Telecoms fraud: “It's our problem”
Will carriers finally begin acting in unison to more effectively combat fraud? Capacity reports from the Wholesale Fraud Forum 2014 in London.
Capacity recently held its first ever conference dedicated to wholesale fraud. While the event generated plenty of contrasting opinions and views, delegates were united on two fronts: fraud is becoming increasingly prevalent in the wholesale segment, and it will take industry-wide collaboration to combat it.
Estimated to have cost the wider telecoms industry up to $40 billion in 2013, fraud has been steadily escalating in the wholesale segment over the past 2-to-3 years. In Capacity’s 2013 Fraud & Security Business Briefing, we predicted that the industry is heading into a perfect storm, where fraudsters are better resourced than ever before, networks are easier to hack and cash-strapped operators are struggling to find the capital to invest in new security systems.
This message was reiterated during the day-and-a-half event in London, which brought together nearly 100 representatives from across the carrier, vendor and regulatory communities.
One of the initial areas of discussion was the growing demand from the retail segment for carriers to take greater responsibility in preventing fraud. The sting in the tail for carriers being that a majority of scams tend to originate on a retail operator’s network – with the wholesale carrier having limited control over how or where traffic is generated.
According to Jorn Vercamert, director of voice business management at BICS, over the past two-to-three years, carriers have seen more issues with fraudulent traffic and greater concern from customers.
“To begin with, the position [of a wholesaler] was to protect your own network and be seen more as a transit carrier. However, we found that our retail operators did not appreciate that proposition and were requesting wholesale providers to do more analysis; to bring them more understanding and visibility on the traffic,” he says.
The keynote panel discussing the scope of the problem at Wholesale Fraud Forum 2014
Joerg Debus, head of voice product management and business analysis, Deutsche Telekom ICSS, says there are essentially only two options available to carriers.
“One is clearly where carriers say you pay for what you send, and the other is to accept more responsibility for fraud,” he says. “There is no single point of view on how to handle this; there are different shades of grey. You want to serve customer needs, but on the other hand you want to prevent fraud. Being a wholesale carrier means you are caught in-between.”
The challenges ahead
This situation is compounded further by the complex nature of interconnect agreements. Although interconnect agreements can differ enormously, they all place in contractual law the principle that the carrier must always pay for traffic that is handed to it.
“Clearly, how some carriers handle traffic may be questionable, but ultimately they are handling it in accordance with perfectly legitimate contractual arrangements. Until they know that there is fraudulent activity taking place, and they can look at the terms and conditions, as a company they are working within their business model,” says Ian Smith, CEO at the Telecommunications UK Fraud Forum (TUFF).
The challenge lies not just with the carriers but also with the regulators, says Smith. Not only does each regulator have its own legislation regarding telecoms fraud, but even their very definition of fraud varies. “How do you harmonise cross-jurisdictional requirements so that you have a collective view, and so the legislation serves a collective purpose?” asks Smith.
This question is particularly pertinent given the international nature of wholesale. If a regulator is finding fraudulent traffic and has reason to stop that, it does not necessarily mean another country might recognise that reason, says Smith.
Carriers are also experiencing increasingly sophisticated types of fraud.
“What we are seeing on the wholesale side is that more sophisticated suppliers that are getting into routes, doing a good job for a month or two and then doing all sorts of blending; be it terminating calls on unallocated numbers or very sophisticated manipulation on the VoIP side,” says Robert Benlolo, SVP of access services at Tata Communications. “There are some very refined frauds out there and without the processes, you’re severely exposed to them.”
Among the fraud types highlighted during the event, Private Branch Exchange (PBX) hacking was frequently name-checked. The last 18 months has seen a significant rise in this type of technical attack of terminal equipment and PBX hacking is estimated to cost the industry close to $5 billion in revenues last year.
Benlolo highlights customer screening as an initial method of preventing PBX hacking and other forms of fraud.
“When we partner with new suppliers at Tata, we go through an extensive screening process. When you have a new customer it is important to see if their security systems and setup is secure, as they are the Achilles heel when it comes to fraud,” he says.
Number leasing was another problem area identified by carriers at the event. With licensed carriers and MVNOs finding their profits squeezed, there has been an uptake in leasing valuable number ranges to third parties for content or revenue share.
“This is a big problem as the carrier or MVNO lose power over how their numbering range is being applied. Even Tier-1 and Tier-2 carriers are engaging in this, and it is a very hazardous area to enter unless you have the proper controls,” says Benlolo.
The issue of generating calls to unallocated numbers was another growing area of concern. Carriers at the event warned of a sub-industry of resellers which specialise in terminating unallocated calls for fraud.
This issue prompted a much wider debate about whether carriers should consider moving away from an entirely open switch network policy.
“Initially in the past, we used to have an open switch policy due to the sheer amount of resources needed to manage hundreds of countries and numbering plans,” says Benlolo. “However, over time we recognise trends early and when we see confirmed fraud on specific ranges, not only do we block it for our customer, but we block it for our entire customer base.”
A problem shared
Vercamert highlighted the importance for carriers to share information on areas such as fraudulent number ranges.
“It is still very difficult to understand all the numbering plans internationally, to know what is being used or what is not being used,” says Vercamert. “And so therefore what we are trying to do at BICS is share the information available among our customers and the networks connected to our platforms.”
TUFF’s Smith agrees, but adds that information should also be shared between the industry and law-enforcement agencies.
Enhanced network monitoring and analysis will also play a vital role in the fight against fraud. The ultimate dream, says Smith, is for carriers to have the ability to take action in real-time based on high-quality alerts and reporting: “Otherwise we are always chasing fraud. The sooner we can react, the greater we can mitigate the cost damage and other disruption that occurs.”
Investing in the latest technologies to support effective network monitoring, however, comes at a cost, and at what point will carriers make the financial commitment to truly counter fraud?
“There always has to be a business driver. At what point do the scales tip and make a carrier do something, as opposed to aspire to do something?” asks Smith. “And that point will only come when the bottom line is hit.”
BICS has been proactive in its attempts to deliver solutions to help counter fraud. Last year, it signed a partnership with fraud solution provider cVidya, as well as going on to launch a solution designed to increase fraud awareness across its wholesale network.
While he highlighted events such as the Wholesale Fraud Forum 2014 as helping to raise the profile of fraud in wholesale, Vercamert says carriers should be addressing the issue with greater urgency.
“I think we have to put fraud as a priority in the agenda of our organisations. Every week there is something going on worldwide, and we as an industry have to recognise we are not yet fully equipped and able to take on that battle,” he says.