Telecommunication Fraud Detection and PreventionSumera Khan
Telecommunication fraud is the use of telecommunication products or services with the intent of illegitimately acquiring money from, or deteriorating to pay, a telecommunication company or its clients. E.g. PBX/IP-PBX Fraud: The hacking of a PBX to initiate long distance and high case destination calling by fraudsters.
Email spoofing and phishing increased by 220% in 2021. With such high numbers, cyber-criminals are taking advantage of opportunities to spoof emails and phish for valuable information and credentials. As a result, the average cost of a data breach in 2021 was $4.24 million!
Telecommunication Fraud Detection and PreventionSumera Khan
Telecommunication fraud is the use of telecommunication products or services with the intent of illegitimately acquiring money from, or deteriorating to pay, a telecommunication company or its clients. E.g. PBX/IP-PBX Fraud: The hacking of a PBX to initiate long distance and high case destination calling by fraudsters.
Email spoofing and phishing increased by 220% in 2021. With such high numbers, cyber-criminals are taking advantage of opportunities to spoof emails and phish for valuable information and credentials. As a result, the average cost of a data breach in 2021 was $4.24 million!
-The project "Strengthening European Network Centres of Excellence in Cybercrime" (SENTER
project, Reference No HOME/2014/ISFP/AG/7170) is funded by the European Commission under
Internal Security Fund-Police 2014-2020 (ISFP). The main goal of the project is to create a single
point of Reference for EU national Cybercrime Centres of Excellence (CoE) and develop further the
Network of national CoE into well-defined and well-functioning community. More details here: http://www.senter-project.eu/
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
This guideline takes you through a step-by-step guide on how to conduct a money laundering business risk assessment. The slides consider each core division of an aml risk assessment.
ITS A BEST PPT MADE BY ME FROM VARIOUS ANALYSIS DATA & PROPER GUIDENCE. I HOPE THAT THIS IS ONLY UNIQUE PPT AVAILABLE IN CASE STUDY WORK.PLEASE LIKE SO I UPLODE MORE AND MORE MY BEST WORK.
The impact of telecommunications policy on the economy - Raul L. Katz and Ja...ACORN-REDECOM
This paper explores the relationship between telecommunications policy and its impact on the economy. Its focus
is the Latin American region, starting by assessing the results of new research on broadband economic impact.
Having validated the causality through econometric analysis, it then moves to analyze the importance of public
policy in maximizing broadband development. This analysis is based on case studies of Latin American countries
(Chile, Mexico, and Brazil).
-The project "Strengthening European Network Centres of Excellence in Cybercrime" (SENTER
project, Reference No HOME/2014/ISFP/AG/7170) is funded by the European Commission under
Internal Security Fund-Police 2014-2020 (ISFP). The main goal of the project is to create a single
point of Reference for EU national Cybercrime Centres of Excellence (CoE) and develop further the
Network of national CoE into well-defined and well-functioning community. More details here: http://www.senter-project.eu/
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
This guideline takes you through a step-by-step guide on how to conduct a money laundering business risk assessment. The slides consider each core division of an aml risk assessment.
ITS A BEST PPT MADE BY ME FROM VARIOUS ANALYSIS DATA & PROPER GUIDENCE. I HOPE THAT THIS IS ONLY UNIQUE PPT AVAILABLE IN CASE STUDY WORK.PLEASE LIKE SO I UPLODE MORE AND MORE MY BEST WORK.
The impact of telecommunications policy on the economy - Raul L. Katz and Ja...ACORN-REDECOM
This paper explores the relationship between telecommunications policy and its impact on the economy. Its focus
is the Latin American region, starting by assessing the results of new research on broadband economic impact.
Having validated the causality through econometric analysis, it then moves to analyze the importance of public
policy in maximizing broadband development. This analysis is based on case studies of Latin American countries
(Chile, Mexico, and Brazil).
This presentation have been made by ISBM Kolkata, students.This is basically on the reforms of Indian Telecoms Industry after liberalization.Industry analysis is the backdrop throughout the presentation 7 then emphasis on a particular company.
Survival Guide for Million- Dollar CyberattacksPanda Security
Cybercrime is a very profitable and attractive business. This is a new phase of cyber theft that involves stealing money directly from banks, rather than from their customers, using phishing attacks to infect the computers of bank employees.
More info: http://bit.ly/2rjD6Gr
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
2. 1.Executive Summary:In my words telecom frauds are unauthorized and illegal use of
telecom services like cellular, network security, and infrastructure (include network equipment
etc.) for an intention of misuse or for not paying the particular service.
Due to this types of frauds many fraudsters are reducing their cost of getting that services or
products and increasing the problems of communication service providers.
Now day‘s frauds are happening due to the many new technologies are coming in the market
which are easy to hack due to lack of security by operators. Due to all these frauds revenue
leakages for operators are increasing year by year and loss to the operators are in billion dollars
which is very big loss for them.
Operators are using various to find out these frauds and also many big companies like Infosys,
Cisco, IBM, TCS etc. are developing new security tools to reduce the frauds.
Survey done by various organizations like Communications Fraud Control Association (CFCA),
Neustar,Number Portability Administration Center (NPAC), TRAI etc. to detect where the
mostly frauds are happening and how it can be addressable or removable. They found that mostly
frauds are in PBX hacking, identity fraud, international revenue share fraud, by-pass fraud, credit
card fraud etc. due to these frauds Communications Fraud Control Association (CFCA)
estimated global telecom fraud losses to be in their 2011 survey – $40 billion annually.
To detect these frauds there are various methods and technology are using by operators and these
are Social media monitoring, setup a fraud control unit, Utilizing sector-focused forensic experts,
Strengthening controls around customer identification and also logics like user profiles, neural networks,
decision trees etc. are utilizing and due to use these tools and technique they got benefited and frauds are
reduces as compared to 2011 survey by CFCA.
―The CFCA is committed to raising awareness of this worldwide problem and to providing a
forum for education and information-sharing among communications service providers. It‘s
where communications professionals go to learn about these schemes and become effective at
stopping them.‖
So here I am trying to explain all these frauds and their detection techniques in detail by various
survey results and from articles data‘s.
As everybody know that today is a day of technology and in every technology there is some
defects so frauds we cannot reduce fully but we can try to reduce higher.
2|Page
4. 2.1 Definition of Fraud:
Telecom frauds is an act of obtaining telecom services/products and/or the instruments,
equipment or devices with no intention of paying for them or abuse of services. Also we can say
that the use of the telecommunications network with the intention of avoiding payment.
1. Without correct payment
2. With no payment at all
3. Someone else pays.
Fig.1 Sector wise Frauds
The Association of Certified Fraud Examiners (ACFE) defined corporate fraud as:
―The use of one‘s occupation for personal enrichment through the deliberate misuse or
application of the employing organization‘s resources or assets‖.
Companies Act, 1956 (‘Act’):
The Act does not contain any definition of the term ‗fraud‘.
Definition was planned to be introduced into the Act vide the Companies Bill of 2009.
Definition proposed to be drawn from the definition of ‗fraud‘ as provided under the UK Fraud
Act, 2006 so as to provide a comprehensive, inclusive definition, defining the offence of fraud
with regard to affairs of the company.
4|Page
5. 2.2 Types of Frauds:
2.2.1 Revenue Frauds: Its motivation is to make money or to use services at no or reduced cost.
2.2.2 Non-Revenue Frauds: Motivation to acquire anonymity to mask criminal activities or
obtain the sheer thrill of challenging the telecom service provider‘s network security.
Also frauds are divided into other categories:
2.2.3 Technical (External) Frauds:
Technical external frauds are committed externally, i.e. from outside the network, and are
executed by gaining access into the network system using tools such as hacking.
External frauds are usually impersonal, opportunistic and driven by pure greed.
Examples:
Use of automatic telephone line isolators to penetrate into the secret code/password for dynamic
STD lock/Personal Identification code (PIN).
Accessing the O&M port of the switch from remote and perform switch opening & closing of
telephones or other services.
2.2.4 Technical (Internal) Frauds:
Technical Internal Frauds are committed by gaining internal access to the network system.
Internal frauds can be very different from external frauds and are more often than not be driven
by personal grudges or revenge.
Internal fraud reveals the breakdown of internal structures, the relationship between employer
and employee, and the lack of internal controls to provide safety nets, checks and balances.
Examples:
Manipulation of databases of billing, charging, routing and subscribers etc.Changing the
equipment number d ring preparation of bulk billing tape soequipment number during bulk that
the metering information is transferred to the spare equipment number resulting in non-billing.
2.2.5 Non-Technical Frauds:
Non-technical frauds are committed without accessing or interfering with the network system.
Examples:
Subscription Fraud:
Subscriber registers for phone service, makes up a large phone bill mostly though call selling and
absconds before disconnection.
5|Page
6. Clip on fraud:
The fraudster accesses the telecom infrastructure and diverts the line and makes calls or sells
services to others.
Call Forwarding:
The incoming calls coming to line are forwarded to a destination such that the calls are charged
at much lesser rate which otherwise would much which otherwise would have been charged as
per the distance.
According to:
Indian Contract Act, 1872 (‘ICA’):
• As per the provisions of Section 17 of the ICA, the term "Fraud" means and includes any of the
following acts committed by a party to a contract, or with his connivance, or by his agent, with
intent to deceive another party thereto or his agent, or to induce him to enter into the contract:1.
2.
3.
4.
5.
The suggestion, as a fact, of that which is not true, by one who does not believe it to be true;
The active concealment of a fact by one having knowledge or belief of the fact;
A promise made without any intention of performing it;
Any other act fitted to deceive;
Any such act or omission as the law specially declares to be fraudulent.
6|Page
8. 3. Literature Review:
Here is some articles on telecom frauds and its detection techniques, let us know what this
articles are saying in briefly:
A. Data mining approaches to fraud detection in telecommunicationsA short description of ongoing research
Constantinos S. Hilas
Dept. of Informatics and Communications
Technological Educational Institute of Serres, Greece
chilas@teiser.gr
Telecommunications fraud is increasing dramatically each year resulting in loss of a large
amount of Euros worldwide. An invaluable tool for the detection of fraud is the modeling of
telecom users‘ behavior. Fraud detection is important to the telecommunications industry
because companies and suppliers of telecommunications services lose a significant proportion of
their revenue as a result. Moreover, the modeling and characterization of users‘ behavior in
telecommunications can be used to improve network security, improve services, provide
personalized applications, and optimize the operation of electronic equipment and/or
communication protocols.
The Communications Fraud Control Association (CFCA) recently announced the results of a
global survey carried out in 2009. In accordance to this, the loss of companies as a result of fraud
is estimated to be around $72 - $80 billion (USD), up34% from the CFCA Survey results of
2005. This amounts to c. 5% of their revenue. According to the same survey telecommunications
fraud is closely linked to the financing of terrorist organizations throughout the world.
All cases of telecom fraud can actually be viewed as fraud scenarios which are related to the way
the access to the network was acquired. However, given the plethora of telecommunication
services and the ingenuity of the fraudsters‘one may be confronted with diverse fraud techniques.
So, detection techniques designed to detect one case may fail to detect other types of fraud. In
general, fraud detection focuses on the analysis of users‘ activity and the related approaches are
divided into two main subcategories.
The absolute one which search for limits between legal and fraudulent behavior, and the
differential approach which tries to detect extreme changes in the user‘s behavior. Nonetheless,
one should keep in mind that detecting excessive usage may not lead us to identify a fraudster
but a provider‘s best customer.
8|Page
9. B. Overview of Telecom Related Frauds
TUSHAR CHAWLA
Partner
Economic Laws Practice
November 19, 2010
In this article Mr. Chawla is trying to explain about the different types of frauds and the
definition of frauds by various organizations. He suggests that there exists no specific definition
for the term telecom Frauds‘ under the present day Indian legal system.
He divided the frauds in technical and non-technical categories which are further divided into
external and internal frauds. He has given some examples of frauds likeExamples:
•Subscription Fraud: Subscriber registers for phone service, makes up a large phone bill mostly
though call selling and absconds before disconnection.
•Clip on fraud: The fraudster accesses the telecom infrastructure and diverts the line and makes
calls or sells services to others.
•Call Forwarding: The incoming calls coming to line are forwarded to a destination such that the
calls are charged at much lesser rate which other wise old much which otherwise would have
been charged as per the distance.
The Growth Story: The Indian telecom sector has been one of the fastest growing in the world.
Total telephone subscriber base reaching 601 million at the end of February 2010 from 582
million in January 2010, i.e. growth rate of 3.22%.Telecom Frauds have a multifarious impact on
telecom companies, effecting operations as well as the revenue streams.
c. Telecommunication Fraud Management
Stephen Brown, CSO
Waveroad
Telecommunication Fraud is the intentional and successful employment of any deception,
cunning,collusion, artifice, used to circumvent, cheat, or deceive another person, whereby that
person acts upon it to the loss of his property and to his legal injury. However, there does seem
to be a general consensus that telecom fraud, as the term is generally applied, involves the theft
of services or deliberate abuse of voice and data networks. Furthermore, it is accepted that in
these cases the perpetrator‘s intention is to completely avoid or at least reduce the charges that
would legitimately have been charged for the services used.
Telecommunications is an attractive target for fraudsters. In terms of volume, it is now measured
in the billions worldwide. Service providers are being hit with fraudulent requests for service of
over 85%. Recent highly sophisticated schemes are employed by organized crime using hackers
and self-learning. Estimated that telecommunications fraud is more attractive than the drug
9|Page
10. trade.The Communications Fraud Control Association conducted a survey and determined that
$35–$40 billion in losses is due to telecom fraud worldwide.
Revenue losses due to fraud are approximately equal to revenue leakage within the systems and
procedures of a company. Properly designed Revenue Assurance procedures extract data at every
step of the revenue-earning chain, subjecting it to a rigorous integrity check.
The traditional time-based and cost-based approaches of processing CDRs alone are rapidly
becoming obsolete. They must be enhanced by methods of detecting fraud from multiple
intelligence sources: services, content, broadband devices, service quality reports, etc.
10 | P a g e
12. 4.Objectives:
1. To study the frauds in telecom industry by different types of resources.
2. To study the various methods to detect and remove the frauds in telecom.
Fig.2 Telecom fraud Triangle
12 | P a g e
14. 5.1 Methodology:
Many organizations have done their survey on telecom frauds and also on the impact of frauds.
They have done research on different types of frauds in telecom for all types of services like
What are the frauds in?
1.
2.
3.
4.
5.
Mobile communications
Network security
Data Storage
Billing
Infrastructure etc.
Survey done by Associations like:
1. COMMUNICATIONS FRAUD CONTROL ASSOCIATION (CFCA)
2. NEUSTAR
3. NUMBER PORTABILITY ADMINISTRATION CENTER (NPAC)
Neustar understands the landscape better than most. We enable four billion phone calls daily. We
are trusted to support the world‘s largest number portability system holding more than 500
million telephone numbers. The Number Portability Administration Center (NPAC) and, our
solutions provide scalable IP services to global communication service providers (CSPs).
Neustar is at the heart of the world‘s largest telecom networks. It is this position that prompts
many of the world‘s CSPs to turn to Neustar for help fighting telecom fraud.
In response to the ongoing concern about telecom fraud, I recently published an e-book, ―What
the Fraud? A look at Telecommunications Fraud and Its Impact,‖ where I discuss not only the
top types of fraud affecting the industry, but also recommend best practices to combat and
prevent fraud.
5.2 Telecom Fraud is Big Business
Forty billion dollars is a lot of money. Losing $40 billion annually is unthinkable. Unfortunately,
that is exactly what the Communications Fraud Control Association (CFCA) estimated global
telecom fraud losses to be in their 2011 survey – $40 billion annually.
14 | P a g e
15. CSPs aren‘t the only ones bearing the burden. Businesses and individuals are also paying the
price of telecommunications fraud, from high long-distance charges on hacked private branch
exchanges (PBXs) to stolen identities.
The bad news is that most phone hackers aren‘t simply random criminals. It is often skilled
engineers who focus on vulnerable telecommunications systems. The good news is that most
hackers can be easily thwarted with existing security technology and common-sense security
practices, like strong passwords.
Although telecommunications fraud encompasses a variety of illegal activities, the CFCA
identifies the five costliest culprits as:
PBX Hacking
Identity Fraud
International Revenue Share Fraud
By-Pass Fraud
Credit Card Fraud
After studying of all these types of frauds many results has come out and frauds are decreasing
year on year.
15 | P a g e
17. 6.1 Results and Findings:
6.1.1 Impact of Frauds on the Telecom Sector
The Growth Story:
• The Indian telecom sector has been one of the fastest growing in the world.
• Total telephone subscriber base reaching 601 million at the end of February 2010 from 582
million in January 2010, i.e. growth rate of 3.22%
How the Growth Story is hindered:
• Globally, fraud accounted for US $150 billion in lost revenue for telecom operators in 2009
• As per CFCA Fraud survey, 2009, India is emerging as one of the top 5 hotspots for telecom
fraud
• Fraud in telecom is second only to fraud in banking. It is growing exponentially and is expected
to go up to 200 percent.
• The immediate concern and issues that telecom operators foresee due to fraudulent activity is
loss of revenue, estimation of the loss of revenue is in the range of 1-5 % of total revenue
• Developing markets face higher revenue leakage than developed markets due to rapid growth
and the fast pace of technological changes.
Telecom Frauds have a multifarious impact on telecom companies, effecting operations as well
as the revenue streams.
6.1.2 Some of the impacts of fraud for a telecom company are:
• Direct financial loss through fraudulent call misuse (internal or external)
• Missed cost savings opportunities through identification on un-needed circuits
• Adverse publicity, damage to reputation and loss of customer confidence
• Litigation and consequential financial loss
17 | P a g e
18. Loss of service and inability to dispense contract al obligations
• Service inability contractual
• Regulatory fines or increased regulatory supervision
Telecom industry has had its share of losses due to sophisticated technology-aided frauds. As per
the survey, globally, telecom frauds are estimated to cost the industry US$40 billion (which is
roughly 2 percent of the global telecom revenues), despite significant efforts made by operators
and their IT vendors to limit theft.
"Operators' billing systems and network vulnerabilities are always key target areas for most
fraudsters who exploit any weaknesses in these areas," the survey said.
For Indian Telco‘s, fraud is one of the biggest risks confronting them, even as they battle it out in
the market with their competitors and declining ARPU (average revenue per user), margin
pressures, and other growth-related challenges.
Fraud primarily occurs due to weak internal controls. In the case of the telecom industry, it also
affects the customer.
"For example, a Telco customer suffers when a fraudster, taking advantage of the poor identity
checks at the Telco, is able to use the Telco network for voice/data connectivity and the bill has
to be footed by the customer. This problem is worsened in case the Telco‘s have mobile money
offerings. In such a situation, the customer also stands to lose his mobile money balance.‖
6.2 Frauds Detection Techniques:
6.2.1 Tools and Techniques
The common FMS techniques are rules based detection, rules discovery techniques, customer
specificsand behavior specific, neural networks, audits, use of pins prior to placing a call (80 –
96% drop in fraud), setting limits on dialing capabilities (i.e. home area only) and roaming
exchange services.
The common FMS tools & technologies are radio frequency finger printing, authentication
(symmetrical keys in phone and base station), digital systems with encryption, various probes, IP
mediation and billing mediation systems can assist in collecting the data, PKI (public keys), SS7
surveillance, anti-virus and anti-trojan software, firewalls, encryption, water marking and digital
signatures.
6.2.2 Social media monitoring:
Fraudsters are using social media to communicate and misuse any existing gaps in telco
networks--whether it is billing or other network related gaps. Further, some fraudsters even float
Web sites luring the public with low or free call rates and other features. "To combat this,
18 | P a g e
19. companies should proactively monitor social media to identify and block any network-related
gaps, and premium number ranges and sites that result in unintentional calling by subscribers
only to find that they have been duped," it said. "Additionally, they could also proactively
educate their subscribers to not fall prey to such schemes."
6.2.3 Setting up a fraud control unit (FCU):
This utilizes data analytics to identify fraudulent trends. Telco‘s have started considering
implementation of FCUs by setting up dedicated teams who use pre-defined data analytics
routines to continuously monitor voluminous data--both within and outside their ERP--to
proactively identify red flags that could prevent fraud-related losses. "This is specifically being
used in Telco‘s to identify fraudulent patterns in the procurement process, the commissionpayout process, accounts payable process, etc.," the study said.
6.2.4 Utilizing sector-focused forensic experts:
Telco‘s can deploy resources with specialist forensic skillsets to deal with telecom specific
frauds/issues such as subscription frauds, unauthorized use of network, leakage of sensitive
information, interconnect billing problems, misconduct in award, and execution of large scale
outsourcing contracts, etc.
6.2.5 Strengthening controls around customer identification:
Stringent know-your-customer (KYC) norms and de-dupe checks based on available patterns are
being implemented to detect impersonators who intend to defraud the telco by assuming false
identities and using the network without any intention to pay for it.
According to the study, Telco‘s need to follow a two-pronged strategy to combat frauds. "This
should consist of setting up a FCU to proactively monitor transactions in processes that are more
vulnerable to manipulation, and simultaneously adopting a co-sourcing model with external
6.3 Fraud Detection Logics:
6.3.1 User profiles
The main idea behind user profiling is that the past behavior of a user can be accumulated in
order to construct a profile, or a ―user dictionary‖, or a ―user signature» of what might be the
expected values of a user‘s behavior. This profile is a vector that contains single numerical
summaries of some aspect of behavior or some kind of multivariate behavioral pattern. Future
behavior of the user can then be compared with his profile in order to examine the consistency
with it (normal behavior) or any deviation from his profile, which may imply fraudulent activity.
The comparison can be made by means of statistical or artificial intelligence methods.
Information theory criteria may also be applied.
19 | P a g e
20. 6.3.2 Applications of data mining techniques for fraud detection
A. Neural Networks
In order to test the ability of each profile to discriminate between legitimate usage and fraud,
feed-forward neural networks (FF-NN) were used as classifiers. The problem is a supervised
learning one with the task to adapt the weights so that the input-output mapping corresponds to
the input-output pairs the teacher has provided.
The evaluation of each classifier‘s performance was made by
means of the corresponding Receiver Operating Characteristic (ROC) curve. A ROC curve is
actually a graphical representation of the tradeoff between the true positive and the false positive
rates for every possible cut off point that separates two overlapping distributions.
Fig.3 ROC curve
B. Decision trees:
20 | P a g e
21. Learning algorithms usually use a divide-and-conquer approach. The input space is
incrementally divided using splits that maximize information gain or some other expression of
the change in knowledge. This approach leads to tree-like data structures. The aim is to have
leaves that are as pure as possible, i.e. contain objects of the same class. Appropriate purity
measures should be used and the procedure will ideally lead to pure leafs. As the most common
measure of this purity one uses the Kullback - Leibler distance, or relative entropy.
This is used to express the information of the parent node minus the information of any possible
division.
Fig.4 Decision Tree
6.4 NGN fraud detection model
Since all gateways of the converged networks are connected to the Internet, NGNs will inherit IP
inherent security vulnerabilities. Due to their open architectures IP networks suffer from much
21 | P a g e
22. vulnerability and can be easily exploited for fraudulent actions such as IP spoofing (the use of a
stolen IP address for impersonation) making it easier to conceal fraud.
Fig.5 NGN fraud detection model
6.5 Cases related to Telecom frauds:
Case.1
A group set up a bogus company offering Premium Rate Services for a helpline for a pop
music.
A group manufactured fake high value phone cards.
Using fake cards, they dialed the Premium Rate Servicesline from phone kiosks.
The Telco providing Premium Rate Serviceslost a few 100 thousand US$.
Case .2
PBX dial-through can be used fraudulently by placing a call to a business then requesting to be
transferred to "9-0" or some other outside toll number. 9 is normally an outside line and 0 then
connects to the utility's operator.) The call appears to originate from the business (instead of the
original fraudulent caller) and appears on the company's phone bill. Trickery (such
as impersonation of installer and Telco personnel "testing the system") or bribery and collusion
with dishonest employees inside the firm may be used to gain access.
Case.3
MasterCard/Visa Scam
A friend was called on the telephone thisweek from 'VISA' and I was called on Thursday from
‗MasterCard‘.It worked like this: Person calling says, 'this is Carl Patterson (anyname) and I'm
calling from the Security and Fraud Department at VISA. My Badge number is 12460. Your card
has been flagged for an unusualpurchase pattern, and I'm calling to verify. Did you purchase
22 | P a g e
23. anAnti-Telemarketing Company a device/any expensive item, for £497.99 from a marketing
company based in (any town?)when you say 'No'. The caller continues with, 'Then we will be
issuing a credit to your Account. This is a company we have been watching and the charges
range from £297 to £497, just under the £500 purchase pattern that flags most cards. Before your
next statement, the credit will be sent to (they give you your address), is that correct?'
You say, 'Yes'. The caller continues. . 'I will be starting a fraud investigation. If you have any
questions, you should call the 0800 number listed on your card and ask for Security. You will
need to refer to this control number. They then give you a 6-digit number. 'Do you need me to
read it again?' Caller then says he needs to verify 'you are in possession of your card' (this is
where the scam takes place as up until now they have requested nothing!). They then ask you to
turn your card over. There are 7numbers; the first 4 are 1234 (or whatever, as they have your
number anyway).The next 3 are the security numbers that verify that you are in possessionof the
card (these are the numbers they are really after as these are the numbers you use to make
internet purchases to prove you have the card)..
'Read me the 3 numbers.' When you do he says 'That is correct. I justneeded to verify that the
card has not been lost or stolen, and that youstill have your card. Do you have any other
questions? Don't hesitate to call back if you do.' You actually say very little, and they never ask
for or tell you the Card number. But after we were called on Wednesday, we telephoned back
within 20 minutes to ask a question. Are we glad we did! The REAL VISA security department
told us it was a scam and in the last 15 minutes a new purchase of £497.99 was put on our card.
We made a real fraud report and closed the VISA card. What the scam wants is the 3-digit
number and that once the charge goes through, they keep changing every few days. By the time
you get your statement, you think the credit is coming, and then it's harder to actually file a fraud
report.
THE REAL VISA/MASTERCARD DEPARTMENT REINFORCED THE POINT THAT
THEY WILL NEVER ASK FOR ANYTHING ABOUT THE CARD SINCE THEY ALREADY
KNOW EVERYTHING
About it,
What makes this even more remarkable is that on Thursday I got a call
From 'Jason Richardson of MasterCard' with a word for word repeat of the VISA Scam. This
time I didn't let him finish. I hung up. We filed a police report (as instructed by VISA), and they
said they are taking several of these reports daily and to tell friends, relatives and co-workers so
please pass this on to your friends
Case.4
Fraud continues to pound the U.S. telecom industry with little sign of letting up. Fraudulent use
of networks and theft of services in all sectors of the telecom industry continue to grow between
10 percent and 12 percent annually. Though accurate fraud figures are nearly impossible to pin
down, between $4 billion and $22 billion is lost each year, and up to 10 percent of a carrier‘s
bottom line is lost to simple subscription fraud and other low-tech scams, such as when criminals
23 | P a g e
24. sign up for service using fake names.
The use of fake addresses is also on the way up. Studies show that more fraud is being set up on
legitimate accounts with good credit, indicating that outsiders are stealing ID information from
good customers and opening fraudulent accounts they subsequently abuse and abandon. A bad
address is the key indicator in 90 percent of fraud cases.
According to telecom security firms, no sector of the industry is immune. Perpetrators, through
fraudulent access to networks, can avoid paying for wireless service, steal and resell longdistance minutes to friends and strangers, or hijack a network device to send unsolicited
commercial email or pornographic spam to unsuspecting end users.
Case.5
Misuse of TRAI’s name for installation of tower
It has been brought to the notice of Telecom Regulatory Authority of India that some companies
/ agencies/individuals are asking people to deposit amounts of money in their personal /
companies account as Government Tax under Telecom Act 1972 or for clearing of the advanced
payment etc. in lieu of leasing the premises of individuals for installation of Mobile tower. After
collecting the money these companies/agencies/individuals become unreachable. These
companies are issuing fake ‗No Objection Certification‘ permission for the Installation of Tower
issued by Ministry of Communication and Information Technology.
The Public at large is hereby informed that TRAI is not directly or indirectly involved in levying
any tax/ fees on leasing the premises for installation of a mobile tower or for issuing any ‗No
Objection Certification‘ for the purpose.
A Mobile tower may be installed by either Telecom service provider or Infrastructure service
provider (IP-I) as per their licensing/registration conditions. List of the Telecom service
providers and IP-I service providers is available on Department of Telecommunications (DoT)
website i.e.www.dot.gov.in.
Any person or entity found fraudulently involved in such activity using TRAI name / logo /
recommendations or national emblem is liable to be prosecuted under applicable law. Anyone
dealing with such companies/agencies/individuals will be doing so at his/her own risk and TRAI
cannot be held responsible for any loss or damages suffered directly or indirectly.
24 | P a g e
26. 7.1 Discussion/Analysis:
India's teledensity has improved from under 4% in March 2001 to around 76% by the end of
March 2012. Cellular telephony continues to be the fastest growing segment in the Indian
telecom industry. The mobile subscriber base (GSM and CDMA combined) has grown from
under 2 m at the end of FY00 to touch 919 m at the end of March 2012 (average annual growth
of nearly 64% during this 12 year period). Tariff reduction and decline in handset costs has
helped the segment to gain in scale. The cellular segment is playing an important role in the
industry by making itself available in the rural and semi urban areas where teledensity is the
lowest.
Not only for India but also world‘s teledensity is growing vastly and also frauds are also
increasing, CSP‘s are continuously trying to reduce all these types of frauds and yes they have
done well and decreases the frauds in a satisfied level.
Global Telecom Fraud Increases By 0.21% From 2011, Still Near 5-Year Low
October 1, 2013 - The CFCA recently announced the results of a comprehensive worldwide
communications industry fraud loss survey. Experts estimate 2013 fraud losses at $46.3 billion
(USD), up 15% from 2011. As a percent of global telecom revenues, fraud losses are
approximately 2.09%—a 0.21% increase from 2011. The main reason for the relative increase in
fraud is due to more fraudulent activity targeting the wireless industry. Highlights of the survey
results include:
Operators with 1-10 million subscribers reported more fraud incidents than any other group.
The top five countries where fraud terminates are: Latvia, Gambia, Somalia, Sierra Leone,
and Guinea.
92 % of operators surveyed said fraud losses had increased or stayed the same within their
own companies—a 3% increase from 2011.
The top five methods for committing fraud were:
o
$5.22 Billion (USD) – Subscription Fraud
$4.42 Billion (USD) – PBX Hacking
$3.62 Billion (USD) – Account Take Over/ID Theft
$3.62 Billion (USD) – VoIP Hacking
$3.35 Billion (USD) – Dealer Fraud
The top five types of fraud reported by operators were:
$6.11 Billion (USD) – Roaming Fraud
$5.32 Billion (USD) – Wholesale Fraud
26 | P a g e
27.
$4.73 Billion (USD) – Premium Rate Service
$3.55 Billion (USD) – Cable or Satellite
$2.96 Billion (USD) – Hardware Reselling
7.2 Highlights of the survey results include:
34 respondents reported a total of $2.0 Billion (USD) in confirmed fraud losses at their
companies.
Operators with 1-10 Million and 50+ Million subscribers reported more incidents of fraud
loss than smaller operators.
The top 5 countries where fraud originates: United States, India, United Kingdom, Pakistan,
and the Philippines.
The top 5 countries where fraud terminates: Cuba, Somalia, Sierra Leone, Zimbabwe, Latvia
98 % of operators surveyed said that global fraud losses have increased or stayed the same an
8% increase from 2008.
89 % of operators surveyed said fraud losses had increased or stayed the same within their
own Companies—a 13% increase from 2008.
27 | P a g e
29. 8.1 Conclusion:
Due to increase in process-oriented frauds and malicious frauds, it is important to implement an
effective fraud management system
• People who commit frauds are more creative and innovative than the operator in terms of
figuring out how to use these new services, so innovative measures need to be taken on a regular
basis.
• Experienced, well-trained staff, access to current fraud data, in addition to a powerful fraud
management system is important tools in the fraud prevention store.
• By establishing a strong connection between marketing and fraud control, it is possible for
carriers to offer new products and improve margins.
• Telecom and other industry associations must lobby for a more stringent legal regime to be
implemented with specific focus on telecom fraud.
• Laws must permit companies to permanently blacklist employees found guilty of committing
fraud as the same shall act as an important restrictive.
―The results of this survey confirm that telecom fraud remains a lucrative criminal business,‖
explained Jacob Howell, CCSP, CFCA Board Member and Director of Fraud Management
Solutions for TEOCO Corporation.
―The CFCA is committed to raising awareness of this worldwide problem and to providing a
forum for education and information-sharing among communications service providers. It‘s
where communications professionals go to learn about these schemes and become effective at
stopping them.‖
8.2 Recommendations:
CSP‘s should use various tools and techniques for the security of their network.
CSP‘s are not applying the fraud detection techniques due to high investment.
Regularly updating of software and hardware tools is necessary.
Infosys co-created the revenue assurance process from scratch for the m-commerce
product of the client.
This included:
29 | P a g e
30. Risk assessment
Identifying key performance indicators (KPIs)
Controls monitoring and operations
Content payment settlement with third-party vendors
Testing for identifying service failure scenarios for the client‘s mobile app store
8.3 Benefits
The operations set up by Infosys process around 1,000 cash back transactions per day.
Infosys operations for the client‘s revenue assurance and fraud management have resulted in
minimizing revenue leakages and led to a direct impact on the client‘s top line.
More than 70 fraud cases amounting to INR 100,000 have been identified and closed while
recovering 8 times worth the fraud amount.
Revenue leakage of more than INR 3 million identified.
INR 2 million of revenue saved.
According to me all CSP‘s should apply this type of services provided by various operators for
decreasing the frauds.
8.4 Limitations of Research:
My research is totally based on the secondary data from the books, articles and internet. I went
through the various articles on the internet from various organizations like ITU, TRAI and
CFCA etc. and also referred from various white papers or research papers. If any data which is in
This project is incorrect or affecting anyone‘s information I will be responsible for that.
30 | P a g e
31. 9.Bibliography:
OSS/BSS for Converged Telecommunication Networks – A practical
approach by Prof. Rahul Wargad.
http://www.trai.gov.in/
TUSHAR CHAWLA , Partner - Economic Laws Practice
Constantinos S. Hilas
Technological Educational Institute of Serres,
Serres 621 24, Greece
chilas@teiser.gr
S. H. Oh and W. S. Lee, ―An anomaly intrusion detection method
byclustering normal user behavior,‖ Computers & Security, Vol. 22, No.
7,pp 596-612, 2003.
www.dot.gov.in/
Fraud OverviewTAF Regional Seminar on Costs andTariffs, 28-31 January
2008, Djibouti
Peter Hoath
peter.hoath@bt.com
31 | P a g e