CSPs need to play defence and offence to combat fraud in an all-IP world
The GSMA has identified no fewer than 45 known fraud types that service providers must contend with. Fraud has always been around and the bad news is that it is likely to get worse before it gets better, write Vic Bozzo and Michael Elling
Prevention, detection, investigation and correction are all actions CSPs can take with the right tools. The two major reasons fraud exists are vulnerable service provider systems and inefficient settlement and tariffing regimes. Not a lot that can be done about the latter in the short term, but a fair bit can be done today by the service provider to combat the negatives of IP’s open-ness.
IP was developed as a private end-to-end packet protocol that never expected to be a public protocol. It scaled as digital economics overwhelmed analogue beginning 30 years ago initially across wide area – internet – networks and then local networks.
Ultimately IP entered the access and metro networks – wired and wireless. It’s sheer scale and open-ness means IP has become the protocol to rule all protocols for voice, data and video, regardless of whether it was the best technology for all services and markets.
But the same things that make IP appealing – flexibility, cost, simplicity – make it a target for fraud. Any boundary point or component that has an IP connection is vulnerable. This implies that any party knowingly or unknowingly can be a participant in the fraud. Add to that the fact that knowing the origination, path and termination of a VoIP call is often impossible while the call is happening.
To quote a leading industry vendor: “VoIP is about convergence, saving money and resources.” This may appear to be paradoxical given all the obvious and real dangers. Furthermore, one might ask: what happened to growth in new services and new markets? We believe therein lies a major problem with fraud, namely that CSPs are spending the majority of their time and resources thinking about the customer relationship (convergence) and handling those converged services (money and resources) without giving sufficient thought to transiting traffic to other CSPs and working with other CSPs to develop new market opportunities.
Dedicating more resources to the latter serves two purposes, namely reducing the fraud that has developed as a result of legacy settlement and competitive structures in developing markets and, additionally, serving as the basis for growth of new services.
Transition to IP
What seems to have been forgotten in the transition from TDM to IP was the important interworking standards that developed over the past 100 years in the analogue PSTN markets for clearing supply and demand north-south between the application and network/transport layers and east-west between CSPs. Without a clear view of the path we’ve opened up the market to a replay of what happened in the 1980s-90s in the PBX market, only instead of auto-dialers we have banks of asterisk platforms robo-dialing.
As many wrestle with where to focus their energies to combat fraud – at the origination point, in the IP session or path, or after the fact – we find that there are pros and cons to each and that a blended approach is the best route. Below we look at the numerous on-net and off-net solutions service providers should consider to both combat fraud and set the stage for new service creation and growing revenues with respect to their OSS systems and ofnet settlements.
New tools and functionality
The first step is to look at internal systems and figure out which ones are disjointed and might contribute to duplicate reference data and rating tables. Combining trading, routing and settlement systems in one platform and having an integrated solution/view is absolutely critical. This also has the added benefit of more efficient operations and lower maintenance and support costs as well as upfront integration costs. The result, in addition to fewer insecure steps and processes, is rapid end-to-end visibility and more consistent data.
Further preventative steps can be taken by implementing quality assurance platforms. In addition to regularly testing interconnections, such tools can regularly check for compliance and performance that prevents or limits fraud from occurring based on benchmarks established by the system.
The move to real-time systems
Regardless of the investment in improved processes and systems fraud will happen. Therefore real-time monitoring is critical. Robust dashboards that handle complexity easily and can be easily monitored and work across all OSS/BSS components are essential. The ability to interface directly with switches is important as well for real-time intervention. These are useful to limit instances of fraud, but once fraud has occurred the same systems need to provide a strong suite of audit and reconciliation tools to support disputes and limit total losses beginning with automated bill receipt for electronic bill verification, extending to financial management, and then to flexible and rapid resolution.
Automated responses and policy
An important element of any solution is carrier blocking capability at the switch level, along with the ability to set policy levels. Any solution needs the requisite alerting, alarming, and the ability to take action in routing tables and dispute management swiftly. Automated and dynamic policy based routing is essential but of course the entire process starts with automating the development of contracts to remove potential errors or openings due to human oversight, as well as the ability to flexibly handle rating structures across both voice and data solutions.
The need to share data
Even if all the above measures are implemented, service providers will benefit from sharing data, processes and policies with other carriers. Neutral exchanges may well develop in the future to both alert individual CSPs and make the entire community aware of and safeguard against threats. Today’s solutions stop at the carrier border, but it’s increasingly becoming apparent that any solution implemented today needs to be future-proofed with the possibility to incorporate aggregated data from neutral third parties.
Any solution should also be future-proofed with the ability to facilitate new service creation. CSPs need to recognize that OTT providers made rapid inroads precisely because they weren’t constrained by artificial geographic, market or application siloes. Likewise CSPs need to work together to introduce new services that securely and cost effectively transit borders rapidly and in the process stimulate customer demand for new, high-capacity/definition voice, audio, data and video services.
As the saying goes, the best offence begins with a good defence. But in this case the best offence may well be a good offence. Service providers in the new IP world need to be proactive by guarding against internal and external threats by first reviewing internal systems, then looking externally for third party and exchange data and finally by cooperating with other carriers in order to be relevant to end users, providing value and generating ROI. CSPs can work together to combat fraud and in the process establish new pathways to service creation in an all-IP world.
category: Expert Opinions