Here, Taylor tells George Malim how CSPs face new threats as they enter new markets with a wider portfolio of services than ever before and explains how big data techniques are being applied to uncover frauds.
VanillaPlus: To what extent are big data techniques being applied to fraud and revenue management? Can there ever be such a thing as too much data?
Luke Taylor: For the past 25 years, we have used the ethos that the richer the data you can provide the better the analytics we can give you with fraud and credit protection. The challenge is to weigh up the cost versus value equation of the data involved. Obviously, the more data that is collected and analysed, the greater the insights achieved and ultimately the reward. However, we’re able to apply our experience to identify the key data points that establish the likelihood of a user to perpetrate fraudulent activity or become unable to pay their bill. This is exactly the same for revenue assurance, where the cost of data gathering, processing and analysis is weighed up against potential revenue savings.
In the case of risk, we do this by taking the event data records (EDRs) but also analysing other information around the customer such as returned mail, customer care activity, payment methodology, location information and other data to enrich the analysis and give us the entire profile of the customer. This has always been our mentality and gives us better results.
The analysts using our user interface are usually measured on productivity and performance, so the richer the information the better the results. However, too much information can have an adverse affect. A large volume of information from a wide range of data sources has the potential to mask fraudulent behaviour among the noise created by all the other information. Our knowledge of subscriber behaviour and telecoms networks means we are able to filter out some of that noise and present only the data that potentially holds meaningful information for analysts to be empowered to investigate and close cases very quickly.
For example, our customers in the fraud market process billions of events each day and a small percentage of these will be highly indicative of fraud or risk. They are also in parallel profiling millions of subscribers so we’re trying to provide a manageable volume of rich and accurate cases that focus on identifying the most likely fraudsters.
In addition, profiling risk scenarios by monetary value or loss rate enables CSPs to prioritise so they can tackle fraud, credit and revenue assurance issues that can potentially cost them millions of dollars first before turning their attention to lower level risks. The arrival of data on devices coupled with data roaming has heightened CSPs’ risk through fraud or possible bill shock, but by identifying the highest users and identifying if behavioural activity has changed they can tackle likely risks and minimise possible dissatisfied customers based on this smart data.
It’s worth remembering that a fraudster very closely resembles one of your best customers. Both may spend large sums of money, have multiple devices, utilise a large range of your services and possibly roam. There is a fine line between the two. Therefore, getting the information right is extremely important. No CSP wants to deny service to valued customers or suggest to their best customers that they are committing fraud.
VP: Do CSPs have the skills to understand the information that exists within their big data?
LT: It’s a challenge. Big data is only relevant if you know what the data means and you can use it for a practical purpose. CSPs usually think they know what their data means but in our experiences in deploying large complex risk management installations, data exploration is one of the longest aspects of any project for both parties. It can be a long process to get into a position that allows such data to be used effectively. Big data needs to be smart data to be useful and practical.
VP: The service portfolio that CSPs have has widened immensely and now encompasses far richer, higher value services often provided in partnership with third parties and partners. To what extent has that changed the fraud management discipline?
LT: In the mature postpaid markets of Europe and North America where CSPs rely on consumers to pay their bills at the end of the month, what consumers are doing dayto-day and month-to-month is crucial information to enable a CSP to understand its exposure to risk at any point. For example, the behaviour of a customer that has recently lost their job becomes relatively easy to detect. The CSP can see, for example, that the user starts to increase the downloading of films during working hours, plays more games and call behaviour changes. The CSP can also see late payments or the user shifting to paying the bill by credit card rather than direct debit. Shifts in behaviour like these can give the CSP ways to identify users that need more attention. That’s not necessarily negative, the CSP might want to shift them to another tariff that suits their budget or usage better, for instance. It’s important to recognise that exposure from this type of user can be substantial if they’re buying apps, roaming or downloading premium content that will require third parties to be remunerated.
In the prepaid market there are also risks and these are associated with fraudulent top-ups or additional services such as mobile money where the potential for fraud to be perpetrated is high.
Regardless of the market type or demographic, fraud is never going to disappear. There will always be opportunists or people looking to take advantage in terms of getting something for free. In addition, where CSPs are trying to compete and avoid becoming utilities by offering triple and quad play services, the risks are starting to become greater. There will need to be more of a relationship between marketing teams and business teams because the exposure to risk and revenue loss that a CSP faces can be quite high in the arena of complex bundles of services.
VP: 15 years ago CSPs were less interested in fraud, regarding it as more of an irritant. As CSP margins have tightened are they taking fraud and revenue management more seriously? To what extent have these issues become a c-level concern?
LT: 15 years ago we were talking voice calls, today the industry is a different beast. Today there’s a mixture of interest that goes from the chief executive down, depending on the CSP. There is certainly a high level recognition that fraud prevention, revenue assurance and credit risk analysis are things that need to happen. They certainly can add value because the revenue a CSP can bring back into the business by using these systems is large enough to be regarded as critical.
However, in some markets there is reluctance because CSPs don’t want to admit they have an issue with fraud for fear of damaging their brand or denting the trusted relationship they have with their customers. Conversely, others see having a reputation for tackling fraud as a marketing benefit. For example, at Safaricom in Kenya, the chief executive is very keen to emphasise that the CSP has fraud prevention processes in place and will have fraudsters arrested and prosecuted.
External fraud is one side of it, but CSPs increasingly are targeting internal fraud from employees. Examples of this include topping up the credit of friends and family members or defrauding mobile money services through collusion with dealers. The full picture has to encompass every aspect of fraud.
It’s becoming apparent that fraud damages a CSP’s reputation and end customers see fraud and security as more relevant now with the increase in services and convergence of financial instruments and telecoms.
VP: How do you see the fraud management market developing?
LT: There’s the aspect of a lot more action being taken by CSPs to protect their businesses by offering more services and mobile money and that brings risk. All the things the CSPs need to push and offer to prevent becoming utilities bring in heightened threats and CSPs are being asked or regulated to do more to prevent money laundering and terrorism. It’s clear that the risks they face in terms of customers paying for services will increase and expand.
With the amount of consolidation among CSPs at the moment and voice being almost worthless, it’s the big data channel and what they can use it for that is interesting CSPs. They want to see if they can use it to generate revenues and achieve greater stickiness among customers. However, to do that, they are going to have to take some chances and risks.
The broad aspects of risk remain the same but there are now more security aspects to consider, more hacking activity and more abuse of bandwidth to be addressed, especially with the emergence of all-IP networks. Ultimately, there will be teams and individuals out there looking for whatever they can get. They will download films and resell them, they’ll download TV shows without paying and they’ll find loopholes within technology and marketing initiatives to exploit.
These are exciting times with CSP services in constant evolution. Analytics is going to be one of the most critical points in the future – we’re all data driven these days and fraud and revenue management is certainly no exception.
