Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Fraud Management Industry Update Webinar by cVidya

1,184 views

Published on

Published in: Software
  • Be the first to comment

  • Be the first to like this

Fraud Management Industry Update Webinar by cVidya

  1. 1. OPERATIONAL RISK MANAGEMENT & COMPLIANCE © 2012 – PROPRIETARY AND CONFIDENTIAL INFORMATION OF CVIDYA Fraud Management Industry Update Webinar, March 2015 Jason Lane-Sellers Fraud Expert – cVidya Networks Director – CFCA Co Chair – TMF Fraud Management Group
  2. 2. Agenda  Latest fraud Surveys and issues – CFCA – TM Forum  Fraud on the rise  Cyber Threats? – Intelligence 2
  3. 3. CFCA Survey
  4. 4. CFCA – Communications Fraud Control Assoc  The only real industry benchmark – Running for over 12 years  Survey Details – Last survey 2013 – Every 2 years – 100+ participants, more wanted – GSMA, FIINA & CFCA members (range of services) – Next survey due for launch in next few days 4
  5. 5. CFCA Fraud Survey - Respondents 5
  6. 6. CFCA Survey – Fraud Growth Global fraud loss survey trend – based on previous surveys Global fraud losses showing a 15% increase in 2013
  7. 7. CFCA Fraud Survey - Staffing 7
  8. 8. CFCA Fraud Survey - Coverage 8
  9. 9. CFCA Fraud Survey – Fraud Methods
  10. 10. Subscription & Dealer Issues? Risk Reward In house and own retail checks increased and developed but impact limited by risk appetite Sales Pressure Fraud risks driven by agent circumvention or manipulation to meet demands Technology New technology drives fraud levels – e.g. iphone 6 Web Sales Internet sales on rise, increasing automation, allowing remote attack from fraudsters Third Party Third party channels developing & Margins decreasing – increasing the risk of dealer related fraud
  11. 11. Why the Rise of ATO
  12. 12. Issues and Causes  Pressure points in your organisation and market allowing ATO; – Focus on Customer retention & Churn reduction – Simplifying Customer Services (CS) processes – online self service – Push for reductions in CS costs and ACHT – Reliance on simplistic Knowledge Based Authentication (KBA)  Fraudsters manipulate these pressure points – KBA, can be weak (ease of use) and simply compromised via social engineering – Self service solutions – simple social engineering to compromise – CS staff also liable to social engineering, based on sales & time pressures and related financial incentive – Less restrictions and checks in place on existing customer processes (compared to new applications) – Greater profit value for fraudsters (top offers for existing customers)
  13. 13. Typical Flow & Pressure Points LOGISTICSAGENT CRM WWW IVR Social engineering, Screen process scraping, IP attacks Data Misuse Process Abuse Logistics Manipulation
  14. 14. CFCA Fraud Survey – Fraud Types 14 These responses highlight issues with the survey and classification
  15. 15. CFCA Fraud Survey – Usage Fraud Destinations 15
  16. 16. IRSF - Numbering Misuse • Unallocated numbers in national numbering plan are ‘hijacked’ by a transit carrier and routed to content service • Common/recent examples: Somalia, Guinea Hijacked Unallocated Ranges • Numbers allocated to network operators are ‘hijacked’ by a transit carrier as above • Common/recent example: Bulgaria Hijacked Allocated ranges • Number ranges sold by organisations or operators to third parties for international content services • Common/recent examples: Austria, Carribean Allocated ranges that are sold
  17. 17. Numbering Plan Issues – UK Example +440XXXX +441XXXX +442XXXX +443XXXX +444XXXX +446XXXX +445XXXX +447XXXX +448XXXX +449XXXX unallocated Fixed line – regional allocation Fixed line – regional allocation Fixed line & non geographic – not all active unallocated Special-Non geographic not all active unallocated Wireless – exceptions – e.g 4470XXX special PNS Special - Free Phone – some rev share (870,875 etc) Premium Rev share – PPM & PPC
  18. 18. International (Premium Rate) Number Providers
  19. 19. CFCA Fraud Survey - % Fraud Loss 19
  20. 20. Fraud Classification Model – TM Forum
  21. 21. Fraud Classification Model – TM Forum • Why do we need an effective FM Classification Model? Fraud Scenario Referred Fraud Types Statistics “Fraudster generates a high volume of calls to a PRS number range that he owns in another country with no intention to pay.” • PRS • IRSF • PRS/IRSF • Bypass/SIMBOX • PABX Hacking • Clip-on • Stolen Line • Subscription • Dealer • Payment • PBX / Voicemail • Roaming out Unique: 39% Multiple: 44% Structured: 17% An example from the 2012 TMForum Fraud Survey
  22. 22. Fraud Classification Model - Challenges • Distinct names for the same Fraud Type • Distinct interpretation depending on the core service (Mobile, Fixed, Cable, etc.) • Multiple Frauds perpetrated in the same Fraud Case • Fast changing nature of Fraud • Need for a multi-dimensional analysis • Need for different levels of abstraction • Existence of several similar Ad hoc “Fraud Type” lists
  23. 23. Classification Model - TM Forum Summary of Relations Between Enablers – Fraud Types Subscription Fraud Hacking of Network Elements Arbitrage Mobile Malware ENABLERS (Vulnerabilities) FRAUD TYPE (Fraudulent Scheme) TELECOMSSERVICEFRAUD Cloning of SIM Card/Equipment Protocol/Signalling Manipulation Tariff Rates/Pricing Plan Abuse False Base Station Attack Misconfiguration of Network/Service Platforms International Revenue Share Fraud Reselling of Calls Wholesale Fraud Private Use Commissions Fraud Traffic Inflation for Credits/Bonus Charging Bypass Interconnect Bypass SIMBox Gateway OBJECTIVE (Scope)  Make Money/Profit  Obtain Free Services/Goods  Obtain Credits/Bonuses  Obtain Commissions  Obtain Money  Access User Bank Account  Pretending to Be the Operator  ………. BA - Related Fields Fraud Management Security Management Revenue Assurance - Revision of Internal Procedures, Processes and Products/Services - Implementation of Technical Solutions at Network and Service Platforms Development, Enhancement and Reconfiguration of Fraud Management Systems (FMS)
  24. 24. Classification Model - TM Forum Summary of Relations Between Enablers – Fraud Types Subscription Fraud Hacking of Network Elements Arbitrage Mobile Malware ENABLERS (Vulnerabilities) FRAUD TYPE (Fraudulent Scheme) TELECOMSSERVICEFRAUD Cloning of SIM Card/Equipment Protocol/Signalling Manipulation Tariff Rates/Pricing Plan Abuse False Base Station Attack Misconfiguration of Network/Service Platforms International Revenue Share Fraud Reselling of Calls Wholesale Fraud Private Use Commissions Fraud Traffic Inflation for Credits/Bonus Charging Bypass Interconnect Bypass SIMBox Gateway OBJECTIVE (Scope)  Make Money/Profit  Obtain Free Services/Goods  Obtain Credits/Bonuses  Obtain Commissions  Obtain Money  Access User Bank Account  Pretending to Be the Operator  ………. BA - Related Fields Fraud Management Security Management Revenue Assurance - Revision of Internal Procedures, Processes and Products/Services - Implementation of Technical Solutions at Network and Service Platforms Development, Enhancement and Reconfiguration of Fraud Management Systems (FMS) Enabler - How they get on the Network or service access Fraud Type - How they generate the revenue from the fraud
  25. 25. TMF Survey 2014 - Excerpts 25
  26. 26. Fraud Survey 2014 - Classification Ad Hoc definition Internal Classification Model Industry Classification Model
  27. 27. Fraud Survey 2014 – Short Term Improvement 27
  28. 28. The New Trend – “Cyber” 28
  29. 29. Market Perception
  30. 30. Cyber Issues… In the Media… Consumer Protection
  31. 31. Cyber Issues… In the Media… 31 Integrity
  32. 32. Cyber Issues… In the Media… 32 Data Security & Privacy
  33. 33. Cyber Issues… In the Media… 33 Fraud
  34. 34. Cyber Issues in fraud…. Public Web • “How to” blogs and forums • Information Sites • Source information (Self Service) Dark-Net • Underground Markets – Information resale • Underground Forums – Tutorials and methods
  35. 35. Examples…..  Online User groups and information exchanges – Fraud Techniques – How to guides for hacking, and social engineering  Data purchase & Provision services – Credit Card Numbers – Subscriber Information – Passwords  Technical Compromise Data – Online self service hacks – Equipment compromise ? ? ?
  36. 36. Fraudsters Guides Hand Picked Set of Guides for Beginner Fraudsters – Premium. Including fraud method of how to get your own SIM cards from anywhere. How to steal people's information
  37. 37. Example - PBX hacking techniques
  38. 38. Example - Account Take Over Guide Link*: http://agorahooawayyfoe.onion/p/jddd9FyUs2
  39. 39. The Reaction - Organizational Change
  40. 40.  GSMA – Instigated a combination of working groups to address the perceived issues – Fraud Forum, Security Group – Now joined as one working group – Fraud & Security Group – Initiative designed to address the perceived threat of new technologies and methods  TMF – Moved its Revenue Management Group under Security – RM includes, Fraud & RA  Operators / CSPs – Movement of Fraud Operations under Security Functions – 8% move in 2013 survey… – Will we see this increase in the new fraud survey? Organisations are changing….
  41. 41. The Fraud Management Progression? Security trained individuals involved Real Time, InBand signalling Use of SS7 probes and DTMF Analysis Event focused analysis & investigation Fraud as Part of Security Past Finance trained individuals (audit) Non Real Time Usage analysis Payments, process and product risk analysis Revenue Focused Fraud as part of Finance and RA Present Security expertise in Fraud (IT & Network)? Real Time Big Data Analytics? Content Analysis – DPI & probes? Analytics Focused, Commercial Nous? Fraud & Security? Future?
  42. 42. So is it time to review our approach?  Does the growth of Data, IP and “cyber” threats mean we we have to reanalyze our fraud approach? – Many situations hidden from view  Do we need to go back to in-depth analysis? – Need to know what is happening in the data channel  Is NOW the Time to use DPI in fraud and consumer protection….? – Network & marketing departs are using DPI for QoS & Marketing Analytics  Are we ready for the amount and complexity of the data that we are going to need? – Many organisations investing in “Big Data Solutions” ? ? ?
  43. 43. Questions? Jason.lane-sellers@cVidya.com
  44. 44. THANK YOU! www.cvidya.com 44

×