Fraudian Slip

Whether wireline or wireless, TDM or IP, fraudulent interconnect activity occurs often and takes many forms. Reports of it accounting for up to 40 percent or 50 percent of a carrier’s bad debt may be the tip of the iceberg. As such, interconnect fraud is a significant risk to operators, but many are not addressing the issue.

Click to Enlarge Altering call information to make the call unbillable is a common form of interconnect fraud.

Click to Enlarge In this example, arbitrage and adding additional routing hops to a call can be exploited to the benefit of a provider. If Provider A offers a $0.0175 termination fee, and Provider B offers a $0.0125 termination fee, Provider A can make about 2 cents per call on one hop, and about 27 cents per call on 101 hops by sending the call to Provider B. There is thus a need to reconcile and compute the number of single call hops across the interconnect to detect these revenue-generation and fraud schemes.

“Even though many telecom companies worldwide have lost significant amounts of money due to fraudulent activity in their networks, a large number of providers are still not addressing this crucial issue,” says Debbie Burkett, director of market collaboration services and the Catalyst program at the TeleManagement Forum. Losses due to fraud often are swept under the carpet as bad debt, she says, and over time that leads to a significant amount of revenue loss. “Take a case where fraudsters obtain legal connections from telecom companies with no intention of ever paying their bills,” she says. “The companies have no way of collecting these outstanding amounts, as the fraudsters can never be traced.”

But even those service providers that are vigilant constantly are challenged given that the rules and tactics of fraud are a moving target. “Fraudsters will always be examining and employing tactics in various regions globally,” says John Brooks, senior principal for revenue assurance vendor Subex Azure Ltd. “When a tactic is successful in one region, it will often migrate to other regions until the industry fully recognizes the tactic. By that time, hundreds of other tactics are also occurring.” Right now, “the typical issues involve traffic disputes and routing fraud; significant bypass traffic is still occurring by employing Internet and other routing alternatives, effectively cheating carriers out of hundreds of millions of dollars annually,” says Brooks.

Common interconnect fraud tactics include partners introducing additional traffic not covered by the contract by unapproved use of GSM gateways. This allows partners to terminate large amounts of calls that are not accounted for. It’s also not uncommon for fraudsters to modify call parameters to realize lower charges. International calls that attract higher rates thus can be modified to look like local calls.

Phantom traffic, meanwhile, includes calls that don’t include information to determine the offering carrier or jurisdiction of the traffic for billing. Information frequently manipulated in this example includes the calling party number, the charged number or jurisdictional information from the IAM of the SS7.

In the case of settlement fraud, arbitrage exploitation can occur. In this scenario, there is manipulation of interconnect routing to make unnecessary hops between interconnect partners for legitimate traffic. While catching and prosecuting the perpetrators may be nearly impossible, carriers may be spurred to deal with interconnect fraud by the ability to detect and prevent this type of activity before it significantly impacts the bottom line. A new crop of real-time product fraud-detection suites is aimed at taking a chunk out of interconnect fraud.

Detecting fraud often comes down to monitoring traffic by establishing rules to trigger alerts if a threshold is reached or a red flag appears.

“But providers should be very wary of solution providers that offer pre-canned rule sets,” says Brooks. “While this is a good sales tactic, the reality is that rules are always specific to each carrier, their products, network, services, customer mixes, etc.”

Providers also need to select systems that are capable of giving them visibility across their networks. Systems need to profile usage at varying levels within the network. Subscriber-level alerting is not enough to prevent interconnect fraud, so profiling multiple entities, including terminating and originating regions or countries, point codes, routes, calling line identifications, source systems, etc., may be necessary. And combing through this vast amount of data has to happen in short order.

Fair Isaac Corp. helps address areas of risk by offering service providers tools to view traffic at levels beyond the subscriber, in near-real-time. Profiling multiple entities in its Telecom Analytics suite helps carriers detect complex data relationships on their networks, says Julie Haag, product manager for EDM applications in telecom for Fair Isaac. With each transaction, Fair Isaac dynamically can update multiple profile entities associated with a usage point. This allows a carrier to be alerted as problems are beginning on their networks, not after the issue already has reached critical mass.

In terms of international GSM roaming, millions are lost every year due to fraud. Andrew Bramley, product strategy director at BSG Clearing Solutions Ltd., explains that fraudsters often take out a false subscription, then resell roamed calls with no intention of paying the bill. Traditionally, mobile operators have a system for high-usage reports, sent by the visited operator to the home subscriber if the roamer exceeds a threshold set by a home operator — say, $200 per day in charges. The time it takes to process these reports can be up to 36 hours.

Fraudsters are aware of the system and simply disappear before the 36-hour gap is completed. Or, they spread out the traffic across subscriptions and even carriers so as not to trigger the usage threshold. The home operator would have to consolidate information from all those different networks to gain a clear picture of what is going on.

BSG tracks individual subscribers over multiple networks in near-real-time. It adds its own intelligence, such as historical usage patterns, retail rating equivalents, typical subscriber behavior profiles, and so on, for a comprehensive look at exactly what activity is happening at any point from roaming subscribers. “A facet of a good fraud system is the ability to prevent false positives,” notes Bramley. “If the CEO of your largest customer is roaming in China, you don’t want to cut him off for high usage. Not good customer service.”

On the mobile side, carriers will get a push in this direction. Starting in October 2008, the GSM Association will require the adoption of a near-real-time roaming data exchange.

In the meantime, fraud continues its ascent. “Fraud instances actually increased in most categories between this year and last year,” says Brooks. “Additionally, revenue losses have increased overall. Interestingly, next-generation services are seeing an anticipated rise in fraud and revenue assurance instances as those services become more generally available.”