Fraud Management System – Selection and Retuning

Rajesh Kumar, CISA – GM (IT)

 Presentation Outline

ƒ Some facts about Telecom Fraud

ƒ ROI of Fraud Control System
ƒ Available products
ƒ Cost
C t off Implementation
I l t ti
ƒ Product selection criteria – technical capability
ƒ Product
odu selection
o criteria
a – bu
business functionality
u o a y
ƒ Product limitation
ƒ Conclusion

2 19-Nov-2010
Revenue impact of Telecom Fraud- Source
Estimated global fraud loss (Survey included 123 operators and more
than 30 countries):
ƒ $72 -$80 billion (USD) annually (34% increase from 2005)
ƒ Approx. 4.5% of telecom revenues
ƒ 91% global fraud losses increased or stayed same
ƒ 78% Fraud increased or remained same
Top 3 Fraud Types:
ƒ $22 billion –Subscription/Identity
Subscription/Identity (ID) Theft
ƒ $15 billion –Compromised PBX/Voicemail systems
ƒ $4.5 billion –Premium Rate Service Fraud
ƒ Terrorist organizations
- Raise fund & Hide Identity

3 19-Nov-2010
 Fraud type survey Wireless & Wire-line

4 19-Nov-2010
Why do we need Fraud Control System
ƒ Potential of minimizing revenue loss
ƒ Complexity of Products & Services
ƒ Changing Fraud behavior
ƒ Smishing & Spamming
ƒ SKUKU USB SIM phones (No roaming charge for terminating calls)
ƒ Soft SIM – Multiple copies
copies, Roaming location
ƒ Migration of computer related frauds
ƒ Trojan attack (Mobile game –Anti 3D)- Makes PRS calls/ SMS/ MMS
ƒ DoS attack on SMSC - worm sent SMS at number +3396003964
ƒ Telecom Distributed Denial of Service (DDoS)
ƒ M-commerce frauds

5 19-Nov-2010
 ROI of Fraud Control System
ƒ Do we need to justify ROI of FCS to management
ƒ Industry standard on calculation of averted loss?
- Perception of Fraud Manager
- How do you actually calculate the ROI
ƒ Regulatory requirement?
- Report illegal call routing
- Report bulk connection
pg
- Stop grey
y market phones
p on the network (Cloning
( g of IMEI))
- Report cloned IMEI numbers
- New DOT security and Network policy by Dec 2010
- Term cells increased from 4 in 2004 to 34
- Operators may be asked to use triangulation method
- Unearth syndicate crime

6 19-Nov-2010
 Regulatory requirement

7 19-Nov-2010
 Optimize ROI --Suggested Approach
Current Approaches Suggested Approach
Alarms,
Alarms, Alarms, Alarms, Case
Case Case Case Management,
g ,
Management, Management, Management, reports Reports, Dashbpard
reports reports reports PORTAL

Revenue Service Revenue Service

Fraud BI EDW Fraud BI EDW
Assurance monitoring Assurance Monitoring

Local Local Local Local

DB DB DB DB
Common on demand
EDR Data Warehouse

Common event
processing

CDR history
C CDR history
C CDR history
C CDR history
C
(30- days) (30- days) (30 days) (30 days)
EDR history (30 days’ Switch Data)

Page 8
8 19-Nov-2010
 Available products

ƒ Subex :Nikira Renamed ROC Fraud Management system

ƒ Neural Technology :Minotaur
ƒ Connectiva Systems :SENTRY
ƒ Hewlet Packard :HP FMS System
ƒ Agilis International :Netmind
ƒ Alcatel :Alcatel Fraud Management System

9 19-Nov-2010
 Cost components of FCS
ƒ Varies from vendor to vendor
ƒ Depends on the negotiation skills
ƒ Volumetric and scope of future business
ƒ License component varies from few modules to complete suite
ƒ License cost for full suite varies from USD 0.8 million to 1.5 million
- Number of subscribers (25 million subs)
- Number of data sources (25)
- Additional data source adapter (USD 10 K)
ƒ Application IT support USD 350-550 mandays
ƒ Implementation cost 4-6 months 4 resources
ƒ AMC:15% - 25% of license cost (24x7 to 8 hours 5 days week support)

10 19-Nov-2010
 Cost components of FCS – contd…

ƒ Complete Managed services (USD 2-3 million for 3 year contract)

– Requirement gathering to Implementation of product
– Rule configuration / Rule Management
– Alarm investigation – Action – Closure
ƒ Partial Managed service
– IT outsources – development, operations, maintenance with SI
– Alarm investigation and closure
ƒ Hardware cost – Depends on the configuration
ƒ Software cost – Operating system (Oracle / DB2)
– Cost involved at each upgrade
ƒ Total implementation cost varies between USD 1.25 to 2.5 million

11 19-Nov-2010
 Product selection criteria - Technical
ƒ Performance
ƒ Scalability
ƒ Data
D t parser
ƒ Data interface capability
ƒ Cross reference data interface capability
ƒ Remote procedure call (RPC) – to take action on other application
ƒ User friendly GUI
ƒ Drag and drop rule configuration module
ƒ Web based access
ƒ Ability to directly integrate with SS7 probes

12 19-Nov-2010
 Product selection criteria – Technical –Contd..
ƒ Online subscriber update using middleware
ƒ Online display from HLR triggers
ƒ Product implementation time frames
ƒ Delayed CDR support
ƒ Asynchronous CDR support
ƒ Backup and trend analysis
ƒ Addresses security concerns
– Idle
dl session timeout
– Supports sftp
– Proper Encryption of Subscriber data
– Information sharing between client and server in encrypted mode

13 19-Nov-2010
 Product Selection criteria - business
ƒ Subscription fraud
ƒ Identity theft - Duplicate detection
ƒ e-Finger
Fi printing
i ti &C
Call
ll profiling
fili
ƒ Real time usage vs. Credit monitoring
ƒ PBX Fraud detection module
ƒ Internal Fraud
ƒ High usage fraud
ƒ PRS fraud
ƒ Hotlist capability
– Calling Number
– Called number / Translated number
– Forwarded number
– Credit card
– Chargeback customer
14 19-Nov-2010
 Product Selection criteria - business
ƒ Cloning module
71399
ƒ SIM box detection module 71399
58903
71399
58902 58904

ƒ Call profiling
71399
71399 58909
58901
71399

ƒ Roaming high usage module 71399 58905

58819 71399
58908

ƒ Dealer fraud
71399
58820 71399
58907

ƒ Subscriber Service violation module 71399 71399

71399
58905
58730 84340 58906

ƒ Artificial Intelligence module

29100 28158
70985
71399 71399
58876 58813 71377

ƒ Pseudo rating module 49522

71399
71399 58906

ƒ CRM, Billing and HLR view 58102 71389

58905
71399

ƒ Alarm management 58912

71399
21399
58905
58913
41399 11399
ƒ Case management / Reallocation 5890555399
58905 66399
6539958905
58905
21399 58905

ƒUser management 58905

15 19-Nov-2010
 Existing FCS products Limitations

ƒ Thin down version of De-dupe check

p check not available on update
ƒ De-dupe p record
ƒ Pan- India De-dupe not possible on select data fields
ƒ Call collision for delayed CDR
ƒ Call collision between Voice and data
ƒ Velocity check – Air distance violation & Road distance violation
ƒ Pseudo rating
– Not able to handle Unlimited rate plans
– Rate plan with PRP not supported
– NRTRDE only one rate is supported

16 19-Nov-2010
 Existing FCS products Limitations contd..

ƒ Alert based on HUR not directly supported

ƒ Huge gap between actual usage and pseudo rated value
ƒ Most of the tools are rule based
ƒ AI rules very resource intensive
ƒ Learning time of AI module is very high
ƒ System based alert sharing between RA / Credit control etc.
ƒ Rule simulation module
ƒ All new age and computer related fraud
ƒ Data encryption and security related concerns

17 19-Nov-2010
 Conclusion

ƒ What is Changing Communication method & “State of Fraud”

ƒ “If the cost of airtime is dropping” is Fraud non-issue?
ƒ Changing telecom ecosystem - Review Control methods
ƒ National security - Tool
ƒ Better
B tt design
d i to
t minimize
i i i costt
ƒ No easy path to Fraudster

18 19-Nov-2010
 ((M)) +91 95822 10217
E-mail: rajesh.kumar@uninor.in

19 19-Nov-2010