By David West
Telecom Business Magazine
In the war against telecom fraud, a growing number of software and hardware vendors as well as consultants have entered the market with new tools and research to arm carriers. Unfortunately, in the flood of information a simple truism often gets lost—common sense is the best weapon for fighting fraud.
Common Sense Principle #1: Know Your Real Enemy
Telecom fraudsters fall into three basic groups: those who do it for fun, those who do it to save money, and those who do it for profit. Carriers should take action to address teenage hackers trying to infiltrate voice mail systems for the challenge. Similarly, college students passing around violated calling cards to make calls home are a concern. However, the fraudsters who do it for profit are the carrier’s real enemy.
The fraudsters who will do the most financial damage to a network are organized criminal enterprises seeking to pirate service for resale. Focusing telecom fraud management efforts to address these call-sell operations can make the greatest impact to a carrier’s bottom line. "You don’t have to do it all to be protected," explains Larissa Moskowitz, Director of Consumer Billing and Processes for PT-1 Communications. Concentrating on call-sell operations alone will significantly limit your exposure.
Once these thieves find a carrier’s weakness they exploit it quickly and aggressively. Knowing that the window of opportunity will close eventually, they will attempt to maximize their revenue. As with any retail operation, this means selling as many units as possible, at the highest price. For the telecom pirate, the units are minutes, and the market sets the price. With dozens of carriers offering low-cost domestic rates, there is simply no margin in re-selling pirated domestic service. A combination of economic and social factors dictates that their customers will be calling high-cost international destinations. For most carriers, this accounts for the most damaging fraud losses.
"If you want to dive in and protect your network to the ultimate degree, you have that option," continues Moskowitz, "but the goal should be to seek out solutions that will effectively eliminate the majority of your fraud."
Common Sense Principle #2: Don’t Assume You Are Invulnerable
Simply put, every carrier currently offering service is a target for telecom fraud. That is not to say that all carriers are equally exposed. Consider the joke about two friends going camping. One friend wearing hiking boots asks the other why he is wearing running shoes. "In case we encounter a bear," his friend answers. "Don’t be stupid," he says, "everyone knows you can’t outrun a bear." "I don’t have to outrun the bear," replies his friend, "I just have to outrun you."
While few carriers take such a self-serving view of fraud management—with many even working together to eliminate fraud—the fact remains that fraudsters focus their energy on the weakest members of the pack. Those who are most vulnerable to fraud get hit the hardest.
The obvious candidates for this dubious honor are start-ups. Focused primarily on customer acquisition, these carriers usually have limited resources and staff to dedicate to fraud management. Vetting new subscribers for credit-worthiness is a low priority, and writing off losses is an expected cost of doing business.
These carriers have yet to experience a significant fraud loss and are often more vulnerable than they realize. Because their batch reports, billing system, or in-house tools appear to be effective, these companies are lulled into a false sense of security and put off investing in progressive telecom fraud management systems. Only later, often too late, do carriers realize that they have been hit.
Less obvious but just as vulnerable targets are carriers who do not effectively use their fraud management systems. Common throughout the industry are companies who are unable to deploy adequately the fraud management tools they have invested in. Reasons vary, but several themes are common.
Often management purchases an expensive telecom fraud management system, with little thought given to the experience and skills of the team that will actually be implementing and using the software. Systems with complex interfaces require extensive training to master. Systems that run on sophisticated hardware need to be supported by specialized IT staff. If users cannot or do not utilize the tools, these advanced features and functions are useless. A good system running is always better than a great system still sitting in the box.
Common Sense Principle #3: Maximize Fraud Protection, Minimize Costs
Telecom fraud management is a cost center; there is no way to avoid that fact. Like other expense categories, each expenditure is deducted from the bottom line. However, unlike most general and administrative expenses, a reduction in fraud and a corresponding increase in the company’s net proceeds should offset dollars spent on fraud management. In that regard, the impact on the bottom line is more like that of the sales department. Each dollar spent should generate a dollar or more—not in earned revenue but retained revenue. Like sales and marketing expenditures, fraud management is also subject to the law of diminishing returns. At some point the return on each dollar spent plateaus, then decreases, until ultimately the net return is negative.
Maximizing the return on your fraud management investment does not mean maximizing spending, nor does it mean a carrier will never again suffer fraud losses. Eliminating fraud entirely is a noble ideal, but not a realistic goal. According to one experienced fraud manager, Sharlene Johnson, Senior Manager VarTec Telecom, Inc., "It’s not a question of whether or not you are going to get hit with fraud, it’s a question of how much you can lose."
Clearly carriers must spend money on telecom fraud management, and, to a point it is a very good investment. However, companies with successful fraud management processes resist the temptation to over spend, and instead seek out solutions that will effectively eliminate the majority of their fraud, and minimize the extent of their exposure to the occasional loss that does occur.
The goal should be to seek out solutions that will effectively eliminate the majority of fraud. According to Johnson, "When investigating cases, carriers should be aware of the impossible and the improbable. For example if a customer has never placed a call to an international location, the questionable three-hour call may be the first indicator of fraudulent activity. If attention is focused on these types of red flags, a high percentage of telecom fraud can be identified."
Common Sense Principle #4: Just Because You Know Who to Bill Doesn’t Mean You Are Going to Get Paid
It is tempting to take a cavalier attitude towards some types of traffic. Carriers often assume that their contractual relationship with these customers exempts them from responsibility for fraudulent traffic and guarantees them payment whether the calls are legitimate or not. Two prime examples are wholesale customers and retail customers with PBXs.
Often carriers with some or all of their network traffic generated by resellers assert that they have no legal responsibility to monitor the traffic and no financial liability for fraudulent traffic. Similarly, most businesses with PBX equipment sign waivers releasing their carrier from responsibility for fraudulent traffic generated from their PBX. While the carrier may not have any legal obligation to protect these customers or forgive their debts, if a reseller or PBX customer is hit for fraud, and is unable to pay, the carrier is left to absorb the loss. In recent years there have been numerous examples of resellers and businesses who have suspended operations or filed for bankruptcy leaving creditors—including their underlying carrier—holding the bag for hundreds of thousands of dollars.
An effective fraud management process should include monitoring wholesale customers and their retail customers. While monitoring parameters need not be as stringent nor investigative efforts as exhaustive as the carrier would undertake with its own customers, carriers still need to track all traffic that ultimately affects their bottom line. Carriers must also monitor traffic generated from their customers’ PBXs. Although they are not responsible for securing the PBX—nor legally liable for fraudulent traffic—it is in their best interest to quickly identify and address potential breaks in their customers’ PBX security.
As long as telecom companies charge for the products they offer there will be those who try to fraudulently obtain service. As technology, markets, and economics change, what they try to steal and how they try will evolve. So too, fraud management tools and techniques will change over time to adapt to new threats. Nonetheless, the most important element in the fight against fraud will always be common sense. When establishing and implementing a telecom fraud management process, staffing and training a fraud team, and choosing a fraud management system vendor, the principles outlined above form the foundation for a practical, economic, and effective response to the threat of fraud.
David West is executive vice president of Equinox Information Systems, a provider of custom and commercial software solutions for the telecommunications industry since 1986.
© Copyright 2000Request a System Demo