fraud management industry update webinar by cvidya
TRANSCRIPT
OPERATIONAL RISK MANAGEMENT & COMPLIANCE
© 2012 – PROPRIETARY AND CONFIDENTIAL INFORMATION OF CVIDYA
Fraud Management Industry Update
Webinar, March 2015
Jason Lane-Sellers Fraud Expert – cVidya Networks Director – CFCA Co Chair – TMF Fraud Management Group
Agenda
Latest fraud Surveys and issues
– CFCA
– TM Forum
Fraud on the rise
Cyber Threats?
– Intelligence
2
CFCA – Communications Fraud Control Assoc
The only real industry benchmark
– Running for over 12 years
Survey Details
– Last survey 2013
– Every 2 years
– 100+ participants, more wanted
– GSMA, FIINA & CFCA members (range of services)
– Next survey due for launch in next few days
4
CFCA Survey – Fraud Growth
Global fraud loss survey trend – based on previous surveys
Global fraud losses showing a 15% increase in 2013
Subscription & Dealer Issues?
Risk Reward
In house and own retail checks increased and developed but impact limited by risk appetite
Sales Pressure
Fraud risks driven by agent circumvention or manipulation to meet demands
Technology
New technology drives fraud levels – e.g. iphone 6
Web Sales
Internet sales on rise, increasing automation, allowing remote attack from fraudsters
Third Party
Third party channels developing & Margins decreasing – increasing the risk of dealer related fraud
Issues and Causes
Pressure points in your organisation and market allowing ATO;
– Focus on Customer retention & Churn reduction
– Simplifying Customer Services (CS) processes – online self service
– Push for reductions in CS costs and ACHT
– Reliance on simplistic Knowledge Based Authentication (KBA)
Fraudsters manipulate these pressure points
– KBA, can be weak (ease of use) and simply compromised via social engineering
– Self service solutions – simple social engineering to compromise
– CS staff also liable to social engineering, based on sales & time pressures and related financial incentive
– Less restrictions and checks in place on existing customer processes (compared to new applications)
– Greater profit value for fraudsters (top offers for existing customers)
Typical Flow & Pressure Points
LOGISTICS AGENT
CRM
WWW
IVR
Social engineering, Screen process scraping, IP attacks
Data Misuse Process Abuse
Logistics Manipulation
CFCA Fraud Survey – Fraud Types
14
These responses
highlight issues with the survey
and classification
IRSF - Numbering Misuse
• Unallocated numbers in national numbering plan are ‘hijacked’ by a transit carrier and routed to content service
• Common/recent examples: Somalia, Guinea
Hijacked Unallocated
Ranges
• Numbers allocated to network operators are ‘hijacked’ by a transit carrier as above
• Common/recent example: Bulgaria
Hijacked Allocated ranges
• Number ranges sold by organisations or operators to third parties for international content services
• Common/recent examples: Austria, Carribean
Allocated ranges that are sold
Numbering Plan Issues – UK Example
+440XXXX
+441XXXX
+442XXXX
+443XXXX
+444XXXX
+446XXXX
+445XXXX
+447XXXX
+448XXXX
+449XXXX
unallocated
Fixed line – regional allocation
Fixed line – regional allocation
Fixed line & non geographic – not all active
unallocated
Special-Non geographic not all active
unallocated
Wireless – exceptions – e.g 4470XXX special PNS
Special - Free Phone – some rev share (870,875 etc)
Premium Rev share – PPM & PPC
International (Premium Rate) Number Providers
Fraud Classification Model – TM Forum
• Why do we need an effective FM Classification Model?
Fraud Scenario Referred Fraud Types Statistics
“Fraudster generates a high volume of calls to a PRS number range that he owns in another country with no intention to pay.”
• PRS
• IRSF
• PRS/IRSF
• Bypass/SIMBOX
• PABX Hacking
• Clip-on
• Stolen Line
• Subscription
• Dealer
• Payment
• PBX / Voicemail
• Roaming out
Unique: 39%
Multiple: 44%
Structured: 17%
An example from the 2012 TMForum Fraud Survey
Fraud Classification Model - Challenges
• Distinct names for the same Fraud Type
• Distinct interpretation depending on the core service (Mobile, Fixed, Cable, etc.)
• Multiple Frauds perpetrated in the same Fraud Case
• Fast changing nature of Fraud
• Need for a multi-dimensional analysis
• Need for different levels of abstraction
• Existence of several similar Ad hoc “Fraud Type” lists
Classification Model - TM Forum
Summary of Relations Between
Enablers – Fraud Types
Subscription Fraud
Hacking of Network Elements
Arbitrage
Mobile Malware
ENABLERS
(Vulnerabilities)
FRAUD TYPE
(Fraudulent Scheme)
TELE
CO
MS
SER
VIC
E FR
AU
D
Cloning of SIM Card/Equipment
Protocol/Signalling Manipulation
Tariff Rates/Pricing Plan Abuse
False Base Station Attack
Misconfiguration of Network/Service Platforms
International Revenue Share Fraud
Reselling of Calls
Wholesale Fraud
Private Use
Commissions Fraud
Traffic Inflation for Credits/Bonus
Charging Bypass
Interconnect Bypass SIMBox Gateway
OBJECTIVE
(Scope)
Make Money/Profit
Obtain Free Services/Goods
Obtain Credits/Bonuses
Obtain Commissions
Obtain Money
Access User Bank Account
Pretending to Be the Operator
……….
BA - Related Fields
Fraud Management
Security Management
Revenue Assurance
- Revision of Internal Procedures, Processes and Products/Services
- Implementation of Technical Solutions at Network and Service Platforms
Development, Enhancement and Reconfiguration of Fraud Management Systems (FMS)
Classification Model - TM Forum
Summary of Relations Between
Enablers – Fraud Types
Subscription Fraud
Hacking of Network Elements
Arbitrage
Mobile Malware
ENABLERS
(Vulnerabilities)
FRAUD TYPE
(Fraudulent Scheme)
TELE
CO
MS
SER
VIC
E FR
AU
D
Cloning of SIM Card/Equipment
Protocol/Signalling Manipulation
Tariff Rates/Pricing Plan Abuse
False Base Station Attack
Misconfiguration of Network/Service Platforms
International Revenue Share Fraud
Reselling of Calls
Wholesale Fraud
Private Use
Commissions Fraud
Traffic Inflation for Credits/Bonus
Charging Bypass
Interconnect Bypass SIMBox Gateway
OBJECTIVE
(Scope)
Make Money/Profit
Obtain Free Services/Goods
Obtain Credits/Bonuses
Obtain Commissions
Obtain Money
Access User Bank Account
Pretending to Be the Operator
……….
BA - Related Fields
Fraud Management
Security Management
Revenue Assurance
- Revision of Internal Procedures, Processes and Products/Services
- Implementation of Technical Solutions at Network and Service Platforms
Development, Enhancement and Reconfiguration of Fraud Management Systems (FMS)
Enabler - How they get on the Network or service access
Fraud Type - How they generate the revenue from the fraud
Fraud Survey 2014 - Classification
Ad Hoc definition
Internal Classification Model
Industry Classification Model
Cyber Issues in fraud….
Public
Web
• “How to” blogs and forums
• Information Sites
• Source information (Self
Service)
Dark-Net
• Underground Markets –
Information resale
• Underground Forums –
Tutorials and methods
Examples…..
Online User groups and information exchanges
– Fraud Techniques
– How to guides for hacking, and social engineering
Data purchase & Provision services
– Credit Card Numbers
– Subscriber Information
– Passwords
Technical Compromise Data
– Online self service hacks
– Equipment compromise
? ? ?
Fraudsters Guides
Hand Picked Set of Guides for Beginner Fraudsters – Premium. Including fraud method of how to get your own SIM cards from anywhere.
How to steal people's information
Example - Account Take Over Guide
Link*: http://agorahooawayyfoe.onion/p/jddd9FyUs2
GSMA
– Instigated a combination of working groups to address the perceived issues
– Fraud Forum, Security Group
– Now joined as one working group
– Fraud & Security Group
– Initiative designed to address the perceived threat of new technologies and methods
TMF
– Moved its Revenue Management Group under Security
– RM includes, Fraud & RA
Operators / CSPs – Movement of Fraud Operations
under Security Functions
– 8% move in 2013 survey…
– Will we see this increase in the new fraud survey?
Organisations are changing….
The Fraud Management Progression?
Security trained individuals involved
Real Time, InBand signalling
Use of SS7 probes and DTMF Analysis
Event focused analysis & investigation
Fraud as Part of Security
Past
Finance trained individuals (audit)
Non Real Time Usage analysis
Payments, process and product risk analysis
Revenue Focused
Fraud as part of Finance and RA
Present
Security expertise in Fraud (IT & Network)?
Real Time Big Data Analytics?
Content Analysis – DPI & probes?
Analytics Focused, Commercial Nous?
Fraud & Security?
Future?
So is it time to review our approach?
Does the growth of Data, IP and “cyber” threats mean we we have to reanalyze our fraud approach?
– Many situations hidden from view
Do we need to go back to in-depth analysis?
– Need to know what is happening in the data channel
Is NOW the Time to use DPI in fraud and consumer protection….?
– Network & marketing departs are using DPI for QoS & Marketing Analytics
Are we ready for the amount and complexity of the data that we are going to need?
– Many organisations investing in “Big Data Solutions”
? ? ?