FRAUD & SECURITY BUSINESS BRIEFING 2013: Operating in fraud hotspots

12 September 2013 | Richard Irving


What happens when your key markets for growth just happen to be some of the biggest hotspots for wholesale fraud in the world? Richard Irving goes behind the scenes at Telekom Austria to find out.

Unveiling a raft of new products directly targeting Amazon's near vice-like grip on cloud services this April, a senior Microsoft executive made a bold if not chilling prediction.

Within a few short years, he warned, there would be no more than ten major cloud services providers slugging it out in a market that is growing at between 20-30% a year and which, according to one analyst, was worth more than $100 billion for the first time in 2012.

The provocative forecast might well unnerve many telecoms companies who are betting their future on the cloud. Take away some of the obvious candidates, such as IBM, Amazon, Google and, yes, even Microsoft, and there might only be a handful of slots for the likes of AT&T, Verizon, Deutsche Telekom and Telefónica to fight for. But it is a vindication of the controversial view that pitched Stefan Amon, head of wholesale for Telekom Austria, into a storm of controversy late last year.

In exclusive comments to Capacity magazine, Amon confirmed that Austria's largest phone operator would not be investing in wholesale cloud opportunities. Instead, the group would focus on a state-of-the-art anti-fraud solution aimed at stopping rogue operators from disguising high margin international traffic as cheap local IP calls.

His comments caused a mixture of consternation, puzzlement, and – in some quarters – outright derision, across a troubled industry under fire from shrinking margins, uncertain growth prospects and the ever-constant threat presented by new disruptive technologies. Many wholesale bosses, it would appear, do not want to think of cloud-based services as anything other than a saviour that will fuel growth long after the voice segment goes the way of text messaging.

Six months on and Amon's call looks exquisitely timed. For one thing, Microsoft's lumbering assault on the cloud is finally gaining some momentum. Sales of Azure software, which stores business information and applications on remote servers and lets customers access them from anywhere on the web, have grown 10% or more in each of the last nine consecutive quarters and annual sales have topped $1 billion for the first time.

But more importantly, telecoms groups have started to haemorrhage cash to fraudsters, following an unprecedented surge in the number of scams specifically targeting wholesale operators, which itself has been brought on in no small part by the regulator-driven collapse in Europe-based interconnect tariffs.

Amon never meant to cast aspersions on those who are building business models around the cloud. Quite the contrary, in fact.

"Of course the cloud is an exciting proposition. From a wholesale perspective, we ourselves stand ready to support the cloud by offering connectivity to our customers whenever and wherever we can," Amon says. But carriers like Telekom Austria have to face up to some uncomfortable truths, he warns.

"We have to be realistic. The fact is that we are never going to be able to compete in this market – we are never going to be able to sell a cloud services solution to the likes of Deutsche Telekom or British Telecom." Far better, Amon says, to play to the operator's core strengths.

"We have been dealing with voice traffic for 20, 30, even 50 years. We know what the challenges are in this market and we know what the challenges are for other carriers. That's why the group took the decision to invest in anti-fraud measures rather than the cloud."

Rough Times
Telekom Austria's latest report and accounts are bleak affairs. Entitled "Rough Times", the company bemoans a near-perfect storm of factors beyond its control for a disappointing performance which saw full-year revenues for 2012 dip 2.8% to €4.3 billion and comparable earnings before interest, taxation, depreciation and amortisation (Ebitda) slip 4.7% to €1.45 billion.

Encapsulating the gloomy mood, Hannes Ametsreiter, chairman of the management board, said that intense competition, a "regulatory landslide" incorporating steep cuts to interconnect rates in all eight of the Central and Eastern European countries in which the telco operates and a general economic malaise conspired to overshadow operational successes at the group.

The result was a 20% plunge in wholesale revenues to €164.5 million. In a stark warning, the boss added that 2013 would be "another challenging year – meaning times will remain rough". And so it has proved to be. First-quarter wholesale revenues fell a further 9.3% to €41.8 million in the group's crucial domestic market, while wholesale revenues at its international units fell 5% to €5.6 million.

It is against this background that Telekom Austria's push into anti-fraud solutions should be measured, for it serves to highlight how grim the general outlook for many operators is and thus how important it is to stem the flow of cash to opportunistic fraudsters. Security analysts estimate that anything from 2% to 6% of total wholesale revenue is lost to by-pass fraud (also known as interconnect or SIM box fraud) alone, and research by the Communications Fraud Control Association (CFCA) puts global losses to the scam at more than $2.8 billion a year.

Telekom Austria does not disclose what percentage of revenues it believes that it has lost to fraudsters, but if independent analysts are right, then Amon's fraud-busting team could return the group's international wholesale operation to profits growth on their own and stem the fall in wholesale revenues in Austria to a negligible €1.2 million a quarter.

At its most basic, a SIM box is a piece of hardware through which phones on two different networks can be rigged together so that a call arriving on one can be routed out through the other. The networks concerned can be either fixed or mobile, national or international, or any combination of the two. The switching mechanism, which is entirely invisible to any of the network operators involved, makes each call look as if it starts and ends on a single network, thereby avoiding any interconnect fees.

All that a crook needs to build a SIM box is access to the internet – a 1MB connection will allow the fraudster to handle 60 calls at any one go – a router, and a fixed terminal, known as a GSM Gateway, that can switch calls between IP, analog, digital and GSM systems. In what is clearly a sign of the times, if you seek information on GSM gateways on Google you get not a definition of the hardware, but a raft of companies offering terminals for sale with promises to slash your phone bill.

Amon likens bypass fraud to "invisible theft". Because traffic routed through the SIM card looks like that of a normal end-user, the fraudster never needs to break cover. In many cases, the only way of knowing that traffic is being by-passed is when customers start complaining of a severe drop in call quality. One specialist anti-fraud consultancy claims to have uncovered 50,000 SIM boxes on the networks of just six clients last year alone.

Earlier this year, specialist prosecutors within Serbia's high-tech crime unit arrested 11 men as part of an investigation into a SIM box fraud that is estimated to have fleeced international operators of at least €10 million. The undercover investigation, codenamed "Centrala", recovered 28,000 prepaid SIM cards of local mobile operators, through which the ring had channelled international calls from foreign networks in order to rack up cheaper local rates.

The scam is similar to one which Telekom Austria first started to uncover in Serbia back in 2006 and 2007, prompting the group to start the hunt for an effective fraud-busting tool. There were relatively few off-the-shelf products out there to choose from and many were expensive and unwieldy, says Amon.

"We went through a process to determine whether to build or to buy. In those days wholesale fraud was relatively limited in its scope, so it made the most sense to implement our own solution."

A box of tricks to fight a tricky box
Telekom Austria's expertise in SIM box fraud is no quirk of chance. While the operator does not break down wholesale revenues at any of its international units, total earnings from Croatia, Serbia and Slovenia – three of the biggest fraud hotspots in the whole of Europe – amounted to 18% of total group revenues last year.

In other words, against a backdrop of failing revenues, Telekom Austria's engineers have to be one step ahead of the cyber crooks at every turn, lest fraudulent attacks further exacerbate the slump in wholesale earnings.

It might not be a particularly enviable position in which to be, but it certainly focusses the mind. When a leading wholesale customer with exposure to Serbia approached the group with a big fraud problem two years ago, the company made two game-changing discoveries. Firstly that it was not alone and secondly that it was ahead of the curve in developing cutting-edge solutions.

"We realised very early on that SIM fraud was going to be a big problem. The hype only came much, much later," explains Amon.

In April of this year, the group brought the solution, called the SIM Box Detection Service, to the market. The platform can sweep more than 1,000 separate routes to identify if a carrier is being targeted by SIM box fraudsters.

Amon declines to elaborate further on the way the algorithms within the SIM sweep work, but it is likely that the platform embraces a form of test call generation. Operators generate a chunk of controlled traffic from a swathe of different origination points around the globe and from VoIP, fixed and GSM connections, in order to check how the call travels across the network and whether it is delivered as it should.

The strategy has a high hit rate, but it is only as good as the number of origination points it tests, so it is likely that Amon's platform also uses proprietary analytics to map suspicious points on any particular route. Analysis of incoming to outgoing calls, the number of cell sites used during transit and distinct destination ratios can all point to the location of possible SIM boxes.

Seeking to establish the provenance of traffic that they are being asked to terminate might not intuitively sit well with some wholesalers. When it comes to many types of telecoms fraud, transit carriers are not averse to taking an ambiguous line. Some privately maintain, for example, that since they have little opportunity to perform any due diligence on the caller, they must act in good faith and cannot be held liable for any misdeeds that are perpetrated through their networks. SIM box fraud debunks that particular argument, because it is the transit carrier that shoulders the entire hit in terms of lost termination fees.

As Amon explains, the ability to trace a call back to its origination is what separates a good SIM box fraud solution from a bad one.

"If I were to tell you how we do it, then I would be telling you the secrets on which our success is based," he says. But it is only part of the picture,

"How your search mechanisms work are clearly important, but you also need to have a fast and efficient reporting system, a capability to get to the customer quickly in order to secure permission to block the route," he adds.

Flexible pricing is also crucial. Some countries within Telekom Austria's portfolio, such as Croatia, are thriving tourist economies that are particularly prone to bypass fraud at the height of the holiday season. The cost of any fraud protection service should rightly reflect the peaks and troughs of wholesale traffic, he says.

Amon will not disclose how well the fraud platform is selling. He also declines to be drawn on whether the platform has brought new wholesale business to the company's door. But in a sign that the group's board remains committed to the venture, the wholesale chief confirmed that an enhanced version of the fraud-busting service is due for release, possibly later this year.

"Fraudsters don't sleep," he says. "You can only establish a meaningful business in fraud mitigation if you carry on developing a product."