TM Forum Fraud Management Group Activities - Presented at TM Forum's Management World 2012 in Dublin

Fraud Management Group Activities
Management World 2012

José Sobreira
Raul Azevedo
Tal Eisner
May 2012
© 2012 TeleManagement Forum | 1 www.tmforum.org
v2011.1

Agenda

1. Fraud Survey Highlights
2. The Road to an Effective Fraud Classification Model
3. Defining a Practical FM Implementation Guidebook

v2011.1

Fraud Survey Highlights
Objectives and Structure

Objectives
• Get a global picture regarding Fraud Classification practices
• Understand how different operators in different regions classify, track,
and report fraud
• Gather input for the Fraud Classification Guidebook roadmap

Structure
• Survey participants
• Fraud Management Organization
• General Fraud Classification Practices
• Specific Fraud Classification Practices

v2011.1

Survey Participants

Operator type Please indicate the industry Fraud Forums
(36 Respondents) that you follow or are a member (check all
that apply):
(21 Respondents)

3% 5%
Broadband 71%
3% Cable 62%
3%
5% 14% Carrier
43%
Fixed 33%
3%
17% Fixed & Mobile
14%
Fixed, Mobile & Broadband 5%
Mobile
42% 5% Mobile & Broadband FIINA CFCA TMForum GSMA TUFF Other
Fraud
MVNO Forum
Quad Play

v2011.1

Fraud Management Organization
Do you track any of the following metrics and What is the size of your current Fraud
key performance indicators (KPIs) today Management team (directly involved in
(check all that apply): fraud management)?
(23 Respondents) (23 Respondents)

78% 78%
65% 65% <5
52% 9%
48% 5-10
22% 39%
10-25

25-100
30% >100
Fraud losses vs Revenuesdetection
Fraud time Fraud losses byFraud savings of alarms by day
case Number False positive rate

Are you also responsible for other
processes in the business (check all that
apply):
(19 Respondents)

68% 68%

42%
37%
32%

Revenue Assurance debt analysis Management (risk)
Bad Product Legal and Regulatory issues
Other (please specify):

v2011.1

General Fraud Classification
What are your Top 3 fraud types
found (by quantity of frauds
discovered)?
(23 Respondents)
Wangiri
100% 2% Topups
6%
90%
Subscription
Roaming
22%
80%
Payments
70%
8%
Internal
60% 5% IRSF
6%
Hacking (PABX)
50% 6%
Equipment (subvention)
8%
40%
Dealer
6%
30% Credit card
9%

20% 5%
Collection
5% Cloning
10%
8% Clip-on
3%
0% Bypass
1st 2nd 3rd TOTAL
Account takeover

v2011.1

General Fraud Classification

What are your Top 3 fraud types found (by estimated
costs suffered by your business)?
(20 Respondents)

100% 2%
Topups
90% Subscription
27%
80%
Roaming
Payments
70%
5% NGN Network Intrusion
4%
60% IRSF
5%
Internal
50% 11%
Hacking (PABX)
40%
11% Equipment (subvention)
30% 7%
Dealer

7%
Credit card
20%
5% Cloning
10% 5% Clip-on
4%
0%
4% Bypass
1st 2nd 3rd TOTAL Account takeover

v2011.1

Specific Fraud Classification

Respondents were asked to classify a set of presented scenarios
with the type of fraud that was being committed

• 70% to 80% of similar answers in minor part of the presented
scenarios,
• No common language of classifying a fraud scenario. In several
scenarios, more than 50% of given answers didn’t match
• The dispersion of answers clearly correlates with service type
(Mobile, Fixed, Cable, MVNO or Carrier).
• There are different names commonly accepted for the same Fraud
Type, leading to some respondents using one or even both.

v2011.1

Specific Fraud Classification

• Difficulty in classifying scenarios where multiple crimes were
perpetrated, namely getting access to the service and committing the
fraud.
• Some respondents are already tackling these classification
challenges by opting to give multiple answers to distinguish, for
example, the method used for the fraud type and driver.

v2011.1

Agenda


v2011.1

Fraud Classification Model
Why do we need an effective FM Classification Model?

Internally
Effective monitoring, analysis & reporting
• Focus on critical dimensions
• Top down approach
• Trend analysis and forecasting

Externally
Benchmarking and industry/regulatory reports
• Industry benchmarking and statistics
• Market research
• Fraud/Risk Bureaus

Copyright © 2012 TeleManagement 11
© 2012 TeleManagement Forum | Forum, All Rights Reserved. | 11 www.tmforum.org
v2011.1

Why do we need an effective FM Classification Model?

An example from the Fraud Survey

Fraud Scenario Referred Fraud Types Statistics
“Fraudster generates a high volume of • PRS Unique: 39%
calls to a PRS number range that he • IRSF Multiple: 44%
owns in another country with no intention • PRS/IRSF Structured: 17%
to pay.”
• Bypass/SIMBOX
• PABX Hacking
• Clip-on
• Stolen Line
• Subscription
• Dealer
• Payment
• PBX / Voicemail
• Roaming out

v2011.1

Challenges

• Distinct names for the same Fraud Type

• Distinct interpretation depending on the core service
(Mobile, Fixed, Cable, etc.)

• Multiple Frauds perpetrated in the same Fraud Case

• Fast changing nature of Fraud

• Need for a multi-dimensional analysis

• Need for different levels of abstraction

• Existence of several similar Ad hoc “Fraud Type” lists

v2011.1

Fraud Classification Dimensions

Dimensions are the key axes of Fraud Case analysis

Method or
Technique
• Method or Technique

• Context
Context
• Driver or Motivation

• … Driver or
Motivation …

The development of a Fraud Classification Model is essential for a
Fraud Management Business Metrics project!

v2011.1

Fraud Management Business Metrics
Why a FM Business Metrics Strategy?

 The Fraud Management efficiency as a discipline, depends on the type of Fraud Business Metrics or
Indicators created.

 Once developed and implemented the “Fraud Management Business Metrics” are used by Fraud Teams to:

o Understand the fraud environment

o Measure and evaluate fraud cases

o Develop mitigation strategies

o Share and create internal visibility

o Take investment decisions on technical, human, operational and financial resources

 An efficient “Fraud Management Business Metrics” Strategy should consider three sequential stages:

o Stage A: define a standard Fraud Classification Model

o Stage B: define and analyse metrics for Fraud Detected, Prevented and BA* Synergies

o Stage C: select strategic Fraud Key Performance Indicators for C – Level visibility

(*) BA Business Assurance

v2011.1

FM Classification Model, Metrics and Performance Indicators

Executive Board
Stage C FM Key Performance Indicators

Members
• Selected Performance Metrics

FM Business Metrics
Stage B • Detection
• Prevention
•

Operational
Business Assurance Synergies

Level
Stage A Fraud Classification Model
• Based on standard classification model

v2011.1


Executive Board
Stage C

Members
FM Key Performance Indicators
• Performance Metrics

Stage B
FM Business Metrics
•
•
Detection
Prevention
Stage A: Fraud Classification Model

Operational
• BA Synergies

Level
Stage A
• Classification model

Model Categories Operator Benefits

 Operator Profile
Fraud  Fraud Cases Classification  Fraud Management Actions
Classification
Model (FCM)  Fraud Mitigation  Per Operator

 Per Industry

 The efficiency of the FCM depends on the methodology used for the Classification of Fraud Cases, that should be:
o Clear (promotes understanding of fraud)
o Simple (facilitates the featuring of each fraud case)
o Easy to Use (allow information sharing and mitigation)

v2011.1


Handset Subsidy Loss

Subscription Fraud Today the
Telecommunications
Credit Card Fraud Industry is
presented with many
Payment Fraud different and not
synchronized ways
Roaming Fraud of Fraud
Classification
Dealer Fraud

Mobile Malware

Internal Fraud

SIM Cloning
Executive Board

Stage C
Members

• Performance Metrics Prepaid Fraud
FM Business Metrics
• Prevention
Hacking
Operational

• BA Synergies
Level

Stage A
Wangiri

SS7 Tampering
v2011.1

ENABLER TECHNIQUE
FRAUD TYPE
(fraudulent way to obtain/access
(fraudulent scheme)
service)

Reselling
Subscription Fraud
TELECOMS SERVICE FRAUD

International Revenue
Hacking
Share Fraud  There is a clear need to differentiate
between the:

Non Authorised Access
Private Use o ENABLER TECHNIQUE
versus
National Premium
Cloning Rate Service o FRAUD TYPE
 By doing so network operators will be
Mobile Malware Interconnect Bypass able to effectively understand fraud and
mitigate it at two level:

Signalling Manipulation Overbilling o Review of
Procedures, Processes, Service
Platforms and Network
Bribery Phishing
o Enhancement and reconfiguration
of Fraud Management Systems
Social Engineering Others (FMS)

Enhancement and
Review of Procedures;
reconfiguration of
Processes; Service
Fraud Management
Platforms and Network
Systems

v2011.1


FRAUDSTER OBJECTIVE ENVIRONMENT ATTACK CUSTOMER TECHNOLOGY SERVICE PAYMENT IMPACTS
PS

HTTP/HTTPS
TT
/H
TP

HTTP/HTTPS
HT

IMT
CORBA

OSS-RC MN-OSS CS-DS CS-WS EFWS Portal FOCA

LDAP

DIAMETER FTP
DIAMETER
PPS CS-MS CS-CS CS-AS EMA
SRD MM

ISC LDAP

DIAMETER
DNS

DIAMETER ENUM/
HSS S-CSCF RS DNS

SIP

Rx+ ISUP

Gm P-CSCF I-CSCF
S-CSCF MGCF/SG
Gx+
PCRF
(SIP) SIP
H.248
PSTN
SIP
PLMN
TDM
ViG
GGSN PDG MG
A-SBG N-SBG RT
P/
RT SI
P/ P/
RTP SIP H32
/H 3
32
SIP RTP 3
AAA SIP
H.323 IP
SGSN WAG
Backbone
BRI BRI
PRI POTS Other VoIP
Networks

UTRAN WLAN
Network

Fraud Classification Attributes

ENABLER FRAUD
TECHNIQUE TYPE

FRAUD CASES CLASSIFICATION

v2011.1
20

EXAMPLE 1

 Hacker  Divert  At  External  Postpaid  IP Centrex  Voice  Invoice  Financial
money to National Payment
 Business
(Due date)
 Churn
finance Territory
Customer
terrorist
group


ENABLER TECHNIQUE FRAUD TYPE

 Hacking into IP  International
PBX Phone Revenue Share
System Fraud (IRSF)


v2011.1
21

EXAMPLE 2

 User/Cust  Make  At  External  Postpaid  3G  Voice  Invoice  Financial
Payment
omer Money/ Roaming over
 Mass (Due date)
Profit LTE
Market  Interconnect
Settlements


ENABLER TECHNIQUE FRAUD TYPE

 Subscription  Reselling of
Fraud Service


v2011.1
22

Agenda


v2011.1

FM Implementation Guidebook
Vision and Scope

FM Implementation Guidebook will be a practical step-by-
step guide to be used by CSPs as a reference for
implementing best practices identified and defined by the
TMF Fraud Team

 The scope of the “FM Implementation Guidebook” is to provide CSPs with a
practical vision concerning the implementation of a strategic “Fraud
Management Process”.

 The “FM Implementation Guidebook” will cover the essential aspects of Fraud
Management and will offer practical advise to CSPs on the organisation of daily
fraud activities:

o Fraud Management Tactical; Operational and Strategic actions

v2011.1

Vision and Scope
Intelligence Gathering Management
Culture Influences Fraud Risk Exposure

TACTICAL OPERATIONAL STRATEGIC

PREVENTION (P) DETECTION (D) INVESTIGATION (I) MEASUREMENT (M)

FMS

Business Assurance Synergies

Security Revenue Assurance Internal Audit Risk Management

v2011.1

Apr-Sep 2012 Project Scope
Identification of Telecom
FM Roles & Responsibilities
FM
Implementation
Guidebook

Fraud Operations
Management
Guide (GB954)

v2011.1

Apr-Sep 2012 Project Scope
Identification of Telecom
FM Metrics and Performance Indicators
FM
Implementation
Guidebook

FM Key
Performance
FM Business Indicators
Metrics

Fraud
Classification
Model
Executive Board

Stage C
Members

• Performance Metrics

FM Business Metrics
• Prevention
Operational

• BA Synergies
Level

Stage A

v2011.1

Fraud Classification & Implementation Guide Projects
Project Plan
Jan 12 May 12 Jun 12 Sep 12

TAW Charter TAW Charter
Madrid Kick Off Baltimore conclusion
follow up follow up
meetings meetings

Draft
Scope Final
version
Definition version
discussion

Project deliverables
Implementation Guidebook
Classification Guidebook (new version)
• Classification Model Proposal New Guidebook
• New attributes • Roles & Responsibilities identification
• Revised list of Telecom Fraud definitions • FM Metrics & KPIs identification

v2011.1

Agenda
Fraud Management Sessions

Thank you!

v2011.1

TM Forum Fraud Management Group Activities - Presented at TM Forum's Management World 2012 in Dublin

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Destacado

Destacado (17)

Similar a TM Forum Fraud Management Group Activities - Presented at TM Forum's Management World 2012 in Dublin

Similar a TM Forum Fraud Management Group Activities - Presented at TM Forum's Management World 2012 in Dublin (20)

Más de cVidya Networks

Más de cVidya Networks (20)

Último

Último (20)

TM Forum Fraud Management Group Activities - Presented at TM Forum's Management World 2012 in Dublin