nuno pestana, wedo technologies · mobile malware signalling manipulation sim cloning cfca 2015...
TRANSCRIPT
Nuno Pestana, WeDo Technologies
SUBSCRIPTION FRAUD
SUBSCRIPTION FRAUD
In Raid FMS
REAL-TIME
Subscription Fraud
SUBSCRIPTION FRAUD
SUBSCRIPTION FRAUD
In Raid FMS
REAL-TIME
Subscription Fraud
8.1
3.9
3.5
3.1
1.8
1.8
1.6
1.00.80.4
0.4
Subscription Fraud
PBX hacking
IP PBX Hacking
Dealer Fraud
Internal fraud / Employee Theft
Wangiri
Payment Fraud
Voicemail Hacking (Not associated with PBX Hacking) Mobile Malware
Signalling Manipulation
SIM Cloning
CFCA 2015 Survey - Fraud Losses by Method in $ USD BillionsBlack-box systems do not adapt well to this new reality
FRAUDTHE IMPACT OF FRAUD
Smart Networks and a wider business scopeis considerably enlarging the attack surface for Fraudsters
Fraud amountsto $38.1 billion
annually representing 1.69% of all
Telecom revenues
STOP THE ENABLERS
The EnablerAllows the fraudster
to commit fraud
The ThreatThe fraud itself,
with impact on your business
One example: Subscription
Fraud
International Revenue Share Fraud
Premium Rate Service Fraud
Service Reselling
Commissions Fraud
Others
Subscription fraudis defined as gaining access to productsor services without having the intentionof paying for them. This can be done by
Making a dishonest application using false information
Using genuine information togetherwith forged/stolen documentation
Fraudsters commit fraud to obtain free
personal calls/services. Alternatively, an
organized fraudster may use the
subscription to generate income ex.,
via selling or premium rate service fraud
Fraudsters give false information concerning
Addresses
Telephone Numbers
Professional Occupation
Personal Information
Etc.
Alternatively, fraudsters use false
documents as identification proof
Passports
Driver’s Licenses
Bank Details
VAT Identification
Etc.
SUBSCRIPTION FRAUD
SUBSCRIPTION FRAUD
In Raid FMS
REAL-TIME
Subscription Fraud
5 STEPS USED BY RAID FMS TO FIGHT FRAUD
PREVENTStop the enablers before the fraud happens
DETECT
Use rules and identify patterns
ANALYZE
Manage your cases and investigate at multiple levels of data
RESOLVE
Collaborate and minimize time-to-resolution
LEARN
Use your historical data to find new rules and patterns
FRAUD THREATS EVEN BEFORE THEY OCCUR
1
Fraudster triesto do a dishonest application using false information or genuine but stolen information
RAID FMS checks for fraudulent applications...
…identifying multiple activations from the same subscriber by similarity analysis or…
…integrating internal or 3rd party hotlists of potential users that are referenced as fraudsters or other attributes
Fraudster is stoppedbefore being ableto commit fraud• IRSF
• Interconnect Bypass Fraud
• Commissions Fraud
• Premium Rate Service Fraud
• Service Reselling
• Theft of Equipment
• (...)
2 3
MAIN
Calculates similarityprobability between new subscription and blacklisted subscribers to allow prioritization and risk segmentation
Multi-subscription velocity to anticipate identity theft behavior, i.e., validate if the same person is performing several subscription activations in a defined period of time (Multiple Activations)
Intuitive Graphical Interface to facilitate the configuration, analysis process and decision processes
ADDITIONAL RULES CAN BE CONFIGURED TO:
Compare addition information from activation (dealers, postal codes, etc.) with specific risky/ suspect Hotlists
Validate IDs consistence (valid check digit, etc.)
Validate VAT identification number (companies only) using external data bases. Besides the VAT validation, the registered name and address is also returned and can be compared with activation info
Validate changes in the subscription information, e.g., addition of roaming or other ‘High Value’ services
RAID can also connect to external credit risk/scoring to retrieve information that can also be used on rules
HIGH-LEVEL
Subscriber dataName: Andreas Norton
Address: 444 fifth Avenue
City: New York
Zip Code: NY 10103
ID #: 200300465
Telephone: 11111111
Clean and Normalize
(Applied to subscription
and black list)
Transform and Filter
(Cultural, Language, Business
Rules)
Match
(Similarity
X weightsin model)
Rules Alerts Alarms Cases
Subscription Fraud Model FMS Standard Process Flow
Subscriber dataName: Andreas Norton
Address: 444 5th Av
City: New York
Zip Code: NY 10103
ID #: 200300465
Telephone: 11111111
Blacklisted dataName: Andrew Norton
Address: 443 5th Av
City: New York
Zip Code: NY 10113
ID #: 200300466
Subscriber dataName: Andreas Norton
Address: 444 5th Av
City: New York
Zip Code: NY 10103
ID #: 200300465
Telephone: 11111111
~~=~~
20% x 86
30% x 90
10% x 100
20% x 89
20% x 89
Final match = 89.8
Similarity > 85And Address in “Risky Addresses” OrContact Phone blacklisted
FRAUD TEAM
CFO
Network Security Team
Revenue Assurance Team
Credit Control Team
Other
ACT AND COLLABORATE
Cancel/Suspend Subscription
Bar Outgoing Calls
Add to Hot List
Collaborate to effectively resolve
Taking action right from the tool
Access to Subscription Fraud Alerts Information
HARVESTS THE INTERNET FOR PUBLIC INFORMATION
EvaluateFindings
DiscoverInsights
Crawler
EvaluateProfile
Provides a subjective understanding of an entity represented by indicators
related to personality, activities, subscriptions
and related content
Natural LanguageProcessing
Context Analysis
MachineLearning
UnstructuredBig Data
Additional information for Subscription Fraud Models and Rules based on Social Attributes• Other emails• Other names (from different social
networks) • Fraudster profile similarity score• Antiquity in social networks
Information can be used also as advanced profile information
Digital Risk Profile collects valuable data for Subscription Fraud Detection
WEDO LABS AND ROADMAP
Biometrical identity validation and speech recognition mechanisms, integrated with RAID FMS subscription fraud module to detect ID fraud earlier and more accurately
An extended ID verification capability, leveraged by Human Recognition algorithms, that links the physical person with different online sources of ID verification
Validate identity through voice or photo comparison
Fight identity theft by allowing identity check in Call Centers interactions
SUBSCRIPTION FRAUD
SUBSCRIPTION FRAUD
In Raid FMS
REAL-TIME
Subscription Fraud
INTEGRATION WITH
RAID FMS can be integrated with Operator system to perform subscription fraud validation in real time
Integration can be done with Point of Sales gateway, middleware or any other systems
Communication performed using web services
Faster, sharper and smarter fraud prevention capabilities
STORE
CALL CENTER
SELF-REGISTER
INTEGRATION WITHSU
BSC
RIB
ER A
CTI
VA
TES
NEW
OFF
ER PoS SENDS ACTIVATION
TO OPERATOR
MIDDLEWARE
RAID APPLIES RULES TO THE SUBSCRIBER DATA
RAID RETURNS DECISION AND ACTIVATION IS ACCEPTED OR
REJECTED
REJECTS ACTIVATION
MARKS ACTIVATION AS
SUSPECT
APPROVES ACTIVATION
ADVANTAGES
REAL-TIME
Reduced fraud window
Reduced loss
Improved reaction time to new threats
Sale negation
Sale approval
Quicker fraud detectionImmediate action:
=