OPERATIONAL RISK MANAGEMENT & COMPLIANCE

© 2012 – PROPRIETARY AND CONFIDENTIAL INFORMATION OF CVIDYA

Fraud Management Industry Update

Webinar, March 2015

Jason Lane-Sellers Fraud Expert – cVidya Networks Director – CFCA Co Chair – TMF Fraud Management Group

Agenda

Latest fraud Surveys and issues

– CFCA

– TM Forum

Fraud on the rise

Cyber Threats?

– Intelligence

2

CFCA Survey

CFCA – Communications Fraud Control Assoc

The only real industry benchmark

– Running for over 12 years

Survey Details

– Last survey 2013

– Every 2 years

– 100+ participants, more wanted

– GSMA, FIINA & CFCA members (range of services)

– Next survey due for launch in next few days

4

CFCA Fraud Survey - Respondents

5

CFCA Survey – Fraud Growth

Global fraud loss survey trend – based on previous surveys

Global fraud losses showing a 15% increase in 2013

CFCA Fraud Survey - Staffing

7

CFCA Fraud Survey - Coverage

8

CFCA Fraud Survey – Fraud Methods

Subscription & Dealer Issues?

Risk Reward

In house and own retail checks increased and developed but impact limited by risk appetite

Sales Pressure

Fraud risks driven by agent circumvention or manipulation to meet demands

Technology

New technology drives fraud levels – e.g. iphone 6

Web Sales

Internet sales on rise, increasing automation, allowing remote attack from fraudsters

Third Party

Third party channels developing & Margins decreasing – increasing the risk of dealer related fraud

Why the Rise of ATO

Issues and Causes

Pressure points in your organisation and market allowing ATO;

– Focus on Customer retention & Churn reduction

– Simplifying Customer Services (CS) processes – online self service

– Push for reductions in CS costs and ACHT

– Reliance on simplistic Knowledge Based Authentication (KBA)

Fraudsters manipulate these pressure points

– KBA, can be weak (ease of use) and simply compromised via social engineering

– Self service solutions – simple social engineering to compromise

– CS staff also liable to social engineering, based on sales & time pressures and related financial incentive

– Less restrictions and checks in place on existing customer processes (compared to new applications)

– Greater profit value for fraudsters (top offers for existing customers)

Typical Flow & Pressure Points

LOGISTICS AGENT

CRM

WWW

IVR

Social engineering, Screen process scraping, IP attacks

Data Misuse Process Abuse

Logistics Manipulation

CFCA Fraud Survey – Fraud Types

14

These responses

highlight issues with the survey

and classification

CFCA Fraud Survey – Usage Fraud Destinations

15

IRSF - Numbering Misuse

• Unallocated numbers in national numbering plan are ‘hijacked’ by a transit carrier and routed to content service

• Common/recent examples: Somalia, Guinea

Hijacked Unallocated

Ranges

• Numbers allocated to network operators are ‘hijacked’ by a transit carrier as above

• Common/recent example: Bulgaria

Hijacked Allocated ranges

• Number ranges sold by organisations or operators to third parties for international content services

• Common/recent examples: Austria, Carribean

Allocated ranges that are sold

Numbering Plan Issues – UK Example

+440XXXX

+441XXXX

+442XXXX

+443XXXX

+444XXXX

+446XXXX

+445XXXX

+447XXXX

+448XXXX

+449XXXX

unallocated

Fixed line – regional allocation

Fixed line – regional allocation

Fixed line & non geographic – not all active

unallocated

Special-Non geographic not all active

unallocated

Wireless – exceptions – e.g 4470XXX special PNS

Special - Free Phone – some rev share (870,875 etc)

Premium Rev share – PPM & PPC

International (Premium Rate) Number Providers

CFCA Fraud Survey - % Fraud Loss

19

Fraud Classification Model – TM Forum

Fraud Classification Model – TM Forum

• Why do we need an effective FM Classification Model?

Fraud Scenario Referred Fraud Types Statistics

“Fraudster generates a high volume of calls to a PRS number range that he owns in another country with no intention to pay.”

• PRS

• IRSF

• PRS/IRSF

• Bypass/SIMBOX

• PABX Hacking

• Clip-on

• Stolen Line

• Subscription

• Dealer

• Payment

• PBX / Voicemail

• Roaming out

Unique: 39%

Multiple: 44%

Structured: 17%

An example from the 2012 TMForum Fraud Survey

Fraud Classification Model - Challenges

• Distinct names for the same Fraud Type

• Distinct interpretation depending on the core service (Mobile, Fixed, Cable, etc.)

• Multiple Frauds perpetrated in the same Fraud Case

• Fast changing nature of Fraud

• Need for a multi-dimensional analysis

• Need for different levels of abstraction

• Existence of several similar Ad hoc “Fraud Type” lists

Classification Model - TM Forum

Summary of Relations Between

Enablers – Fraud Types

Subscription Fraud

Hacking of Network Elements

Arbitrage

Mobile Malware

ENABLERS

(Vulnerabilities)

FRAUD TYPE

(Fraudulent Scheme)

TELE

CO

MS

SER

VIC

E FR

AU

D

Cloning of SIM Card/Equipment

Protocol/Signalling Manipulation

Tariff Rates/Pricing Plan Abuse

False Base Station Attack

Misconfiguration of Network/Service Platforms

International Revenue Share Fraud

Reselling of Calls

Wholesale Fraud

Private Use

Commissions Fraud

Traffic Inflation for Credits/Bonus

Charging Bypass

Interconnect Bypass SIMBox Gateway

OBJECTIVE

(Scope)

Make Money/Profit

Obtain Free Services/Goods

Obtain Credits/Bonuses

Obtain Commissions

Obtain Money

Access User Bank Account

Pretending to Be the Operator

……….

BA - Related Fields

Fraud Management

Security Management

Revenue Assurance

- Revision of Internal Procedures, Processes and Products/Services

- Implementation of Technical Solutions at Network and Service Platforms

Development, Enhancement and Reconfiguration of Fraud Management Systems (FMS)

Classification Model - TM Forum

Summary of Relations Between

Enablers – Fraud Types

Subscription Fraud

Hacking of Network Elements

Arbitrage

Mobile Malware

ENABLERS

(Vulnerabilities)

FRAUD TYPE

(Fraudulent Scheme)

TELE

CO

MS

SER

VIC

E FR

AU

D

Cloning of SIM Card/Equipment

Protocol/Signalling Manipulation

Tariff Rates/Pricing Plan Abuse

False Base Station Attack

Misconfiguration of Network/Service Platforms

International Revenue Share Fraud

Reselling of Calls

Wholesale Fraud

Private Use

Commissions Fraud

Traffic Inflation for Credits/Bonus

Charging Bypass

Interconnect Bypass SIMBox Gateway

OBJECTIVE

(Scope)

Make Money/Profit

Obtain Free Services/Goods

Obtain Credits/Bonuses

Obtain Commissions

Obtain Money

Access User Bank Account

Pretending to Be the Operator

……….

BA - Related Fields

Fraud Management

Security Management

Revenue Assurance

- Revision of Internal Procedures, Processes and Products/Services

- Implementation of Technical Solutions at Network and Service Platforms

Development, Enhancement and Reconfiguration of Fraud Management Systems (FMS)

Enabler - How they get on the Network or service access

Fraud Type - How they generate the revenue from the fraud

TMF Survey 2014 - Excerpts

25

Fraud Survey 2014 - Classification

Ad Hoc definition

Internal Classification Model

Industry Classification Model

Fraud Survey 2014 – Short Term Improvement

27

The New Trend – “Cyber”

28

Market Perception

Cyber Issues… In the Media…

Consumer Protection

Cyber Issues… In the Media…

31

Integrity

Cyber Issues… In the Media…

32

Data Security & Privacy

Cyber Issues… In the Media…

33

Fraud

Cyber Issues in fraud….

Public

Web

• “How to” blogs and forums

• Information Sites

• Source information (Self

Service)

Dark-Net

• Underground Markets –

Information resale

• Underground Forums –

Tutorials and methods

Examples…..

Online User groups and information exchanges

– Fraud Techniques

– How to guides for hacking, and social engineering

Data purchase & Provision services

– Credit Card Numbers

– Subscriber Information

– Passwords

Technical Compromise Data

– Online self service hacks

– Equipment compromise

? ? ?

Fraudsters Guides

Hand Picked Set of Guides for Beginner Fraudsters – Premium. Including fraud method of how to get your own SIM cards from anywhere.

How to steal people's information

Example - PBX hacking techniques

Example - Account Take Over Guide

Link*: http://agorahooawayyfoe.onion/p/jddd9FyUs2

The Reaction - Organizational Change

GSMA

– Instigated a combination of working groups to address the perceived issues

– Fraud Forum, Security Group

– Now joined as one working group

– Fraud & Security Group

– Initiative designed to address the perceived threat of new technologies and methods

TMF

– Moved its Revenue Management Group under Security

– RM includes, Fraud & RA

Operators / CSPs – Movement of Fraud Operations

under Security Functions

– 8% move in 2013 survey…

– Will we see this increase in the new fraud survey?

Organisations are changing….

The Fraud Management Progression?

Security trained individuals involved

Real Time, InBand signalling

Use of SS7 probes and DTMF Analysis

Event focused analysis & investigation

Fraud as Part of Security

Past

Finance trained individuals (audit)

Non Real Time Usage analysis

Payments, process and product risk analysis

Revenue Focused

Fraud as part of Finance and RA

Present

Security expertise in Fraud (IT & Network)?

Real Time Big Data Analytics?

Content Analysis – DPI & probes?

Analytics Focused, Commercial Nous?

Fraud & Security?

Future?

So is it time to review our approach?

Does the growth of Data, IP and “cyber” threats mean we we have to reanalyze our fraud approach?

– Many situations hidden from view

Do we need to go back to in-depth analysis?

– Need to know what is happening in the data channel

Is NOW the Time to use DPI in fraud and consumer protection….?

– Network & marketing departs are using DPI for QoS & Marketing Analytics

Are we ready for the amount and complexity of the data that we are going to need?

– Many organisations investing in “Big Data Solutions”

? ? ?

Questions?

Jason.lane-sellers@cVidya.com

THANK YOU! www.cvidya.com

44