Kapsch CarrierCom

EN

Fraud Management System.

always one step ahead

Fraud detection, analysis and decision support application environment for mobile telecommunications service providers.
With fraud perpetrators becoming more sophisticated both in their techniques and their tools, fraud is an increasing problem. Telecommunications service providers are currently second only to banks in losing money through fraud, and experience shows that if no effective anti-fraud control exists, sooner or later an operator will be hit by a major fraud problem. So as the number of subscribers, distribution channels, and enhanced services grow, and more complex tariff structures are put in place, an effective fraud management system is now essential to minimize losses. Investments in an integrated fraud management system pay off quickly even for operators of small networks. Kapsch CarrierCom Fraud Management System has been on the market since 1999, and is successfully used in several GSM operator installations in Croatia, Slovenia and Austria. It serves as an assistant to fraud management personnel, can detect and analyze potential problems and recommends counteractions.

Main advantages of the Kapsch CarrierCom Fraud Management System: The product consists of a simple core with a rich set of the most common detection methods n The flexible architecture allows new features to be custom made to perfectly suit operator needs n
n application development model guarantees any new features are marketed quickly Rapid n Real-time detection enables quick reaction minimizing revenue leakage leading to a rapid return on investment n The scalability of the product enables it to fit the size of any customer

Main Features of Kapsch CarrierCom Fraud Management System.

Data Collection and Rating The basic source of data for Kapsch CarrierCom Fraud Management System are raw CDR files collected by the mediation device and TAP files received from roaming partners. The advantage of this is that the number of participants is reduced, compared with using CDR-s from gateways, converters and billing systems. Other relevant data (tariff models, SDR exchange rate, number of contracts etc.) is obtained from the billing system using an on-line interface or entered manually through administration modules. Other sources of information are also used if applicable, e.g. IN platform for prepaid fraud detection etc. Kapsch CarrierCom Fraud Management System uses its own module for CDR pre-rating, taking into consideration all relevant information from the billing system (tariff model, discounts etc.)

Work Lists and Scoring Fraud Management System creates a set of cases of suspected fraudulent activity that must be reviewed by fraud analysts. An analyst has a personal work list, containing fraud events that become invisible to other fraud analysts that they review. Fraud cases are managed by a unique identifier of a person or company, and not only by MSISDN (Contract ID) or Customer ID from the billing system, as one person or company can have multiple subscriptions. Scoring parameters and other parameters relevant to the fraud management system can be modified at the individual customer level, a customer group level or for the whole system.

Reporting The reporting subsystem of Kapsch CarrierCom Fraud Management System generates many different reports that can be used by the administrator or management. These include:
n Working reports: reports about fraud analyst cases including

number of cases processed in a time interval, actions performed by fraud analysts, time spent on cases by fraud analysts etc.
nreports about the eventual anomalies or faults in the system Error

or interfaces.
n Performance report about the system performance and

throughput: number of CDR records processed in a period of time, average number of CDR records processed, resource monitor and disk usage report.
n alarms report includes: number of occurrences of each Fraud

alarm defined in the system, number of alarms assigned to each fraud analyst etc.
n cases report: number of cases in the system, number of Fraud

cases depending on their status in the system etc.

NRTRDE (Near Real Time Roaming Data Exchange) Extension The NRTRDE extension to Kapsch CarrierCom Fraud Management System implements a method for fast detection of possible usage fraud in a foreign GSM network and transfers that information, together with call details information, to the home network as soon as it is detected. Kapsch CarrierCom Fraud Management System supports the exchange of relevant fraud information with other fraud management systems using the NRTRDE standard protocol specified by the GSM Association.

Fraud Alarms The alarms generated by the system can be divided into five categories: a) List driven alarms
n lists Black n Suspicious IMEI or IMSI list n Premium rate service numbers n Suspicious A or B numbers n Suspicious countries list
List driven alarms

Fraud Alarms

b) Threshold alarms
n threshold exceeded alarms Usage n Low usage alarms
Threshold alarms Customer profile change alarms Pre-paid fraud alarms Other alarms

c) Customer profile change alarms d) Pre-paid fraud alarms

n Too high account balance n Too many uncharged calls n negative balance Too big n Too many refunded SMS-s n Recharge attempt, stolen voucher n Too many recharges n High amount recharged n High amount assigned n M-commerce incorrect charge n Customer using fraudster's IMEI n Call after expiration date n Free SMS nto PRS numbers Calls nto risk destinations Calls

e) Other alarms
n Overlapping calls n alarms Velocity n alarms Cloning n entry of a fax received from roaming partner Manual n SS7 signaling (e.g. number of tokens)

Architecture in overview.
The number of interfaces to other systems in each operator implementation depends on the availability of these interfaces, but in general the following interfaces are always present in the Fraud Management System:
n Different sources of CDR data (CDR,
Rated Records Subscriber Data CRM System Mediation Network Elements Database Loader Billing System
NR TR D

Fraud Management System

Decoder Preprocessor

Administrator

CDR Data Feeds

Pre-rating

Rating Tables

TAP, GPRS, UMTS, MMS )

n system interface Billing n IN system interface n systems (cell info, pre-paid Other
Threshold Processing List Events Generation Overnight Processing Rule Based Alarms IN Platform
Suspensions Barrings Reactivations

Counter Variables

Aggregated Variables

Billing System Variables

recharges, )
Provisionning Server

Auto

Autosolving

Pending Alarms

Solved Alarms

Man ual

Fraud Agents

Detection Methods used by Kapsch CarrierCom today.

Threshold analysis a simple yet very effective way to process large amounts of data n and achieve very good results through a careful fine-tuning of the system parameters. Credit n limit analysis each subscriber is assigned a credit limit for contracts. This limit can be taken periodically from the billing system or recalculated dynamically based on the subscriber's payment behavior. The system must perform on-line pre-rating which imposes very strong requirements on server processing power. Black n / hot list processing while hot lists raise immediate alarms, black lists only raise alarms when a set threshold is exceeded. The lists can be based on called or caller numbers, IMSIs, EMEIs or cells. Profiling n a profile of a known fraudster can be used to detect others using sophisticated pattern recognition. Also the changes in subscriber usage behavior (call duration, time between calls, time zone, etc.). General n rule engine detects fraudulent call patterns, and is very effective at picking up practically any type of fraud.

Success Story
n- First Fraud Management 1999

System installed at Croatia's biggest alternative mobile operator, VIPnet

n- Si.Mobil Slovenia followed 2001

n Successful completion of 2002

complex installation at Austrian tier 1 operator mobilkom austria.

n- Mobiltel Bulgaria installation 2005

began operating
n- Vip mobile, Serbia as well as 2007

VIP operator, Macedonia go on-air

n- Most recent installation at 2009

Belarus' largest operator Velcom

n- Most important installation 2010

outside the Telekom Austria Group completed in Saudi Arabia.

Main benefits when using Kapsch CarrierCom Fraud Management System.

Multi-lingual user interface enables operation of the product in any language. n

Person n (company) oriented enables efficient detection of fraudster and organized fraudster networks.

Complex event scoring sophisticated algorithms with numerous parameters can be n fine-tuned to meet the operators business policies and fraud prevention strategies.

Automated processing easy configuration using integrated provisioning system interface n allows the fraud agent to concentrate on complicated cases because the system processes most cases without human intervention.

Pre-rating with real subscriber tariffs and other billing relevant parameters computes n amounts for each call in near-real-time enabling detection of potential financial losses at the earliest possible stage.

About Kapsch CarrierCom

Kapsch CarrierCom is the leading supplier and independent system integrator of telecommunication solutions for public operators of core, access and transmission networks. In addition to services and applications for next-generation networks and innovative OSS/BSS solutions, Kapsch CarrierCom covers the entire value chain from consulting, design, development, deployment and integration, to maintenance and operation of complete networks. www.kapschcarrier.com

About Kapsch TIS d.o.o.

Kapsch TIS is the result of Kapsch CarrierCom's successful expansion strategy in southern and eastern Europe. It grew out of the merger of Kapsch Croatia with TIS.KIS and RING Datacom. It is a strong competence center in transmission technologies as well as a specialist in the development of software solutions with the focus on messaging, content download, CRM and fraud management within the Kapsch CarrierCom Group.

Kapsch CarrierCom
Am Europlatz 5, 1120 Vienna, Austria Phone Fax E-mail +43 50 811 0 +43 50 811 3201 kcc.office@kapsch.net

Kapsch Group.
Kapsch is one of Austria's most successful technology corporations, specialized in the future-oriented market segments of Intelligent Transportation Systems (ITS), Railway and Public Operator Telecommunications as well as Information and Communications Technology (ICT). Kapsch, headquartered in Vienna, is organized as a group company with the entities Kapsch TrafficCom, Kapsch CarrierCom and Kapsch BusinessCom. The companies of the Kapsch Group employ about 5,000 people around the world. Kapsch. Always one step ahead.

www.kapschcarrier.com

KCC 7412-02 EN 1202

www.kapschcarrier.com www.kapsch.net
Kapsch CarrierCom AG. All rights reserved. Subject to change without notice.