of any ongoing scams or not. Several Fraud Management tools are readily available in the market to detect and prevent Wangiri.

  • Customer Experience Management

As the customer is the king of any business, and hence Telcos need to manage the customer complaints effectively, which will, in turn, reduce customer churns. All employees in the customer care department should be well informed about the Wangiri fraud and how the customer care executives should manage the complaints related to this fraud.

  • IVR (Interactive Voice Response) Facility

IVR Facility is a pro-active approach that can be adopted by the operators. Whenever a subscriber calls back to a high-risk destination upon receiving a missed call, the operator should have an IVR voice informing him about his called destination. This IVR voice message would make the subscriber cautious to drop the call.

  • Removal of International Services as the default service for a Subscriber

In India, Telecom Regulatory Authority of India (TRAI) has announced a new mechanism to effectively protect the common interest of mobile subscribers. TRAI has said that international service calling facility should not be activated on prepaid SIM cards without the explicit approval of the consumer. This measure is yet to be adopted by several other regulatory bodies globally.

  • Technology

To protect customers from phone scams, T- mobile has introduced a new network technology. They have rolled out a scam ID by which customers are automatically alerted when an incoming call is likely a scam.

Several other vendors are also coming out with similar technological solutions.

  • Routing Management of carrier:

When a fraudster carries out the Wangiri fraud and gives missed calls to multiple subscribers, high amount of increased traffic can be observed on the carrier who routes these calls. If an operator monitors this activity, there will be a repetitive trend of increased traffic observed on the same carrier to route these calls. In such cases, an operator must take necessary precautions to route all the traffic through an alternative carrier. Routing the calls through a different carrier will help in breaking the chain between the fraudster and the linked carrier.

  • Control designing through FMS tool:

Control designing through an FMS tool is required as it helps in early detection of Wangiri activity. An FMS tool assists in the discovery of Wangiri cases by monitoring the number of calls made by the fraudster. Artificial Intelligence & Machine Learning can play a significant role in detecting the Wangiri fraud.

  • Negative Margin Prevention

In case of a negative margin occurrence, the number needs to be blocked by the operator immediately as it leads to direct impact in the revenue.

I would conclude by saying the famous quote by Bill Gates, “Treatment without prevention is simply unsustainable”- though Wangiri fraud can never end completely, right preventive measures can minimize it significantly.

Account Takeover – Fraudster Intelligence

Fraud Management, General

Leave a comment

Account takeover fraud is one of the most common fraud types across the world. Fraudsters use the various methods to takeover an existing open account within the mobile operator or the banking instrument. The commonly used method of committing this type of fraud is vishing or smishing. As per CFCA fraud survey, account takeover accounted for an estimated fraud loss of 1.7 Billion US Dollars in the year 2017.

In all these scenarios, the primary goals of the fraudster are to gain access to the account and (by-) pass the validation steps. In many situations, such validation may only require low-level knowledge-based authentication, so basic information obtained by the fraudster is used to validate and by-pass controls in place and to takeover the targeted account.

I was investigating an Account takeover fraud case for one of the leading telecom operator in the APAC region wherein the fraudster used a different type of methods to commit this fraud. Many customers lost millions of dollars from their bank accounts without the knowledge after their account was taken over by the fraudster. On investigation, we identified that the fraudster’s primary motive was to takeover both mobile and banking account and then initiate multiple fraud transactions. He used Social Engineering, CLI spoofing, Spoofed website & Malware to commit the fraud.

The Fraudster sequentially executed his schemes. He targeted only the high-profile subscribers in a region. He acquired all the information of the subscribers using social engineering methodology and called up the subscribers pretending to be a Bank executive and Mobile operator security officer. He asked the subscribers to download a malware-infested application from a spoofed website, following which he gained remote access to their mobile phones.

The malware would read the SMS’s & call logs from the subscriber’s mobile and forward the details to fraudulent server. It also deleted the SMS & call logs from the mobile handset before the subscriber knew the same. The intention behind the reading of the SMS & Call log is to Bypass the second level authentication for completing the banking transactions. With this method in place, he was able the execute multiple transactions without the knowledge of the subscribers.

Impact to Telcos?

When subscribers approached law enforcement agency, the Law penalized both Telco and the bank and recovered from them, the amount lost by the subscriber. The Law took this action to protect the interest of the customers and secondly it was negligence from the service provider that led to the revenue losses of the subscribers.

Telecom & banking service need to protect the subscribers from such fraud attacks by providing awareness to subscribers. Fraud management systems need have intelligence built into them to detect the fraud attack and control damages at an early stage.

Direct Carrier Billing : A Massive Revenue Opportunity for Telcos

Fraud Management, Revenue Assurance

Leave a comment

In the last few years, OTT players taking away a sizable chunk of the telco revenues. To deal with this, it’s time the operators harness the potential of new streams of revenue. Direct Carrier billing is one such avenue.

Direct Carrier Billing is a telco driven payment model, for the digital services. Direct Carrier Billing (DCB) opens the possibility of generating a new revenue stream for operators, by leveraging on the existing telco network and the billing relationship with the customers. Direct Carrier Billing, enables telcos to allow its wireless subscribers (both prepaid and postpaid) to purchase goods and services using their handsets. The cost of purchased good and services are added to their monthly phone bill or deducted from the prepaid balance, thereby providing a seamless & secure payment mechanism. This medium enables a very simplified online payment experience with just a click to complete a transaction.

Why is Direct Carrier Billing beneficial for the Telcos?

Juniper Research found that operator revenues derived from carrier billed purchases will rise from USD $2.9 billion in 2017 to USD $9 billion in 2022, an average annual growth of 25%. With growing purchases via DCB, operators enabling their customers to buy all kinds of goods and services using their mobile services subscription will add a new revenue stream for the operators.

  • The operators can take a % of the revenue from the transactions, and their customers don’t have to look for a financial relationship with another company.
  • It is a win-win situation for both the operator and the merchant since it also helps the merchant extend their reach by using the operators existing customer base.
  • The higher conversion rate in DCB transactions will lead to an increase in ARPU for operators.
  • The payment method is extremely simple and secure leading to better user experience and reduction in customer churn.

Leading Technology firms like Google, Apple and Amazon are also investing in building DCB relationships with operators and vendors (like Fortumo, Bango, Boku etc.).  They strongly believe that DCB will allow the unbanked to better engage and participate in the digital economy. The increasing desire to enable payment across Smart TVs, Xbox and IoT devices emerging in the market, widens the opportunity for Direct Carrier Payment.

With most of the transactions completed via DCB, the problem is that maintaining Direct Carrier Billing functionality sometimes fails due to settlement involved between the multiple parties and the frauds in the DCB chain. Subex Direct Carrier Billing Assurance program protects the entire DCB chain providing end to end Risk and Fraud Management.

Stay tuned to know more about Subex Direct Carrier Billing Assurance.

Dealing with Bypass Fraud : Think beyond the boundaries

Fraud Management

Leave a comment

Amid the fierce competition facing the telecom industry, sometimes we listen to stories how lack of forethought of one Telco brings on illegal traffic on the network, leading to aggressive open wars and blame games among the operators affected by the fraud. The Telecom Regulatory Authority could intervene in such scenarios and encourage a competitor to block suspicious outgoing traffic if it finds out that not enough care is being taken to avert the fraud.

Interconnect Bypass fraud is one such telecom scam costing the industry several billion dollars every year. It brings collateral damage to the networks involved, and the impact will be huge. The Telco could be imposed hefty penalty for its failure to detect and resolve the issue on time. Further, it could bring serious business implications for all participating telcos. In the process of rampant blocking of suspicious traffic, sometimes traffic of genuine customers could get blocked, leading to customer dissonance and dissatisfaction along with loss of other business opportunities.

Here’s an example of a West African Telco who suffered massively due to Bypass fraud.

Why did this happen?

The West African telecom operator had been massively impacted by off-net Bypass fraud where the network of the operator was being misused to land fraudulent calls on the competitor’s network. Over time, the problem became so grave that the Regulatory Authority of the country had to step in and take charge of things. This eventually ended with the competitors blocking both fraudulent and genuine traffic from the Telco affected by the interconnection fraud.

Investigations conducted confirmed that the huge differences between the International termination rates and local termination rates made the environment suitable for fraudsters to run their schemes. There aren’t enough KYC controls in the country to facilitate certain onboarding checks which distinguish a genuine customer from a fraudulent one.

Impact on business

There were multiple warnings and memos issued to the operator from the Regulator, indicating that the operator would have to face penalties if amendments are not made in time.

Customers flooded the operator with complaints saying that their off-net calls were being barred without prior notice and for no fault of theirs and threatened that they would eventually churn out of the network if their services weren’t restored.

The atmosphere grew so tense that instead of cooperating, the operators became more aggressive and indulged in a rat-race in trying to prove a point to the Regulator as to how better and efficient they were from the rivals in terms of detecting Bypass fraud cases.

The solution

With the understanding that Bypass scams are rampant, Telcos need to direct their efforts towards building knowledge-sharing forums where they can share insights on fraudster behavior and geographical locations from where most of the fraudulent calls are generated and what kind of products tend to get misused by these fraudsters to nip things in the bud.

Telcos should understand that indulging in rat race or blaming each other will not help solve issues arising from such frauds; rather they should adopt a proactive approach to identify and prevent such scenarios in future. Instead of the Regulatory authority dictating terms to the operators, the operators must drive the authority to create nationalized framework for user identity governance.

Why Artificial Intelligence Powered Fraud Management

Fraud Management

Leave a comment

Artificial Intelligence (AI) is not new and it has been around for decades. However, with the advent of big data and distributed computing that is available today, it is possible to realize the true potential of AI. From what started as an interesting story line in SCI-FI movies to programs like Alpha-Go which has been beating humans, AI has been evolving. AI also has branched out into multiple sub categories such as Machine Learning, Deep Learning, Re-enforcement learning etc.
FM-1

FM-2
An effective Fraud Management (FM) strategy includes 3 important pillars: Detect, Investigate & Protect. We believe AI can positively influence all the 3 pillars of fraud management, from reducing false positives to helping in mining root cause analysis to creating enhanced customer experience in protection.

In this post I would like to look at the starting pillar of the Fraud Management strategy – “Detection” and look at AI’s influence in this very important step. A traditional approach to Fraud detection has been through Rule Engines which could be:

  • If-Else Conditions
  • Thresholds
  • Expressions
  • Evaluating Data Patterns
These are widely known as deterministic solutions where an event triggers an action. The biggest pros and cons with this approach is that human intervention is needed to feed the logic.

For eg: for a threshold based detection humans have to feed the rule engine that count of records above a certain threshold is suspicious.

Following diagrams shows how this looks like

rule-engine

After looking at the diagram above an important question arises, should this threshold value be a straight line or can it bend based on how data behaves. Now there are ways for rule engine to behave like mentioned in the diagram,

variable-threshold

for eg, instead of having a single rule lets have multiple rules

  • Per Customer Category
  • Per Destination
  • Per Age of Customers

And multiply that with other dimensions in data which are

  • Phone Number
  • Caller Number
  • Called Number
  • Country Code

And multiple that with other set of measures per dimensions

  • Count
  • Duration
  • Value

And throw an additional billion volumes at the datasets

Quickly FM teams ends up with something like this
AI Blog1
But what they wanted or dreamt was this
AI Blog2

Now I am not saying FM teams are not skilled enough to fly, but a fraud team in a modern Digital Service provider should be more focused on other important factors.

machine-learning
So, let’s look at how a very evolved class of Artificial Intelligence known as Machine Learning looks at this problem statement. Rather than humans feeding domain information or thresholds, Machine Learning Algorithms mine data from historic fraudulent behaviors and create models. These models are then used to evaluate real production datasets to score whether they certain activity is fraud or not. An advantage is that these models are very good at looking the datasets from multiple dimensions and measures at the same time and concluding whether event is fraud or not.

This approach thereby helps in achieving multiple KPI’s of fraud management teams there by increasing efficiency.

  • Higher Accuracy – Because AI can learn and adapt to Business scenarios faster, AI can significantly increase True Positive ratio
  • Reduced time to detect – How fast a fraud event can be detected
  • Self-Learning – How over a period changing business scenarios and seasonality in data can be adopted to Fraud detection
  • Fraud Intelligence– How customer or any other entity behaviors can be learnt and categorized for better fraud detection
  • Proactiveness – Ability to mine for unknown patterns not seen in the data earlier
FM-4

Application of Artificial Intelligence has its own significant challenges and requires a new frame of thought, however looking at the Data Tsunami that has hit the fraud management teams, it looks an AI pro approach would only help Fraud Management teams to scale further.

GDPR – A New Road to Trust

Digital, Fraud Management, General, Regulations

Leave a comment

As the May 25th deadline for the European General Data Protection Regulation (GDPR) looms closer many organisations still haven’t made the internal changes required by the new law.  For those who haven’t yet faced up to the impact of GDPR, a good starting point is to understand how the 7 Principles of this new regulation affect their business.  The challenge many have found is that there is not ‘one size fits all’ when it comes to GDPR.  Every organisation will have different requirements.  That’s why it’s recommended that organisations urgently carry out a self-assessment to gauge their own level of compliance, which considers their own unique circumstances.  Here are some of the questions organisations should ask themselves:

  1. Has all the personal data being held, where it comes from, how it’s processed and who it has shared with been documented?
  2. Are lines of accountability clearly documented should there be a data breach?
  3. Has a lawful basis for the processing been identified and documented? If not then has consent been obtained from the data subjects?
  4. Is there a process to securely dispose of personal data that’s no longer required?
  5. Do staff receive data protection awareness training, and do they know what processes to follow to identify, report and resolve data breaches?
  6. Do we carry out internal audits to monitor our own compliance with data protection principles?
  7. Have appropriate technical and organisational measures to protect data during processing been implemented?
  8. Do key people in the organisation demonstrate support for data protection?
  9. Can we respond to a data subjects request to see the personal data we hold about them?

The ICO, the UK’s supervisory authority, are providing assistance by making a self-assessment tool available on their website.  This can help both data controllers and processors to identify compliance gaps and provides recommended actions.  After carrying out a self-assessment, organisations need to draw up a plan for tackling the compliance gaps identified.  As can be seen from the above questions, high on the list of priorities is documentation. Documentation needs to exist that details the processes and policies to be followed, and as evidence that those processes are being followed.   This is because, in the event of a data breach, auditors from the supervisory authority will be looking for documentary evidence that shows how organisation has tried to comply with GDPR.  Such evidence could significantly reduce the likely penalties.  The level of detail required will depend largely on the sensitivity of the personal data held, and likely risk of a breach.  For example, in the case of highly sensitive data, a full Data Protection impact assessment should be carried out to understand and mitigate the risks.  If companies are diligent in their efforts to protect personal data, and thereby protect the customers themselves, then Elizabeth Denham, head of the ICO, has some comforting words.

‘You will know by now that, while I am never afraid to use the stick in the cupboard, I prefer the carrot.

Education, engagement, encouragement, – they all come before enforcement.

I have said many times that we are a pragmatic regulator and that hefty fines will be reserved for those who wilfully or persistently flout the law.’

GDPR is challenging companies to put their data protection house in order, but the benefit of GDPR is that it forces companies to better understand their own processes and improve internal governance.  This can lead to greater efficiencies and transparency, which can ultimately help to restore trust in big corporations that has steadily been eroded by every new revelation about misconduct and abuse of power, not to mention poor customer service.  Organisations that are looking for ways to avoid GDPR should instead start embracing it as a way to restore customers trust.

Get Started with Subex

SCHEDULE A DEMO CONTACT US