Home / News & Events / Articles, White Papers & Case Studies / Fraud Control: Comprehensive Strate...
By Hanna Hurley
November, 2002
Software packages can lower fraud losses, but to take a real bite out of
crime, operators must apply fraud prevention techniques throughout the
network and business processes.
A series of long calls to a fire department's emergency number raised
alarms at an Eastern European wireless operator. Typical emergency calls
take seconds, but these were lasting two or three hours.
After a call to the fire department headquarters and a conversation with
the firehouse's carrier, the trio realized phreakers had compromised the
department's PBX. A fraudster had reconfigured the PBX to allow wireless
subscribers to dial into the box and then make outbound calls without
accruing fees. This deceit easily translated to thousands of dollars of
lost revenue for the fire department's fixed-line operator.
When this type of PBX violation is combined with identity theft,
shoulder surfing and all the other types of telecom frauds, the
worldwide losses to the industry reach up to $12 billion, according to
the Communication Fraud Control Association.
At PaeTec Communications, the number of fraud cases is up about 35
percent from the same time in 2001, according to Mary Hochheimer, fraud
manager. But she is quick to point out that the increase is proportional
to the number of new customers. "We nearly doubled our customer base in
the last year. A more significant measure than the number of cases, is
the dollars in losses. We have less losses on a per-case basis than last
year."
Will fraud cases and revenue loss decrease in 2003? Not likely. Both the
fraud-mongers who deal in scare tactics and the practical realists who
objectively acknowledge the overall damage agree that fraud is a stable,
fairly static market. "Fraud never goes away," explains John Frost, a
fraud management consultant at Hewlett-Packard "It just moves around."
More precisely, fraud evolves. The methods change as the fraudsters
adjust their tactics in response to carrier defenses. Line-tapping and
SIM clones are on the decrease, for example, but subscriber fraud and
identity theft are rising.
Michelle Wheeler, director of fraud management at Lightbridge, points
out an obvious shift from technical fraud to subscriber fraud. A few
years ago, technical fraud made up 70 percent of losses and subscriber
fraud accounted for 30 percent of lost revenue. Now those numbers have
flipped, she notes.
"Fraud is a business, and fraudsters look for the cheapest, most
cost-effective way to make money," says Wheeler. "Technical fraud is
costly, in terms of equipment and resources. And compromising the
network is more difficult. More tools are available that catch the fraud
quickly, shortening the window of opportunity."
Software Strategies
The fraud management tools available for carriers run the gamut from
relatively inexpensive rules-based products to sophisticated, costly
software aided by artificial intelligence. Some software also tackles
subscriber fraud by integrating with CRM tools and credit rating
reports.
Conventional tools apply basic measurements and rules to identify
potential fraud. Rules single out fraud patterns, such as a series of
short calls to premium rate services, more than 1,000 calls in an hour,
a high number of international calls or immediate roaming calls. To
create these parameters, fraud companies work directly with the carrier
to identify potential frauds and write the appropriate rules for the
provider's specific business.
A drawback of these products, though, is rule maintenance, explains Mike
Waddell, vice president of product management at Cerebrus Solutions.
"The carriers need an enormous amount of rules, and maintaining the
rules is a constant battle," he says.
Unlike the traditional systems, Waddell points out that advanced
systems, such as Cerebrus, use AI and neural networks to monitor
individual subscriber behavior.
"We build a behavioral signature for every subscriber," he says. "The
network is trained to compare each subscriber's behavior with its
knowledge of good behavior and bad behavior. In the middle of these two
behaviors is an undecided area where the system doesn't know if the
activity is good or bad. This area is where new or variant frauds may
pop up, and the operator may get a high degree of false positives.
Investigating that gray area lets the operator spot new frauds as they
occur, and it's possible to retrain the neural network to find the new
fraud."
Fair, Isaac and Company, which completed its merger with HNC Software in
August, was drawn to HNC because of its neural network and AI
experience. Tony Zarrella, director of telecom risk analytics, says, "We
have solutions that are rules-based only, but they are less effective
than those that use rules and neural networks."
AI Uncertainties
Applying AI to fraud is a relatively new concept for telcos. Fraud
management vendor Lightbridge expects to include AI in its product line
in the first quarter of 2003, but the company still has reservations
about the technology.
"Conceptually AI products are viable, but implementing them is
difficult," says Wheeler. "We have waited to integrate the technology
into our products because it still needed to mature. In general, we have
found that smaller scale solutions tend to be more reliable and easier
to test when first deployed. And, the operators understand the
traditional packages. They are not comfortable with the new technology
yet."
Equinox, which develops rules-based systems, is underwhelmed by AI. "AI
products claim to dynamically update usage levels based on a variety of
factors," says David West, executive vice president. "That sounds cool,
but what does it really mean? The biggest downfall for these products,
though, is that they are very expensive to purchase and maintain."
Companies applying AI technology dismiss the negativity, claiming that
the technology will carve out a niche. "The AI concept is only a few
years old, and we are still looking at ways to prove the efficiencies of
neural technology," says Fernando Bortman, product manager in Amdocs'
fraud management group.
Zarella notes that educating the industry about AI and neural networks
is important for the technology's success. "Most companies that purport
to have neural networks don't understand how to deploy them," he says,
"or they have more marketing than real substance."
Deficient reporting is another regular criticism of neural network
technology that may be thwarting adoption. "The neural network systems
tend to have a hidden process," explains Equinox's West. "The system
will alert the user to a possible fraud without explaining why it is
potential fraud. The system keeps throwing possibilities over the wall
that only confuse the user."
The neural network companies acknowledge this system drawback. "The
neural networks can't detail why they are triggering alerts. They will
show an alert and the user can't figure out why the alert is fraudulent
until he has investigated the problem," says Bortman. "With rules-based
[systems], users know that the call hit a known rule."
Human Intervention
Software packages are a key to identifying fraudulent activity, but
operators can significantly decrease their risks by adding more human
checks and balances within their business processes.
"Fraud management was easier when more humans were involved," says
Lightbridge's Wheeler. "Now subscribers can pick up the phone, or apply
online, and be validated for service without ever seeing someone from
the operator. The channels of acquiring customers have a big part in how
easy it has become to mask fraud."
Requiring more background checks for new subscribers is one
straightforward, useful means to close down subscriber fraud, which has
become rampant among wireless operators. "It's too easy to sign up for
service," says HP's Frost. "Any Joe out there can get access to the
network."
During the last few years, signing up any customer has taken precedence
over signing up the right customer. In the competitive rush to sign up
new subscribers, operators have been extremely lax about background
checks.
"Operators must become more vigilant when they activate subscribers,"
says Frost. "They focus on authenticating the equipment, but precious
little is done to authenticate the subscribers."
Instead of waiting to send out the bill and receive payment, Frost
suggests that carriers send out a welcome letter the day of activation.
He also advises making welcome calls to ensure that the customer is
legitimate.
Combining these humanistic techniques with software that screens credit
scores, stolen credit cards and Social Security numbers, as well as
matching addresses and phone numbers, can make fraud programs more
effective.
Implementing stringent hiring practices can also mitigate fraud. With
internal fraud on the rise, carriers must be more careful about who they
hire to support their networks, prepare their collection notices and
manage their BSS/OSS. One example of internal fraud suffered by
operators is the Trojan horse, in which the fraud ring trains people for
billing and customer care, engineering or network management positions.
"With an operative inside the carrier, the fraudsters can activate
phones, zero out balances and wreak havoc on any number of systems,"
says Zarrella at Fair, Isaac.
In another type of insider attack, three employees essentially went into
the communications business for themselves. They set up more than 1,500
phone lines that were never entered into the billing system. Instead,
the employees were collecting the monthly fees for themselves. Billing
department employees have also been guilty of applying discounts or
rebates inappropriately.
Wheeler advises that HR run background and security checks on every
employee who walks through the door.
Nonstop Fraud Prevention
Carriers expect to carry a small amount of fraud on their balance sheets
because the price to purge fraud completely is much too high. Many
operators perceive fraud as only marginal costs, but Waddell at Cerebrus
disagrees.
"Even if the fraud doesn't go off the network, real costs-and real
money-are involved," he says. "These appear in customer take-on costs
and debt collection costs. Fraud also inflates churn figures." (See
"Leap Jumps on Fraud Problems", for more information on how fraud
affects an operator's bottom line.)
Detecting fraud cost effectively is a balancing act for carriers. Most
live by the 80/20 rule or work with fraud management companies to define
the most cost-effective price points.
"When you reduce the fraud below a certain dollar amount, it costs more
in headcount and resources to find the low-level, $50 fraudsters," says
Lightbridge's Wheeler. "If the fraud costs the carrier 20 percent more
than the cost of finding the fraudsters, then it's worth it. Anything
less than that will not be useful, but it ultimately depends on carriers
and their strategies."
Fair, Isaac applies a ranking scheme to help operators decide on the
type of fraud to pursue. "We use a scoring process, from 1 to 99.99,
that helps carriers meet optimal efficiencies. We work the highest
scores first, because the lower scores return more false positives,"
says Zarrella. "At some point you hit the law of diminishing returns
where it doesn't pay to investigate that score. We help the carrier find
a mix of optimal scores that keep costs from outweighing benefits."
Another cost-effective strategy is to tighten the business processes
from connection to collection, says Waddell. He advises that operators
review all business processes from the fraudster's perspective. "Look at
the processes destructively, not constructively," he explains. "Look for
all the possibilities of failure and abuse. When that is done, set
processes in place that cover the found vulnerabilities."
One portion of enabling this type of fraud prevention throughout the
business is to bring the marketing department together with the fraud
and revenue assurance department long before a new product is launched.
"Operators don't usually bring these groups together," says HP's Frost.
"Those that do are more successful at eliminating fraud, because they
discuss the security and fraud ramifications before the launch. Those
companies that don't have this meeting of the minds end up doing more
work in detection and investigation."
Those Cunning Beasts
"No matter how smart you think you are, the criminals are smarter. With
their constantly evolving angles and techniques, the fraudsters keep
carriers one step behind them," says Frost. "These criminals are always
looking for new angles and techniques to compromise the network."
The laundry list of conceivable fraudulent activities bears testimony to
the extremes people reach in their attempt to get something for nothing
(see "Fast Facts About Fraud"). Cerebrus' Waddell recounts how one ring
of criminals went as far as hiring Thai prostitutes to research a
telco's network. The women received new mobile phones and instructions
on the types of calls to make. The fraudsters were using the women as
bait, to learn how long the carrier would let a call last before
investigating it.
These types of sordid tales are never-ending. Every fraud company can
relate dozens of examples, and even the carriers are willing to add to
the story list. Without some reality check, paranoia could easily
surface.
West at Equinox dismisses the paranoia. "Vendors like to portray
fighting fraud as cloak-and-dagger stuff," he says. "They try to scare
carriers by talking about how clever fraudsters are. If the phreakers
and fraudsters were truly clever, they would go to Harvard Business
School and come up with better ways to rip people off than using a
phone."
West's analysis may be true. Most fraudsters may not be Ivy League
material, but their persistent tampering with the network and internal
attacks keep the service providers on constant alert. The activity is
even more rampant during the early stages of a new offering. To offset
these losses-and mitigate fraud-service providers should instill best
practices and fraud prevention techniques across the network and
throughout business processes.
