This article, written by Jason Lane-Sellers (Fraud & Security SME – Mobileum) first appeared on fraudandidentity.com in July 2017 (Original article here).
When it comes to Communications Service Provider (CSP) fraud defense, there is no one that benefits more from the current status quo than fraudsters. Telecom fraudsters have been draining the industry of $46.3 billion a year – an amount which has risen by 15 percent since 2011. If things continue as they are, expect that number to grow considerably.
Part of the problem is that modern fraud techniques have simply evolved to the point where operators themselves can’t keep up. Fraud methods are becoming increasingly more sophisticated and complex, and current, predominantly, rule-based systems are struggling to stay up to date. Fraudsters know that most solutions are reactive rather than proactive, and are effectively exploiting the time it takes to discover their new schemes for their profit. Too often, a fraud isn’t even discovered until after the CSP’s bottom line has been severely impacted. Due to the continually evolving, increasingly complex nature of fraud attacks, CSPs are under increased pressure to bridge the gap between providing a high level of customer service and preventing fraud. Some examples of common frauds in the telco space include Subscription Fraud, Interconnect Bypass Fraud and Dealer Fraud. More recently, CSPs are also seeing a rise in Account Takeover, adding to the strain put on their already overburdened fraud management systems (FMS) and customer service teams.
So how can operators keep up, or hopefully even get ahead? The answer lies in analytics. CSPs need a comprehensive multi-protocol solution that is nimble, fast and adds to an operator’s current system capabilities, creating an uneconomical environment for fraudsters, breaking their business model and moving them off the network with minimal impact to your organization. An effective defense requires a number of key elements:
- capturing the appropriate data
- filtering and blocking abnormal and suspicious traffic or activities.
- using advanced analytical methods to stop sophisticated fraud.
Capturing and filtering based on known rules is the current, standard modus operandi. But how do you stop the more sophisticated frauds? The ones that the standard rules can’t see or detect?
You must start by using defensive analytics to monitor traffic at all interconnecting points – domestic and international – and capturing data for both inbound and outbound roamers using in-signalling nodes.
In addition to constantly analyzing traffic from the various, relevant locations, an analytics system is required to filter abnormal and suspicious traffic based on pre-configured rules. Using machine learning outlier detection allows the system to go beyond the rule-based systems and catch the fraud threats at an earlier stage. The outcome of the analysis can then be reported to the CSP in near real-time and CSPs may additionally configure SMS actions or email-based alerts based on their own requirements.
Analytics is no longer a large dataset to be assessed after the fact. The leaps made in Big Data and Analytics in the past few years means real-time, advanced methods of pattern identification can be designed and operated by experienced analytics and fraud professionals. The best defenses use pattern recognition methods to establish relationships across multiple dimensions.
By using analytics against fraudsters, you will be able to access many benefits such as:
- Accurate insights – The best solutions provide a delicate balance of missing few genuine instances of fraud (false negatives), while at the same time not identifying too many false positives. Industry standards are currently at >70 percent for false positives when CSPs should be aiming for <10 percent
- Simple access – delivery of fraud warnings in clear, easy-to-understand language and processes
- Data science – advanced machine learning capabilities utilize supervised and unsupervised machine learning techniques to detect various known and unknown fraud scenarios
- Active testing – an agent that is completely configurable and can be scheduled to generate test call results which can be further analyzed, resulting into a self-correcting solution and significantly reduce false positives
- Integrated action systems significantly reduce the time to take corrective action (blocking a fraudster/service/route etc.) on detected frauds. This significantly reduces the overall fraud runtime opportunity
- Advanced reporting – by taking a look at traffic patterns the data can detail how traffic moves from one network mode to another, again, providing greater insights.
The telecoms sector is significantly expanding its services around the world with faster connections and more connected devices. New services create not just new revenue opportunities but also associated risks for operators. The challenge is to secure the upside and, at the same time, minimize potential losses incurred via fraudulent activity. Fraud is increasingly becoming more difficult to detect and prevent because of the high degree of network complexity and the fraudsters’ ever evolving use of sophisticated techniques and tools. But with these advancements in fraud, CSPs must advance their fraud protection tactics. The appropriate and integrated use of analytics is the best way to fight new fraud in real-time and, ultimately, stop it in its tracks.
Without these advanced fraud-fighting techniques, the fraudsters’ business model stays intact and profitable.