The 4 pillars of anti-fraud strategy
03 Jan 2017
The 4 pillars of anti-fraud strategy
Everyone knows that telecom operators face a huge problem with fraud, and that the trends of risk and loss are increasing.
New areas for fraud include: through data including that related to the digitization of offers; breaches in security; and the grey zones between fraud and security. They all mean turbulent times for the teams in charge of protecting revenues against fraud.
As the revenue ‘pie’ grows, we need an increasingly complex anti-fraud strategy to properly identify and mitigate the new operational risk zones (ORZ). The most important are in marketing, sales, network and information systems, and have been created by the rapid growth in revenues and new activities.
The biggest challenges for the teams are:
This scissor effect is like the North Pole of anti-fraud strategy – the hardest place to reach and the biggest contribution to a company’s growth ambitions. To achieve it, anti-fraud strategy must mobilize skills, systems, processes and organization.
The graph below shows the scissor effect and the reverse curves which are the aim of the strategic business plan for revenue growth and risk decrease, provided by marketing, finance and risk management teams.
New areas for fraud include: through data including that related to the digitization of offers; breaches in security; and the grey zones between fraud and security. They all mean turbulent times for the teams in charge of protecting revenues against fraud.
As the revenue ‘pie’ grows, we need an increasingly complex anti-fraud strategy to properly identify and mitigate the new operational risk zones (ORZ). The most important are in marketing, sales, network and information systems, and have been created by the rapid growth in revenues and new activities.
The biggest challenges for the teams are:
- Working towards medium- to long-term horizons (the business plan and the products roadmap) and implementing all necessary control processes and systems; and
- to assure the 'scissor effect’ contribution – that is to reduce the risks at the same time as corporate revenues are rising.
This scissor effect is like the North Pole of anti-fraud strategy – the hardest place to reach and the biggest contribution to a company’s growth ambitions. To achieve it, anti-fraud strategy must mobilize skills, systems, processes and organization.
The graph below shows the scissor effect and the reverse curves which are the aim of the strategic business plan for revenue growth and risk decrease, provided by marketing, finance and risk management teams.
A sound, effective strategy is built on the following four pillars.
Unlike football, which is relatively predictable, as it is bi-dimensional game with few possible combinations, chess is a strategic game, with infinitely more possible combinations. Failure to predict the movements of your adversary leads to checkmate. Fraud is like a game of chess, so it is highly important to:
This can predict and recommend techniques which align with strategic, balanced score card targets and help achieve the scissor curve.
Fraud prevention techniques may not stop all potential perpetrators, but early detection of fraud, through different means, technologies and procedures, reduces the damage and demonstrates commitment. Fast detection acts as a deterrent to would-be fraudsters and contributes to developing a clear anti-fraud culture.
The technology mix is an important part of the strategy concerning system selection, implementation and management and its efficiency. We need to adopt a collaborative architecture between different systems to provide a 360° view and protection. These systems include those for fraud management and call tracking, data mining systems predictive (DMS_P) as core systems, and other auxiliary systems like those for SMS Control.
Successful detection is built on:
The scope of detection includes:
Collection is the fourth leg of a successful anti-fraud strategy, but it’s very difficult to ‘get the money back’. Where fraudsters are taken to court with all supporting evidence, there some key actions to prepare and execute for recovering money.
Prevention
- Constantly assess fraud risks and mandate regular system and process audits on vulnerable revenue streams.
- Build and implement robust anti-fraud policies.
- Set up a yearly, comprehensive fraud awareness and ethics program for executives, managers and staff. Consider implementing a process to control human factor vulnerabilities, with key performance indicators (KPIs) and corresponding material to deliver the message.
- Conduct due diligence for fraud by deploying know your customer (KYC) and know your partners (KYP) procedures and scoring systems.
- Improve skills and expertise by implementing a fraud learning organization with a knowledge management process for fraud market intelligence. This can be sourced from industry forums, studies by specialized consulting companies and reports from secure internet sites.
- Gather fraudsters behavior intelligence (FBI) using profiling techniques and by observing fraudsters’ modus operandi. Profiling is often used in police work when discussing crime and addressing the methods employed by the perpetrators. It is also used in criminal profiling where it can provide clues to offenders’ psychology.
- Implement a fraud case intelligence (FCI) using efficient case management procedures and systems to learn from cases’ lifecycles;
- Case opening,
- Case evaluation and assessment,
- Case processing with measures and actions taken,
- Case closing conditions (decision process, workflow and controls on case life cycle), and
- Case prevalence and hit rate (case frequency and impact).
Prediction
Unlike football, which is relatively predictable, as it is bi-dimensional game with few possible combinations, chess is a strategic game, with infinitely more possible combinations. Failure to predict the movements of your adversary leads to checkmate. Fraud is like a game of chess, so it is highly important to:
- Use predictive techniques and data mining to profile fraudsters’ modus operandi and avoid false positives to develop different algorithms for learning systems. Prediction is not an exact science, but it can be an essential management tool where it is used to:
- set targets,
- anticipate deviations from this target,
- take corrective actions,
- be part of the company’s business plan, and
- make visible the effectiveness of risk reduction.
This can predict and recommend techniques which align with strategic, balanced score card targets and help achieve the scissor curve.
- Develop methods of forecasting to use as ‘radar’ to stick to the business plan’s figures and follow balanced score card objectives. These objectives are annual, but must be forecast monthly to comply, as far as possible, with the scissor effect curve.
- Set the follow-up method and dashboard to compare ‘actual’ with ‘forecast’, then tackle the issues and take corrective actions to boost results.
- Set control kevel KPIs to measure how actions affect the scissor curve and the ‘kick win back’ on traffic or revenue savings.
Detection
Fraud prevention techniques may not stop all potential perpetrators, but early detection of fraud, through different means, technologies and procedures, reduces the damage and demonstrates commitment. Fast detection acts as a deterrent to would-be fraudsters and contributes to developing a clear anti-fraud culture.
The technology mix is an important part of the strategy concerning system selection, implementation and management and its efficiency. We need to adopt a collaborative architecture between different systems to provide a 360° view and protection. These systems include those for fraud management and call tracking, data mining systems predictive (DMS_P) as core systems, and other auxiliary systems like those for SMS Control.
Successful detection is built on:
- strong expertise in rules and formula tuning to avoid false positives; and
- performing forensic, root-cause analysis; and
- investigations and implementation of efficient dynamic controls (EDC.
The scope of detection includes:
- a whistleblowing hotline
- offline and online systems for detection and geo-location systems, with adequate controls, case management functions and high level performance (24/7)
- lawful interceptions and investigations
- internal tip-offs
- external tip-offs
- internal audit
- external audit
- corporate security
- risk management.
Collection
Collection is the fourth leg of a successful anti-fraud strategy, but it’s very difficult to ‘get the money back’. Where fraudsters are taken to court with all supporting evidence, there some key actions to prepare and execute for recovering money.
- Build a sound and legally acceptable method of evaluating the losses.
- Evaluate penalties set by law.
- Where appropriate and possible by law, seize the fraudsters’ property.
- Develop a commission clawback policy as a deterrent, with high but fair penalties for those who deliberately enable fraud by neglecting preventive procedures.
- Carefully manage tariff plan upgrades for fraudulent SIM/MSISDN owners to put them on higher cost plans. This should be limited over time, not used as long-term or permanent strategy.
