Nuno Pestana, WeDo Technologies

SUBSCRIPTION FRAUD

SUBSCRIPTION FRAUD

In Raid FMS

REAL-TIME

Subscription Fraud

SUBSCRIPTION FRAUD

SUBSCRIPTION FRAUD

In Raid FMS

REAL-TIME

Subscription Fraud

8.1

3.9

3.5

3.1

1.8

1.8

1.6

1.00.80.4

0.4

Subscription Fraud

PBX hacking

IP PBX Hacking

Dealer Fraud

Internal fraud / Employee Theft

Wangiri

Payment Fraud

Voicemail Hacking (Not associated with PBX Hacking) Mobile Malware

Signalling Manipulation

SIM Cloning

CFCA 2015 Survey - Fraud Losses by Method in $ USD BillionsBlack-box systems do not adapt well to this new reality

FRAUDTHE IMPACT OF FRAUD

Smart Networks and a wider business scopeis considerably enlarging the attack surface for Fraudsters

Fraud amountsto $38.1 billion

annually representing 1.69% of all

Telecom revenues

STOP THE ENABLERS

The EnablerAllows the fraudster

to commit fraud

The ThreatThe fraud itself,

with impact on your business

One example: Subscription

Fraud

International Revenue Share Fraud

Premium Rate Service Fraud

Service Reselling

Commissions Fraud

Others

Subscription fraudis defined as gaining access to productsor services without having the intentionof paying for them. This can be done by

Making a dishonest application using false information

Using genuine information togetherwith forged/stolen documentation

Fraudsters commit fraud to obtain free

personal calls/services. Alternatively, an

organized fraudster may use the

subscription to generate income ex.,

via selling or premium rate service fraud

Fraudsters give false information concerning

Addresses

Telephone Numbers

Professional Occupation

Personal Information

Etc.

Alternatively, fraudsters use false

documents as identification proof

Passports

Driver’s Licenses

Bank Details

VAT Identification

Etc.

SUBSCRIPTION FRAUD

SUBSCRIPTION FRAUD

In Raid FMS

REAL-TIME

Subscription Fraud

5 STEPS USED BY RAID FMS TO FIGHT FRAUD

PREVENTStop the enablers before the fraud happens

DETECT

Use rules and identify patterns

ANALYZE

Manage your cases and investigate at multiple levels of data

RESOLVE

Collaborate and minimize time-to-resolution

LEARN

Use your historical data to find new rules and patterns

FRAUD THREATS EVEN BEFORE THEY OCCUR

1

Fraudster triesto do a dishonest application using false information or genuine but stolen information

RAID FMS checks for fraudulent applications...

…identifying multiple activations from the same subscriber by similarity analysis or…

…integrating internal or 3rd party hotlists of potential users that are referenced as fraudsters or other attributes

Fraudster is stoppedbefore being ableto commit fraud• IRSF

• Interconnect Bypass Fraud

• Commissions Fraud

• Premium Rate Service Fraud

• Service Reselling

• Theft of Equipment

• (...)

2 3

MAIN

Calculates similarityprobability between new subscription and blacklisted subscribers to allow prioritization and risk segmentation

Multi-subscription velocity to anticipate identity theft behavior, i.e., validate if the same person is performing several subscription activations in a defined period of time (Multiple Activations)

Intuitive Graphical Interface to facilitate the configuration, analysis process and decision processes

ADDITIONAL RULES CAN BE CONFIGURED TO:

Compare addition information from activation (dealers, postal codes, etc.) with specific risky/ suspect Hotlists

Validate IDs consistence (valid check digit, etc.)

Validate VAT identification number (companies only) using external data bases. Besides the VAT validation, the registered name and address is also returned and can be compared with activation info

Validate changes in the subscription information, e.g., addition of roaming or other ‘High Value’ services

RAID can also connect to external credit risk/scoring to retrieve information that can also be used on rules

HIGH-LEVEL

Subscriber dataName: Andreas Norton

Address: 444 fifth Avenue

City: New York

Zip Code: NY 10103

ID #: 200300465

Telephone: 11111111

Clean and Normalize

(Applied to subscription

and black list)

Transform and Filter

(Cultural, Language, Business

Rules)

Match

(Similarity

X weightsin model)

Rules Alerts Alarms Cases

Subscription Fraud Model FMS Standard Process Flow

Subscriber dataName: Andreas Norton

Address: 444 5th Av

City: New York

Zip Code: NY 10103

ID #: 200300465

Telephone: 11111111

Blacklisted dataName: Andrew Norton

Address: 443 5th Av

City: New York

Zip Code: NY 10113

ID #: 200300466

Subscriber dataName: Andreas Norton

Address: 444 5th Av

City: New York

Zip Code: NY 10103

ID #: 200300465

Telephone: 11111111

~~=~~

20% x 86

30% x 90

10% x 100

20% x 89

20% x 89

Final match = 89.8

Similarity > 85And Address in “Risky Addresses” OrContact Phone blacklisted

FRAUD TEAM

CFO

Network Security Team

Revenue Assurance Team

Credit Control Team

Other

ACT AND COLLABORATE

Cancel/Suspend Subscription

Bar Outgoing Calls

Add to Hot List

Collaborate to effectively resolve

Taking action right from the tool

Access to Subscription Fraud Alerts Information

HARVESTS THE INTERNET FOR PUBLIC INFORMATION

EvaluateFindings

DiscoverInsights

Crawler

EvaluateProfile

Provides a subjective understanding of an entity represented by indicators

related to personality, activities, subscriptions

and related content

Natural LanguageProcessing

Context Analysis

MachineLearning

UnstructuredBig Data

Additional information for Subscription Fraud Models and Rules based on Social Attributes• Other emails• Other names (from different social

networks) • Fraudster profile similarity score• Antiquity in social networks

Information can be used also as advanced profile information

Digital Risk Profile collects valuable data for Subscription Fraud Detection

WEDO LABS AND ROADMAP

Biometrical identity validation and speech recognition mechanisms, integrated with RAID FMS subscription fraud module to detect ID fraud earlier and more accurately

An extended ID verification capability, leveraged by Human Recognition algorithms, that links the physical person with different online sources of ID verification

Validate identity through voice or photo comparison

Fight identity theft by allowing identity check in Call Centers interactions

SUBSCRIPTION FRAUD

SUBSCRIPTION FRAUD

In Raid FMS

REAL-TIME

Subscription Fraud

INTEGRATION WITH

RAID FMS can be integrated with Operator system to perform subscription fraud validation in real time

Integration can be done with Point of Sales gateway, middleware or any other systems

Communication performed using web services

Faster, sharper and smarter fraud prevention capabilities

STORE

CALL CENTER

SELF-REGISTER

INTEGRATION WITHSU

BSC

RIB

ER A

CTI

VA

TES

NEW

OFF

ER PoS SENDS ACTIVATION

TO OPERATOR

MIDDLEWARE

RAID APPLIES RULES TO THE SUBSCRIBER DATA

RAID RETURNS DECISION AND ACTIVATION IS ACCEPTED OR

REJECTED

REJECTS ACTIVATION

MARKS ACTIVATION AS

SUSPECT

APPROVES ACTIVATION

ADVANTAGES

REAL-TIME

Reduced fraud window

Reduced loss

Improved reaction time to new threats

Sale negation

Sale approval

Quicker fraud detectionImmediate action:

=