LTE Fraud…. Evolution or Revolution?
“Long Term Evolution” (LTE)..… it was hardly the sexiest name that could have been pinned to a new standard for high speed wireless communication when the first service went live in Sweden and Norway back in 2009. However, on reflection, it is the perfect nomenclature for the technology itself because LTE does not rip up the past and start again but it does represent a series of forward steps which will continue for a long while. The stated objectives of LTE according to the LteTM Encyclopaedia are:-
- Increased downlink and uplink peak data rates.
- Scalable bandwidth
- Improved spectral efficiency
- All IP network
- A standard’s based interface that can support a multitude of user types.
The Encyclopaedia goes on to say that LTE networks are intended to bridge the functional data exchange gap between very high data rate fixed wireless Local Area Networks (LAN) and very high mobility cellular networks.
Evolution also aptly describes the behaviour of the criminal fraternity who are changing their modus operandi in order to keep one step ahead as Operators, Carriers, Vendors, Content/Service Providers and Subscribers take those steps along the 4G LTE path. At the same time, the clever ones are also hoping to scavenge a few valuables that may be left unguarded in the old world, as 4G LTE prospectors redeploy their resources.
LTE is certainly not revolutionising fraud behaviour. The vast majority of the methodologies for obtaining fraudulent gain from LTE/4G services have been tried and trusted over many years through a number of earlier technologies. The scale of gain (or loss if you are the victim) may change for a specific fraud type, and the perpetrator may need to work smarter in order to find the angle of attack; but overall, LTE services are just as susceptible to fraud as the legacy platforms have proved to be.
The challenge for Telcos is to make sure that they too are fine-tuning their prevention, monitoring and detection capabilities accordingly so they are not left trailing in the wake of the perpetrator.
A good fraud manager will want to be alert to the nuances that LTE 4G technology bring and consider some fine tuning of their systems and operations to respond accordingly. For example:-
- New LTE-based services are often separated from the bearer itself. Bearer and service data transactions/events will need to be fed into the FMS, but these will be in different streams. If they can be linked up in the system, that will give the analyst better visibility – and more control – of the end to end activity, thereby providing more context and greater detection capability.
- Because of the split between the bearer and the service, it becomes far more important for the operator to know what service the customer should have access to. Operators must spend more time preventing provisioning fraud (perhaps facilitated by an employee) by checking the usage against the “bill of materials” for that subscriber.
- Events will not necessarily be as simple as they used to be (with a start, an end, an A Number and a B Number), so thought needs to be given to maximising the fraud detection value contained in what may be a complex event (or collection of related events).
- Billing models may change. E.g. There will be more “all you can eat” packages, and some packages may charge on packet sizes rather than minutes. Bills may also be split between different parties in complex revenue chains.
- Working on trying to identify IMEIs on a far wider portfolio of CPEs, Smartphones (& applications) is important. As well as IMEIs, the FMS will need to be flexible enough to monitor numerous other “identifiers” that are useful in tracing fraud across the range of LTE services Eg. IMSI, MSISDN, MAC, IP address, PDP context, URLs, customer account ID etc.
- Subscription Fraud. By definition, LTE devices tend to be more feature-rich and expensive, and are therefore more attractive to criminals. Real-time fraud checks before activation can prevent equipment losses. Checks can include subscriber validation, multiple subscriptions, payment instrument, dealer checks, etc before the customer receives the kit.
- Much higher data speeds over 4G networks may well result in a proliferation of visible M2M events. If the specific M2M behaviours can be identified for each service, there is an opportunity to profile that usage in each scenario and flag where deviations occur. So, a security system might send a periodic short duration, low volume signal to confirm activation or heartbeat. If this device suddenly shows voice calls or high data volumes (such as video streaming), something fishy may be occurring.
- VoLTE (Voice over LTE). This could be highly profitable to fraudsters using LTE for bypass, call selling etc.
- IP-based Frauds such as Spoofing, Hacking, DoS and Malware may require closer monitoring of IP traffic and even content.
This does not mean that Telcos have to go out and replace their FMS tomorrow. But they should start asking questions of themselves and their vendor, such as:-
- Is my FMS flexible enough to deal with a multifold increase in data types /sources and data volumes?
- Does my FMS have solid profiling features?
- Does my FMS have an “inline” or near-real time precheck capability to provide preactivation checks as a fraud prevention strategy.
- Does my FMS have a robust workflow module to enable the analyst to make the right decisions when an alarm is raised?
- How well do I know my customer?
- Do I understand which services my customers are subscribed to?
- Am I carrying out Fraud Risk Assessments on my LTE services before launch?
- Are my analysts capable of interacting with other parts of the organisation that they may not previously have encountered (eg. IT Security)?
So, in summary, LTE is not a revolution in terms of new fraud but it is certainly altering the mix significantly. Operators must respond quickly to the changing landscape if they are to stay ahead of, or even just a short step behind, the fraudsters.
Product Manager for Fraud & Credit Risk Products in Subex. – John has more than 35 years’ experience in the telecoms industry working in a variety of different roles and activities from engineering to Product Management via Project Management, Marketing, Programme Management, Presales and more….
He is a well-respected Subject Matter Expert in the area of fraud management and operations with a wealth of experience to draw on.
John is also a qualified Project Manager with accreditation from International Project Management Association (IPMA) and is an active participant in the Telecommunications UK Fraud Forum (www.tuff.co.uk) – having been accredited by TUFF with Distinction as a Telecommunications Fraud Professional.