By Hanna Hurley
Software packages can lower fraud losses, but to take a real bite out of
crime, operators must apply fraud prevention techniques throughout the
network and business processes.
A series of long calls to a fire department's emergency number raised alarms at an Eastern European wireless operator. Typical emergency calls take seconds, but these were lasting two or three hours.
After a call to the fire department headquarters and a conversation with the firehouse's carrier, the trio realized phreakers had compromised the department's PBX. A fraudster had reconfigured the PBX to allow wireless subscribers to dial into the box and then make outbound calls without accruing fees. This deceit easily translated to thousands of dollars of lost revenue for the fire department's fixed-line operator.
When this type of PBX violation is combined with identity theft, shoulder surfing and all the other types of telecom frauds, the worldwide losses to the industry reach up to $12 billion, according to the Communication Fraud Control Association.
At PaeTec Communications, the number of fraud cases is up about 35 percent from the same time in 2001, according to Mary Hochheimer, fraud manager. But she is quick to point out that the increase is proportional to the number of new customers. "We nearly doubled our customer base in the last year. A more significant measure than the number of cases, is the dollars in losses. We have less losses on a per-case basis than last year."
Will fraud cases and revenue loss decrease in 2003? Not likely. Both the fraud-mongers who deal in scare tactics and the practical realists who objectively acknowledge the overall damage agree that fraud is a stable, fairly static market. "Fraud never goes away," explains John Frost, a fraud management consultant at Hewlett-Packard "It just moves around."
More precisely, fraud evolves. The methods change as the fraudsters adjust their tactics in response to carrier defenses. Line-tapping and SIM clones are on the decrease, for example, but subscriber fraud and identity theft are rising.
Michelle Wheeler, director of fraud management at Lightbridge, points out an obvious shift from technical fraud to subscriber fraud. A few years ago, technical fraud made up 70 percent of losses and subscriber fraud accounted for 30 percent of lost revenue. Now those numbers have flipped, she notes.
"Fraud is a business, and fraudsters look for the cheapest, most cost-effective way to make money," says Wheeler. "Technical fraud is costly, in terms of equipment and resources. And compromising the network is more difficult. More tools are available that catch the fraud quickly, shortening the window of opportunity."
The fraud management tools available for carriers run the gamut from relatively inexpensive rules-based products to sophisticated, costly software aided by artificial intelligence. Some software also tackles subscriber fraud by integrating with CRM tools and credit rating reports.
Conventional tools apply basic measurements and rules to identify potential fraud. Rules single out fraud patterns, such as a series of short calls to premium rate services, more than 1,000 calls in an hour, a high number of international calls or immediate roaming calls. To create these parameters, fraud companies work directly with the carrier to identify potential frauds and write the appropriate rules for the provider's specific business.
A drawback of these products, though, is rule maintenance, explains Mike Waddell, vice president of product management at Cerebrus Solutions. "The carriers need an enormous amount of rules, and maintaining the rules is a constant battle," he says.
Unlike the traditional systems, Waddell points out that advanced systems, such as Cerebrus, use AI and neural networks to monitor individual subscriber behavior.
"We build a behavioral signature for every subscriber," he says. "The network is trained to compare each subscriber's behavior with its knowledge of good behavior and bad behavior. In the middle of these two behaviors is an undecided area where the system doesn't know if the activity is good or bad. This area is where new or variant frauds may pop up, and the operator may get a high degree of false positives. Investigating that gray area lets the operator spot new frauds as they occur, and it's possible to retrain the neural network to find the new fraud."
Fair, Isaac and Company, which completed its merger with HNC Software in August, was drawn to HNC because of its neural network and AI experience. Tony Zarrella, director of telecom risk analytics, says, "We have solutions that are rules-based only, but they are less effective than those that use rules and neural networks."
Applying AI to fraud is a relatively new concept for telcos. Fraud management vendor Lightbridge expects to include AI in its product line in the first quarter of 2003, but the company still has reservations about the technology.
"Conceptually AI products are viable, but implementing them is difficult," says Wheeler. "We have waited to integrate the technology into our products because it still needed to mature. In general, we have found that smaller scale solutions tend to be more reliable and easier to test when first deployed. And, the operators understand the traditional packages. They are not comfortable with the new technology yet."
Equinox, which develops rules-based systems, is underwhelmed by AI. "AI products claim to dynamically update usage levels based on a variety of factors," says David West, executive vice president. "That sounds cool, but what does it really mean? The biggest downfall for these products, though, is that they are very expensive to purchase and maintain."
Companies applying AI technology dismiss the negativity, claiming that the technology will carve out a niche. "The AI concept is only a few years old, and we are still looking at ways to prove the efficiencies of neural technology," says Fernando Bortman, product manager in Amdocs' fraud management group.
Zarella notes that educating the industry about AI and neural networks is important for the technology's success. "Most companies that purport to have neural networks don't understand how to deploy them," he says, "or they have more marketing than real substance."
Deficient reporting is another regular criticism of neural network technology that may be thwarting adoption. "The neural network systems tend to have a hidden process," explains Equinox's West. "The system will alert the user to a possible fraud without explaining why it is potential fraud. The system keeps throwing possibilities over the wall that only confuse the user."
The neural network companies acknowledge this system drawback. "The neural networks can't detail why they are triggering alerts. They will show an alert and the user can't figure out why the alert is fraudulent until he has investigated the problem," says Bortman. "With rules-based [systems], users know that the call hit a known rule."
Software packages are a key to identifying fraudulent activity, but operators can significantly decrease their risks by adding more human checks and balances within their business processes.
"Fraud management was easier when more humans were involved," says Lightbridge's Wheeler. "Now subscribers can pick up the phone, or apply online, and be validated for service without ever seeing someone from the operator. The channels of acquiring customers have a big part in how easy it has become to mask fraud."
Requiring more background checks for new subscribers is one straightforward, useful means to close down subscriber fraud, which has become rampant among wireless operators. "It's too easy to sign up for service," says HP's Frost. "Any Joe out there can get access to the network."
During the last few years, signing up any customer has taken precedence over signing up the right customer. In the competitive rush to sign up new subscribers, operators have been extremely lax about background checks.
"Operators must become more vigilant when they activate subscribers," says Frost. "They focus on authenticating the equipment, but precious little is done to authenticate the subscribers."
Instead of waiting to send out the bill and receive payment, Frost suggests that carriers send out a welcome letter the day of activation. He also advises making welcome calls to ensure that the customer is legitimate.
Combining these humanistic techniques with software that screens credit scores, stolen credit cards and Social Security numbers, as well as matching addresses and phone numbers, can make fraud programs more effective.
Implementing stringent hiring practices can also mitigate fraud. With internal fraud on the rise, carriers must be more careful about who they hire to support their networks, prepare their collection notices and manage their BSS/OSS. One example of internal fraud suffered by operators is the Trojan horse, in which the fraud ring trains people for billing and customer care, engineering or network management positions. "With an operative inside the carrier, the fraudsters can activate phones, zero out balances and wreak havoc on any number of systems," says Zarrella at Fair, Isaac.
In another type of insider attack, three employees essentially went into the communications business for themselves. They set up more than 1,500 phone lines that were never entered into the billing system. Instead, the employees were collecting the monthly fees for themselves. Billing department employees have also been guilty of applying discounts or rebates inappropriately.
Wheeler advises that HR run background and security checks on every employee who walks through the door.
Nonstop Fraud Prevention
Carriers expect to carry a small amount of fraud on their balance sheets because the price to purge fraud completely is much too high. Many operators perceive fraud as only marginal costs, but Waddell at Cerebrus disagrees.
"Even if the fraud doesn't go off the network, real costs-and real money-are involved," he says. "These appear in customer take-on costs and debt collection costs. Fraud also inflates churn figures." (See "Leap Jumps on Fraud Problems", for more information on how fraud affects an operator's bottom line.)
Detecting fraud cost effectively is a balancing act for carriers. Most live by the 80/20 rule or work with fraud management companies to define the most cost-effective price points.
"When you reduce the fraud below a certain dollar amount, it costs more in headcount and resources to find the low-level, $50 fraudsters," says Lightbridge's Wheeler. "If the fraud costs the carrier 20 percent more than the cost of finding the fraudsters, then it's worth it. Anything less than that will not be useful, but it ultimately depends on carriers and their strategies."
Fair, Isaac applies a ranking scheme to help operators decide on the type of fraud to pursue. "We use a scoring process, from 1 to 99.99, that helps carriers meet optimal efficiencies. We work the highest scores first, because the lower scores return more false positives," says Zarrella. "At some point you hit the law of diminishing returns where it doesn't pay to investigate that score. We help the carrier find a mix of optimal scores that keep costs from outweighing benefits."
Another cost-effective strategy is to tighten the business processes from connection to collection, says Waddell. He advises that operators review all business processes from the fraudster's perspective. "Look at the processes destructively, not constructively," he explains. "Look for all the possibilities of failure and abuse. When that is done, set processes in place that cover the found vulnerabilities."
One portion of enabling this type of fraud prevention throughout the business is to bring the marketing department together with the fraud and revenue assurance department long before a new product is launched.
"Operators don't usually bring these groups together," says HP's Frost. "Those that do are more successful at eliminating fraud, because they discuss the security and fraud ramifications before the launch. Those companies that don't have this meeting of the minds end up doing more work in detection and investigation."
Those Cunning Beasts
"No matter how smart you think you are, the criminals are smarter. With their constantly evolving angles and techniques, the fraudsters keep carriers one step behind them," says Frost. "These criminals are always looking for new angles and techniques to compromise the network."
The laundry list of conceivable fraudulent activities bears testimony to the extremes people reach in their attempt to get something for nothing (see "Fast Facts About Fraud"). Cerebrus' Waddell recounts how one ring of criminals went as far as hiring Thai prostitutes to research a telco's network. The women received new mobile phones and instructions on the types of calls to make. The fraudsters were using the women as bait, to learn how long the carrier would let a call last before investigating it.
These types of sordid tales are never-ending. Every fraud company can relate dozens of examples, and even the carriers are willing to add to the story list. Without some reality check, paranoia could easily surface.
West at Equinox dismisses the paranoia. "Vendors like to portray fighting fraud as cloak-and-dagger stuff," he says. "They try to scare carriers by talking about how clever fraudsters are. If the phreakers and fraudsters were truly clever, they would go to Harvard Business School and come up with better ways to rip people off than using a phone."
West's analysis may be true. Most fraudsters may not be Ivy League material, but their persistent tampering with the network and internal attacks keep the service providers on constant alert. The activity is even more rampant during the early stages of a new offering. To offset these losses-and mitigate fraud-service providers should instill best practices and fraud prevention techniques across the network and throughout business processes.