article

Back Office

Revenue assurance may seem an innocuous process of making sure operators get paid for everything they deliver, but the reality is far darker. While systemic miscommunication in data collection and mediation, order-entry systems, rating and billing and other OSS components account for plenty of revenue leakage, carriers also need to think beyond technology and patrol the seamy underbelly of the criminal world. Widespread and well-thought-out fraud accounts for anywhere up to 40 percent of overall revenue leakage, depending on who you ask.

There are numerous statistics on [the percentage of leakage from fraud], anywhere from 3 percent to 15 percent, although I have heard during discussions with fraud managers that the numbers tend to be much higher, says Travis Russell, product marketing manager at Tekelec. The problem comes from communicating this number to executive management with any level of credibility. No one wants to go to the CFO and report they are losing 40 percent gross revenues to fraud.

Not only is that much at stake, but retail business models exacerbate the problem. Operators appetite for risk has increased exponentially, commensurate with the ability to gain revenue. Companies in the telecom space are very sales-driven and they want more customers, so they lower the bar and take on more risk with an eye that the back-end fraud department will vet the service application, says Scott Zoldi, director of analytic science at Fair Isaac Corp. What they need to understand is, if there is a good application [decisionmaking] system upfront, they can decide who to take on as a customer much easier and with less risk.

While operators might be signing up 5 percent more subscribers per month, they are losing 1 percent to 2 percent out the back door in fraud. Detection of such issues goes directly to the bottom line, making fraud management a subset of revenue assurance (RA). Revenue-assurance platforms now often incorporate fraud and credit management, and belong to the finance department, with ultimate oversight from the CFO.

Its a message weve been trying to give to the marketplace for many years, says revenue-assurance giant Azure Solutions Roy Shelton, vice president of sales and partner management. In our view, its part of operators being able to collect absolutely everything that is due to them.

The methods for discovering fraudulent activity on a network mirror revenue-assurance tactics for more traditional leakage. RA dovetails with fraud detection pretty tightly, says Zoldi. For some frauds, detection is a component of SS7 monitoring, or of IP probes. You need an independent source to verify that the calls that are being made are showing up and are being paid for.

SUSPICIOUS ACTIVITY

Fraud has both retail and wholesale components, each with its own sinister M.O. On the retail side, subscription fraud is the No.1 problem faced by operators, perpetrated by people obtaining service with no intention of paying for it, says Zoldi. Sometimes subscribers will sign up using someone elses identity, and sometimes they will use bogus information.

Call cell scams are another form of subscription fraud. In this scenario, a person pretends to be a small business with say, 12 lines. For a month or two, they will sell long-distance service on the street for an hourly rate, then skip town before having to pay the bill. Whether perpetrated by enterprising citizens or organized crime elements, a good call cell organization can defraud an operator out of millions in a single weekend.

In the mobile world, roaming fraud is an issue. If the home provider isnt sent information quickly enough about roaming behavior of a subscriber using someone elses network, fraud can occur and the home carrier will be stuck paying the host network for the fraudulent activity.

With the emergence of m-commerce and identity theft on the rise, content fraud is a bigger issue than ever before. For instance, if a subscriber attempts to download a clip, then terminates the download at 95 percent completion, they have grounds to demand the refund, although they have an almost-complete clip, explains Shelton. Then they will turn around and resell it.

Roger Parks, director of solutions architecture at Qpass Inc., a real-time transaction management firm for the mobile space, says the operators roles are changing from being service providers to content retailers/aggregators or payment processors. That makes management of payment risk in a more complex value chain much more complicated.

Refunds are a difficult area, because many operators cant tell what ringtone it was that the subscriber attempted to get, says Parks. Operators often just add a $5 refund to the account, but they still have to pay the content provider for the cost, which may be more. So they need a comprehensive inventory view.

More advanced applications are contributing to the risk. The fraudmanagement business has scaled a thousand percent in the last year, says Parks. Now that theres a billion-dollar run rate for content and m-commerce, and $20 business applications on offer, a little bit of revenue leakage is a lot of money. And they have gaping holes in their systems.

Another area of concern is fixed and mobile interconnect fraud, which robs a carrier of termination fees because a call is diverted to a different network. Interconnect fraud also includes using a network without permission. Arbitrage, or bypass, is the most common type of carrier fraud we hear about today, and we have seen cases of true carrier fraud, such as SCCP (Signaling Connection Control Part) spoofing, says Russell. One specific example comes to us from a customer in Europe who has identified a few operators who are passing SMS traffic (SPAM) into their networks by using spoofed SCCP addresses to gain access into the networks. The SMS comes from operators who would not normally have permission or access into these networks.

In the wholesale fraud world, those responsible fly-by-night companies and large carriers alike are unlikely to be prosecuted. In terms of the carrier-tocarrier business arena there is a gray area, and in essence there is no recourse other than to have good processes, systems and visibility as a means to operate defensively in a very opportunistic marketplace, says Joe Kiriacos, senior director of business development at Telarix Inc., maker of the iXTools software suite, which gives end-to-end management and interconnect optimization. It is the responsibility of carriers to manage the risk with fraudulent activity, since standard carrier interconnect agreements dictate very little in terms of litigating fraudulent calls and assigning responsibility, he notes. Many times the offending parties are significantly removed from the carriers, due to the high number of hops taken from when a user picks up the phone and dials to the actual network in which the traffic was terminated, says Kiriacos. Many times the originating calling party individual is hard to track down due to the expanded use of calling cards and other toll-free origination solutions. The best solution, therefore, is to have a good defensive strategy in place.

APPREHENDING THE SUSPECTS

With neer-do-wells on so many fronts, a carrier first has to think like a criminal in order to thwart them. As backup, fraud analysts and technology platforms are available to help a carrier plug the leaks on an ongoing basis.

Fair Isaacs platform for instance takes a profile-based approach to retail fraud, by assessing subscribers typical patterns and allowing operators to make a credit decision based on scores or thresholds. There are certain red flags for fraudulent activity: for instance, someone who is traveling calling the home number periodically, or exhibits unusual call volume.

If within the first 10 to 20 days someone changes their address twice, makes a lot of international calls, has three or more phone lines and so on, thats inconsistent with a first-time subscribers typical behavior and merits being looked into, says Zoldi.

A multilayered approach can help guard against fraudsters falling through the cracks. Conventional rules and thresholds can be set according to the subscriber base, and carriers can segment the base and apply the right rules as necessary, says Shelton. But if a subscriber triggers an alarm based on this, that doesnt mean they are a fraudster. Thats why an individual profile that gives a picture of the types of calls a person makes, content used, duration of events and when they are active on the network is critical. And once a person has been booted off the network, fingerprinting is required so that they dont try to come back under a new guise.

In the m-commerce world, subscriber profiling also can consist of monitoring uploads and downloads, when and where files are being delivered, and IP probes.

Many operators take a best-efforts approach, but with wireless, when a user hits buy, it kicks off a set of workflow transactions, including authentication, authorization, balance inquiries and credit limit checks, says Parks. Checking fraud controls, address validation and that all the rules are yes before that content is delivered is critical.

Qpass sits between the content provider and the wireless operator, and talks to a core CRM system to find out user data, such as application spending limits. The platform integrates with the billing and financial systems to tell them how much to pay the content provider and to ensure collection from the end user.

Providing transparency from the fraudmanagement system to the customer service reps also is important, so CSRs can shut down and suspend an account, or check with systems to see if and why that has already happened.

As for interconnect remedies, a multitier approach also is recommended. Operators need to watch for known fraud scenarios and trends, and the best way to do this is through the use of a comprehensive fraud-management system, says Russell. However, such a system does not provide views of the traffic itself and will not identify traffic anomalies. As a result, other tools are necessary, such as the Tekelec IAS, which looks specifically at the traffic itself and provides reports on the traffic, its origins, destinations and volume.

A comprehensive system in place to monitor proactively all aspects from quality, margin monitoring and network management of a carrier network also can help. The value of having one system in place is that it allows for meaningful data to be shared within the organization, rather than picking and choosing from a variety of systems, which could have varying measures of data, says Kiriacos. Internal parties could have specific tasks and duties alerted to them by this central system, pinpointing the fraudulent activity [and] then addressing the issue directly to the employee/department responsible for controlling the activity.

Carriers who have turned to technology platforms to solve fraud issues should be warned: simply slapping a solution in place is no shield. Its good to monitor fraud in terms of the overall revenue-assurance picture, but they need to also have additional resources because fraudsters are constantly evolving and looking for loopholes, says Zoldi. If your defenses are down, or you dont have a clear sense of what these loopholes are, then organized crime or whoever it is will capitalize on that.

In fact, a continual audit of fraudtracking initiatives to measure their effectiveness and determine whether new procedures are warranted is highly recommended.


Public Enemies No. 1-6

Interconnect fraud is varied and sneaky, a gray area where perpetrators are never prosecuted. For wholesale fraud, a carriers best defense is stopping leaks before they happen. Some top concerns:

Cherry Picking:

taking advantage of a carriers selling price list by grooming traffic to certain dial codes, destinations or peak/off-peak minutes to innocuously shift the cost burden of expensive traffic to another operator.

  • Dial Codes: grooming international minutes to specifically send traffic to certain dial codes to take advantage of the selling carriers mismatch between revenue structure (billing rules) and cost structure (settlement rules), or errors in code categorization.
  • For Peak/Off-Peak/Weekend Time Periods: Many European carriers quote mobile rates based on a standard distribution of minutes between peak, offpeak and weekend since the mobile carriers provide tiered pricing. As a result, some carriers can spike traffic on the expensive time periods (usually the peak hours), which causes the underlying carrier to lose money since the pricing was based on a traditional composition of traffic and a standard distribution of traffic across the time-bands.

SIM Box Routes:

The opportunity for this arises when retail mobile contracts with end users fall below the traditional mobile interconnect prices set by the national telecom regulator. A gray operator purchases a large quantity of SIM cards (often stolen in the first place) as a means to set up an illegal route into a countrys mobile network, hence bypassing the termination that should be done directly with mobile providers. Key indicators of SIM Box routes are no Calling Line Identification, poor line quality and low Answer Seizure Ratios (ASRs).

VoIP Bypass:

VoIP providers bypass the traditional in-country fixed line network and terminate through a leaky deal or domestic-based carrier with no license to terminate internationally originated traffic. This practice now is used widely in highly regulated telecommunications markets, where the local incumbent charges higher termination rates for internationally originated traffic while domestic providers enjoy low-cost termination alternatives. Key indicators of VoIP bypass routes are high ASRs but very low Average Call Duration, and poor voice quality. They generally connect calls to get the initial call charges, but then disconnect after a few seconds.

Blending Caller Line Identification and High- Quality Routes:

In essence, a standard level of quality is furnished with a Service Level Agreement. However, lower-quality routes (generally much cheaper than direct routes) are used via percentage routing or blending, in order to give the underlying carrier a lower-cost blend and increased margin. Many times inferior quality is given during off-peak times when Network Operation Center staff is not monitoring as closely. The end problem is a customer is paying a premium rate for a high-quality route, while the underlying provider is blending traffic to make better margins in hopes the customer wont notice the lower-quality routes being used.

Credit Risk:

This occurs when smaller carriers set up interconnects with larger carriers as a means to spike traffic volumes before the carrier realizes its credit exposure and takes preventative measures to shut down the service. Many carriers provision a small interconnect as a means to look and see before expanding business. It is easy for carriers to surge their outbound traffic to a certain partner and accumulate a lot of charges that will be billed only at the end of the month. Some carriers specifically run up large balances with major operators and abscond without ever paying for them.

Overbilling/False Disputes:

The practice of reconciling carrier invoices can prove to be a long and arduous process. Telarixs internal customer benchmarks state that between 4 percent and 9 percent in billing inaccuracies are experienced in this process. Carriers overbill the end party, hoping they do not have a proper billing reconciliation process or the support data in place to fight and counter the dispute. On the flip side of the equation, some carriers inflate the amounts that are disputed with the underlying carrier, in hopes that a few percentage points will be taken off the bill. In fact, some carrier contracts state that any discrepancies less than 1 percent of the total bill can not be disputed, hence large short falls can occur with large bills.

Source: Telarix Inc.

Links
Azure Solutions www.azuresolutions.com
Fair Isaac Corp. www.fairisaac.com
Qpass Inc. www.qpass.com
Tekelec www.tekelec.com
Telarix Inc. www.telarix.com

Related



Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 70618