They say lightening never strikes the same place twice. Tell that to poor old Roy Cleveland Sullivan, who was struck by lightning several times during his 30-years career as a U.S. park ranger. Sullivan was extremely lucky to survive. Few do.
The moral of Sullivan’s story is simple: When you see a threat, take action. Don’t just hope it doesn’t happen again. It’s true for communication service providers as much as it is for park rangers.
Operational Risk Management (ORM) is the art of taking preventative measures against threats. In these tumultuous times for telcoms, with the transformation to digital in full swing, and the implementation of IoE and NFV technologies well underway, it’s more important than ever.
Hezi Zelevski, product and marketing lead for Amdocs’ Revenue Guard, has valuable news about the latest developments in the world of ORM and advice on why CSPs need to move forward quickly to meet new challenges, but without exposing themselves to old threats.
Q: What’s the difference between risk management and operational risk management?
A: Risk management is a broad term. It covers everything from securing physical assets like a building, and insuring it, to disaster-recovery process, among other things.
Operational risk management is a sub-category focused on the operational processes of CSPs like service assurance, revenue assurance, fraud management, billing accuracy, payment assurance and others.
Q: How is technology changing ORM?
A: Most legacy risk management systems — whether they focus on revenue assurance or fraud prevention – depend on knowing what they’re looking for to provide detection and prevention. We call these identify features the “rules engines”. With the evolution of services and technologies around the Internet of Everything (IoE) and data we’ve gone beyond that process. Revenue assurance and fraud management now harnesses technologies like Machine Learning, Artificial Intelligence, Robotics Process Automation (RPA) and more. Machine Learning identifies and prevent threats we are unfamiliar with and finds new features and indicators that help us detect and prevent risk in real time. For instance, we run unsupervised algorithms that sift through huge amounts of data looking even the subtlest suspicious pattern. Once a suspicious activity is detected, we can stop it in its tracks. With RPA we can automate day-to-day tasks and create better, more efficient and faster ways to prevent revenue loss. In the future, most day-to-day work will be based on machine learning and automation, and the world of rule-based revenue assurance and fraud management will be smaller.
Q: In light of these advances, are traditional risks still a threat?
A: For now, very much so. Still, most CSP revenues come from legacy services that are vulnerable to legacy fraud and assurance risks. For example, International Revenue Share Fraud (IRSF) is still a prominent scheme that relies on premium rate calls to defraud money. At the same time, billing and collection issues are still a serious concern that CSPs have to be mindful of. The challenge is finding the right balance between protecting current assets while also implementing new solutions and services to safeguard emerging ones.
In fact, there’s a big risk in moving forward too quickly. Communication service providers currently lose about 3 percent of revenue every year to RA&FM-related issues. This is a huge number. While it used to be higher, it can be lower. These statistics are based on existing services. If operators don’t stay on top of things we could see a return to higher numbers of the past.
Q: What strategies can service providers pursue when it comes to ORM?
Operators can take one of two paths:
They can acquire staff and task them upgrading and maintaining the ORM systems. In the past, operators have often preferred to keep such services in-house, though this can often be an expensive, long and laborious process.
Alternatively, they could use specialized vendors to bridge the gap, delegating some areas to experts. Providers increasingly prefer to focus precious resources on staying at the forefront of knowledge and technology.
Q: How can service providers utilize their assets to provide ORM to their customers?
A: Providers can and are making use of the data and knowledge at their disposal to protect customers. In most cases, this is considered part of the overall service without covering all risks customers face.
Today operators are looking for targeted risk management solutions beyond what’s traditionally offered. For example, Private Branch Extension (PBXs) are vulnerable to attacks that can be very costly. In one prominent case, four Filipino fraudsters stole millions from a provider before they were arrested by police. That’s why some CSPs offer PBXs with special monitoring that raises alarms and takes action when suspicious activity is detected. This is an add on service to enterprises.
Another example is Call Center Protection services. Call centers are also prey to credit gaming, social engineering and other scams. CSPs can monitor all traffic going in and out and can detect and prevent abnormal or problematic behavior or callers. Amdocs offers CSPs such a platform that they can sell customers as additional protection.
Q: What do you recommend CSPs do to reduce operational risk?
A: CSPs need short- and long-term ORM strategies. These should cover both existing and future services, and they need to have the right tools and methodologies to implement the plans. I believe they should combine internal resources with external expert vendor in order to speed up the process and stay current with rapid changes in the market.
Zelevski’s point that old risks continue to pose a threat for CSPs alongside new ones was underscored last June when fraudsters operating out of the Pacific island of Tonga made news around the world. According to media reports, the unknown culprits used a classic “one ring” scam placing brief calls to numbers around the world, then charging high international call fees if they called back.
It was the oldest trick in the book, and yet in 2017 it apparently it still worked. For CSPs the lesson was clear: Lightning can strike the same place twice.
Amdocs Revenue Guard is the industry’s leading Operational Risk Management (ORM) service preventing revenue loss in the fast-moving digital era.
Revenue Guard ORM is harnessing a rich combination of methodology, unique IP, expertise and innovative technology, proactively addressing the growing and evolving risk challenges that DSPs are facing.
Revenue Guard ORM service takes end-to-end ownership and accountability for assuring DSPs business processes, allowing them to focus on core business.
For more details please contact us: AmdocsRevenueGuard@amdocs.com
