Battle Tactics
Fighting Telecom Fraud with Common Sense
By David West
Telecom Business Magazine
July 2000
In the war against
telecom fraud, a growing number of software and hardware vendors as well
as consultants have entered the market with new tools and research to
arm carriers. Unfortunately, in the flood of information a simple truism
often gets lost—common sense is the best weapon for fighting fraud.
Common Sense Principle
#1: Know Your Real Enemy
Telecom fraudsters fall
into three basic groups: those who do it for fun, those who do it to
save money, and those who do it for profit. Carriers should take action
to address teenage hackers trying to infiltrate voice mail systems for
the challenge. Similarly, college students passing around violated
calling cards to make calls home are a concern. However, the fraudsters
who do it for profit are the carrier’s real enemy.
The fraudsters
who will do the most financial damage to a network are organized
criminal enterprises seeking to pirate service for resale. Focusing
telecom fraud management efforts to address these call-sell
operations can make the greatest impact to a carrier’s bottom
line. "You don’t have to do it all to be protected,"
explains Larissa Moskowitz, Director of Consumer Billing and
Processes for PT-1 Communications. Concentrating on call-sell
operations alone will significantly limit your exposure.
Once these thieves find a
carrier’s weakness they exploit it quickly and aggressively. Knowing
that the window of opportunity will close eventually, they will attempt
to maximize their revenue. As with any retail operation, this means
selling as many units as possible, at the highest price. For the telecom
pirate, the units are minutes, and the market sets the price. With
dozens of carriers offering low-cost domestic rates, there is simply no
margin in re-selling pirated domestic service. A combination of economic
and social factors dictates that their customers will be calling
high-cost international destinations. For most carriers, this accounts
for the most damaging fraud losses.
"If you want to dive in
and protect your network to the ultimate degree, you have that option,"
continues Moskowitz, "but the goal should be to seek out solutions that
will effectively eliminate the majority of your fraud."
Common Sense Principle
#2: Don’t Assume You Are Invulnerable
Simply put, every carrier
currently offering service is a target for telecom fraud. That is not to
say that all carriers are equally exposed. Consider the joke about two
friends going camping. One friend wearing hiking boots asks the other
why he is wearing running shoes. "In case we encounter a bear," his
friend answers. "Don’t be stupid," he says, "everyone knows you can’t
outrun a bear." "I don’t have to outrun the bear," replies his friend,
"I just have to outrun you."
While few carriers take
such a self-serving view of fraud management—with many even working
together to eliminate fraud—the fact remains that fraudsters focus their
energy on the weakest members of the pack. Those who are most vulnerable
to fraud get hit the hardest.
The obvious candidates
for this dubious honor are start-ups. Focused primarily on customer
acquisition, these carriers usually have limited resources and staff to
dedicate to fraud management. Vetting new subscribers for
credit-worthiness is a low priority, and writing off losses is an
expected cost of doing business.
These carriers
have yet to experience a significant fraud loss and are often
more vulnerable than they realize. Because their batch reports,
billing system, or in-house tools appear to be effective, these
companies are lulled into a false sense of security and put
off investing in progressive telecom fraud management systems.
Only later, often too late, do carriers realize that they have
been hit.
Less obvious but just as
vulnerable targets are carriers who do not effectively use their fraud
management systems. Common throughout the industry are companies who are
unable to deploy adequately the fraud management tools they have
invested in. Reasons vary, but several themes are common.
Often management
purchases an expensive telecom fraud management system, with
little thought given to the experience and skills of the team
that will actually be implementing and using the software. Systems
with complex interfaces require extensive training to master.
Systems that run on sophisticated hardware need to be supported
by specialized IT staff. If users cannot or do not utilize the
tools, these advanced features and functions are useless. A
good system running is always better than a great system still
sitting in the box.
Common Sense Principle
#3: Maximize Fraud Protection, Minimize Costs
Telecom fraud management
is a cost center; there is no way to avoid that fact. Like other
expense categories, each expenditure is deducted from the bottom
line. However, unlike most general and administrative expenses,
a reduction in fraud and a corresponding increase in the company’s
net proceeds should offset dollars spent on fraud management.
In that regard, the impact on the bottom line is more like that
of the sales department. Each dollar spent should generate a
dollar or more—not in earned revenue but retained revenue. Like
sales and marketing expenditures, fraud management is also subject
to the law of diminishing returns. At some point the return
on each dollar spent plateaus, then decreases, until ultimately
the net return is negative.
Maximizing the return on
your fraud management investment does not mean maximizing spending, nor
does it mean a carrier will never again suffer fraud losses. Eliminating
fraud entirely is a noble ideal, but not a realistic goal. According to
one experienced fraud manager, Sharlene Johnson, Senior Manager VarTec
Telecom, Inc., "It’s not a question of whether or not you are going to
get hit with fraud, it’s a question of how much you can lose."
Clearly carriers
must spend money on telecom fraud management, and, to a point
it is a very good investment. However, companies with successful
fraud management processes resist the temptation to over spend,
and instead seek out solutions that will effectively eliminate
the majority of their fraud, and minimize the extent of their
exposure to the occasional loss that does occur.
The goal should be to
seek out solutions that will effectively eliminate the majority of
fraud. According to Johnson, "When investigating cases, carriers should
be aware of the impossible and the improbable. For example if a customer
has never placed a call to an international location, the questionable
three-hour call may be the first indicator of fraudulent activity. If
attention is focused on these types of red flags, a high percentage of
telecom fraud can be identified."
Common Sense Principle
#4: Just Because You Know Who to Bill Doesn’t Mean You Are Going to Get
Paid
It is tempting to take a
cavalier attitude towards some types of traffic. Carriers often assume
that their contractual relationship with these customers exempts them
from responsibility for fraudulent traffic and guarantees them payment
whether the calls are legitimate or not. Two prime examples are
wholesale customers and retail customers with PBXs.
Often carriers with some
or all of their network traffic generated by resellers assert that they
have no legal responsibility to monitor the traffic and no financial
liability for fraudulent traffic. Similarly, most businesses with PBX
equipment sign waivers releasing their carrier from responsibility for
fraudulent traffic generated from their PBX. While the carrier may not
have any legal obligation to protect these customers or forgive their
debts, if a reseller or PBX customer is hit for fraud, and is unable to
pay, the carrier is left to absorb the loss. In recent years there have
been numerous examples of resellers and businesses who have suspended
operations or filed for bankruptcy leaving creditors—including their
underlying carrier—holding the bag for hundreds of thousands of dollars.
An effective fraud
management process should include monitoring wholesale customers and
their retail customers. While monitoring parameters need not be as
stringent nor investigative efforts as exhaustive as the carrier would
undertake with its own customers, carriers still need to track all
traffic that ultimately affects their bottom line. Carriers must also
monitor traffic generated from their customers’ PBXs. Although they are
not responsible for securing the PBX—nor legally liable for fraudulent
traffic—it is in their best interest to quickly identify and address
potential breaks in their customers’ PBX security.
As long as telecom
companies charge for the products they offer there will be those
who try to fraudulently obtain service. As technology, markets,
and economics change, what they try to steal and how they try
will evolve. So too, fraud management tools and techniques will
change over time to adapt to new threats. Nonetheless, the most
important element in the fight against fraud will always be
common sense. When establishing and implementing a telecom fraud
management process, staffing and training a fraud team, and
choosing a fraud management system vendor, the principles outlined
above form the foundation for a practical, economic, and effective
response to the threat of fraud.
David West is executive
vice president of Equinox
Information Systems (www.equinoxis.com), a provider of custom
and commercial software solutions for the telecommunications
industry since 1986. He can be reached at info@equinoxis.com.
© Copyright 2000 |
