Más contenido relacionado La actualidad más candente (20) Similar a TM Forum Fraud Management Group Activities - Presented at TM Forum's Management World 2012 in Dublin (20) Más de cVidya Networks (20) TM Forum Fraud Management Group Activities - Presented at TM Forum's Management World 2012 in Dublin1. Fraud Management Group Activities
Management World 2012
José Sobreira
Raul Azevedo
Tal Eisner
May 2012
© 2012 TeleManagement Forum | 1 www.tmforum.org
v2011.1
2. Agenda
Fraud Management Group Activities
1. Fraud Survey Highlights
2. The Road to an Effective Fraud Classification Model
3. Defining a Practical FM Implementation Guidebook
© 2012 TeleManagement Forum | 2 www.tmforum.org
v2011.1
3. Fraud Survey Highlights
Objectives and Structure
Objectives
• Get a global picture regarding Fraud Classification practices
• Understand how different operators in different regions classify, track,
and report fraud
• Gather input for the Fraud Classification Guidebook roadmap
Structure
• Survey participants
• Fraud Management Organization
• General Fraud Classification Practices
• Specific Fraud Classification Practices
© 2012 TeleManagement Forum | 3 www.tmforum.org
v2011.1
4. Fraud Survey Highlights
Survey Participants
Operator type Please indicate the industry Fraud Forums
(36 Respondents) that you follow or are a member (check all
that apply):
(21 Respondents)
3% 5%
Broadband 71%
3% Cable 62%
3%
5% 14% Carrier
43%
Fixed 33%
3%
17% Fixed & Mobile
14%
Fixed, Mobile & Broadband 5%
Mobile
42% 5% Mobile & Broadband FIINA CFCA TMForum GSMA TUFF Other
Fraud
MVNO Forum
Quad Play
© 2012 TeleManagement Forum | 4 www.tmforum.org
v2011.1
5. Fraud Survey Highlights
Fraud Management Organization
Do you track any of the following metrics and What is the size of your current Fraud
key performance indicators (KPIs) today Management team (directly involved in
(check all that apply): fraud management)?
(23 Respondents) (23 Respondents)
78% 78%
65% 65% <5
52% 9%
48% 5-10
22% 39%
10-25
25-100
30% >100
Fraud losses vs Revenuesdetection
Fraud time Fraud losses byFraud savings of alarms by day
case Number False positive rate
Are you also responsible for other
processes in the business (check all that
apply):
(19 Respondents)
68% 68%
42%
37%
32%
Revenue Assurance debt analysis Management (risk)
Bad Product Legal and Regulatory issues
Other (please specify):
© 2012 TeleManagement Forum | 5 www.tmforum.org
v2011.1
6. Fraud Survey Highlights
General Fraud Classification
What are your Top 3 fraud types
found (by quantity of frauds
discovered)?
(23 Respondents)
Wangiri
100% 2% Topups
6%
90%
Subscription
Roaming
22%
80%
Payments
70%
8%
Internal
60% 5% IRSF
6%
Hacking (PABX)
50% 6%
Equipment (subvention)
8%
40%
Dealer
6%
30% Credit card
9%
20% 5%
Collection
5% Cloning
10%
8% Clip-on
3%
0% Bypass
1st 2nd 3rd TOTAL
Account takeover
© 2012 TeleManagement Forum | 6 www.tmforum.org
v2011.1
7. Fraud Survey Highlights
General Fraud Classification
What are your Top 3 fraud types found (by estimated
costs suffered by your business)?
(20 Respondents)
100% 2%
Topups
90% Subscription
27%
80%
Roaming
Payments
70%
5% NGN Network Intrusion
4%
60% IRSF
5%
Internal
50% 11%
Hacking (PABX)
40%
11% Equipment (subvention)
30% 7%
Dealer
7%
Credit card
20%
5% Cloning
10% 5% Clip-on
4%
0%
4% Bypass
1st 2nd 3rd TOTAL Account takeover
© 2012 TeleManagement Forum | 7 www.tmforum.org
v2011.1
8. Fraud Survey Highlights
Specific Fraud Classification
Respondents were asked to classify a set of presented scenarios
with the type of fraud that was being committed
• 70% to 80% of similar answers in minor part of the presented
scenarios,
• No common language of classifying a fraud scenario. In several
scenarios, more than 50% of given answers didn’t match
• The dispersion of answers clearly correlates with service type
(Mobile, Fixed, Cable, MVNO or Carrier).
• There are different names commonly accepted for the same Fraud
Type, leading to some respondents using one or even both.
© 2012 TeleManagement Forum | 8 www.tmforum.org
v2011.1
9. Fraud Survey Highlights
Specific Fraud Classification
• Difficulty in classifying scenarios where multiple crimes were
perpetrated, namely getting access to the service and committing the
fraud.
• Some respondents are already tackling these classification
challenges by opting to give multiple answers to distinguish, for
example, the method used for the fraud type and driver.
© 2012 TeleManagement Forum | 9 www.tmforum.org
v2011.1
10. Agenda
Fraud Management Group Activities
1. Fraud Survey Highlights
2. The Road to an Effective Fraud Classification Model
3. Defining a Practical FM Implementation Guidebook
© 2012 TeleManagement Forum | 10 www.tmforum.org
v2011.1
11. Fraud Classification Model
Why do we need an effective FM Classification Model?
Internally
Effective monitoring, analysis & reporting
• Focus on critical dimensions
• Top down approach
• Trend analysis and forecasting
Externally
Benchmarking and industry/regulatory reports
• Industry benchmarking and statistics
• Market research
• Fraud/Risk Bureaus
Copyright © 2012 TeleManagement 11
© 2012 TeleManagement Forum | Forum, All Rights Reserved. | 11 www.tmforum.org
v2011.1
12. Fraud Classification Model
Why do we need an effective FM Classification Model?
An example from the Fraud Survey
Fraud Scenario Referred Fraud Types Statistics
“Fraudster generates a high volume of • PRS Unique: 39%
calls to a PRS number range that he • IRSF Multiple: 44%
owns in another country with no intention • PRS/IRSF Structured: 17%
to pay.”
• Bypass/SIMBOX
• PABX Hacking
• Clip-on
• Stolen Line
• Subscription
• Dealer
• Payment
• PBX / Voicemail
• Roaming out
Copyright © 2012 TeleManagement 12
© 2012 TeleManagement Forum | Forum, All Rights Reserved. | 12 www.tmforum.org
v2011.1
13. Fraud Classification Model
Challenges
• Distinct names for the same Fraud Type
• Distinct interpretation depending on the core service
(Mobile, Fixed, Cable, etc.)
• Multiple Frauds perpetrated in the same Fraud Case
• Fast changing nature of Fraud
• Need for a multi-dimensional analysis
• Need for different levels of abstraction
• Existence of several similar Ad hoc “Fraud Type” lists
Copyright © 2012 TeleManagement 13
© 2012 TeleManagement Forum | Forum, All Rights Reserved. | 13 www.tmforum.org
v2011.1
14. Fraud Classification Model
Fraud Classification Dimensions
Dimensions are the key axes of Fraud Case analysis
Method or
Technique
• Method or Technique
• Context
Context
• Driver or Motivation
• … Driver or
Motivation …
The development of a Fraud Classification Model is essential for a
Fraud Management Business Metrics project!
Copyright © 2012 TeleManagement 14
© 2012 TeleManagement Forum | Forum, All Rights Reserved. | 14 www.tmforum.org
v2011.1
15. Fraud Management Business Metrics
Why a FM Business Metrics Strategy?
The Fraud Management efficiency as a discipline, depends on the type of Fraud Business Metrics or
Indicators created.
Once developed and implemented the “Fraud Management Business Metrics” are used by Fraud Teams to:
o Understand the fraud environment
o Measure and evaluate fraud cases
o Develop mitigation strategies
o Share and create internal visibility
o Take investment decisions on technical, human, operational and financial resources
An efficient “Fraud Management Business Metrics” Strategy should consider three sequential stages:
o Stage A: define a standard Fraud Classification Model
o Stage B: define and analyse metrics for Fraud Detected, Prevented and BA* Synergies
o Stage C: select strategic Fraud Key Performance Indicators for C – Level visibility
(*) BA Business Assurance
Copyright © 2012 TeleManagement 15
© 2012 TeleManagement Forum | Forum, All Rights Reserved. | 15 www.tmforum.org
v2011.1
16. Fraud Management Business Metrics
FM Classification Model, Metrics and Performance Indicators
Executive Board
Stage C FM Key Performance Indicators
Members
• Selected Performance Metrics
FM Business Metrics
Stage B • Detection
• Prevention
•
Operational
Business Assurance Synergies
Level
Stage A Fraud Classification Model
• Based on standard classification model
Copyright © 2012 TeleManagement 16
© 2012 TeleManagement Forum | Forum, All Rights Reserved. | 16 www.tmforum.org
v2011.1
17. Fraud Management Business Metrics
Executive Board
Stage C
Members
FM Key Performance Indicators
• Performance Metrics
Stage B
FM Business Metrics
•
•
Detection
Prevention
Stage A: Fraud Classification Model
Operational
• BA Synergies
Level
Stage A
Fraud Classification Model
• Classification model
Model Categories Operator Benefits
Operator Profile
Fraud Fraud Cases Classification Fraud Management Actions
Classification
Model (FCM) Fraud Mitigation Per Operator
Per Industry
The efficiency of the FCM depends on the methodology used for the Classification of Fraud Cases, that should be:
o Clear (promotes understanding of fraud)
o Simple (facilitates the featuring of each fraud case)
o Easy to Use (allow information sharing and mitigation)
Copyright © 2012 TeleManagement 17
© 2012 TeleManagement Forum | Forum, All Rights Reserved. | 17 www.tmforum.org
v2011.1
18. Fraud Management Business Metrics
Stage A: Fraud Classification Model
Handset Subsidy Loss
Subscription Fraud Today the
Telecommunications
Credit Card Fraud Industry is
presented with many
Payment Fraud different and not
synchronized ways
Roaming Fraud of Fraud
Classification
Dealer Fraud
Mobile Malware
Internal Fraud
SIM Cloning
Executive Board
Stage C
Members
FM Key Performance Indicators
• Performance Metrics Prepaid Fraud
FM Business Metrics
Stage B • Detection
• Prevention
Hacking
Operational
• BA Synergies
Level
Stage A
Fraud Classification Model
• Classification model
Wangiri
SS7 Tampering
Copyright © 2012 TeleManagement 18
© 2012 TeleManagement Forum | Forum, All Rights Reserved. | 18 www.tmforum.org
v2011.1
19. Fraud Management Business Metrics
Stage A: Fraud Classification Model
ENABLER TECHNIQUE
FRAUD TYPE
(fraudulent way to obtain/access
(fraudulent scheme)
service)
Reselling
Subscription Fraud
TELECOMS SERVICE FRAUD
International Revenue
Hacking
Share Fraud There is a clear need to differentiate
between the:
Non Authorised Access
Private Use o ENABLER TECHNIQUE
versus
National Premium
Cloning Rate Service o FRAUD TYPE
By doing so network operators will be
Mobile Malware Interconnect Bypass able to effectively understand fraud and
mitigate it at two level:
Signalling Manipulation Overbilling o Review of
Procedures, Processes, Service
Platforms and Network
Bribery Phishing
o Enhancement and reconfiguration
of Fraud Management Systems
Social Engineering Others (FMS)
Enhancement and
Review of Procedures;
reconfiguration of
Processes; Service
Fraud Management
Platforms and Network
Systems
Copyright © 2012 TeleManagement 19
© 2012 TeleManagement Forum | Forum, All Rights Reserved. | 19 www.tmforum.org
v2011.1
20. Fraud Management Business Metrics
Stage A: Fraud Classification Model
FRAUDSTER OBJECTIVE ENVIRONMENT ATTACK CUSTOMER TECHNOLOGY SERVICE PAYMENT IMPACTS
PS
HTTP/HTTPS
TT
/H
TP
HTTP/HTTPS
HT
IMT
CORBA
OSS-RC MN-OSS CS-DS CS-WS EFWS Portal FOCA
LDAP
DIAMETER FTP
DIAMETER
PPS CS-MS CS-CS CS-AS EMA
SRD MM
ISC LDAP
DIAMETER
DNS
DIAMETER ENUM/
HSS S-CSCF RS DNS
SIP
Rx+ ISUP
Gm P-CSCF I-CSCF
S-CSCF MGCF/SG
Gx+
PCRF
(SIP) SIP
H.248
PSTN
SIP
PLMN
TDM
ViG
GGSN PDG MG
A-SBG N-SBG RT
P/
RT SI
P/ P/
RTP SIP H32
/H 3
32
SIP RTP 3
AAA SIP
H.323 IP
SGSN WAG
Backbone
BRI BRI
PRI POTS Other VoIP
Networks
UTRAN WLAN
Network
Fraud Classification Attributes
ENABLER FRAUD
TECHNIQUE TYPE
FRAUD CASES CLASSIFICATION
© 2012 TeleManagement Forum | 20 www.tmforum.org
v2011.1
20
21. Fraud Management Business Metrics
Stage A: Fraud Classification Model
EXAMPLE 1
FRAUDSTER OBJECTIVE ENVIRONMENT ATTACK CUSTOMER TECHNOLOGY SERVICE PAYMENT IMPACTS
Hacker Divert At External Postpaid IP Centrex Voice Invoice Financial
money to National Payment
Business
(Due date)
Churn
finance Territory
Customer
terrorist
group
Fraud Classification Attributes
ENABLER TECHNIQUE FRAUD TYPE
Hacking into IP International
PBX Phone Revenue Share
System Fraud (IRSF)
FRAUD CASES CLASSIFICATION
© 2012 TeleManagement Forum | 21 www.tmforum.org
v2011.1
21
22. Fraud Management Business Metrics
Stage A: Fraud Classification Model
EXAMPLE 2
FRAUDSTER OBJECTIVE ENVIRONMENT ATTACK CUSTOMER TECHNOLOGY SERVICE PAYMENT IMPACTS
User/Cust Make At External Postpaid 3G Voice Invoice Financial
Payment
omer Money/ Roaming over
Mass (Due date)
Profit LTE
Market Interconnect
Settlements
Fraud Classification Attributes
ENABLER TECHNIQUE FRAUD TYPE
Subscription Reselling of
Fraud Service
FRAUD CASES CLASSIFICATION
© 2012 TeleManagement Forum | 22 www.tmforum.org
v2011.1
22
23. Agenda
Fraud Management Group Activities
1. Fraud Survey Highlights
2. The Road to an Effective Fraud Classification Model
3. Defining a Practical FM Implementation Guidebook
© 2012 TeleManagement Forum | 23 www.tmforum.org
v2011.1
24. FM Implementation Guidebook
Vision and Scope
FM Implementation Guidebook will be a practical step-by-
step guide to be used by CSPs as a reference for
implementing best practices identified and defined by the
TMF Fraud Team
The scope of the “FM Implementation Guidebook” is to provide CSPs with a
practical vision concerning the implementation of a strategic “Fraud
Management Process”.
The “FM Implementation Guidebook” will cover the essential aspects of Fraud
Management and will offer practical advise to CSPs on the organisation of daily
fraud activities:
o Fraud Management Tactical; Operational and Strategic actions
Copyright © 2012 TeleManagement 24
© 2012 TeleManagement Forum | Forum, All Rights Reserved. | 24 www.tmforum.org
v2011.1
25. FM Implementation Guidebook
Vision and Scope
Intelligence Gathering Management
Culture Influences Fraud Risk Exposure
TACTICAL OPERATIONAL STRATEGIC
PREVENTION (P) DETECTION (D) INVESTIGATION (I) MEASUREMENT (M)
FMS
Business Assurance Synergies
Security Revenue Assurance Internal Audit Risk Management
Copyright © 2012 TeleManagement 25
© 2012 TeleManagement Forum | Forum, All Rights Reserved. | 25 www.tmforum.org
v2011.1
26. FM Implementation Guidebook
Apr-Sep 2012 Project Scope
Identification of Telecom
FM Roles & Responsibilities
FM
Implementation
Guidebook
Fraud Operations
Management
Guide (GB954)
Copyright © 2012 TeleManagement 26
© 2012 TeleManagement Forum | Forum, All Rights Reserved. | 26 www.tmforum.org
v2011.1
27. FM Implementation Guidebook
Apr-Sep 2012 Project Scope
Identification of Telecom
FM Metrics and Performance Indicators
FM
Implementation
Guidebook
FM Key
Performance
FM Business Indicators
Metrics
Fraud
Classification
Model
Executive Board
Stage C
Members
FM Key Performance Indicators
• Performance Metrics
FM Business Metrics
Stage B • Detection
• Prevention
Operational
• BA Synergies
Level
Stage A
Fraud Classification Model
• Classification model
Copyright © 2012 TeleManagement 27
© 2012 TeleManagement Forum | Forum, All Rights Reserved. | 27 www.tmforum.org
v2011.1
28. Fraud Classification & Implementation Guide Projects
Project Plan
Jan 12 May 12 Jun 12 Sep 12
TAW Charter TAW Charter
Madrid Kick Off Baltimore conclusion
follow up follow up
meetings meetings
Draft
Scope Final
version
Definition version
discussion
Project deliverables
Fraud Classification Model
Implementation Guidebook
Classification Guidebook (new version)
• Classification Model Proposal New Guidebook
• New attributes • Roles & Responsibilities identification
• Revised list of Telecom Fraud definitions • FM Metrics & KPIs identification
Copyright © 2012 TeleManagement 28
© 2012 TeleManagement Forum | Forum, All Rights Reserved. | 28 www.tmforum.org
v2011.1
29. Agenda
Fraud Management Sessions
Thank you!
© 2012 TeleManagement Forum | 29 www.tmforum.org
v2011.1