Fraud in Telecoms (2008)

Transcript

1. Fraud in Telecoms Sources of operational risk © E.O’Connor –

   May 2008

2. 2 DEFINITIONS  Definition of Fraud varies by jurisdiction but

   a fair summary is: “a deception deliberately practiced in order to secure unfair or unlawful gain.”  The Telecoms Management Forum defines Revenue Assurance as the: “data quality and process improvement methods that improve profits, revenues and cash flows without influencing demand.”  Together the revenue losses from RA and Fraud can be significant

3. 3 Revenue Assurance Fraud Internal External Internal systems & processes

   Call & port forwarding Product mix complexity Profitability Pricing signals driving behaviour Box breaking SIM Gateways Roaming Incorrect pricing tables Employees Bad debt & Credit worthiness Number porting Passing on of customer details Slamming Invoicing accuracy Theft SIMs , handsets & subscriptions “Goodwill” credits Process interfaces Accuracy of customer information at touchpoints A FEW RA & FRAUD ISSUES Real-time vs batch processing Accuracy of data flows Metallic number resale Channel incentivisation B D

4. 4 FRAUD Fraudulent activities tend to fall into one of

   7 categories:  Voice – threat of impersonation for malicious or profitable motives  Subscription – use of a legitimate subscriber’s network access for malicious or profitable motives  Data – removal, inspection or insertion of data onto a network for malicious or profitable motives  Internal – abuse of access to operator data by an employee for malicious or profitable motives  Interconnection – exploitation of operator interconnection agreements for malicious or profitable motives  Roaming – exploitation of operator roaming agreements for malicious or profitable motives  Technical – use of counterfeiting or other technologies to duplicate, infiltrate or manipulate a mobile network for malicious or profitable motives

5. 5 Subscription fraud  Call selling using GSM conference calling

   feature where fraudster acts as an ‘operator’ setting up calls between parties and then dropping out to set up another  GSM call forwarding where fraudster sets call forward to required number. Caller calls the fraudster’s phone and is transferred. Caller only pays for the call to the fraudster’s phone number.  Fraudsters using a gateway to provide an international ‘call box’ from shops Internal Fraud  Mobile markets are very competitive with operators subsidising handsets to entice new customers to subscribe. Dealer or gangs often sell these handsets on to overseas buyers. And of course pre-paid handsets can be unlocked and used on any network Roaming fraud (I)  Where operators have roaming agreements Operator A must pay Operator B for the time used by their customers on Operator’s B network regardless of whether Operator A is paid for the time  Principle problem is the time it takes for billing from Operator B to Operator A - used to be 72 hours now down to 24 hours using EDI  GSM MoU states that any user exceeding 100 Special Drawing Rights (SDR) must be billed within 24 hours  But, when is collection actually made? Roaming fraud (II)  SIM cards are taken out of phones acquired with false identities and sent abroad where they are used in call selling fraud. Call lengths of over 10 hours typical EXAMPLE OF FRAUDULENT ACTIVITIES

6. 6  The ‘natural’ order of tasks for revenue assurance

   is to:  monitor for evidence of loss  investigate where & why there is loss  resolve the problems so loss does not occur again  However changing nature of business relationships means  not clear where boundaries lie & hence where operational risk may arise  process design & data integrity becomes even more important  Collaborative methods of working are essential to mutually assure data, revenues & costs Service Provider Content Services Fixed Operator Carrier Services Mobile Operator Bearer Services Gamma Telecom Virtual Network Enabler Enterprise Contracting party Customer End-user THE CHALLENGE

7. 7 SUMMARY  The major sources of revenue loss continue

   to be:  Fraud  Credit management  Least-cost-routing errors  Interconnect / partner-payment errors  Poor processes & systems  All adds up to a loss of customer confidence in your business…  Follow the cash  Understand the processes  Audit rights with partners  Strength & enforceability of commercial agreements  Traceability of products in the distribution chain  Integrity of interfaces – human & automated  Training & culture  Who has access to customer data?

8. 8 TECHNIQUES FOR AUDITING Track-Back Approach  Audit works backwards

   from a convenient point, such as the customer invoice, to the first source of data capture  Allows the detail of how the data flows & is manipulated to be understood and data integrity / leakage risks quantified  Can be a time consuming process The Grid Approach  The key mobile revenue streams & logical operations for each stream are identified and set out in a grid (e.g. voice, sms, interconnect streams versus switch, mediation, rating, invoicing operations)  Offers a useful visual framework to help identify common processes & enable a high-level understanding of how the processes work, the controls and checks, known leakages and the confidence that all leakages / fraud risks have been identified  The issue is that this approach may not capture sufficient detail nor show the commonality of operations between revenue streams