By Richard Agnew
Operators and service providers have long been targeted by fraudsters, with up to 5% of their revenues said to be at risk. With the region’s telcos investing large sums in system upgrades and new services, solutions that can protect them are increasingly coming into the spotlight
|~||~||~|Telecoms fraud is big business. Defined simply as ‘the use of a telecoms service without any authorisation or intention to pay’, but perpetrated by terrorist organisations, criminals, employees and hackers for various reasons and in many different ways, fraud has consistently seen large amounts of cash tumble out of operators’ pockets every year.
The problem is also widely believed to be on the rise and increasingly coming under the scrutiny of operators and service providers in the Middle East and Africa as they modernise their systems and processes.
For operators, the stakes are inevitably being raised in the battle against fraudsters as communications services go global and a greater variety and volume of traffic is sent over telecoms networks. Fraud management solution providers are also leading us to believe that the problem is getting worse, as they target what is proving to be a burgeoning market.
Telcos and service providers have remained tight-lipped over any fraud-related issues they have experienced, making the extent of the problem difficult to gauge. But recent figures back up claims that it has yet to be properly tackled.
The Communications Fraud Control Association (CFCA), having interviewed telecoms businesses in 26 countries earlier this year, issued a report recently claiming that worldwide telecoms fraud losses have spiralled to between US$35billion and US$40billion per year.
Analyst house, IDC, also estimates that fraud constituted just over 10% of all revenue leakage relating to operators’ operational support systems (OSSs) and billing processes during 2002.
Additionally, operators’ unwillingness to publicise losses suggests that many cases are going undetected, and that some frauds are written off as bad debt.
“I think that the [US$40billion] figure is low,” says Roy Shelton, director of sales for the Middle East and Africa at revenue assurance solutions provider, Cerebrus Solutions. “Operators cannot accurately predict the amount of fraud that’s happening in their network and are typically unwilling to talk about fraud, because of the damage it can do to their branding. It can also encourage fraudsters to target them,” he adds.
The local market for fraud detection and prevention solutions is also believed to be growing, due to the lack of preparedness among many operators.
“Most [operators] are not prepared at all,” says Mohsen Malaki, senior research analyst at IDC’s CEMA telecoms group. “By their own admission, a large chunk of their international long-distance revenue and incoming settlement rate revenue is lost to illegal callback services and VoIP providers. Most telcos are struggling to fend off these cases of fraud,” he adds.
Several incidents that have become public illustrate the problems being experienced by operators in the region. For example, law enforcement agencies have been forced to shut down illegal callback and voice over IP (VoIP) operations in countries such as Egypt and Morocco. Last year, Jordan Telecom admitted it was losing around US$17million per annum to cheaper voice providers intercepting calls coming into the Kingdom from abroad.
In 2001, a high profile case emerged when Saudi Telecom Company (STC) began investigating a mobile subscription scam, after a fraudster had used the names of other subscribers to rent phones out to expatriate workers at a profit. The scandal became public when the victims approached STC after receiving huge mobile phone bills, some in the region of US$200,000.
“STC said about these cases — proof of its inability to deal with them effectively — that it had no clear way of detecting them,” says Malaki. “Extensive investigation resulted in their [the fraudsters’] arrest, but the effect on the customer relationship, and the bad press, reflected negatively on STC,” he adds.
STC also estimates that over 120 illegal telephone cabins currently operate in Riyadh, employing some 1,000 expatriates.
Over 300 variants of telecoms fraud are estimated to be in use, and this number is expected to grow with the advent of new services such as 3G and VoIP. While local operators are now investing large sums in upgrading their networks, telecoms fraud attacks are also becoming increasingly sophisticated and are tapping into the arrival of these new technologies.
Certain weaknesses also need to be addressed if IP-based services are to be protected. Common IP-based event usage standards have yet to be fully adopted, and unlike the switches in public switched telephony networks (PSTNs), IP routers do not store billing usage data, meaning that the traditional audit approach of many operators will have to brought up to date.
“Revenue assurance in IP-based services is significantly more challenging than it is in PSTN-based networks,” says Malaki. “The lack of widely-accepted standards in IP-based event usage processing is creating problems for vendors developing common offerings that would meet the requirements of IP revenue assurance,” he adds.
As a result, it is expected that operators will have to assess the effectiveness of many of their internal systems to establish suitable protection for IP services. Solutions that analysts say are necessary for protection against fraud include convergent mediation and rating platforms, settlement solutions, state-of-the-art fraud detection packages and credit control and collections management functions.
Business intelligence solutions — now being adopted by many operators in the region — can also help with the ‘business-level’ prioritisation of key leakage problems, according to IDC.
In addition, operators will need to create greater storage capacities, as IP detail records can grow much larger than circuit-switched call detail records (CDRs) and IP networks lack billing-related storage capabilities. “Service providers will need to either have extensive storage capacities or come up with techniques to perform ‘real-time revenue assurance,’ which will be a significant challenge and make any existing leakage sources very difficult to discover,” says Malaki.
For mobile operators, next-generation wireless services, such as m-commerce and mobile banking, are also expected to present new challenges. These include keeping track of the complex exchanges and micropayments that will take place between carriers and content providers, and the increasing value of transactions travelling over operators’ networks.
“The fraudster will always follow the money,” says Shelton. “As transactions go mobile we’ll start to see an increase in their value but a decrease in [that] of connectivity. So the threat is greater for the operator because there’s far greater stakes available, as opposed to just voice theft. Operators have to be careful to assess the threat to any new service before it is launched, and typically they don’t do that,” he adds.
Other challenges include the need for mobile operators to link their internal and external technologies and solutions more closely. “Key IP services such as 3G will not tolerate the current separation of operational tasks, such as fraud, risk management, IT security, network security, revenue assurance, and credit management, for revenue assurance,” says Malaki.
But at the same time as operators’ networks are being upgraded, fraudsters will also be working out new schemes to exploit them. “The biggest challenges related to fraud management are its high volatility and continuously changing characteristics. This dynamic environment not only requires state-of-the-art technologies for discovery of the fraudulent activities but it also becomes an inhibitor to revenue assurance initiatives,” says Malaki.
For example, Shelton says that bypass fraud — where international calls are billed at local rates — is currently proving a major headache for operators in the Middle East. “Subscription fraud is also causing immense problems for people, and... internal fraud is again becoming a major issue for fixed line and wireless operators throughout the region,” he adds.
At least one major PTT in the Gulf is known to be currently conducting an internal investigation after several, sizeable fraudulent transactions were found to have been made by its own staff.
However, there is also a ‘carrot and stick’ element to telecoms fraud. At a time when return on investment (ROI) is uppermost in operators’ minds worldwide, vendors are also pitching the opportunity to cut out losses to fraud and ‘make’ a quick buck.
“Operators are waking up to the fact that they need to do something,” says Shelton. “Fraud has been around for a long time, but operators are looking at various ways to improve the profitability of their businesses, and fraud management is one of those areas. While some have delayed major operational support system (OSS) upgrades, they are often investing in fraud management and revenue assurance as they see the ROI is greater,” he claims.
But again, operators’ ability to stem their losses will largely depend on their willingness to open up about the problems they have experienced, at least within a limited arena. Considering the chameleonic nature of the fraud problem, and that schemes swiftly migrate from one country to another, better organisation and greater information sharing between operators could have a positive effect.
“One of the biggest problems that the region faces is [the lack of] a consistent approach by operators,” says Shelton.
“Operators [need] to talk more freely and openly with each other, whether through a regulator or an advisory body like the GSM Association or CFCA, to share resources and information and collectively adopt a proactive approach to fraud,” he adds.