• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
My Final Dissertation in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE from The University of Liverpool
 

My Final Dissertation in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE from The University of Liverpool

on

  • 3,800 views

TELECOMMUNICATION FRAUD MANAGEMENT: IMPLEMENTING A SECURE AND EFFICIENT ROAMING FRAUD DETECTION SYSTEM IN A GSM NETWORK

TELECOMMUNICATION FRAUD MANAGEMENT: IMPLEMENTING A SECURE AND EFFICIENT ROAMING FRAUD DETECTION SYSTEM IN A GSM NETWORK

Statistics

Views

Total Views
3,800
Views on SlideShare
3,800
Embed Views
0

Actions

Likes
0
Downloads
75
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    My Final Dissertation in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE from The University of Liverpool My Final Dissertation in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE from The University of Liverpool Document Transcript

    • TELECOMMUNICATION FRAUD MANAGEMENT: IMPLEMENTING A SECURE AND EFFICIENT ROAMING FRAUD DETECTION SYSTEM IN A GSM NETWORK By Joey E. Ironbar A DISSERTATION Submitted to The University of Liverpool in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE October 2011
    • ABSTRACT TELECOMMUNICATION FRAUD MANAGEMENT: IMPLEMENTING A SECURE AND EFFICIENT ROAMING FRAUD DETECTION SYSTEM IN A GSM NETWORK By Joey E. IronbarThe high costs associated with roaming fraud have been assimilated into the operational budgets oftelecommunications providers for the past decade. In spite of these losses, successful financialperformance and a growing number of subscribers have continued to limit the scale of response to fraudprevention necessary to eliminate this subversive activity. International roaming is an increasinglyprevalent practice, one which requires a multi-network billing chain that raises a range of opportunities forfraudsters to infiltrate gaps and deficiencies in the connected system. From subscription fraud to hacking,the range of fraudulent activities continue to expand, resulting in an increased need for corporateawareness and the installation of effective mitigation techniques. This research addresses particularconcerns regarding the dynamic (or lack thereof) nature of mitigation protocol, highlighting those areas inwhich operators will find opportunity with substantive adjustments to their system characteristics.Through an empirical review of industry perspectives and recommendations, this study finds that roamingfraud must be eliminated through a more pragmatic, proactive system design that seeks to both predictand eliminate sources of fraud before they can impact on a financial level. In addition, it was determinedthat a key variable in fraud mitigation is the consumer, a factor that must be addressed more effectivelythrough coaching and information exchange in order to divert some responsibility away from thesecondary agent (the provider). Although the long term goal of eliminating fraud is largely embraced bythis industry, it is unrealistic. Therefore, this research will demonstrate that a more proactive, pragmaticprotocol is needed, thereby undermining both the exposure and the impact associated with thismultinational criminal behavior. 1
    • DECLARATIONI hereby certify that this dissertation constitutes my own product, that where the language of others is setforth, quotation marks so indicate, and that appropriate credit is given where I have used the language,ideas, expressions, or writings of another.I declare that the dissertation describes original work that has not previously been presented for theaward of any other degree of any institution. Signed, Joey E. IronbarStudent, Supervisors and Classes:Student name: Joey E. IronbarStudent ID number: 15081229GDI name: Yongge WangRMT (GDI) class ID: ComputingReserachMethodsTraining.2010.06.24.202DA name: Anil FernandoDST (DA) class ID: ComputingAdvisorClass. 20081127.227 2
    • ACKNOWLEDGEMENTS I would like to thank the University of Liverpool, APC for affording me the un-imaginableopportunity to complete my study here, despite all challenges which had frustrated all my efforts. Iwill not forget to thank Anil Fernando, my DA, whom for without his patience, guidance andunderstanding, I wouldn’t have made it this far, especially with my dissertation. I also remaingrateful and thankful for all my SSMs whom have managed and guided me throughout my time ofstudy here. You are All special to me. In addition I thank my sponsor Airtel Nigeria, and most precisely Ade Banjoko and his team(Airtel Fraud Management) for their relentless support. I would also like to thank Fred Kellenberger, my instructor on People, Technology, andManagement module, who empowered my skills measurably in the areas targeted. Finally, and most importantly, huge thank you to my wife Princess for her full supportsand also the Almighty God, for His grace in me. 3
    • This page is left intentionally blank 4
    • Table of ContentsTable of Figures .............................................................................................................................. 7Introduction ..................................................................................................................................... 8 1.1 Research Problem ............................................................................................................. 8 1.2 Aims and Objectives ........................................................................................................ 9 1.3 Research Questions ........................................................................................................ 10 1.4 Structure of Dissertation................................................................................................. 11Chapter 2: Literature Review ........................................................................................................ 13 2.1 Introduction .................................................................................................................... 13 2.2 Roaming Fraud Overview .............................................................................................. 13 2.3 Fraud Detection and Prevention Strategies .................................................................... 18 2.3.1 Clearinghouse ......................................................................................................... 18 2.3.2 High Usage Report .................................................................................................. 18 2.3.3 Roamer CDR Exchange (Roam EX) ...................................................................... 19 2.3.4 NRTRDE................................................................................................................. 19 2.3.5 FraudX .................................................................................................................... 20 2.4 Fraud Management and Prevention Strategies ............................................................... 21 2.5 Practical Applications and the Future ............................................................................ 24 2.6 Summary ........................................................................................................................ 26Chapter 3: Research Methodology................................................................................................ 27 3.1 Introduction .................................................................................................................... 27 3.2 Research Methods .......................................................................................................... 27 3.3 Survey Participants ......................................................................................................... 28 3.4 Ethical Concerns and Limitations .................................................................................. 29 3.5 Summary ........................................................................................................................ 29Chapter 4: Data Presentation ........................................................................................................ 31 4.1 Introduction .................................................................................................................... 31 4.2 Survey Participant Demographics .................................................................................. 31 4.3 Quantitative Survey Results ........................................................................................... 32 4.4 Participant Ranked Foci for Fraud Detection and Management .................................... 37 5
    • 4.5 Participant Ranked Advantages of Fraud Detection and Mitigation Systems ............... 38 4.6 Participant Responses to Open Questionnaire ............................................................... 40 4.6.1 Question 1 ............................................................................................................... 40 4.6.2 Question 2 ............................................................................................................... 41 4.6.3 Question 3 ............................................................................................................... 42 4.6.4 Question 4 ............................................................................................................... 43 4.6.5 Question 5 ............................................................................................................... 43 4.7 Summary ........................................................................................................................ 445 Chapter 5: Achievements ...................................................................................................... 45Chapter 6: Discussion and Analysis ............................................................................................. 46 7.1 Introduction .................................................................................................................... 46 7.2 Fraud Mitigation and Prevention Strategies ................................................................... 46 7.3 The Human Factor and Profiling Objectives.................................................................. 47 7.4 The Fraud Prevention Model.......................................................................................... 49 7.5 Summary ........................................................................................................................ 51Chapter 7: Conclusions and Recommendations ........................................................................... 53 8.1 Conclusions .................................................................................................................... 53 8.2 Recommendations .......................................................................................................... 54References ..................................................................................................................................... 56Appendices .................................................................................................................................... 59 Appendix A: Participant Survey With Results ......................................................................... 59 6
    • Table of FiguresFigure 1: Voice and Data Roaming Models (Source: Macia-Fernandez, 2008:2) ....................... 15Figure 2: Model of RoamEx Network (Source: Lloyd, 2003:11) ................................................. 19Figure 3: Model of Fraud-X System Integration (Source: Syniverse, 2011) ................................ 21Figure 4 Participant Age Range .................................................................................................... 32Figure 5: Participant Income Range ............................................................................................. 32Figure 6: Participant Education Level .......................................................................................... 32Figure 7: Participant Experience in Fraud Detection .................................................................... 32Figure 8: Participant Experience in System Design ..................................................................... 32Figure 9: Participant Role or Responsibility................................................................................. 32Figure 10: Detection Strategies and the Consumer Factor ........................................................... 33Figure 11: Nature of Fraud and Strategic Detection Methods ...................................................... 35Figure 12: Evolving Fraud Mitigation and Control Scenarios...................................................... 36Figure 13: System Design and Partner Opportunities................................................................... 37Figure 14: Most Valuable Fraud Detection and Management Systems ....................................... 38Figure 15: Advantages of Implementing Strategic Fraud Detection and Mitigation System ....... 40Figure 16: A Comprehensive Fraud Mitigation System ............................................................... 51Figure 17: Participant Survey With Results.................................................................................. 63 7
    • Introduction1.1 Research Problem The evolution of roaming fraud in recent years has resulted in a complex analyticalenvironment wherein operators continue to develop more advanced monitoring and detectionsystems and protocol in order to prevent costly intrusions. Macia-Fernandez (2008:1) definesroaming as the capacity of subscribers to a wireless network to make or receive voice calls, sendor receive data, or gain access to other services when they are outside the geographical areacovered by their home network by using the resources of a visited network. In accordance withthis definition, there are three primary forces within the roaming dynamic including thesubscriber, the proprietary network (home), and the visited network (Macia-Fernandez, 2008). Itis between these three interests that fraud is perpetrated, whereby the call detail record (CDR) isdistributed from the visited network to the home network for payment for services rendered, onlyfor the home network to discover that the charges were unauthorised. The impact of wirelessroaming fraud is significant. In 2003, for example, Lloyd (2003) reported that between 1 to 3%of operator revenue was lost annually as a result of fraud, of which roaming equated to around24% of this total figure. In spite of the widely recognised financial consequences of roaming fraud, during theearly 2000s, Deo (2008) recognised that many operators tolerated fraud related losses due to arapidly increasing customer population. Yet shareholder influences and an increasinglyadvanced technological infrastructure continue to challenge firms to embrace a much moreanalytical protocol. As subscription fraud alone was reported at an annual loss of over $22billion in 2010, it is evident that the future of fraud prevention and mitigation services is anabsolutely fundamental component of the operator business model (Ghosh, 2010b). Withexpanded services over mobile networks that include access to much more private informationsuch as banking services, credit card information, and premium service membership, the possibleimpact on both operator and consumer liabilities by fraudulent initiatives is only increasing(Ghosh, 2010b). 8
    • The increase in delay for fraud detection results in a heightened total loss per handsetwith extended delay mechanisms such as the Clearning house protocol costing upwards of$50,000 per handset after a delay of more than 100 hours (Lloyd, 2003). Although alternativefraud detection techniques (e.g. HUR, RoamEx, NRTRDE) have increased the speed todetection, the potential losses are still significant, increasing over the term to identification. Forthis reason, real-time detection systems are becoming a priority investment for most serviceproviders, allowing for the identification of possible incursions and mitigation of their influenceat a much more proactive rate than previously possible. With the development of more advanceddata mining prevention models such as the intuitive tool proposed by Farvaresh and Sepehri(2011), organisations are finding that fraud reduction is possible through a much more criticalreview of key indicators, particularly those that are identifiable through consumer and networkdata analysis. For this reason, such robust tools are quickly becoming a leading component indetection and mitigation systems, eliminating much of the uncertainty and reducing the overallrisk for exposure that once existed in non-predictive models.1.2 Aims and Objectives The field of fraud management and detection is robust and represents an extensivenetwork of research and a broad scope of academic research. This particular study distils suchevidence to a singular focus, emphasising the nature of fraud management and detection inmobile telephony, with a particular focus on roaming services. Given the multinational equationthat evolves out of this operational dynamic, the fraud potential is significant, and asglobalisation continues to encourage multinational travel, the likelihood that consumers will beexposed to fraudulent activities increases. This investigation provides a link between existingand optimised fraud detection systems, addressing particular systemic deficiencies that havearisen over the years as a result of both technological and ideological limitations. The followingdetails the primary research aim that will be accomplished over the subsequent presentation andanalysis of both academic and empirical evidence:  To identify and audit the best-fit characteristics for a secure and efficient roaming fraud detection system, focusing on a platform to offer fraud trend analysis that will 9
    • support operators in avoiding both known and unknown footprints of fraud and providing advice for prompt resolution. Based on this particular research aim, it is evident that the scope of this research willinvolve both practical and theoretical applications of technologies that are more dynamic andadvanced than those existing today. Considering that in spite of best-practise fraud monitoringand mitigation strategies this problem continues to affect the ROI and financial performance ofleading mobile providers, it is evident that the industry has yet to achieve a sufficient standard ofprotection. Accordingly, more research is needed in this field in order to identify those areas inwhich ineffective and under-valued system architecture continue to restrict the ability toeliminate the influence of fraud on a global scale. Accordingly, the primary research objectivesthat will be accomplished during this research process include the following:  To evaluate a secure and efficient solution to telecommunication roaming fraud through identification and design of an active management system for current challenges undermining the attainment of a successful system  To discuss and analyse the various characteristics associated with telecommunications roaming fraud  To establish the credibility of fraud management systems for practical applications in the management of roaming frauds  To identify possible future trends in fraud and fraud detection systems  To reduce fraud-related lost revenue and improve operators ROI  To offer forward-seeking recommendations to enable system advancement at an accelerated pace, faster than that of telecommunications fraud perpetrators.1.3 Research Questions This research attempts to generate solution-based evidence for the development andimplementation of a dynamic, secure, and efficient fraud detection system to protect againstroaming fraud activities. Given the large scale of propagation of this subversive behaviour andthe significant implications which such activities have on operator revenues, the need for more 10
    • pragmatic, analytical solutions is absolutely essential. The following are primary researchquestions which will be answered over the subsequent chapters:  Is there a means of developing a fraud typology in order to address particular objectives and outcomes according to more systematic management techniques?  How effective are current systems for fraud management on a national level? On a global level? Can this be improved?  Is it possible to eliminate the human element in the fraud detection and management protocol? Would this be beneficial?  What is the value of fraud detection for major global operators from an revenue perspective?  Would homogeneity of system design reduce the financial and structural impacts of system installation?  What does the future of fraud and fraud detection hold for telecom operators and how can proactive measures today reduce these incidences over the long term?1.4 Structure of Dissertation The following is a brief overview of the subsequent chapters in this dissertation,highlighting the primary objectives that will be accomplished:  Chapter 2: Literature Review: This chapter presents a broad spectrum of academic insights and evidence regarding roaming fraud, mitigation techniques, and system design priorities and practises.  Chapter 3: Research Methodology: The methodological foundations are discussed in this chapter, justifying particular techniques according to academic precedence in this field and a range of researcher recommendations.  Chapter 4: Data Presentation: This chapter introduces and explores the results from an empirical analysis of industry operator insights regarding roaming fraud detection and management systems.  Chapter 5: Discussion and Analysis: Returning to an academic foundation, this chapter analyses the research results and provides a comprehensive, model-based analysis of roaming fraud detection system design. 11
    •  Chapter 6: Conclusions and Recommendations: In this final chapter, conclusions from the entirety of this research are presented, describing a range of opportunities for rehabilitating the universal fraud detection protocol, whilst recommendations for additional research and system testing are provided. 12
    • Chapter 2: Literature Review2.1 Introduction There is a broad spectrum of research in this field that is directly related to thedevelopment and implementation of fraud detection systems that are not only effective, but thatprovide an accelerated rate of recognition that reduces the possibility of operator losses. Thischapter will present a range of past academic studies in which both theoretical and empiricalmodels of fraud detection are defined and evaluated. Given the categorical differences betweenvarious information management systems in todays mobile industry, key architecture includingclearinghouse, high usage report, RoamEX, and NRTDRE will all be discussed in relation totheir merits and limitations. This insight is extracted from leading theorists in this field;however, it encompasses nearly a decade of testing, system design, and fraud-oriented analysis.Therefore, the congruency amongst these researchers is limited to technological capabilities atthe time of writing, a limitation that provides for a broad range of variability within thisacademic field. The synthesis of evidence in this chapter serves as a temporal and ideologicalbridge, linking theory and applications according to best-fit opportunities for future frauddetection system design and applications.2.2 Roaming Fraud Overview The roaming model continues to evolve across a vast array of network partnerships andadvanced capabilities. In her recent exploration of roaming fraud, Macia-Fernandez (2008)developed two valuable models of roaming which include voice and data exchange services (SeeFigure 1). The primary value of these particular models is to identify the intermediary nature ofthe roaming network position during this process, a connection-based restriction that has directimplications for the design and implementation of any fraud detection and prevention system.Key conditions for roaming fraud perpetration include a longer time for detection, a greater timeto respond, and more technical difficulties in the resolution of the fraud (Macia-Fernandez, 13
    • 2008:2-3). In order to define the characteristics of roaming fraud more comprehensively, Macia-Fernandez (2008) provides an in-depth review of six different techniques that originate fromeither network area initiatives (take advantages of technical breakdowns in the configuration,design, or architecture of the communication networks) or from other business areas (Inefficientor poorly designed processes in the business because technical aspects do not relate directly totelecommunication network):  Interoperability Breakdowns: Errors in the expected functioning between the operators network equipment that are likely triggered by the presence of different technologies or equipment from various suppliers.  Information Transmission Delays: Takes advantage of the window of opportunity between when it begins and when it is detected, most likely the result of the delay in the tariff setting information sending between the visited and home networks.  Configuration Flaws: Inadequate or insufficient operation and maintenance procedures such as allowing roamers to dial premium rate numbers or operators that do not protect their short message centres (SMSC)  Subscription Fraud: Imposter subscribers who obtain cards/SIMs and make calls using a range of fraudulent techniques, ranging from call selling to call forwarding to micropayment to premium number calling.  Internal Origin: Perpetrated by staff at the companies themselves because of defective security systems or permissive performance protocols.  M-Commerce: Fraudulent purchases over the internet that are billed through the mobile device and later charged to the client.  Copyright and Hacking: Downloads and information breaches that are designed to capture photos, video, music, etc. from subscribers or their contacts through mobile technologies. 14
    • Figure 1: Voice and Data Roaming Models (Source: Macia-Fernandez, 2008:2) There are a broad spectrum of fraud strategies that cannot be effectively classified usingsingular, tactically-specific models; however, researchers such as Ghosh (2010a) attempts tooffer a more generalised overview of potential fraud efforts. In particular, the researcherscategorise fraud under one of three different categories including hacking fraud, contractualfraud, technical fraud, and business procedural fraud (Ghosh, 2010a). The underlying modusoperandi for the perpetrators of fraud is defined according to their primary motives (e.g. financialgains, disruption, payment avoidance, etc.), wherein motives are typically classified under either 15
    • financial rewards for fraud or the use of fraud to avoid paying for services (Ghosh, 2010a).Particular examples have been discussed in recent literature, highlighting the seriousness of thisissue from a management standpoint. For example, subscription-based roaming fraud typicallyinvolves contact with consumers through their mobile number as fraudsters pose as employees oftelecom operators (Subex, 2011). Financial incentives are promised in exchange for surveyinformation and personal details are taken in order to gain access to an individuals information.The information is then used to contact call centre staff and set up additional phone numberswhich are then transferred to the handsets of the fraudsters. Subsequent fraudulent charges areonly identified at a later period, either after the computer has recognised aberrations in the useractivity, or if the user recognises significant complications affecting their account billing (Subex,2011). The problematic nature of such fraud activities evolves out of the user-initiatedinformation sharing process, emphasising a need for alternative information tracking andanalysis techniques, particularly those that identify variations in consumer behaviour (e.g. callpatterns, premium services, location, etc.). Undercutting such unrecognised behaviour is what Hilas and Sahalos (2000:1) refer to asuser profiling, or the identification of past behaviour of a user that can be accumulated in orderto construct a profile or a user dictionary. Essentially, the users unique behavioural patternsserve as a system blueprint, one which provides validation of predictable activities and earlyidentification of what the authors recognise as suspicious behaviour which triggers the suspicionscore alert (Hilas and Salahos, 2000:2). There are two basic fraud detection models whichemploy this profiling technique including supervised and unsupervised detection models. Undersupervised detection, samples of normal and fraudulent behaviour are used to construct modelsand the system assigns observations to the classes. For the unsupervised detection method,observations that are dissimilar from the norm are detected through automated data analysis(Hilas and Salahos, 2000). This particular study was able to design a fraud detection modelusing just eight key testing features providing sufficient differentiation between users anddeveloping an intuitive, behaviour-based model of user patterns that can be used to immediatelyidentify potentially fraudulent aberrations (Hilas and Salahos, 2000). These particular testingcategories included the number of calls made to local and mobile destinations, and theircorresponding durations, and the number of calls to national and international destinations, andtheir corresponding durations. Algorithmic comparison of equality functions were designed to 16
    • explore threshold similarity equations associated with these particular variables, enabling theresearchers to check for equality between elements (Hilas and Salahos, 2000:3). The research isextremely valuable when exploring more dynamic, active management systems for frauddetection and aberrant consumer behaviour. A similar study was conducted by Hollmen (2000) in an effort to employ probabilisticand neural network analytical tools in the exploration and profiling of user behaviour accordingto usage patterns from call data. Hollmen (2000:1) defined systemic learning as adaptation ofthe parameterized models so that the inherent problem structure is coded into the model, or inother words, a system design in which possible fraud is identified through pattern deviation fromnormative values representative of user behaviour. There were two distinct methods for datacollecting that were employed in the Hollmen (2000) empirical study including block crediting,or a representative-initiated credit that evolves out of consumer reported fraudulent activity and avelocity trap, or the a computer-based geographical analysis of calling patterns to identifydistinctions in user behaviour. Fraud detection tools employed by Hollmen (200) includedquantitative analytical tools such asself organising maps for clustering probabilistic models andlearning vector quantization (LVQ). Each of these techniques involved relatively advancedquantitative analysis of call profiles. Complexity in these models is the direct result of theunpredictable nature of fraud, wherein call patterns include a mixture of both valid andfraudulent behaviours; therefore, the challenge is for the system to identify the likelihood of onebeing fraudulent. Although Hollmen (2000:33) does not confirm the validity of any one systemfor fraud detection, his evidence does demonstrate that threshold requirements including lowfalse alarm probabilities must be low in effective systems in order to reduce unnecessary reportgeneration and focus the analysis on truly fraudulent behaviour. In their recent discussion of emergent fraudulent techniques, Subex (2010) telecomreported on a soft SIM variant of roaming fraud whereby particular international VoIPtechnologies that are linked through a Skuku routing box are reverse pirated. With bulk SIMnumbers purchased in bulk, the fraudsters will connect to radio equipment in foreign countriesand perpetrate roaming frauds. Further, these SIMS which appear like cloned SIMs can beswitched to other roaming networks to SIM-swap in other countries, extending the fraudnetwork. Researchers such as Dix (2009) addressed authentication mechanisms that aredesigned to circumvent these particular influences, the result of which 17
    • 2.3 Fraud Detection and Prevention Strategies The following sections present background information on traditional and emergent frauddetection and mitigation strategies and system components, highlighting a range of variabilitythat is likely addressed through the incorporation of several of these components or protocols atthe same time2.3.1 Clearinghouse The clearinghouse represents a last-effort approach to the identification of roaming fraudand is likely initiated through the billing team or consumer following aberrant charges. The2003 reported usage delay for fraud detection via clearinghouse was reported by Lloyd (2003) tobe between 1 and 3 days. As a detection method, this practise involves the identification ofindividual call details including charges and specific billing data; however, these statistics takeover one day and increase the risk of operator exposure to roaming fraud (Lloyd, 2003). Thesignificant costs for operators associated with clearinghouse standards of monitoring increaseaccording to the delay in identification, thereby making this particular technique the most costlyof the detection and management strategies.2.3.2 High Usage Report Based on the average usage of subscribers, this report identifies those aberrations incalling behaviour or activity that could signal fraudulent attempts. The high usage report delayfor fraud detection in 2003 was reported by Lloyd (2003) as between 24 and 36 hours, of whichexposure was projected at around $10k per day, per handset. As a detection method, this practiseinvolves the collected summary of subscriber usage that exceeds a predetermined threshold andgenerates quantitative details on approximate charges; however, these statistics are only availableevery 24 to 36 hours, exposing the operator to fraud activity during this time frame. Although asuperior method to clearinghouse resolution, the HUR is merely a reactive mechanism that likelyexposes the operator to fraudulent losses before alerting them to their perpetration. 18
    • 2.3.3 Roamer CDR Exchange (Roam EX) Viewed as a rapid, real time opportunity for evaluating individual call details and fraud-specific data, this analytical tool is unfortunately coverage dependent in spite of its immediatereporting standards (Lloyd, 2003). Key benefits of the RoamEx network as identified by Lloyd(2003) include the following:  Reduces fraudulent usage detection time by at least 50%  Decreases fraud losses by at least 50%  Increases roaming revenues (inbound and outbound)  Reduces percentage of false positives alarms  Higher productivity rate for fraud analysts  Provides full visibility into customers activities Figure 2: Model of RoamEx Network (Source: Lloyd, 2003:11)2.3.4 NRTRDE Similar to the RoamEx network infrastructure, the Near Real Time Roaming DataExchange (NRTRDE) is designed to eliminate the delay periods of HUR or Clearinghousereporting and fraud detection. With a 4 hour threshold delay period, customers home operators 19
    • are notified of possible fraud; however, if the visited operator is to miss this predetermined timeframe, the visited operator assumes liability for any associated fraud (Batheja, 2008). Therecognised benefits of the NRTRDE technique include a broader consumer access to roaming oninternational networks due to the event reporting standards that may be qualified against definedspending thresholds (Batheja, 2008). This particular solution is predicted by Batheja (2008) toincrease roaming revenues by over 20%, significantly expanding the consumer population withaccess to international roaming privileges due to close to real time detection mechanisms.2.3.5 FraudX This system is a proprietary fraud detection system that is a knowledge based softwareapplication that uses artificial intelligence to identify potentially fraudulent activity, specificallycloning and subscription fraud on a wireless network (Syniverse, 2011). Figure 3 provides acomprehensive model of the various integrations associated with this profiler, demonstrating theviability of FraudX for both subscription and prepaid services. Based on a data mining protocol,FraudX captures near real time data from mobile switches, generating a comprehensivesubscriber profile based on incoming and outgoing call records, comparing future behaviour tothese particular events in order to address degrees of variability (Syniverse, 2011). In order toreconcile regular changes to subscriber calling patterns over time, the system updates, generatingnew, normal profiles that serve as the threshold for tracking of fraudulent activities. One of themore valuable characteristics of this particular profiler is that Syniverse (2011) has designed it toprovide background on the most prevalent types of fraud in a particular market and identify thosedominant kinds of fraud that are increasing in frequency. Further, the system has the potential toact automatically, eliminating the need for human intervention in order to reconcile particularactivities that are identified as fraudulent. 20
    • Figure 3: Model of Fraud-X System Integration (Source: Syniverse, 2011)2.4 Fraud Management and Prevention Strategies Although there are a range of fraud detection tools that have been previously discussed,the complexity of such initiatives continue to demand a more universal and expedited protocol,one which can address a wide range of fraud efforts through a single system architecture. Cao etal. (2004) recognise that there are several fundamental stages of the fraud analysis and controlpractise including detection, prevention, analysis, prediction, alarm, and control. In this way, thefraud effort is ideally detected and prevented; however, if it progresses, other stage-based controlmechanisms are introduced in order to mitigate its impact. As a result of complex fraudtechniques, the authors suggest that over time, the fraud detection model will need to advance ata rate that is equal to or greater than that of the fraudsters, a package which is innately practicaland oriented towards more than just detection or post-fraud analysis (Cao et al., 2004)). Onemechanism that is associated with a more practical, dynamic system is a range of domain-specific models that include predefinition, ad hoc, data mining, and online analytical processing(OLAP) (Cao et al., 2004). In essence, such an integrated system would provide both anidentification and a control platform for more effective protections from multiple ranges of fraudtypes and efforts. An enterprise fraud management solution was recently proposed by Ghosh (2010b) inwhich six distinct processes were identified as the key to what is referred to as an optimal 21
    • solution. Deterrence, prevention, detection, mitigation, policy, and analysis are similar to thosecategories presented by Cao et al. (2004); however, this particular intervention model is designedto operate on an external third party network. Based on the concept of the golden database,these services manage large amounts of information that are derived from user profiles, usagestatistics, account information, revenue exchange, and generic data sets (e.g. usage/non-usageinformation) (Ghosh, 2010b). It is through this gateway-styled management system that fraudmitigation services emphasise a first layer protection mechanism that addresses consumers asliabilities, exploiting such tools as credit risk analysis and business intelligence to devise aprobabilistic profile of the consumer population. Second level mitigation initiatives then focuson infrastructure control mechanisms and provider/partner security protocol. In spite of suchinitiatives and an emergent population of fraud management organisations, the authors recognisethat providers are still exposed to a range of fraudulent potentialities including subscriber fraud,unauthorised network use, leakage of sensitive information, accounting and reportingirregularities, and internal/external misconduct (Ghosh, 2010b). Ultimately, the optimal fraudmanagement system is integrated into both the home and visitor network; however, moreexacting security control mechanisms beneath the operational surface were demonstrated in thisstudy as necessary support tools in the future. Probabilistic fraud detection (and mitigation) strategies were recently explored byEstevez et al. (2006) regarding their applicability in the prevention of subscription fraudperpetration. Particular methods which underscored the design of this neural net-based serviceincluded the creation of a data set, the categorisation of subscribers (e.g. subscription fraudulent,insolvent, normal, otherwise fraudulent), the design of system architecture (e.g. inputs ofinformation about bills, payments, phone line blockings, etc.), and a classification model(Estevez et al., 2006:340). Algorithmic analysis of these datasets involved If/Then equationswhich were designed to automatically label the various categories of subscribers, within whichfraudulent and legitimate cases could be distinguished (Estevez et al., 2006:341). The design ofthe neural network architecture for this particular system was based on an expectation ofpredictability, where, based on particular qualifications, user activities could be identified aseither fraudulent or legitimate prior in order to mitigate fraud in the future. The results of thestudy indicated that 3.5% of the subscribers were identified through this model with 56.2%representing true fraudsters. The discrepancies in this predictive model evolved from those 22
    • customers who failed to pay their bills on time but still had a median annual expenditure at somepoint (Estevez et al., 2006:343). Accordingly, although the concept of this neural networkdetection model is valuable from a design standpoint, more functional fraud detection andprevention systems require a much more complex interrelationship between usage profiles andalgorithmic models. A similar model of subscription fraud mitigation was proposed by Farvaresh and Sepehri(2011) in which the authors discuss the merits of various analytical methods for identifying andrestricting fraud. The following is a brief description of these models, highlighting their distinctvalue in the design and operation of an intuitive, automated detection system (Farvaresh andSepehri, 2011:183-4):  Discriminant Analysis and Logistic Regression: Based on statistical classification problems, this method involves multivariate probability analysis of particular system-defined characteristics.  Neural networks: An active, learning-based system that incorporates non-linear data in order to evaluate complex problems without making rigorous assumptions.  Decision Tree: Classifies robust and noisy data in which discrete-valued functions are approximated. Involves If-Then rules which allows for human- based analysis and system design.  Support Vector Machines: Employed in binary classification problems, the SVM tries to find a linear optimal hyperplane so that the margin of separation between positive and negative cases is maximised.  Semi-Supervised Learning: Using analyst experience or knowledge, algorithmic models are defined to detect fraud in datasets including labelled and unlabelled instances, whereby rules that fail to detect anomalies are discarded. Although these particular detection and information classification systems are notcomprehensive, they do represent the underlying characteristics of many of the existinganalytical tools that are employed by leading telecom providers. In their exploration of datamining tools, Farvaresh and Sepehri (2011) proposed a hybrid model which includedpreprocessing, clustering, and classification of datasets in order to identify subscription fraudover time. Although the model was valuable from a statistical standpoint, the findings areirrelevant for large scale application in roaming fraud detection, as the hybrid model requires 23
    • sufficient background information in order to make classification decisions. What was mostvaluable in this particular system was the use of an unsupervised classification mechanism thateffective distinguished between user behaviours that were legitimate and fraudulent, abackground validation tool that can be used in the design of much more advanced, intuitivesystems.2.5 Practical Applications and the Future One practical technique to circumventing roaming fraud involves what Steuernagel(1997:31) refers to as roamer verification and reinstatement (RVR) which involves a series ofcommands that can be used by the home cellular telephone carrier to control roaming use inother markets. Essentially, RVR is an operational protocol in which home carriers can limittheir liability for fraudulent activities by denying service prior to verifying that roamers areauthorised subscribers, reinstating these services once the status has been verified (Seuernagel,1997). From a comprehensive analysis of mobile network architecture, Chen et al. (2011::350)argue that due to advancement in technologies, the global handoff process and verificationschemes should continue to evolve towards a more homogenous foundation. Through theirproposed model of mutual authentication and underlying user verification techniques, the authorsemphasise that system integration over global networks will continue to incorporate a moreadvanced security protocol that is designed to restrict exposure to fraudulent activities (Chen etal., 2011) . What is evident in both of these studies is that any fraud detection and preventionscheme requires authentication protocol in order to restrict the possibility of fraudsters assuminga users identity (e.g. cloned SIM, cloned handset, etc.). Globalisation has resulted in a largely mobile human population, many of whom utiliseroaming services for a range of purposes when travelling on an international scale. Researcherssuch as Lee and Cho (2006) propose that a more efficient location management scheme could bedeveloped to track the user movements and establish exacting geographical information duringthe roaming process. Based on the concept of mobile terminal (MT) variance, this proposedmodel is designed to keep track of the users MT and identify its location when an incoming callis initiated (Lee and Cho, 2006:3238). This new signalling model incorporates an intersystemlocation management protocol based on a boundary location register (BLR). This system 24
    • recognises when users cross particular network boundaries, recording movement data on thebasis of boundary location areas (BLAs) (Lee and Cho, 2006:3239). Although the Lee and Cho(2006) model is designed to reduce signalling cost parameters for location identification duringuser roaming, the extended relevance of this particular model to the current study could involve afraud detection system on the basis of location services information. Considering that much ofthe roaming fraud that is perpetrated involves international actions, user monitoring throughmobile terminal registration standards is likely to allow for more accurate identification ofactivities that are likely a user impossibility (e.g. never left the country or network BLA, etc.). Recent developments in chip-based technologies aim to leverage SIM security protocol inorder to restrict fraudulent activities. Dix (2009) presented a range of future-cast commercialapplications including mobile banking and mobile computing in which SIM-based authenticationcan be used to verify an individuals identity prior to allowing access. Behind this technology isan out-of-band one-time-password (OTP) that is generated based on the unique user signaturethat is provided by the SIM card (Dix, 2009). Even if the fraudster were to intercept thecommunication between the client and the bank, for instance, they would still need to provide therecently issued OTP, a localised password that can only be answered via the mobile device.Underscoring this M-Commerce approach to mobile phone services, Dix (2009) recognises thatparticular security processes must be employed including confidentiality, authentication,integrity, authorization, availability, and non-repudiation. Essentially, these safeguards prescribethe particular limitations that will circumvent fraudulent activities at one or more stages of thecommercial process. The authors do caution, however that exposure over GSM networks due toa man-in-the-middle attack is possible due to the creation of false base stations, etc.; however,manual authentication and encryption services continue to undermine the potential for suchunderhanded tactics to succeed. There is a particular opportunity for potentially eliminating the majority of roaming fraudthat has been recently discussed in academia emphasising a shift towards mobile payments(Hwang et al., 2007). In their theoretical exploration of this concept, Hwang et al. (2007:188)establish an electronic payment system that is distributed across the visited domains wherebyconsumers are limited to their electronic account holdings (without depositing more funds).From a security perspective, this process requires multiple points of authentication, therebyrestricting the liability of both the service provider (home or visitor network) and the consumer. 25
    • Accordingly, the proposed scheme would generate a temporary identity for the consumer withinthe visited network, authenticating them as one of the valid subscribers to their particular homenetwork. A virtual identity is then assigned that is used for the withdrawal of electronic moniesduring the roaming period, an activity that is initiated by the consumer and cannot be denied,providing a non-repudiation property (Hwang et al., 2007:190). Through a further element ofsystemic encryption, security measures are further defined with this module, ensuring thatcommunication requests only originate from the consumer and that data transmission isencrypted during the exchange process (Hwang et al., 2007:191). Although the authorsconceptualised this model in the context of variable mobile activities and applications, from apurely telephony perspective, the underlying logic of the localisation of mobile payments couldoffer a viable protective measure against fraudulent activities.2.6 Summary This chapter has presented background evidence regarding roaming fraud that has beenpresented or evaluated by academics in recent years. The emergence of new strategies andtechniques for perpetrating fraud continues to challenge providers to evolve and advance theirsystem features on a regular basis, resulting in a dynamic but complex network of techniques andsystem components that all serve as identification or mitigation techniques. From advancedanalytical systems such as FraudX to more basic, billing-oriented resolution methods such as theClearinghouse, it is unlikely that Fraud will go undetected; the challenge of the future is itsprevention. To predict and undermine the influence of fraud requires the ability to engage insome form of probabilistic or risk-oriented analysis, a technique that employs any number ofdata profiling and mining tools and techniques (See Estevez et al., 2006; Ghosh, 2010b). Thefollowing chapter will present a model of the research methods employed in the collection ofempirical evidence relating to this phenomenon and the evolutionary techniques designed toprevent its impact on telecommunications operators in the future. 26
    • Chapter 3: Research Methodology3.1 Introduction This chapter introduces the data collection methods that were employed in the evaluationof roaming fraud, mitigation measures, and the future outlook of system architecture in thisindustry. Based on both past academic studies in this field and emergent methodological modelsdiscussed by leading theorists, a mixed method of data collection and analysis was chosen.These sections will introduce the model employed, the survey participants, and various ethicalconcerns and research limitations.3.2 Research Methods Much of the research conducted in this field is experimental in nature and beyond thescope of the current study. For example, the Hilas and Sahalos (2000) model of user profilingprovided a valuable, comprehensive interpretation of a categorically bounded algorithmicanalysis technique, one which could be applied on a much larger scale to multiple operators on adiverse spectrum of networks. Given the propensity for fraud detection systems to be designedand implemented on a singular network (e.g. NRTRDE module on GSMA), advancements in thisfield are likely to require a more dynamic, multi-dimensional application that involves universaldetection properties. Although the methods employed in this study are not applicable to thisparticular research, the eight categorical variables introduced by Hilas and Sahalos (2000)provide a valuable starting point for the design of a tangible system model and will haveinfluence on the analysis of the participant results and consideration of profiling strategies forimplementation in this field. There are few studies addressing fraud management and mitigation systems that arebased on participant survey and the exploration of industry perspectives. Goode and Lacey(2011) provide one of the few studies that incorporate participant feedback regarding frauddetection and the mobile billing process. Their research employs a mixed quantitative andqualitative methodology whereby participant responses are compared and evaluated according totheir relevance and value to the various questions presented. In academia, researchers including 27
    • Thomas (2003) and Creswell (2009) have both recognised that due to the evolving complexnature of modern social problems, academic research has increasingly become more mixed,capturing statistical and phenomenological evidence in order to analyse key characteristics andrelationships within a given model. Creswell (2009) offers several different methods forconducting such investigations including one in which primary and secondary data streamassignments are made in order to allow for one segment of evidence to validate and justify theother. In an example of collecting empirical research in this format, Creswell (2009) presents alikert-based scalar model for questionnaire design that is supplemented by open-endedqualitative queries which generate evidence similar to that analysed by Goode and Lacey (2011). Similar to the recommendations of Creswell (2009), a mixed method approach waschosen for the collection of evidence in this industry. The primary segment of the survey wasquantitative in nature and was designed to include a range of demographic questions, a segmentof scalar, likert-based statement-responses, and sections to rank the value of fraud detection andmanagement systems and their advantages to operators. The secondary survey segment wasqualitative in nature and included five different questions that were designed to encourageparticipant feedback regarding fraud, detection and mitigation systems, and the future of industrytechniques. Whilst the first segment of this survey was collected using a standard Excelspreadsheet and then compared quantitatively, the second survey segment required a review ofparticipant feedback and a comparison of the responses for similarity and difference according tothe general thematic elements. Academics such as Boyatzis (1998) propose that both major andminor themes may be extracted from experiential feedback, allowing the researcher to establish acoded dataset for a particular question that is indicative of trends and relevant phenomena.3.3 Survey Participants The survey participants were identified through professional associations in thetelecommunications industry. Initially, fifteen individuals at one particular organisation werecontacted; however, after receiving limited responses (5), the scope was broadened to includeseveral other providers in the local industry. All participants were sourced according to theirrelevant employment within the field of fraud detection or associated systemdesign/management. Of the other three organisations, an additional 16 participants completed 28
    • the survey, yielding a total number of 21. The demographic background for these individualsincluding age, education, income, and experience is presented in the subsequent chapter asvalidation of the relevance of these insights. All surveys were administered via e-mail and theparticipant responses were then captured, evaluated for completeness, and collated into a singleExcel spreadsheet. Although all of the 21 individuals completed the quantitative segments of thesurvey, only around half took the time to provide comments in the final qualitative section,limiting the scope of evidence collected for these queries.3.4 Ethical Concerns and Limitations In the collection and management of participant responses, there are a range of ethicalconcerns that must be considered, namely those associated with exposure and the personal natureof the responses. Each of the individuals surveyed in this process has responsibilities and careercommitments in the telecommunications industry, and although the line of questioning was notcontroversial, it did address a topic that is largely debated and extremely important in thisindustry: fraud. For this reason, the identities of all of the participants were kept anonymousover this process, ensuring that through a randomised, grouped analysis of the research findings,that their personal beliefs and experiences would be protected from industry scrutiny. This research was limited by the scope and scale of the research focus, oriented the lineof questioning towards particular factors associated primarily with roaming fraud. There is nodoubt that this particular type of fraudulent activity has impacted the industry and its financialperformance. On the other hand, the management and restriction of this impact is largelydebated and widely criticised as a result of pervasive fraud detection. Accordingly the limitationof these queries to this particular fraud aspect was both strategic and essential to the foundationsof this study.3.5 Summary This chapter has presented the chosen research methodology that was employed in thecollection and analysis of empirical evidence from employees and industry participants. Basedon a mixed-method approach, both quantitative and qualitative measures were incorporated into 29
    • the survey design, allowing for the collection of valuable, multi-dimensional data. Thesubsequent chapters will present this data in-depth and will discuss and evaluate these findings inrelation to the previously presented academic evidence. 30
    • Chapter 4: Data Presentation4.1 Introduction This chapter presents the empirical evidence that was collected from active employees inthe telecommunications industry with direct experience in fraud mitigation and management.Each section offers insight into the participant responses to targeted questions and statementsthat were designed to establish a model of scale associated with opportunities for providers toimprove upon their current systems and dramatically reduce the industry exposure to roamingfraud. Through a mixture of quantitative and qualitative analysis, these relevant participantinsights will be discussed and a model of redesign and optimisation will begin to be discussed.4.2 Survey Participant Demographics In order to establish both the expertise and the relevance of the participant feedback, therespondents were asked to complete a brief demographic survey. Figures 4-9 offer backgroundregarding a range of independent variables that were considered during the data analysis. Themedian participant age range fell between 26 and 45 (67%), whilst the majority of theparticipants (67%) held some form of an advanced degree (Masters+). By general socialstandards, the income levels for these individuals were relatively high with 76% earning greaterthan $65K annually. In spite of a majority focus in fraud services (52%), there was a relativelyconsistent distribution of experience levels in system design and integration and in frauddetection practises. Accordingly, these findings are indicative of a valuable cross-sectionalanalysis of participants who are educated, generally successful, and working with a range ofexpertise sufficient to address both short and long term fraud considerations. 31
    • Figure 4 Participant Age Range Figure 7: Participant Experience in Fraud Detection Figure 5: Participant Income Range Figure 8: Participant Experience in System Design Figure 6: Participant Education Level Figure 9: Participant Role or Responsibility4.3 Quantitative Survey Results A range of 20 distinct statements were divided into four different categories of fivestatements each and randomly arranged in the participant survey. In this way, the results couldbe grouped in order to discuss particularities specific to effective fraud prevention strategies.Figure 10 highlights one key influences that must be moderated in order to ensure that any frauddetection and mitigation strategy is effective: the consumer. 76.2% of the survey participants
    • confirmed what researchers including Hilas and Sahalos (2009) and Estevez et al. (2006) arguedregarding the merits of user profiling, suggesting that predictive measures may be developed inorder to identify possibilities for future fraud. Conversely, around 47.6% of the respondentsindicated that consumers would likely resist profiling agreements due to privacy concerns. As analternative to the data-oriented approach, 80.95% of the participants agreed that consumerawareness should be a priority for service providers. One of the key challenges associated withthe mining of consumer information is the relative costs for information storage and collectionactivities, whereby 57.1% of the participants cautioned that service providers might be resistantto such increased attentively. On the other hand, 76.2% agreed that by focusing on areas inwhich roaming fraud is particularly prevalent, organisations can begin to develop a behaviouralmodel of possible fraud trends. Therefore, it is evident that the accuracy and relevance of thedata sets plays a key role in fraud detection and mitigation, a source-based consideration thatcould provide alternatives to more invasive practises. Figure 10: Detection Strategies and the Consumer Factor 33
    • Underlying the ability for organisations to detect and prevent fraud is a generalunderstanding of how it is propagated and where it is localised. Figure 11 highlights theparticipant responses regarding five statements emphasising changes priorities in this industry asfraud evolves. The majority of the participants (76.2%) recognise that due to the increasedcomplexity of fraudulent activities, ageing detection and management systems are ineffectiveand insufficient for mitigating this problem. 61.9% agree that the fraud network is by default anunorganised grouping of independent fraudsters, a factor that makes detection and managementeven more difficult. Alternative management strategies include typological and probabilisticmethods, which 95.2% of the participants agreed would provide relevant insight into areas ofopportunity for focusing preventative activities. In spite of these findings, there were still fiveparticipants that rejected the use of probabilistic modelling for localising fraud sources, a factorthat may be linked to the disintegrated nature of these cells. From a future-cast perspective,57.14% of the respondents believe that fraudsters will engage more directly in commercialactivities, focusing on application-driven charging models that deals less with roaming as acategory and more with billing and subscription fraud as a means of capital gain. 34
    • Figure 11: Nature of Fraud and Strategic Detection Methods Although the participants may agree for the most part that the complexity anddisintegration of the fraud network continues to provide a substantive challenge for providers tocircumvent, there are those evolutionary mitigation strategies that are continuing to advance thisindustry beyond historic limitations. Figure 12 highlights participant responses to key questionsregarding the evolution of fraud mitigation strategies and possible control scenarios. Althoughreal time analysis (See Lloyd, 2003) has been lauded as an opportune future tool for mitigatingdelay-based fraud opportunities, 81% of the participants agreed that such systems will stillrequire human support in order to differentiate between fraud and non-fraudulent transactions.Further, 100% of the participants agreed that even the best fraud detection systems are stillfallible and that there is no best-fit detection model that could be applied across all networks.Optimistically, however, 81% of the participants recognise that more advanced tools includingfuzzy logic and probabilistic models will allow for a focus on fraud and user profiles that arelinked to network characteristics. Such findings are significant, as 42.9% of the respondents 35
    • rejected the claim that even in local networks that fraud can be eliminated through providerbilling agreements and real time data management. Figure 12: Evolving Fraud Mitigation and Control Scenarios There are a range of options for the future, such as the NRTRDE protocol (Batheja,2008), or the partnerships developing through GSMA agreements; however, systemcharacteristics have yet to be universally defined. Figure 13 highlights participant responses to arange of questions emphasising such design dynamics and partnering opportunities. In spite ofthe disunity experienced on a global scale, just 61.9% of the participants believe that global frauddetection networks offer a valuable mutual investment opportunity for a single stream fraudsystem, whilst only 33.3% believe that operator partnering can eliminate fees and lossesassociated with roaming fraud. One of the most respected security devices within the globalnetwork, the SIM card was viewed by 66.7% of the participants as a liability. As a solution,66.7% of the participants believe that organisational priorities should focus on network 36
    • architecture and mobile security, whilst 85.7% agree that advances in fraud management andmitigation protocol will ultimately require personnel reorganisation. Figure 13: System Design and Partner Opportunities4.4 Participant Ranked Foci for Fraud Detection and Management The survey participants were asked to rank those particular fraud detection andmanagement systems that they considered the most organisationally valuable. Figure 14highlights the weighted averages of these responses, establishing a ranked model of system valuefrom 1-10. At the top of this list were those key mechanisms that the participants viewed as themost valuable including consumer awareness and self-protection mechanisms (2.20), integratedmulti-operator system links (2.27), and user profiling and data analysis (2.27). Two of thesesystems are based on consumer-derived information and management schemes, whilst the thirdhas evolved out of a comprehensive multinational networking system that prioritises alliances inthe mitigation of fraud. These findings are consistent with the participant responses in the 37
    • previous survey section regarding the responsibility held by consumers for maintainingawareness and preventing fraud from a localised standpoint. Given that multi-operator systemsand consumer awareness/profiling all represent proactive strategies to fraud management, it isevident that the priority in the future of these systems is to interrupt the fraud cycle, restrictingthe impact which fraudsters have on the industry before it becomes problematic. Most Valuable Fraud Detection and Management Systems Consumer awareness and self- 1 protection mechanisms 2.20 Integrated multi-operator system links 2 (e.g. NRTRDE) 2.27 3 User profiling and data analysis 2.27 4 High usage report reviews 2.73 5 Clearinghouse data analysis 2.80 6 Block crediting and customer service 2.93 Fraud-derived analytical knowledge 7 models 3.00 Statistical analysis and post-fraud data 8 profiling 3.13 Proprietary exchange management 9 protocol (e.g. RoamEx) 3.33 10 Velocity trap system monitoring 3.40 Figure 14: Most Valuable Fraud Detection and Management Systems4.5 Participant Ranked Advantages of Fraud Detection and Mitigation Systems The participants were also asked to rank the advantages of detection and mitigationsystems in order to identify those areas in which organisations benefit from strategic investment 38
    • in such priority standards. Figure 15 highlights the weighted averages from the participantresponses, establishing a hierarchy of advantages that may be used for organisations to moderatetheir fraud detection and mitigation investment priorities. At the top of this model were threevariables that emphasise a value positioning for the service providers including higherorganisational value and reduced financial losses (2.07), increased ROI on a global scale (2.07),and network architecture becoming more secure and restrictive (2.27). Essentially, these threeadvantages are representative of the same innate benefits that arise from comprehensive frauddetection and mitigation techniques: decreased loss of revenue, increased system protections,increased return on investment over time. As fraud creates both financial and psychologicalproblems for a breached organisation, it is evident that by implementing more advanced andresponsive systems, that the participants are emphasising a financial value position as anorganisational priority. Considering that key focus areas in Figure 3 regarding system dynamicsare oriented around consumer awareness and behaviour, it is evident that this priority-basedsystem is designed to provide a sufficient architecture within which consumers are able to act intheir own best interests, thereby preventing fraud proactively. Advantages of Implementing Strategic Fraud Detection and Mitigation System Higher organisational value and 1 reduced financial losses 2.07 2 Increased ROI on a global scale 2.07 Network architecture becoming more 3 secure and restrictive 2.27 Increased consumer awareness and 4 self-protection 2.60 Advanced billing systems and real-time 5 optimisation 2.60 Increased consumer satisfaction and 6 confidence 2.73 Integrated operator networks and 7 support services which promote 2.93 39
    • cooperation Gradual degradation of international 8 fraud networks 3.07 Reduced human resource investment 9 and time consumption for billing events 3.07 Extensive databases regarding 10 consumer behaviour and characteristics 3.20 Figure 15: Advantages of Implementing Strategic Fraud Detection and Mitigation System4.6 Participant Responses to Open Questionnaire The survey participants were also asked to respond to five open-ended questions,recording their answers verbatim in the survey form. Although not all participants were able tocomplete this section, several did provide sufficiently complete responses to allow for thematiccomparison and analysis. The following sections present this respondent feedback and provideanalysis based on similarities and inconsistencies in the answers.4.6.1 Question 1 Over the past decade, what are the most significant advances in fraud detection technologies? Are these sufficient or are there systemic gaps and deficiencies that need to be filled? The survey participants were asked to identify particular advances in fraud detection inorder to determine whether these initiatives were of sufficient scope and scale. Participants 1and 4 both reported on similar technological mechanisms including SIM card technologies,subscription analysis tools, and NRTRDE. As a whole, the participants recognised that theadvances in this field have not only been significant, but they have sufficiently addressed theevolutionary complexity of fraud. There were several participants, however, who voiced 40
    • concerns regarding particular limitations with these systems, particularly their responsive (ratherthan proactive) nature. In fact, Participant 8 would report the following: There have been a lot of valuable tools developed, many by third party support providers; the problem is that even using real time solutions to fraud analysis, the data processing is retroactive. We are always working from behind and trying to catch up with the perpetrators. By that time, theyve moved on to something or somewhere else. What were missing is more effective security protocol that limits the possibility for these incursions from the source. Other participants cited such developments as increased consumer awareness projects anda growing number of pre-screening analytical tools. There are two different schools of thoughtrelated to these systems: the first is technologically oriented and emphasises the value and largescale applicability of monitoring technologies; the second is humanistic in nature and definesfraud aversion and mitigation strategies according to a frontline defence strategy. As participanteleven would report: "even the best fraud detection programme is ineffective when its theconsumer whos causing the breach". Although it is ultimately impossible to guarantee that pre-screening and profiling initiatives will restrict the opportunism and incidental deviance byconsumers, these mechanisms to provide a first-stage defence mechanism that will largelyeliminate known fraudsters and high risk candidates from the operational equation.4.6.2 Question 2 Is fraud an inevitability or can it be mitigated and managed so as to eliminate it from the system completely? This particular question was designed to challenge the participants to consider fraud as amore tangible concept in a relatively intangible operational business model. There are likely toalways be individuals seeking to perpetrate fraud; however, system components that are designedto restrict and undermine attempts to access this network could potentially eliminate all butpurposeful fraud activities. Participant 12 recognised that unfortunately, 41
    • "fraud is inevitable and can be managed and mitigated but cant be eliminated from the systemcompletely". Corroborating this perspective, Participant 2 would recognise that "it cannot bemitigated completely because of the human aspect, but can be reduced to the barest minimum".These two perspectives were largely consistent across the majority of the participants, as the highrisk, unpredictable nature of humanistic variables has serious consequences for the relativefallibility of even the most advanced system tools. One participant (14) would argue that withthe right personnel and tools, fraud could be mitigated; however, this strategy places emphasis ona best-fit, optimised model of fraud protection, one which is likely not compliant with a globalspectrum of interconnected yet diverse network specifications.4.6.3 Question 3 Should consumers maintain some responsibility/liability in their personal protection from fraudulent activities? The response from the participants to this particular query was inherently homogenous,demonstrating the need for consumer profiling, usage analysis, and educational practises. Fraud,as a concept has been largely discussed in mainstream society as it relates to a large range offinancial instruments (e.g. banking, credit card, loan, stock market, etc.). The consequence ofthis publicity is a dilution of meaning and a relatively non-specific conceptualisation of fraud andits related influences amongst the consumer population. Baker (2002) refers to this phenomenonas hyper-reality, a social conditioning, wherein the significance of particular events andprocesses (e.g. fraud, crime, deceit) becomes irrelevant unless perpetrated against the individualin question. The survey participants overwhelmingly believe that consumers are frequently thecause of fraudulent activities (either directly or indirectly) and should, therefore, share in thefinancial burden. Although it is unrealistic to suggest that consumers pay for deficient securityprotocol or network hacking, the participants do recognise that they have a particularresponsibility for protecting themselves from fraud exposure. From restricting the distribution ofinformation to not engaging in high risk activities, the burden of responsibility in this case wasconsumer oriented in the responses of these participants, as demonstrated in a response fromParticipant 15: 42
    • Yes, consumers should maintain responsibility. The I didnt know or Its not my fault excuses are getting old. Its time that people said Im not going to let you take this from me. I dont know when corporations agreed to shoulder this burden, but consumers must be active in this process in order to address a large portion of the fraud industry.4.6.4 Question 4 What are the priorities for operators today regarding fraud detection and mitigation? How has this changed the business model of these providers? There are a range of opportunities in this modern technological era for operators todramatically enhance their position against fraud. The participants recognised that by improvingthe quality of the systems in place and the skills of the personnel that are responsible for theiroperation, fraudsters are continuing to lose access to a range of mechanisms. Some participantsreported that this recognition of system deficiency was a relatively new phenomenon, and as aresult, the emergent detection and mitigation tools that are being put into place are conceptuallydiverse and far more complex than past operational systems. Accordingly, over the long term, itwas predicted through this survey that fraud mitigation will continue to garner substantialinvestment from operators, establishing a prevention protocol that although costly, is far lessthan the losses incurred through fraudulent activities.4.6.5 Question 5 Given the new global boundaries and network capabilities associated with new mobile systems, does roaming fraud present as significant a problem today as it did in the past? Could operators eliminate roaming fraud charges internally by altering their billing structures? A common theme amongst the participant responses to this particular question was thebill and keep strategy to eliminating the mobile termination rate and other associated roaming- 43
    • based charges. Dodd et al. (2009) argue that due to the evolution of network architecture fromcircuit-based networks to packet-switched next generation networks (NGNs) the elimination oforigination charges through the bill and keep technique is preferable to more traditional chargingmethods. A key component in roaming fraud is the ability for the fraudsters to leverage systemdelays and network discrepancies as a means of charging and collecting funds whilst users areoutside of their home network. Eliminating this origination-based charging protocol wouldeffectively unify the industry under a singular accounting protocol, one which acts as a barrier tomore subversive charging practises. Although the optimism of these participants has beenlargely challenged throughout the telecommunications industry, it is evident that there ispotential for reducing the exposure of service providers to roaming fraud by establishing a morecooperative protocol with the providers’ own visiting networks.4.7 Summary This chapter has presented a range of evidence collected from survey participantscurrently operating within this field as decision makers, consultant, and fraud detection agents,thereby highlighting those particular areas where systemic rehabilitation is becoming essential.Based on this feedback, it is evident that there are a range of deficiencies within current fraudmitigation systems, many of which are the result of the very nature of roaming service provisionand the network-based delays and accounting discrepancies. In the subsequent chapters, theselimitations will be discussed in more detail and alternative system configurations will beproposed based on the primary objective of eliminating as much potential for fraud to propagateas possible. 44
    • 5 Chapter 5: AchievementsThis research began with the following research objectives that were designed to not onlycapture evidence regarding the existing state of roaming fraud, but to determine what strategiesor alternatives are possible for overcoming this serious industry concern:  To evaluate a secure and efficient solution to telecommunication roaming fraud through identification and design of an active management system for current challenges undermining the attainment of a successful system  To discuss and analyse the various characteristics associated with telecommunications roaming fraud  To establish the credibility of fraud management systems for practical applications in the management of roaming frauds  To identify possible future trends in fraud and fraud detection systems  To reduce fraud-related lost revenue and improve operators ROI  To offer forward-seeking recommendations to enable system advancement at an accelerated pace, faster than that of telecommunications fraud perpetrators.Through a comprehensive literature review, key elements in the fraud detection/mitigationprotocol were revealed including both temporal and architectural factors. Due to the delay that isinherent within roaming billing services, the likelihood of fraud detection is decreased accordingto a real time standard. Therefore, there is potential for exploitation which researchers such asCao et al. (2004) and Ghosh (2010b) recognised may be eliminated through real time monitoring,consumer profiling, and an active control architecture. Based on the primary research objectives,both the characteristics of roaming fraud and the fundamentals of fraud management systemswere discussed in detail during this analytical review of leading theorists in this field.The participant feedback was also revelatory during the survey segment of this research,providing justification for modulating fraud mitigation techniques and optimising existing andforthcoming systems in order to reduce the risk of exposure. At the forefront of the participantinsights was a consensus that consumer responsibility remains a key factor in the detection andmanagement of these malicious initiatives. From an ROI and value perspective, reducing losses 45
    • that result from roaming fraud is not only beneficial to the organisational bottom line, but it ispsychologically beneficial for the consumer, providing an otherwise intangible reward: peace ofmind. Key concerns revealed through this survey emphasised the currently reactive state of thefraud management network, an operational protocol that seems to prioritise systems andstandards over more predictive capabilities. For this reason, a fundamental achievement in thisresearch was to demonstrate that from both an academic and an industry perspective, change isan essential component in the architectural design of fraud management systems in the future.Chapter 6: Discussion and Analysis7.1 Introduction This chapter provides a comprehensive analysis of the research findings in comparison tothe practical and past empirical examples previously discussed during the literature review.These findings emphasise a forward-seeking direction for this industry that is based onopportunity and rehabilitation of system designs. Although providers have continued to combatthe fraud phenomenon, the complexity of emergent fraudster tactics continues to challengeorganisations to reconsider their best practises and develop new strategies for the future.Accordingly, this research presents justification for a new, priority-based tool for data mining,analysis, and action. Based on the exploration of the feedback presented in the previous chapter,these findings will provide predictive recommendations that are designed to offer value toproviders in this industry and optimise the fraud mitigation and prevention strategies employedover the coming decade.7.2 Fraud Mitigation and Prevention Strategies Underlying the concept of fraud prevention and detection is a foundation of control, onewhich Goode and Lacey (2011:712) describe as a fundamental component of the system designwhereby information management protocol and combinative control measures serve as tools fordetection and identification of various fraud techniques. Although the study itself doesnt 46
    • sufficiently address the evolutionary nature of telecom fraud, the concept of multi-dimensionalcontrol protocols is a fundamental mechanism in the design and implementation of moredynamic, intervention-based fraud management systems. Within the Fraud-X system, forexample, Syniverse (2011) has integrated a database-driven profiler that evaluates call recordsfor a range of factors including pattern matching, suspicious digits, suspicious ESNs,subscription fraud, collision and velocity, and profile specific variables (e.g. call cluster, countand duration, call area, source and destination). This system is designed to identify theprobability of fraud on the basis of these observed phenomena and generate alarms or actions tomitigate potential fraud before it can become a financial liability. In essence, the vision ofGoode and Lacey (2011) has been pragmatically conceptualised through the advanced analyticaltools which make Fraud-X an effective, near real-time detection and prevention system. As profiling is largely discussed throughout academia and was a fundamental conceptpresented by the survey participants in this research, it is evident that this technique is acommon, best-practise amongst industry players. Macia-Fernandez (2008:5) proposedparticular fraud prevention techniques that begin with operational protocol designed to restrictthe access of fraudsters to valuable or exploitable consumer systems. In particular, she proposesthat service restrictions should be imposed for roamers until they have developed a sufficienthistory to justify their allowance. Further, roaming agreements should be improved in order tolimit the fraud exposure to all parties, whilst thorough roaming tests should be performed toensure that all network data exchanges are efficient and according to the standard protocol.Finally, Macia-Fernandez (2008:5) proposes the development of blacklists or known fraudsterdatabases that prevent subscription type fraud by improving the awareness of charges that go toparticular sources. It is through such elimination of fraudulent individuals from the networksthemselves that analysts hope to circumvent their ability to exploit system deficiencies andfailures, undermining the ability to control fraud through more proactive techniques.7.3 The Human Factor and Profiling Objectives There is one variable in the fraud model that cannot be effectively controlled: humanity.Key fraud objectives emphasise such underhanded activities as what Batheja (2008) refers tointernational revenue share fraud (IRSF) whereby the fraud perpetrator will usurp customer 47
    • connections to make multiple calls to revenue share numbers, usually premium rate numbers. Inrecent months, online watchdog Subex (2011) reported that bypass fraud continues to accelerate,as arrests linked to such providers as Conatel (losses of over $750,000 per month) demonstratethe complexity and depth of criminal activities. Direct contact is one mechanism employed byfraudsters that remains extremely difficult to circumvent without comprehensive backdoormonitoring protocols. It is the consumer based exposure of internal security systems (e.g.passwords, encrypted information, etc.) to fraudsters that undermines all prevention techniquesemployed by organisations in todays networks. Whether incidental or purposeful, consequencesof consumer-driven fraud can be significant, leading organisations to include robust profilingtechniques that are designed to prevent access to particular features for those consumers thatpresent a higher threat risk. The Baker (2002) concept of hyperreality is one which has manifested in a technologicalage, as social dissociation with particular activities such as fraud and criminality continues todistance individuals from the more psycho-social impact of these factors. In such cases,although fraud may be considered a negative possibility, the perceived likelihood of individualaffectation is so low that individuals will simply ignore the issue. For fraudsters, this ignorancerepresents opportunity, allowing for subversive activities to gain access to consumer accountsand resources using a similar archetype of fraudulent strategies, a toolbox of consistent yetadaptable mechanisms. It is for this reason that the Hollmen (2000) and Hilas and Salahos(2000) probabilistic, neural network models are so valuable to advances in the profiling andidentification of potential fraud. In a standard algorithm, researchers attempt to present an if-then relationship that can be used to generate a probability of occurrence, one which will likelydetermine the monitoring focus of the organisations fraud department. Ghosh (2010b) defined adata foundation called the golden database that was designed to capture a range of variablesassociated with fraudulent activities in order to effectively profile consumers, location-basedfactors, and emergent fraudulent activities. Such data mining practises provide a profile on boththe network itself (e.g. due to this number of operators in this particular geographic area, theorganisation is exposed to this level of risk) and the consumer (e.g. due to this credit rating andthis payment history, the likelihood of fraud or default is this), thereby developing a morecomprehensive model of organisational risk for fraudulent impact. 48
    • 7.4 The Fraud Prevention Model The best-fit fraud prevention model is an amalgam of such advanced system designs asthat employed by FraudX and the intuitive user and network profiling techniques discussed byFarvaraesh and Sepehri (2011). Based on these information collection and management systems,a proactive, fraud prevention system can be defined according to the primary objectivesassociated with a pragmatic, proactive design: 1. Identify Sources of Fraud Before they Impact 2. Eliminate Sources of Fraud After Theyve Impacted 3. Design System Parameters to Prevent Similar Occurrences 4. Develop Educational Model to Support Consumer Awareness 5. Create a Universal Network Protocol For Mutual, Cross-Network Agreements These five objectives are the underlying characteristics of any fraud detection andmitigation system that is designed today, as they cover all of the possible influences,consequences, and opportunities associated with such subversive behaviour. Based on theseobjectives, the following multivariate model (Figure 16) has been designed in order to integrate arange of features into categorical standards which exploit areas of progressive consequence tothe organisation. In this particular model, there are 8 particular categories of focus that aredesigned to incrementally reduce the risk of fraud exposure for the organisation. If all categoriesare working effectively, then a full-circle exposure to fraud would likely be attributable to thenetwork security protocol. Evaluating the nature of fraud and its means of incursion will allowanalysts to identify the particular node at which the system bypass was possible. The followingis a brief explanation of each of the analytical categories:  Security Protocol: The underlying network security protocol is responsible for preventing access of consumer information and key system variables to external parties. This protocol must be optimised for multinational operations in order to prevent roaming fraudsters from gaining access to backdoor controls.  Consumer Awareness: Educating consumers on the risks of fraud and the methods through which it is perpetrated is essential. In order to alleviate the exposure of secured systems through this human factor, organisations must emphasise educational practises throughout their branches. 49
    •  Network Agreements: The agreement system should consider the merits of a bill and keep protocol designed to eliminate the need for separate roaming charges altogether. If not possible, then real time integration of tracking systems is necessary to ensure the accuracy of charges. Profiling and Analysis: Pre-approval consumer profiling is necessary to prevent fraudsters from becoming customers. Analysis of the consumer profile during their service contract is essential for determining whether there are deviances that might be detectable in real time. Network Modelling: Fraud characteristics are detectable through network models. By identifying the sources of fraud throughout the international community and developing a mechanism to heighten security around these areas, the possibility of incursion can be reduced. Data Monitoring: Real time data monitoring via electronic channels is essential for preventing the possibility of extended exposure to fraud activities. Updates and Advances: Systems must remain dynamic and update according to new types of fraud ad new technological advances in security protocol and protections. Fraud Subversion: Through effective authentication practises and more integrated billing techniques, fraud may be subverted. 50
    • Figure 16: A Comprehensive Fraud Mitigation System7.5 Summary This chapter has discussed the research findings in relation to the particular challengesassociated with developing an integrated, comprehensive fraud mitigation strategy. Theproposed model is considered comprehensive, addressing a broad range of the concerns andlimitations currently affecting the marketplace. The following chapter will draw summativeconclusions from the entirety of this research and provide recommendations for futuredevelopments and advances. 51
    • 52
    • Chapter 7: Conclusions and Recommendations8.1 Conclusions Roaming fraud is of significant financial consequence to telecommunications providers,and within a globalised society, the possibility for exposure continues to increase exponentially.This research began with a recognition of the high degree of variability in fraud detection andmitigation strategies that have evolved over the past decade, identifying a range of limitationsand opportunities afforded by such a complex learning process. From more basic, billing-basedclearinghouse fraud identification techniques to advanced, integrated analytical systems such asFraudX, the capacity for managing this subversive financial liability is becoming increasinglyplausible. The survey participants in this study have identified key concerns, however, that lieoutside of the scope of a fraud-oriented system, emphasising the high degree of variability inconsumer awareness and personal protection strategies. Although the recognition of fraud in thisindustry is largely universal, the overwhelming influence of hyperreality (Baker, 2002) hasresulted in lower concerns and a largely dismissive approach to consumer monitoring of theseinfluences. For this reason, it is clear that a more dynamic, predictive system design is needed,one which has the capacity to reconcile such humanistic factors whilst simultaneously employingsignificantly advanced security measures. The inflexibility of the telecommunications network architecture has resulted inlimitations that are gradually eliminated over time as technological advances demand changes tosecurity protocol and system design. Global activities, on the other hand continue to warrantsome form of interconnected billing standard whereby roaming charges and delays areeliminated, effectively reducing the possibility for roaming fraud. The bill and keep method ofagreement and origination charging provides a viable means of avoiding many of the pitfalls thatopen doorways to roaming fraud. The challenge for providers is in relinquishing control of keysystem components to the international marketplace. As a direct result, a much more analyticalmodel remains an essential condition of roaming activities, one which similar to FraudX ,incorporates probabilistic analysis and profiling datasets. 53
    • This investigation has provided a range of participant feedback that emphasises keycharacteristics that are deficient in current telecommunications operational models including thereactive nature of many analytical tools. The consumers bill will likely reveal fraudulentactivities, regardless of their scale or cost. Post fraud bill review will allow firms to provideconsumers with credits for fraudulent activities, whilst exposing their organisation to these costsin the name of customer service. The challenge for providers is to develop and implement aprobabilistic system that is able to detect fraud before it occurs. Proactivity in this sensebecomes the true mitigation mechanism of the attuned firm, allowing for fraud activities toeffectively be eliminated from the corporate radar before they can breach they system. A morecomprehensive analytical tool would provide for systemic evaluation of fraud potential atmultiple points of access, thereby avoiding the pitfalls of a wait and see approach. Frompartnerships to consumer restrictions, the only way to address the multidimensional problem is toemploy a truly multidimensional system.8.2 Recommendations This research has raised a broad spectrum of concerns regarding fraud and theoverarching costs of fraudulent activities. Such analysis cannot sufficiently address the truecosts of fraud and the value of a more comprehensive system protocol because of the proprietarynature of such datasets. In spite of this particular limitation, it is evident that academics in thisfield have gained access to these resources in order to design practical systems that address keyareas of exposure. For this reason, it is recommended that an in-depth empirical case study beconducted using real world data from one of the leading telecommunications providers. Byexploring the actual profile of roaming consumers and the probability-based risk associated withtheir global activities, it will be possible to address particular prevention concerns directly,thereby advancing this model towards a much more tangible, integrated component of a givenbusiness model. In addition to the limitations associated with the access of proprietary information, theperformance metrics of existing analytical tools such as FraudX are not readily available due totheir protected status. This is another area where a comprehensive review of their performancewould provide valuable insights into the key segments in which fraud is still able to propagate. 54
    • In this way, comparisons could be made with the proposed dimensions of protection in this studyin order to justify improved organisational focus and adaptation. Ultimately, the process of fraudmitigation is cumulative, and although unwanted costs are likely to be incurred throughfraudulent activities over time, the ability to learn from this exposure will greatly improveresponse and exposure reduction in the future. 55
    • ReferencesBaker, C.R. (2002) Crime, Fraud, and Deceit on the Internet: Is there Hyperreality inCyberspace? Critical Perspectives on Accounting, Vol. 13, pp. 1-15.Batheja, A. (2008) A New Era in Arresting Roaming Revenue Losses in Near-Real Time.Communications Today, Vol. 2, pp. 34-36, Online Resource. Accessed on 18 September From:http://www.xaltedcorp.com/images/news/Communications_Today_Quarterly_Issue_II_Sept_08.pdf.Boyatzis, R.E. (1998) Transforming Qualitative Information: Thematic Analysis and CodeDevelopment. Thousand Oaks, CA: Sage Publications.Cao, L., Luo, C., Luo, D., Zhang, C. (2004) Hybrid Strategy of Analysis and Control ofTelecommunications Frauds. 2nd International Conference on Information Technology forApplication (ICITA), Online Resource. Accessed on 18 September From: http://www-staff.it.uts.edu.au/~lbcao/publication/62-1_ready.pdf.Chaouchi, H., Laurent-Maknavicius, M. (2009) Security in Mobile TelecommunicationNetworks. Wireless and Mobile Network Security, pp. 315-360.Chen, C., He, D., Chan, S., Bu, J., Gao, Y., Fan, R. (2011) Lightweight and Provably SecureUser Authentication With Anonymity for the Global Mobility Network. International Journal ofCommunication Systems, Vol. 24, pp. 347-362.Creswell, J.W. (2009) Research Design: Qualitative, Quantitative, and Mixed MethodsApproaches. Thousand Oaks, CA: Sage Publications.Deo, S.K. (2008) GSM Roaming, Fraud in International Roaming and Fraud PreventionsTechniques. NRTRDE, Online Resource. Accessed on 18 September From:http://www.ntc.net.np/publication/smarika/smarika64/sanjeeb_kumar_deo.pdf.Dix, D. (2009) Reducing Fraud With Cell Phone Authentication. Card Technology Today,January, p. 9.Dodd, M., Jung, A., Mitchell, B., Paterson, P., Reynols, P. (2009) Bill-and-Keep and theEconomics of Interconnection in Next-Generation Networks. Telecommunications Policy, Vol.33, pp. 324-337. 56
    • Estevez, P.A., Held, C.M., Perez, C.A. (2006) Subscription Fraud Prevention inTelecommunications Using Fuzzy Rules and Neural Networks. Expert Systems WithApplications, Vol. 31, pp. 337-344.Farvaresh, H., Sepehri, M.M. (2011) A Data Mining Framework for Detecting SubscriptionFraud in Telecommunication. Engineering Applications of Artificial Intelligence, Vol. 24, pp.182-194.Ghosh, M. (2010a) Mobile ID Fraud: The Downside of Mobile Growth. Computer Fraud andSecurity, December, pp. 8-3.Ghosh, M. (2010b) Telecoms Fraud. Computer Fraud and Security, July, pp. 14-17.Goode, S., Lacey, D. (2011) Detecting Complex Account Fraud in the Enterprise: The Role ofTechnical and Non-Technical Controls. Decision Support Systems, Vol. 50, pp. 702-714.Hilas, C.S., Sahalos, J.N. (2000) User Profiling for Fraud Detection in TelecommunicationsNetworks. Institute of Serres, Online Resource. Accessed on 18 September From:http://icta05.teithe.gr/papers/69.pdf.Hollmen, J. (2000) User Profiling and Classification for Fraud Detection in MobileCommunications Networks. Helsinki University of Technology, Online Resource. Accessed on18 September From:https://docs.google.com/viewer?a=v&q=cache:CGSFG6AROVUJ:citeseerx.ist.psu.edu/viewdoc/download%3Fdoi%3D10.1.1.79.6058%26rep%3Drep1%26type%3Dpdf+User+Profiling+and+Classification+for+Fraud+Detection+in+Mobile+Communications+Networks&hl=en&gl=us&pid=bl&srcid=ADGEESj_0VkFi3yeDUe0UnIIOo1mNLOlHkfezRfMereQrsycAxq_TPkdfxAgh8inLdyus4JbiO1d7FcsHjq84k4kgkfd1S0kjl6770m7gZu6DLujj2kAkUKn4ewuGTFRbUz3zOj_tOC_&sig=AHIEtbSOHLQlwuEQT0fZi--XLJsQ3wwRdw.Hwang, R.J., Shiau, S.H., Jan, D.F. (2007) A New Mobile Payment Scheme for RoamingServices. Electronic Commerce Research and Applications, Vol. 6, pp. 184-191.Kadhiwal, S., Zulfiquar, M.A.U.S. (2007) Analysis of Mobile Payment Security Measures andDifferent Standards. Computer Fraud and Security, June, pp. 12-17.Lee, H.J., Cho, D.H. (2006) An Efficient Location Management Scheme Based on ReplicationStrategy for Intersystem Roaming in Mobile Wireless Networks. Computer Communications,Vol. 29, pp. 3238-3249.Lloyd, D. (2003) International Roaming Fraud Trends and Prevention Techniques. Fair Isaac,Online Resource. Accessed on 18 September From:http://www.cdg.org/news/events/CDMASeminar/031211/10-Fair%20Isaac%20Roaming%20Fraud.pdf. 57
    • Macia-Fernandez, G. (2009) Roaming Fraud: Assault and Defense Strategies. IIRSA/CITELWorkshop on International Roaming Services, March, Online Resource. Accessed on 18September From:http://www.iirsa.org/BancoMedios/Documentos%20PDF/taller_roaming_pp_fraude_eng.pdf.Steuernagel, R. (1998) Prevent Cellular Telephone Roaming Fraud Using the RVR Solution.EDPACS, Vol. 25, No. 8, pp. 15-16.Subex. (2010) Subex Telecom Fraud Alerts. Subex, February, Online Resource. Accessed on18 September From: http://www.subexworld.com/pdf/fraud-alerts-feb2010.pdf.Subex. (2011) Subex Telecom Fraud Alerts. Subex, July-September, Online Resource.Accessed on 18 September From: http://www.subexworld.com/pdf/subex-telecom-fraud-alerts-july-to-sep-2011.pdf .Syniverse. (2011) Fraud Detection for GSM and ANSI-41 Operators--FraudX. SyniverseTechnologies, Online Resource. Accessed on 27 September From:http://www.syniverse.com/files/service_solutions/pdf/fraudx.pdf.Thomas, R.M. (2003) Blending Quantitative and Qualitative Information in Theses andDissertations. Thousand Oaks, CA: Sage Publications. 58
    • AppendicesAppendix A: Participant Survey with Results Please choose the best fit response according to your personal background for the following 5 1 2 3 4 5questions. The scale is 1-5 according to the categories at the right. 18-25 26-35 26-45 46-55 56+1 Age Range 3 5 9 3 1 25-45K 45-65K 65-90K 90-150K 150K+2 Annual Income Range 0 5 9 4 3 High Bachelo Undergrad Masters PhD School rs3 Highest Level Education Achieved 0 0 7 10 4 0-1 1-3 3-5 5-7 7+ Years of Experience in Fraud4 4 3 6 3 5 Detection 0 1-2 3-4 5-6 7+ Years of Experience in Detection5 System Design and 2 1 1 Implementation IT Operator Programm Designe Fraud Manageme Executive er r Services nt8 Role or Responsibility 2 7 1 0 11Please choose the best fit response for the following 30 questions based on Strongly Strongly personal experience and opinion. Agree Neutral Disagree Agree Disagree The scale is 1-5 according to the categories at the right. User profiling provides operators with a comprehensive and accurate1 predictive measure for the 7 9 4 1 0 identification of possible fraudulent activities Fraudsters are becoming increasingly complex in their behaviours to the point that many2 6 10 3 1 1 ageing system standards (e.g. clearinghouse) are simply ineffective at fraud detection 59
    • Real time services still require an integrated human analyst in order3 6 11 4 0 0 to ensure that fraud has actually been perpetrated Consumers are likely to resist agreements that profile their4 calling behaviour due to the 3 7 6 3 2 invasion of privacy and possibility of operator data mining Probabilistic models are extremely valuable for localising fraud5 sources and mitigating its influence 3 8 5 5 0 before large charges can be incurred Cross-operator agreements should eliminate fees and losses6 associated with roaming frauds in 2 5 4 7 3 order to lower the net cost of operations for all global providers The evolved nature of mobile phone billing and national calling7 plans has eliminated much of the 4 5 3 6 3 local roaming concerns for providers The fraud network is fundamentally unorganised and is likely the work of independent8 cells operating with limited 5 8 3 5 0 knowledge of other agencies or individuals in their same geographic area Fraud detection and mitigation strategies should focus on9 consumer awareness and personal 8 9 3 1 0 protection as a priority for reduction opportunities The future of fraud is likely to evolve towards an app-driven,1 online charge model that limits the 3 9 6 3 00 relevance of roaming losses for most providers The globalisation of large provider networks (e.g. GSMA) offers a1 mutual investment opportunity for 3 10 3 5 01 a singular fraud detection system that is homogeneous and integrated Even the best fraud detection1 system is fallible and may be 9 12 0 0 02 breached by the fraudsters 60
    • A typological analysis of fraudulent practises is likely to1 provide relevant insights into those 8 12 1 0 03 key areas on which systems should focus Fuzzy logic and probabilistic models offer an opportunity to1 focus on both fraud and user 5 12 3 1 04 profiles to network characteristics and provide real time identification of aberrations The priority at this stage should focus on network architecture and1 increased mobile phone security 3 11 4 2 15 protocols (e.g. passwords, fingerprint scanning, etc.) The SIM card is an antiquated1 technology that is more of a 4 10 3 4 06 liability for this industry than it is a benefit for the travelling consumer Predictive mechanisms that focus on specific geographic areas of1 known roaming fraud are more 5 11 2 3 07 likely to identify such behaviours than more universal, global models The large scale of data required for effective user profiling will limit1 the number of operators who 4 8 4 4 18 embrace this technology due to high storage and management costs For many operators, the advances in fraud management objectives1 will require a reorganisation of the 6 12 3 0 09 IT team to prioritise security personnel with advanced knowledge of detection systems There is no best-fit detection2 model that can be applied across 12 9 0 0 00 all networksPlease choose the best answer rating on the scale of 1-5 to the right. The Categories are designed to rank particular areas of fraud detection 1 2 3 4 5 and management that are the most valuable from a value position for operators Somewh Very Not Very Not at Neutra The Ranking System: Importan Importan Importa Importa l t t nt at All nt 61
    • 1 Velocity trap system monitoring 4 8 6 2 12 Clearinghouse data analysis 7 9 3 2 03 High usage report reviews 7 9 4 1 0 Consumer awareness and self-4 11 8 2 0 0 protection mechanisms Proprietary exchange management5 7 4 5 5 0 protocol (e.g. RoamEx) Integrated multi-operator system6 11 7 3 0 0 links (e.g. NRTRDE)7 User profiling and data analysis 11 7 3 0 0 Block crediting and customer8 8 6 4 3 0 service Fraud-derived analytical9 6 8 5 2 0 knowledge models1 Statistical analysis and post-fraud 4 10 5 2 00 data profilingPlease choose the best answer rating on the scale of 1-5 to the right. The variables focus on the primary 1 2 3 4 5 advantages of implementing a strategic fraud detection and mitigation system Somewh Very Not Very Not at Neutra The Ranking System: Importan Importan Importa Importa l t t nt at All nt Increased consumer satisfaction1 6 11 3 1 0 and confidence Higher organisational value and2 12 8 1 0 0 reduced financial losses3 Increased ROI on a global scale 12 8 1 0 0 Gradual degradation of4 6 8 4 3 0 international fraud networks Increased consumer awareness and5 9 7 4 1 0 self-protection Extensive databases regarding6 consumer behaviour and 5 8 5 3 0 characteristics Integrated operator networks and7 support services which promote 6 9 4 2 0 cooperation Advanced billing systems and real-8 8 9 3 1 0 time optimisation 62
    • Network architecture becoming9 9 11 1 0 0 more secure and restrictive Reduced human resource1 investment and time consumption 5 10 3 3 00 for billing events Please answer each of the following five questions as openly and honestly as possible. There are no right answers, and the purpose is only to collect insight from your personal experience and beliefs. Over the past decade, what are the most significant advances in fraud detection technologies? Are1 these sufficient or are there systemic gaps and deficiencies that need to be filled? Is fraud an inevitability or can it be mitigated and managed so as to eliminate it from the system2 completely? Should consumers maintain some responsibility/liability in their personal protection from fraudulent3 activities? What are the priorities for operators today regarding fraud detection and mitigation? How has this4 changed the business model of these providers? Given the new global boundaries and network capabilities associated with new mobile systems, does5 roaming fraud present as significant a problem today as it did in the past? Could operators eliminate roaming fraud charges internally by altering their billing structures? Figure 17: Participant Survey with Results 63