menu-close
search-icon
banner

Tag Archives: Fraud

Selling devices – A boon or bane for Telcos?

Smartphone flashes in mind, when device is mentioned.  Devices, however, are a large ecosystem beyond smartphones – a range of equipment like dongles, routers, customer premise equipment (CPE) and IP phones, to name a few.  Devices are a great tool for telco to lock their customers in. For instance, the bundled offers with contracts spanning months provide predictable revenues for the telco’s.

The next wave of opportunity

With IoT and 5G making inroads, telco’s are preparing for the next-generation devices for home and office networks. A lucrative opportunity for telcos, as devices are critical to the IoT/5G penetration. Newer devices will be introduced, like small cells to boost network capacity and improve indoor coverage. It’s no wonder that telcos are investing into devices.

Are telcos benefiting from devices ?

Devices are an attractive opportunity as they improve customer stickiness and ARPU. Devices are good promotional tools to attract new customers and gaining traction even in emerging economies. Many customers extend their relationship with telcos beyond contract period.

Yet, procuring, selling and managing devices is riddled with risks. Fraud, leakages and unmanageable debt are hampering the revenues and profits.

A survey across telco’s states:

telcos stats

What are the risks?

Telco’s on an average spends 20% of their OPEX on procuring and servicing devices. The entire supply chain covering the forward and reverse logistics is prone to risks. The supply chain not only involves stakeholders within the telco (marketing, sales, operations, logistics, finance), but many external parties –manufacturer, supplier, financing partner, distributor, shipping partner, warehousing network, retail agents, repair/refurbish partner, and the end-customer.

risk

The technology stack is complex with at least 10 different applications and platforms involved. Leakages of stock in ordered vs received, inventory gaps, devices ageing at inventory, gaps at POS are a few technological risks to highlight.

Bane to boon – Manage the risks

How could telco’s control the risks & leakages, and make the best of the opportunity? It is important that Telcos have Device Assurance strategy in place to manage the device related risks. Stay tuned for more updates about Device Assurance Solution.

Revanth Sharma

Revanth Sharma is a seasoned professional who specializes in Risk Assurance in Telecom . He has over 10 years of experience in the Telecom industry and has a vast exposure to customers from all regions. He currently works as a Director- Business solutioning & consulting, managing various product & services portfolios for emerging markets at Subex.

Cash in on Reverse Logistics

Reverse logistics has long been the problem child of supply chain management. Increasingly that child has been in need of some serious help. This is due to two factors. The way in which the internet has transformed how we shop, and the short lifecycle of consumer goods. Although most consumers still like to shop in high street stores to find the products they like, at least 8% of sales are now from consumers just clicking on a picture to buy a product, comfortable in the knowledge that they can return it if necessary. In most countries, consumers have a legal right to return goods purchased on the internet. Many retailers now even offer free ‘try-before-you-buy’ returns, but the processes for managing those returns, known as reverse logistics, are far more fragile, costly, and susceptible to issues than the generally well-controlled forward logistics processes. Although return rates vary widely across different verticals, the average return rate has been calculated to be around 17 to 18%.

Brightpearl

Source: Brightpearl

Reverse logistics faces complex issues due to the ad hoc way in which consumers return items and vulnerabilities in the returns processes. Because reverse logistics is not seen as a revenue-generating process, it sometimes doesn’t get the attention it needs, but recently it’s been getting more widely recognized as having a key role in the company’s profitability. Having efficient processes for collecting, re-selling or recycling used items can bring in additional revenue and improve a company’s bottom line. There are other important reasons for giving more attention to reverse logistics.  Consumers are now judging companies on their green credentials, and consumers are aware that many electronic devices contain some highly toxic chemicals. Providing a channel through which old devices can be traded in and reliably recycled is a positive selling point. The efficiency of the returns process also has a significant impact on customers impression of a business.

Although the ‘returns revolution’ impacts all retail lines of business, high-value consumer electronics are especially prone to issues in the returns process.  Huge volumes of handsets, set-top boxes, routers, even TV’s and laptops, are now being returned through a multitude of channels for a variety of reasons. Warehouses may receive thousands of such goods per week. Most of those devices may still be working and able to be resold, but tracking such devices back from customers, assessing their viability for resale, refurbishing, repackaging, and then re-distributing them, is a substantial challenge.

The problems begin as soon as a customer says they want to return a device. Whether it is because the device is faulty, unfit, incorrect, unwanted, or because they’re terminating their contract, they must provide notification that the device is getting returned. Agents must correctly capture the details of why the device is getting returned and issue an RMA (Return Merchandise Authorisation). This will trigger a complex sequence of processes to terminate services in the network, calculate bill adjustments, prepare downstream systems for receipt of the returned devices, update inventories on receipt, manage the inspection, refurbishment, and resale of those devices, and potentially issue replacements for faulty devices. Depending on factors such as contract, warranty, device status, termination type or customer rating, customers may be liable for additional charges or eligible for compensation.
Reverse Logistics

Typical return channels would be to send a device by courier, return it to a shop, or a technician may return the goods.  Whatever the channel is, devices will often arrive without a clear indication of which customer account they relate to.  Returns to stores are particularly problematic with agents failing to scan in barcodes or register returns correctly. In-store systems may not be able to record IMEI, IMSI and/or serial numbers, and there is no motivation for staff to label returned devices accurately.

With so many moving parts it’s no surprise that many devices become stranded or lost along the way, and customers getting charged incorrectly. Operators have been known to write off more than $5+ million in lost devices per month.

One solution is to implement automated controls that provide monitoring across all systems in both forward and reverse logistics, thus assuring that devices can be monitored from the initial order in CRM, in and out of warehouses, with couriers, shipping, refurbishment partners, finance companies and activation status in network service provisioning.  With monitoring systems in place that can even detect the physical location where devices are installed, it’s possible to validate inventory, bill customers and partners accurately, prevent fraud, recover maximum value from returned devices and understand why devices are getting returned.

Subex provides ROC Device Assurance solutions to operators around the globe, helping to track down missing devices, reconcile and correct billing, CRM, provisioning, distribution and inventory systems with world leading discovery and reconciliation capabilities.

Mark Jenkins

Mark Jenkins has worked in the IT industry for over 15 years as a BI and Analytics consultant, and more recently as ROC Product Manager for Subex Ltd. He has designed and deployed solutions for global companies in many sectors including Insurance, utilities and telecommunications. Mark holds a BSc Hons in Computer Science from Manchester University (UK).

8 Simple Strategies for Telcos to counter Wangiri Fraud

Wangiri is not new rather; it is one of the most commonly occurring telecom fraud. In a recent case, a fraudster gave a missed call to several users of different countries. When the users viewed the missed call on their mobiles, they thought that it was a genuine missed call and called the number back. That is where they got tricked! The fraudulent numbers were unusually long and originated from an array of exotic countries. These were premium rated numbers so when the users called back, the fraudster’s intention to extract maximum payment out of them was successful.

In such scenarios, it is not just the subscribers but their operators as well who bear the losses. There is both a direct and an indirect loss for the operator. As per the latest CFCA 2017 global fraud loss survey, Telcos have lost close of 1 Billion USD to Wangiri Fraud alone, which is quite a lot!

In my point of view, Wangiri cannot be eliminated entirely for two main reasons- there is no proper regulation on the carrier business, and there is lack of visibility on the end carrier who is terminating the call. The end carrier who terminates a fraudulent missed call is not aware of the fraudster details and whether the country from which call has originated is a high-risk destination or not.

So, let’s look at how can telcos protect revenue and provide great customer experience?

  • Subscriber Awareness

A pro-active approach to minimize Wangiri fraud would be, making the consumers aware of the fraud scheme. If a number appears to be suspicious, a quick search of the number in several free apps available online, would tell the customer if the number is a part of any ongoing scams or not. Several Fraud Management tools are readily available in the market to detect and prevent Wangiri.

  • Customer Experience Management

As the customer is the king of any business, and hence Telcos need to manage the customer complaints effectively, which will, in turn, reduce customer churns. All employees in the customer care department should be well informed about the Wangiri fraud and how the customer care executives should manage the complaints related to this fraud.

  • IVR (Interactive Voice Response) Facility

IVR Facility is a pro-active approach that can be adopted by the operators. Whenever a subscriber calls back to a high-risk destination upon receiving a missed call, the operator should have an IVR voice informing him about his called destination. This IVR voice message would make the subscriber cautious to drop the call.

  • Removal of International Services as the default service for a Subscriber

In India, Telecom Regulatory Authority of India (TRAI) has announced a new mechanism to effectively protect the common interest of mobile subscribers. TRAI has said that international service calling facility should not be activated on prepaid SIM cards without the explicit approval of the consumer. This measure is yet to be adopted by several other regulatory bodies globally.

  • Technology

To protect customers from phone scams, T- mobile has introduced a new network technology. They have rolled out a scam ID by which customers are automatically alerted when an incoming call is likely a scam.

Several other vendors are also coming out with similar technological solutions.

  • Routing Management of carrier:

When a fraudster carries out the Wangiri fraud and gives missed calls to multiple subscribers, high amount of increased traffic can be observed on the carrier who routes these calls. If an operator monitors this activity, there will be a repetitive trend of increased traffic observed on the same carrier to route these calls. In such cases, an operator must take necessary precautions to route all the traffic through an alternative carrier. Routing the calls through a different carrier will help in breaking the chain between the fraudster and the linked carrier.

  • Control designing through FMS tool:

Control designing through an FMS tool is required as it helps in early detection of Wangiri activity. An FMS tool assists in the discovery of Wangiri cases by monitoring the number of calls made by the fraudster. Artificial Intelligence & Machine Learning can play a significant role in detecting the Wangiri fraud.

  • Negative Margin Prevention

In case of a negative margin occurrence, the number needs to be blocked by the operator immediately as it leads to direct impact in the revenue.

I would conclude by saying the famous quote by Bill Gates, “Treatment without prevention is simply unsustainable”- though Wangiri fraud can never end completely, right preventive measures can minimize it significantly.

neha

Neha is a Consultant (FM) in Subex’ s Managed Services vertical, focusing on telecommunications sector. She has over 4 years of experience in consulting and IT industry with key focus on Fraud Management, Risk Advisory -Telecom, Software Development & IT transformation. She has previously worked with EY & QuEST Global Pvt. Ltd

Account Takeover – Fraudster Intelligence

Account takeover fraud is one of the most common fraud types across the world. Fraudsters use the various methods to takeover an existing open account within the mobile operator or the banking instrument. The commonly used method of committing this type of fraud is vishing or smishing. As per CFCA fraud survey, account takeover accounted for an estimated fraud loss of 1.7 Billion US Dollars in the year 2017.

In all these scenarios, the primary goals of the fraudster are to gain access to the account and (by-) pass the validation steps. In many situations, such validation may only require low-level knowledge-based authentication, so basic information obtained by the fraudster is used to validate and by-pass controls in place and to takeover the targeted account.

I was investigating an Account takeover fraud case for one of the leading telecom operator in the APAC region wherein the fraudster used a different type of methods to commit this fraud. Many customers lost millions of dollars from their bank accounts without the knowledge after their account was taken over by the fraudster. On investigation, we identified that the fraudster’s primary motive was to takeover both mobile and banking account and then initiate multiple fraud transactions. He used Social Engineering, CLI spoofing, Spoofed website & Malware to commit the fraud.

The Fraudster sequentially executed his schemes. He targeted only the high-profile subscribers in a region. He acquired all the information of the subscribers using social engineering methodology and called up the subscribers pretending to be a Bank executive and Mobile operator security officer. He asked the subscribers to download a malware-infested application from a spoofed website, following which he gained remote access to their mobile phones.

The malware would read the SMS’s & call logs from the subscriber’s mobile and forward the details to fraudulent server. It also deleted the SMS & call logs from the mobile handset before the subscriber knew the same. The intention behind the reading of the SMS & Call log is to Bypass the second level authentication for completing the banking transactions. With this method in place, he was able the execute multiple transactions without the knowledge of the subscribers.

Impact to Telcos?

When subscribers approached law enforcement agency, the Law penalized both Telco and the bank and recovered from them, the amount lost by the subscriber. The Law took this action to protect the interest of the customers and secondly it was negligence from the service provider that led to the revenue losses of the subscribers.

Telecom & banking service need to protect the subscribers from such fraud attacks by providing awareness to subscribers. Fraud management systems need have intelligence built into them to detect the fraud attack and control damages at an early stage.

Vijay Amirthraj

Vijay is a Principal Consultant in Subex’s Managed Services vertical, focusing on Fraud Management. He has over 12+ years of experience in Telecom fraud, & Revenue Assurance management professional with  progressive experience in process management and managing risks in telecom business.

Dealing with Bypass Fraud : Think beyond the boundaries

Amid the fierce competition facing the telecom industry, sometimes we listen to stories how lack of forethought of one Telco brings on illegal traffic on the network, leading to aggressive open wars and blame games among the operators affected by the fraud. The Telecom Regulatory Authority could intervene in such scenarios and encourage a competitor to block suspicious outgoing traffic if it finds out that not enough care is being taken to avert the fraud.

Interconnect Bypass fraud is one such telecom scam costing the industry several billion dollars every year. It brings collateral damage to the networks involved, and the impact will be huge. The Telco could be imposed hefty penalty for its failure to detect and resolve the issue on time. Further, it could bring serious business implications for all participating telcos. In the process of rampant blocking of suspicious traffic, sometimes traffic of genuine customers could get blocked, leading to customer dissonance and dissatisfaction along with loss of other business opportunities.

Here’s an example of a West African Telco who suffered massively due to Bypass fraud.

Why did this happen?

The West African telecom operator had been massively impacted by off-net Bypass fraud where the network of the operator was being misused to land fraudulent calls on the competitor’s network. Over time, the problem became so grave that the Regulatory Authority of the country had to step in and take charge of things. This eventually ended with the competitors blocking both fraudulent and genuine traffic from the Telco affected by the interconnection fraud.

Investigations conducted confirmed that the huge differences between the International termination rates and local termination rates made the environment suitable for fraudsters to run their schemes. There aren’t enough KYC controls in the country to facilitate certain onboarding checks which distinguish a genuine customer from a fraudulent one.

Impact on business

There were multiple warnings and memos issued to the operator from the Regulator, indicating that the operator would have to face penalties if amendments are not made in time.

Customers flooded the operator with complaints saying that their off-net calls were being barred without prior notice and for no fault of theirs and threatened that they would eventually churn out of the network if their services weren’t restored.

The atmosphere grew so tense that instead of cooperating, the operators became more aggressive and indulged in a rat-race in trying to prove a point to the Regulator as to how better and efficient they were from the rivals in terms of detecting Bypass fraud cases.

The solution

With the understanding that Bypass scams are rampant, Telcos need to direct their efforts towards building knowledge-sharing forums where they can share insights on fraudster behavior and geographical locations from where most of the fraudulent calls are generated and what kind of products tend to get misused by these fraudsters to nip things in the bud.

Telcos should understand that indulging in rat race or blaming each other will not help solve issues arising from such frauds; rather they should adopt a proactive approach to identify and prevent such scenarios in future. Instead of the Regulatory authority dictating terms to the operators, the operators must drive the authority to create nationalized framework for user identity governance.

Vijay Amirthraj

Vijay is a Principal Consultant in Subex’s Managed Services vertical, focusing on Fraud Management. He has over 12+ years of experience in Telecom fraud, & Revenue Assurance management professional with  progressive experience in process management and managing risks in telecom business.

Why Artificial Intelligence Powered Fraud Management

Artificial Intelligence (AI) is not new and it has been around for decades. However, with the advent of big data and distributed computing that is available today, it is possible to realize the true potential of AI. From what started as an interesting story line in SCI-FI movies to programs like Alpha-Go which has been beating humans, AI has been evolving. AI also has branched out into multiple sub categories such as Machine Learning, Deep Learning, Re-enforcement learning etc.
FM-1

FM-2
An effective Fraud Management (FM) strategy includes 3 important pillars: Detect, Investigate & Protect. We believe AI can positively influence all the 3 pillars of fraud management, from reducing false positives to helping in mining root cause analysis to creating enhanced customer experience in protection.

In this post I would like to look at the starting pillar of the Fraud Management strategy – “Detection” and look at AI’s influence in this very important step. A traditional approach to Fraud detection has been through Rule Engines which could be:

  • If-Else Conditions
  • Thresholds
  • Expressions
  • Evaluating Data Patterns
These are widely known as deterministic solutions where an event triggers an action. The biggest pros and cons with this approach is that human intervention is needed to feed the logic.

For eg: for a threshold based detection humans have to feed the rule engine that count of records above a certain threshold is suspicious.

Following diagrams shows how this looks like

rule-engine

After looking at the diagram above an important question arises, should this threshold value be a straight line or can it bend based on how data behaves. Now there are ways for rule engine to behave like mentioned in the diagram,

variable-threshold

for eg, instead of having a single rule lets have multiple rules

  • Per Customer Category
  • Per Destination
  • Per Age of Customers

And multiply that with other dimensions in data which are

  • Phone Number
  • Caller Number
  • Called Number
  • Country Code

And multiple that with other set of measures per dimensions

  • Count
  • Duration
  • Value

And throw an additional billion volumes at the datasets

Quickly FM teams ends up with something like this
AI Blog1
But what they wanted or dreamt was this
AI Blog2

Now I am not saying FM teams are not skilled enough to fly, but a fraud team in a modern Digital Service provider should be more focused on other important factors.

machine-learning
So, let’s look at how a very evolved class of Artificial Intelligence known as Machine Learning looks at this problem statement. Rather than humans feeding domain information or thresholds, Machine Learning Algorithms mine data from historic fraudulent behaviors and create models. These models are then used to evaluate real production datasets to score whether they certain activity is fraud or not. An advantage is that these models are very good at looking the datasets from multiple dimensions and measures at the same time and concluding whether event is fraud or not.

This approach thereby helps in achieving multiple KPI’s of fraud management teams there by increasing efficiency.

  • Higher Accuracy – Because AI can learn and adapt to Business scenarios faster, AI can significantly increase True Positive ratio
  • Reduced time to detect – How fast a fraud event can be detected
  • Self-Learning – How over a period changing business scenarios and seasonality in data can be adopted to Fraud detection
  • Fraud Intelligence– How customer or any other entity behaviors can be learnt and categorized for better fraud detection
  • Proactiveness – Ability to mine for unknown patterns not seen in the data earlier
FM-4

Application of Artificial Intelligence has its own significant challenges and requires a new frame of thought, however looking at the Data Tsunami that has hit the fraud management teams, it looks an AI pro approach would only help Fraud Management teams to scale further.

Nithin Gangadharan

Nithin has more than 10 Years of experience in Fraud Management. He started his career as an Implementation Consultant with Subex Ltd and has been part of many Fraud Management implementations across APAC & Middle East. He has also been a Subject Matter expert & Business Solution Consultant earlier. Nithin is currently working as Product Line Manager for Fraud Management and machine learning developments at Subex.

GDPR – A New Road to Trust

As the May 25th deadline for the European General Data Protection Regulation (GDPR) looms closer many organisations still haven’t made the internal changes required by the new law.  For those who haven’t yet faced up to the impact of GDPR, a good starting point is to understand how the 7 Principles of this new regulation affect their business.  The challenge many have found is that there is not ‘one size fits all’ when it comes to GDPR.  Every organisation will have different requirements.  That’s why it’s recommended that organisations urgently carry out a self-assessment to gauge their own level of compliance, which considers their own unique circumstances.  Here are some of the questions organisations should ask themselves:

  1. Has all the personal data being held, where it comes from, how it’s processed and who it has shared with been documented?
  2. Are lines of accountability clearly documented should there be a data breach?
  3. Has a lawful basis for the processing been identified and documented? If not then has consent been obtained from the data subjects?
  4. Is there a process to securely dispose of personal data that’s no longer required?
  5. Do staff receive data protection awareness training, and do they know what processes to follow to identify, report and resolve data breaches?
  6. Do we carry out internal audits to monitor our own compliance with data protection principles?
  7. Have appropriate technical and organisational measures to protect data during processing been implemented?
  8. Do key people in the organisation demonstrate support for data protection?
  9. Can we respond to a data subjects request to see the personal data we hold about them?

The ICO, the UK’s supervisory authority, are providing assistance by making a self-assessment tool available on their website.  This can help both data controllers and processors to identify compliance gaps and provides recommended actions.  After carrying out a self-assessment, organisations need to draw up a plan for tackling the compliance gaps identified.  As can be seen from the above questions, high on the list of priorities is documentation. Documentation needs to exist that details the processes and policies to be followed, and as evidence that those processes are being followed.   This is because, in the event of a data breach, auditors from the supervisory authority will be looking for documentary evidence that shows how organisation has tried to comply with GDPR.  Such evidence could significantly reduce the likely penalties.  The level of detail required will depend largely on the sensitivity of the personal data held, and likely risk of a breach.  For example, in the case of highly sensitive data, a full Data Protection impact assessment should be carried out to understand and mitigate the risks.  If companies are diligent in their efforts to protect personal data, and thereby protect the customers themselves, then Elizabeth Denham, head of the ICO, has some comforting words.

‘You will know by now that, while I am never afraid to use the stick in the cupboard, I prefer the carrot.

Education, engagement, encouragement, – they all come before enforcement.

I have said many times that we are a pragmatic regulator and that hefty fines will be reserved for those who wilfully or persistently flout the law.’

GDPR is challenging companies to put their data protection house in order, but the benefit of GDPR is that it forces companies to better understand their own processes and improve internal governance.  This can lead to greater efficiencies and transparency, which can ultimately help to restore trust in big corporations that has steadily been eroded by every new revelation about misconduct and abuse of power, not to mention poor customer service.  Organisations that are looking for ways to avoid GDPR should instead start embracing it as a way to restore customers trust.

Mark Jenkins

Mark Jenkins has worked in the IT industry for over 15 years as a BI and Analytics consultant, and more recently as ROC Product Manager for Subex Ltd. He has designed and deployed solutions for global companies in many sectors including Insurance, utilities and telecommunications. Mark holds a BSc Hons in Computer Science from Manchester University (UK).

Why SIM Box Fraud is Rampant in Africa?

The second fastest-growing continent after China, Africa owes much of its recent economic growth to the use of telecommunications services. However, over the past few years, telcos in Africa have been hit by several telecom frauds. SIM box fraud, also known as the interconnect bypass fraud, is one of the major frauds affecting the dynamic telecom market in Africa. The impact is huge in terms of the loss in revenues to telcos and taxes to the government. It is estimated that Africa loses up to 150 million US dollars every year to interconnection frauds. Reports suggest that two years back SIM box fraud had brought in losses of 12 to 15 million minutes’ worth of revenue to Kenyan government and operators, and about US$5.8 million to Ghana government.

Why SIM Box Frauds Target Africa?

  • As per the industry reports, mobile subscriber growth in Africa is largely driven by the lower call prices and availability of cheaper handsets. The competition arising from over-the-top (OTT) providers has put an additional pricing pressure on telcos, forcing them to design new bundled offerings encompassing data, voice and SMS. Such bundles bring much lower per-minute revenue for the operators as compared to traditional services. Fraudsters operating the SIM boxes are taking advantage of this scenario to bypass the formal call termination systems that fetch higher tariffs to telcos.  The calls routed through the IP networks are terminated using local SIM gateways, thus compromising the formal interconnection networks and bringing heavy losses to the telcos who have invested in building the networks. Traditionally, African countries are known to have higher interconnection tariffs compared to other regions, which further explains why such frauds are prevailing in Africa.

 

  • If I were to look at data from google trends, one can also make out that Ghana in Africa seems quite buzzy about “Simbox Fraud” as a term to be searched on Google (till Nov, 2017)

 

simbox-fraud1

 

 

  • Technological advancements have also contributed for the rise in interconnection frauds. The growing sophistication around SIM box technologies has made fraud detection difficult using traditional methodologies. SIM boxes are programmed to mimic the activities of a normal call user. The equipment can have SIM cards of different operators installed, so a single SIM box can operate with several GSM gateways located in different parts of the world. The availability of SIM cards at cheaper prices and the lack of law enforcement over the sale of prepaid SIM cards have also favored the growth of SIM box fraud, further.

 

  • Globally, the difference in approaches adopted by different countries to deal with the fraud makes it difficult for operators to develop a unified strategy to fight these frauds. IP interconnection services are treated as legal in a few countries whereas they are banned in other countries due to the regulatory issues associated with such activities. For example, the Ghanaian government has declared SIM boxes illegal and made several arrests in this regard. However, SIM boxes are now available in several open markets including popular e-commerce platforms for around $1000 per unit. To make the matter worse, OTT providers like Viber are now explicitly selling their call termination capabilities to lure roaming customers to such bypass activities. Another such OTT development I recently noticed is Skype offering Free calls to mobiles and landlines in the United States and Canada from India These evolving trends convey the scale at which the SIM fraud is growing, calling for immediate action from telcos to safeguard their revenue streams.

Unified approach for addressing Sim-box fraud:

To conclude, the recent developments around SIM box fraud have further aggravated the challenges faced by African telcos. With no scope for regulatory remediation, the only way forward for them is to prevent these attacks using advanced technologies. Traditional approaches like Call Detail Record (CDR) analysis are becoming ineffective in dealing with modern SIM box strategies due to the latency and false positives associated with those methods. As the market evolves, operators are looking toward a unified approach that can help them address the crisis in a much proactive manner. The developments around machine learning and test call group (TCG) analysis have favored the growth of an integrated solution that can help telcos combat the fraud in a cost-effective manner. The approach builds the capabilities of the traditional models but integrates the advancements in artificial intelligence and self-learning rules.

Watch this space for more updates on SIM box fraud management with cognitive analytics capabilities.

neeraj

Neeraj leads digital marketing for Subex with focus on Website, Search, social media, mailer automation and MIS. In addition to this role, he also looks after product marketing for Revenue Assurance & fraud Management solutions for the company. He comes with over 8 years of experience spanning across sales, product and digital marketing.

Why Telcos could never overcome Simbox Fraud since a decade Now

Simbox, Bypass Fraud/ Or Interconnect bypass Fraud has been one of the fastest growing Fraud Types In recent few years.  As per 2017 Global Fraud Loss Survey by CFCA, Global Fraud Loss Estimate stands at $29.2 Billion (USD) annually which is 1.27% of global telecom revenues.

global bypass

Source CFCA Survey Results

Simbox Fraud / Bypass Fraud has been a significant fraud issue for more than a decade now. CFCA survey results across 2009 till 2017 clearly shows an increase of more than 100%  in Bypass fraud since 2013. In this blog, we shall discuss about factors that has contributed to this continuous increase in Bypass Fraud and reasons, operators have not been able to effectively mitigate Bypass Fraud.

Factors for continuous Increase in Bypass / Simbox Fraud:

  • Reduced barrier for entry

Buying and operating SIMBoxs has never been easier with online stores, e-commerce websites,courses, forums and instant support availability.  This has led to an increased spread of VOIP based startups and subsequent increase in bypass fraud. VOIP based calling apps have also made customer acquisition easy by making them  easily available on  AppStore for Android & IOS users. For instance, a recent news from India covered the similar trend wherein those who wanted to make international calls from Gulf countries has to download an app called ‘dial to India’ Once this app is downloaded, they get a password for monthly subscriptions. The person sitting abroad will just dial the number in India, the call will bypass the VSNL gate and will directly route through the SIM box and will get connected from there. Read More

Few more such examples as below:

Illegal phone exchanges thriving on SIM boxes

VOIP exchanges used by ISI busted in Andhra Pradesh, India

  • Competitive Landscape

Reduced margins on international traffic has resulted in wholesale traffic being mixed with internal traffic. Wholesale providers have also been increasingly offering non-CLI based options which could potentially end up in Grey routes. This fierce competition had led to increase in bypass traffic particularly in countries with higher landing costs.

Reasons Operators have not been able to effectively mitigate Bypass Fraud:

  • Advancement in Sim-server Technology

Simbox have evolved from being a simple single box setup to a complex modular architecture. This architecture allows fraudsters to maintain all the simcards in a single place and using Antenna modules and multiplexers, fraudsters are able to distribute their operations in the market. In fact, Latest Simservers also comes with inbuilt anti-fraud detection solutions allowing fraudsters to  distribute his operations in multiple locations. This makes fraud detection very complex as fraud management teams have to device multiple strategies to beat fraudsters at their game.

  • Regulatory Changes

Regulatory changes in certain markets have fueled increase in traffic for Bypass. Recent changes of regulations in European Union has also resulted in traffic with E.U been heavily being differentiated in price from traffic outside E.U thereby causing significant increase in Bypass traffic.

  • Raising Concerns in Simcard Sales

Increased pressure to maintain sales and activation of new connections have resulted in dealers colluding with Bypass fraudsters. Bypass operations requires lot of sims to be activated in bulk and lack of effective subscriber acquisition controls have led to fraudsters taking advantage of it.

Fraud Management teams further have an uphill task in the Bypass fraud space as new technologies such as virtual sim’s would only increase the impacts on bypass of international traffic. It is hence important that they adopt a comprehensive fraud detection methodology to fight simbox frauds.

Nithin Gangadharan

Nithin has more than 10 Years of experience in Fraud Management. He started his career as an Implementation Consultant with Subex Ltd and has been part of many Fraud Management implementations across APAC & Middle East. He has also been a Subject Matter expert & Business Solution Consultant earlier. Nithin is currently working as Product Line Manager for Fraud Management and machine learning developments at Subex.

The GDPR Countdown

It’s only a few short months till May 25th when the European Union’s GDPR (General Data Protection Regulations) become law.  After many years of bureaucratic deliberation, the official text of the General Data Protection Regulations was finally published in May 2016.   Although the entire document is 261 pages long, the principle subject of the GDPR is stated clearly on the front page.  It is for

…the protection of natural persons with regard to the processing of personal data…

In that opening sentence are two key points.  First point is that it is for the protection of natural persons.  The phrase ‘natural persons’ makes it clear that this regulation is not for the protection of companies or organisations, but for protection of people, or data subjects in the jargon of the GDPR.    The second point is that it is about the ‘processing of personal data’.    Each of these words needs to be carefully defined, which is essentially what the remaining 260 pages of the document attempts to do.

The reason new regulations have become necessary is because the landscape of data processing has changed dramatically since the Data Protection Directive (95/46/EC) was introduced back in 1995.  In those days data storage was too expensive to store anything but essential data, and the internet was mostly just a few academic or special interest websites.  Then the corporate world woke up to the potential value of piping advertising and shopping direct into people’s homes and the internet has exploded into a vast shopping centre and ocean of general knowledge.  Behind all that surfing is also an ocean of data about what people like and dislike, their health, what they eat, their habits, what they spend and where they are doing that spending.  That data, your data, is gold dust for corporations who are trying to predict how to persuade you to spend more, but it is also invaluable for fraudsters or criminals looking for ways to steal your identity, your money, or do you harm.    That is why European regulators are now trying to put a stop to the rapidly escalating problem of data breaches by threatening extremely high penalties for companies that have data breaches.  For the worst offender’s fines of up €20 mn or 4% global annual turnover can be imposed.   There is no doubt that a great many companies and government agencies are extremely poor at data protection, but the GDPR tries to make it clear what all organisations need to do to become compliant.  Compliance comes from following what are known as the 7 Principles relating to the processing of personal data, which I’ve paraphrased below : –

  1. Only process personal data for a lawful and fair purpose
  2. Only collect and process data for an explicitly specified purpose
  3. Ensure personal data is relevant and necessary for the specified purpose
  4. Ensure personal data is kept accurate
  5. Keep data in a form that allows for identification of individuals for no longer than is necessary
  6. Keep personal data hidden in a secure environment
  7. Keep track of everything, and be prepared to show regulators what steps have been taken to protect personal data

To do this companies should first perform an audit to know what personal data they hold, where it comes from, where it’s stored, who can see it and how it’s disposed of.

The main challenge is really in deciding how to keep data hidden, and how to secure the environment.  Ideally all personal data should be encrypted in a data store which is completely isolated from the internet, or from physical intrusion.  Access to the data should be tightly controlled and only given to authorised individuals where necessary.  All access to those systems which can display personal data should be logged and the logs reviewed on a regular basis.  From an organisational stand point all the processes for storing, handling and disposing of personal data should be documented and audited on a regular basis.

GDPR is intended to protect all of us from misuse of our data.  We at Subex are dedicated to helping operators to comply with these new regulations which will ultimately lead to safer and more secure future for us all.

Watch out this space for more updates.

Mark Jenkins

Mark Jenkins has worked in the IT industry for over 15 years as a BI and Analytics consultant, and more recently as ROC Product Manager for Subex Ltd. He has designed and deployed solutions for global companies in many sectors including Insurance, utilities and telecommunications. Mark holds a BSc Hons in Computer Science from Manchester University (UK).

Get Started with Subex