Tag Archives: wholesale fraud

The Re-Emergence of Convergence

Operators and global industry forums continue to wrestle with the question of whether or not to merge their fraud and security teams/work-groups to cope better with criminals who are breaking in through IP-based networks in order to derive profit for themselves (or their causes), or just to wreak havoc and disruption on their “enemies”.  Fraudsters are not just partaking in the traditional crimes of bypass fraud, roaming, Dial Through, AIT/PRS, Call Selling fraud etc., but also the exciting new stuff…. Phishing, malware, spoofing, DDoS, Trojans etc.

One can be forgiven for thinking that fostering closer links between fraud and security domains is breaking new ground in terms of responding to the threats posed by 4G/LTE, NextGen, the continued growth of e/m-commerce and the proliferation of data passing over networks.   I guess it is a sign of my advancing years that I can’t help feeling that we have been here before…

15 years ago, when I was prepping for an interview for my first job in the fraud management arena, I was listening open-mouthed as a fraud expert was explaining to me the finer points of PBX Hacking.  Thinking back, two things were very clear:-

  1. The Operator in the UK already had a merged fraud and security group (which they later separated out, then subsequently re-merged again, by the way).
  2. The main advice to combat PBX Hacking was prevention, not detection… and that meant security prevention. The operator was keen to tell its business customers that they needed to physically lock away their PBX equipment, protect their passwords, switch off unnecessary/vulnerable services such as DISA/Voicemail, carry out security awareness training for switchboard operators, support staff, suppliers, use barring at switch or extension level, keep PBX call logging records to see hacking attempts before they succeed, shred old copies of internal directories, vet their security/cleaning staff, etc. etc.   The FMS only stepped in when all the prevention activities failed and the PBX was breached.  By the time that happened, operators were already losing money directly, if they were responsible for the switch, or indirectly if their customers were liable.  Customers may have been unwittingly facilitating the fraud by their lack of security awareness etc. but even so, if a small business – used to paying perhaps $1000 a month for calls, suddenly gets a bill for $20000, they are going to fight it, refuse to pay it or be unable to pay it.  The indirect cost to the operator of customer complaints, disputes, potential court cases, damage to the brand, bad publicity, negotiated settlements, debt write-off and churn etc. can cost far more than the original bill.  It was a lose/lose situation… unless you were the fraudster.

These days, with the emergence of 4G/LTE, IP-based Networks, perpetrators are still committing the same underlying crime for the same motives as before, but now they are breaking in through a host of different entry points, wearing better disguises, carrying bigger SWAG bags and using faster getaway vehicles.  In truth, many operators are struggling to keep up with the high number and seemingly unpredictable nature of these attacks.

Security teams are traditionally very good at preventing access to networks, but they are not perfect.  The pace at which network elements, components, interfaces and transactions are increasing is making it impossible for all the preventative measures to be in-situ from day one.  Not to mention the surfeit of off-the shelf tools that fraudsters can use to break in to more and more lucrative areas of daily commerce.

In practice, Prevention alone cannot succeed.  Detection, Analysis and Response are also essential elements of the fraud management cycle.


So, my point is this…. security and fraud teams cannot operate in silos.  Security teams must continue to try and prevent malicious intrusion as much as possible.  That requires taking in a lot of real-time data from the access points, identifying the nature of the content and the data patterns and quickly blocking anything that looks dubious.  But when the intruder gets in (and they do in their numbers), that is when the fraud team can also play their part.

Whilst the security team controls corporate IT networks, how well can they police the mobile workers and the homeworkers, the tablet users, the App Store/Android Users etc.?  And if you think that profiling subscribers was difficult historically, how much harder is it when you can’t even define what a subscriber is, let alone track their behaviour.  In the new world, the relationship between account holder, subscriber and product/service is not always obvious.  Also, the billing relationships for transactions can be mind-boggling.  Couple this with the speed at which these transactions are taking place and the value of services and content being passed across a proliferation of bearers, and you have a minefield to negotiate.

This is where a good Fraud Management System can supplement an operator’s security tools.  An FMS must now be equipped to take in much larger volumes of data than before, in many different forms and process it much quicker.   Any reputable FMS vendor will now be offering solutions with large scale, flexible data handling tools (including probe / deep packet inspection events), internal/sales partner audit logs/feeds, inline service/transaction monitoring, exhaustive rules engines (real-time, in-line and statistical), subscriber grouping & profiling features, reference data including Hotlists/Blacklists, fraud and device “fingerprinting” capabilities, ID verification, alarm prioritisation and established, flexible workflows, with a range of analytics tools and visualisation features.  All these components – in the hands of an experienced and well-managed fraud operations outfit – will help to choke fraudsters and drive them out to look for easier targets.

So, in summary, don’t let the security guys take all the strain at the prevention stage.  Share the data, share the knowledge and spread the load to the fraud team for a more comprehensive response.

To get more information about Subex Fraud products please click here.

Wholesale carriers lost 6.12 billion dollars last year due to fraud!

Subex, in collaboration with Capacity magazine, had conducted a survey on Wholesale Fraud Management which was responded by 195 diverse participants from the wholesale industry including senior executives, fraud practitioners and experts from some of the world’s largest carriers.

Survey participants’ regional distribution can be seen in the map below:


Participants’ profile in terms of revenue can be seen in the chart below:


The results which were published on 13-Mar-2013 turned out to be quite staggering and an eye opener!

The survey has revealed that carriers lose around 3.6% of their revenue to fraud, which if the Wholesale Carrier market is estimated to be around $ 170 Billion, translates to monetary figure of $6.12 billion per year!


Considering there is a tremendous pressure on wholesale carriers due to increased competition leading to price wars and eroded margins, losses of such high magnitude create a substantial impact on their bottom line.


The problem doesn’t end here. Majority of the participants (82%) have also agreed that the menace of fraud has been on the rise over the recent years and continues to grow!  Clearly, the impacts are going to be higher with time if carriers do not up their ante against fraud now.

The report also touches and provides interesting findings over the following areas:

  • Size of the problem including prevalent fraud types in the industry currently
  • What factors are fueling the fraud growth
  • Direct and indirect impacts of fraud on carriers
  • Readiness of the carriers in combating and containing frauds
Being a global provider of Fraud Management solutions & services and leveraging on it’s domain expertise, Subex has also provided its views and opinions over the findings which can help carriers in understand this complex and constantly increasing problem of fraud better and take appropriate measures in order to protect themselves.
Happy reading!

Wholesale Carriers – What if they go beyond protecting only their customers against fraud?

Fraudsters in telecom have always been attracted towards conducting cross border (international) frauds. Reasons such as lack of any country’s jurisdiction, anonymity, cross country non-cooperation and to top it inter operator & inter carrier competition have always provided the much exploited environment to conduct frauds.

Let us start with some industry recognized fraud loss statistics posted by CFCA. The top 4 fraud loss categories reported by CFCA in 2011 were:

  • $4.96 Billion (USD) – Compromised PBX/Voicemail Systems
  • $4.32 Billion (USD) – Subscription/Identity Theft
  • $3.84 Billion (USD) – International Revenue Share Fraud
  • $2.88 Billion (USD) – By-Pass Fraud

Considering a well accepted fact in telecom that “Subscription/Identity Theft” fuels other fraud types such as IRSF, all fraud types in the list somewhat end up generating (mostly) international traffic. Domestic traffic involvement in these frauds is found to be minimal.

Whenever an international fraud is identified by an operator at the source of traffic generation, it is generally followed by blocking the traffic to that destination as a preventive action. As an additional step, which is quite rare, a legal action is also carried out against some local goons involved in generation of the traffic identified as fraudulent. But, as we all know, the actual masterminds and the owners of the destinations identified as fraudulent remain free to explore another way of generating traffic to these destinations through any other operator, located anywhere in this world.

To make situation worse, a retail operator, sometimes is not even able to identify the root cause of the suspect spike or pattern seen to some of the non-risky or non-hot numbers/destinations as the traffic might be generated by exploiting certain arbitrage, FAS or other rogue interconnect revenue generation scenarios occurring down in the call transmission. Result, the operators give it a pass all because they do not detect any direct impact to their revenues.

But, what if the wholesale carriers, who carry traffic to these destinations also join this unending fight against fraud, with a goal of not even notifying and protecting their direct customers to avoid contractual disputes, but with a higher goal of sharing their intelligence with all of their customers, suppliers and standard fraud forums, whenever a potential fraud case is identified.

Let us see how a wholesale carrier is better placed than a retail operator in identifying and protecting against the overall fraud chain which flourish on inflation of traffic to cross border (international) destinations:

  • Wholesale operator sits in the middle of fraud source and fraudulent destinations which provide it a capability of having a holistic bird’s eye view over the fraudulent traffic from different customers (originations) to different suppliers (terminations) and can pin point the exact destination or number series which is receiving fraudulent traffic.
  • Carrier can block the traffic to that destination or a specific number series within that destination, thereby not only protecting one customer to which the traffic belonged to, but all of them who may push a similar traffic anytime in future.
  • Post blocking, the wholesale carriers are also capable of pressurizing the suppliers (other carriers or operators) to take action on the fraudulent parties or number series involved in the fraud racket by stopping the payments or the whole traffic to that supplier rather than individual series. Sharing information and risks against a rogue supplier in the wholesale market can also help avoid supplier to switch the partnership with other carrier.
  • A wholesale carriers is also better placed than retail operators in identifying any specific suspect international traffic for fraud and fraud proofing the entire customer/supplier base through feedback. Intelligence collected through any fraud case identified over any customer traffic can be seamlessly passed on to all customers and suppliers in order to protect them from similar threat. This will specially empower the customers who are retail operators by helping them stop or reduce generation of fraudulent traffic at the source itself.

The following figures will help understand how the intelligence flow will help fight cross border telecom frauds:

Presence of a fraud identification and analysis mechanism in the wholesale carrier hands will also help the carrier meet the “anti fraud” clauses present in modern RFP requirements posted by the potential customers and will also help develops confidence to get into anti fraud amendments and best efforts based loss repayment contracts with the customers/suppliers, thereby earning more customers.

Said that, the approach will only be successful when there is enough participation from the wholesale carriers around the world, who because of the current telecom scenario, are also suffering from diminishing margins and dropping profits due to the cut throat competition.

This approach requires investment in order to empower the carriers with fraud analysis capability, which is not going to be made by medium and small players until and unless there is a huge value add shown to them or there is a direct pressure from majority of the customers and suppliers to act against frauds. And this can only happen when all the parties involved are determined for a fraud free environment and are able to create an environment of seamless intelligence sharing.

Get Started with Subex