Fraud – Could Data be the Magic Weapon for CSPs?

Fraud in CSPs
Fraud – Could Data be the Magic Weapon for CSPs?

Fraud has been a big challenge for Communications Service Providers (CSPs) and probably always will be.  According to the Communications Fraud Control Association (CFCA) fraud costs CSPs billions of dollars a year and in their 2015 survey estimated that cost at over $38bn a year.

I was talking with a former colleague recently and he told me of a common scam that still frequently happens today, commonly known as subscription fraud.  It can take multiple forms but generally involves someone pretending to be someone they are not.  He had this example.  A fraudster enters a retail shop and asks to set up a new account for their small business.  They provide some paperwork to show the legitimacy of their business, office bills, bank details, etc.  Apparently, these documents and details are often genuine, a real bank account exists and the company is actually registered.  However, sometimes the fraudster has stolen these details.  Then they lay out their requirements for numerous handsets and tablets for their business.  The retailer sets up the account whilst probably thinking about the impending commission payout.  Equipment is delivered and only when the CSP is chasing down non-payment of bills does it realize that it was all a scam.  The time it takes to get this point gives the fraudster several weeks head start and needless to say they are rarely caught.  This is just one example of the many activities that Fraud departments in CSPs are trying to prevent.

It might not be a business but a simple case of identity theft but in this digital age blatant lies should be easy to detect.  For example, if the CSP ingests government census or electoral role data then they know the names and addresses of individuals.  If a CSP ingests data from the local registrar of companies, such as Companies House in the UK, then they know all the businesses and their registered addresses.  Then all you have to do is connect the onboarding system to a Master Data Hub for customer data.  Try and onboard a new customer and the hub can show the user in real-time who resides at that address so if there is a discrepancy then further checks can be made.  Most fraudsters get nervous when things become over-complicated and often back out of the transaction.  After all, there are always other less inquisitive, less protected retailers.  If you add Data as a Service (DaaS) for address checking you can easily identify fake addresses and with Dun & Bradstreet integration you can do this for businesses as well.

Fraudsters generally exploit the disconnected nature of the retail IT environment as well as the holes in the overall IT architecture.  My former colleague said one of the biggest challenges is speed.  Being able to capture data, analyze data and take action are key steps that all require speed.  They collect data from network probes, in near real-time, and they use a Complex Event Processor (CEP) to send warnings to fraud analysts for anomalies.  For example, if there is a sudden surge in calls to a known premium rate number.  For national calls getting premium rate number range reference data is easy so fraudsters often use international numbers as these are sometimes missed.  Sometimes they even use foreign SIMs so that the calls are made whilst roaming in an attempt to make it harder to detect the activity.  Now roaming TAP files are exchanged in near real-time fraudsters can no longer take advantage of the delay of data clearing.  Instead they think of other ways to rack up calls to their premium rate numbers like ‘Wangiri’ fraud where an auto-dialer calls a phone and hangs up after a single ring.  Let’s be honest how many of us answer at the first ring?  The missed call ID is usually a premium rate number which many people activate as they unwittingly return the missed call.  If you captured the Calling Line Identity (CLI) field in the monitoring detail record (XDR) or analyzed the billing records (CDR) you would see the premium rate activity.  Most CSPs have the data but sometimes it’s delayed or the reference data is poor and the impact is not realized until later.  Some CSPs manage this reference data centrally others take it from externally managed sources.

When I worked for a CSP many years ago we had a big challenge with SIM box operators.  This is the practice of bypassing official interconnect points into a network and bringing the traffic onto the network via the radio access network.  Apart from the loss of termination rate revenue for the CSP there can be other impacts.  Most noticeably congestion on the radio access network which impacts other users in the area and sometimes the wrong CLI is used which causes lots of knock-on effects.  The challenge is identifying these on the network.  We used to check the IMEI for specific device types, look for rogue IMEIs, use call volumes and look at error codes associated with international calls being found in the radio network.  That was back in the day when powerful database servers and storage were expensive.

Now there is Hadoop there should be no reason why any fraud department cannot justify the use of a data lake with both XDR and CDR data sets, including Deep Packet Inspection (DPI) data.  In fact, Fraud, Revenue Assurance, Marketing and Networks could all use the same data lake.  Use masking technology to mask certain information from some users, add some data quality capability, ingest customer details and reference data from the multi-domain Master Data Hub and you have a very powerful data set for tackling the many current fraud issues that impact CSPs.  Cloned SIMs, Premium Rate fraud, SIM Box operators, PBX hacking are all things that should be visible in the data.  For example, identical SIMs in two different locations could be fraud.  By using data you can identify changes in behavior such as an increase in usage, using premium rate numbers or calling internationally when a user or business has not exhibited this behavior before.

As technology advances it is important that businesses take advantage of this and use it to find new ways to combat common problems as well as being armed to fight new fraud scenarios.  Fraudsters are continuously thinking up new ways to make money at the expense of CSPs and their customers.  CSPs have the data but need to harness it to help the business overcome these challenges and minimize losses.  My former colleague said that reducing fraud in the business by 10% is more than enough to justify the investment but by harnessing the data it should be possible to eliminate over half of the fraud.  He also believes that what they attribute to fraud is not all of it as some of it goes unnoticed.  So the business case is reducing the existing fraud as well as reducing unknown losses.  He says it’s a no-brainer.

Comments