New business models + new technology + a bit of imagination = new frauds
The telecoms industry has always suffered from the malicious impacts of fraudsters. Whether it was bashing the edges of coins to make coin-operated phones accept lower value coins, dealer frauds at calling card vendors or the emergence of mobile malware usage, the industry has come to an acceptance that some revenue will be lost to fraud. As the economic environment in the telecoms industry tightened at around the turn of the millennium, communications service providers (CSPs) started to focus on how much they could prevent and recover of the tens of billions of dollars of telecoms fraud they suffer each year.
The figures are substantial. In its 2015 Fraud Loss Survey, the Communications Fraud Control Association (CFCA) found that CSPs lose $38 billion to fraud each year. To combat statistics such as this, CSPs made the investment in fraud and analytical tools to identify and prevent frauds of a bewildering number of types, detailed in Figure 1.
These give a reflection of the current types of fraud that operators have to battle. However, we expect this to change. Despite the change in technology and new business models we tend to see almost the same fraud types every year to appear on top of the rankings
These early systems – often deployed ten years or more ago – proved effective at uncovering previously unchecked frauds and rapidly proved their value in the form of stemming revenue losses. Vendors were able to make highly attractive claims regarding the revenue their systems could protect from fraud, which far outweighed the cost of the systems themselves.
However, the success of such systems led to diminishing returns as easy-to-identify frauds were halted. CSPs continued along the upgrade path, periodically moving to later versions of systems but the industry is now at a break point where traditional systems no longer provide comprehensive ability to address new forms of frauds and frauds on new services. Many ageing systems are still in operation and have not been replaced with newly designed systems, leaving CSPs’ newer revenue streams open to malicious activity.
The problem the industry faces with this lack of replacement is that in the intervening 10 to 15 years, the nature of the telecoms business has changed and, inevitably, so have the habits and techniques of fraudsters. It’s important to recognise this is a cat and mouse game in which fraudsters respond rapidly. For example, the introduction of IP network technology led to PBX hacking.
Most probably old systems can’t cope with the diversified service arena that now encompasses on-demand, premium services, and the new dynamic, virtualized network arena, enabled by software defined networking (SDN) and network functions virtualisation (NFV). These technologies are enabling a more agile era in which the configuration of the network and the orchestration of services will change continuously producing new door for fraudsters to enter and at the same time making it far more difficult to track and identify frauds under a new generation of attacks.
Digital transformation means fraud transformation
Digital transformation has seen traditional telecoms services such as metered voice minutes and SMS be replaced by flat rate packages and one-time download fees for content such as video, games and music. These new services open CSPs up to new types of fraud and the stakes are higher for CSPs because they are not just losing out on revenue from unpaid utilization of their network; they are also responsible for paying content owners fees for fraudulently accessed premium content, video in particular.
Where the old systems fall down is that they were designed for an era in which CSPs monitored fraud by analyzing call details records (CDRs). These were useful for determining unusual usage or spikes in behavior that warranted further investigation. Now and further into the virtualized network era, CDRs won’t exist because there is no call to have a detail record of. Although other detail records do exist, these come from sources CSP IT infrastructure and are challenging to collate and analyze.
The arrival of Voice over LTE (VoLTE), for example, means mobile calls are even more exposed to fraud because signaling is implemented in the mobile operating system instead of in the mobile-based broadband network, as it is for 2G/3G telephony. Many of these vulnerabilities can then be exploited remotely through mobile malware to profit fraudsters.
Could fraud management become a bottleneck?
In the absence of CDRs and other types of xDR, fraud management systems need to analyze other data to gain granular insights into suspicious behaviors. The problem is that there are so many areas to assess, as detailed in Figure 1, and such insights need to be generated automatically from a vast array of disparate systems.
That situation in exacerbated because Figure 1 only reveals data concerning the frauds that were specifically being looked for. It doesn’t take into account fraud types and methods that were not searched for. As US Defence Secretary Donald Rumsfeld memorably said:
“There are known knowns. These are the things we know we know. There are known unknowns. That is to say, there are things we don’t know. But there are also unknown unknowns. There are things we don’t know we don’t know.”
Fraud is sometimes like this: an unknown unknown.
Traditional fraud management processes don’t address the changed marketplace and they are also inadequate for securing new types of offering and handling the sheer scale of data involved. There is, therefore, a real danger that fraud management can become a bottleneck, impeding CSPs’ ability to offer services until fraud can be managed.
The systems of a decade ago simply don’t address capabilities that are essential to enable the automated analysis of such large volumes of data. Among the missing capabilities of decade-old fraud management systems are:
- Machine learning
- Self-service analytics
- Processing capabilities for Hadoop
- Visual interfaces that help made sense of data faster and more meaningful as we have today
All of these are required to fully handle the complexity of a multi-network, multi-service infrastructure that is continually changing its function. Technology to support fraud management operations has therefore changed significantly, with an increased reliance on business intelligence (BI) and analytics as a means for uncovering and identifying fraud.
Figure 2 below details the hype cycle of BI and analytics and demonstrates the technologies that CSPs are deploying to operate their businesses. Critically, the ability to harness predictive analytics to identify fraudulent behavior in advance of fraud being committed is being enabled by this technology cycle. This is enabling departments and other CSPs to share insights into frauds so specific instances of fraud are not able to proliferate globally if they have been identified in one location.
The pressure CSPs are under is compounded because of the proliferation of services they are involved in the delivery of. These are often outside the CSP’s control but the CSP is best placed to identify that fraud is occurring because of its insight into the traffic it carriers over its networks. For example, with new services such as Internet of Things (IoT) and sensor networks that have fraudulent apps installed, CSPs need the capability to rapidly add new data sources, such as risky IP feeds, for fraud detection to be performed and enable data scientists to model data or advanced analytics for going beyond rule-based detection. There are advantages in combining the two approaches of traditional fraud indicator analytics and the new skills of data scientists but the sheer volume involved means that anything achieved in near real-time or predictively must be done in an automated way.
Breaking the rules
Fraud management vendors have been delivering rule-based system for years because they offer a way of delivering encoded human expert’s knowledge in a fairly narrow way to deliver automation. Even if you have a highly trained fraud management team having a system from a known vendor it will leverage the human expert’s knowledge built in it to make it available to a very large range of people that work on fraud management within the CSP. Another advantage is that they allow to capture the expertise of an expert in a field, then any knowledge which they might have is not lost when they leave the CSP.
The downside of this approach it that rules are only effective to detect simple, fixed, known patterns such as validating black lists from fraudsters.
Over time, technology has changed to allow fraud managers to address fraud more quickly and efficiently. Machine learning using anomaly detection is just the start to creating actionable intelligence from petabytes of information within CSP and their surrounding ecosystem.
For example, machine learning can identify unusual patterns and correlations from disparate data sources, going far beyond traditional rule-based fraud management. Advanced fraud management systems are even able to deliver a unique visualisation of verification results based on factors such as social network activities. In addition, machine learning algorithms can enable the targeting of more complex risks, including both known and new, unknown threats, and with digitalization continually breeding new and evolved fraud types, being able to identity and react to different, complicated threats as they arise is key to protecting revenues and reputations.