TELECOM FRAUD &

MANAGEMENT

BY
DIPTESH SINHA
INTRODUCTION
•Fraud is a constantly evolving, many-facetted phenomenon
•With the change of technology, ingenious ways of fraud are also emerging. As per an
Estimate, there are more than 200 types of telecom frauds that exist and number is
increasing with the advent of 3G services.

• Thin line between fraud and negligence.

• Fraud in telecom industry may be described as any service obtained without
intention of paying

•Fraud is different from revenue leakage.

•Revenue leakage is characterized by the loss of revenues resulting from operational
or technical loopholes where the resulting losses are sometimes
recoverable and generally detected through audits or similar
procedures.

• Fraud is characterized with theft by deception, typically

characterized by evidence of intent where the resulting
losses are often not recoverable and may be detected by
analysis of calling patterns.
 FRAUD AND GLOBAL SCENARIO
• Telecommunications is an attractive target for fraudsters. WHY????

• In terms of volume, it is now measured in the billions world wide.

• organized crime using hackers and self learning

• Estimated that telecommunications fraud is more attractive than the drug trade.It has been
estimated the fraud problem is worth between $12bn and $55bn per year globally.

•While many large operators have developed sturdy FMSs to combat fraud, others have not.

•The fraud most important in terms of losses by number of incidences

1. Subscription fraud (40.8%)
2. Roaming fraud (16.3%)
3. Internal fraud (8.2%)
4. Pre-paid (9.5%)

•The fraud most important in terms of losses by values

1.Internal fraud (40.3%)
2.Roaming fraud (11.4%)
3.Pre-paid (10.8%)
4.Subscription (11.6%)
5.Premium (13.1%)
MAIN ISSUES OF FUTURE

• Increase in number of access methods (voice & data),

• The additional payments (the handset becomes a credit card)
• The improved identity techniques (possible biometrics)
• The internal fraud (increased access to key systems)

FRAUD’S FUTURE
The size of telecom market makes it very attractive to fraudsters mainly because of
1. increased number of business transactions
2. increased usage of distribution networks such as Internet, IP networks,LAN’s, VPN over
public networks, wireless networks and distributed computing and grid networking.

Traditional telecom fraudsters will be joined by individuals from the Finance, IT & IP
‘hacking’ fraternities, sophisticated fraudsters will focus on content and conventional
fraudsters continue to focus on voice.

NEW METHODS OF ACCESS AND FRAUDS

Fraud management becomes more and more important as the new

methods of access become available such as cable networks,
wireless networks, DSL, Satellite, metropolitan optical
networks running Ethernet, broadband wireless systems
(radio, microwave, or infrared). The new network access
services supports the convergence of voice and data networks
into an all-packet-switched network
CLASSIFICATION OF FRAUDS
A) EXTERNAL FRAUDS

SUBSCRIPTION FRAUD
• most prevalent since with a stolen or manufactured identity
• no need for a fraudster to tackle a digital network’s encryption or authentication
systems.
• low tech with less chance of detection
• modus operandi of subscription fraudster is posing as a credit worthy person or
company
• Often fraudsters work with corrupt dealers or internal groups within the service
provider in order to create the subscriber accounts.
• They obtain roaming privileges, for example by posing as a small company or by
behaving as a good paying customer for a period of time (known as a “sleeper”).
The fraudster then roams to a foreign network and generates a high volume of
lengthy calls in quick succession, usually on multiple handsets.

Subscription fraud may be of two types.

1) connection is obtained by providing fraudulent documents
/ information
2) after providing the correct documents, a customer uses
the network for making NLD/ILD and roaming calls.
The fraudsters start building up his credit limit
Mitigation
• carriers are learning the patterns of subscription fraud, including the common indicator of a billing
address change within the first 15 to 30 days of opening an account.
• If a new user deviates substantially from the average new user and uses services for an excessive
amount, a flag is raised.

•For dealing with the first category of fraud, the telecom company should have practice of verifying the
original documents, proper address and credit verification of customers, so that, there is a minimal
possibility of committing such frauds. Internal auditors should verify that these practices are rigorously
followed by the operational team of the company.

•Handling of second category of subscriber fraud poses a great difficulty as there are no preventive
measures and in many cases,
1) Putting adequate de-duping processes (checking of the data base of existing bad and suspended/
terminated customers) in place to ensure that existing bad suspended/terminated customer do not re-
enter into the system by having a new connection.

2) Evaluation of credit rating of the customers and assigning credit limit and allowing him to keep
exposure upto his assigned credit limit. Credit Worthiness Checking Software.

3) Efficient dunning policy, so that, the customers are made aware about exceeding credit limit
However, care should be taken by the company that the premier customers are not affected.

4) Regular monitoring of high usage and exceptionally long duration ILD/NLD calls.

5) Regular monitoring of the calls made during odd hours e.g. late night, early morning calls.

6) Analysis of undelivered bills even though the payment is being received in respect thereof. The
fraudsters may pay the initial bills with no intention to pay future bills of large amounts.
Mitigation

6) Analysis of undelivered bills even though the payment is being received in respect thereof. The
fraudsters may pay the initial bills with no intention to pay future bills of large amounts.
7) “ProFile” an intercarrier database of accounts-receivable, write-offs and service shut-offs that
provides on-line prescreening of potentially fraudulent applicants.

TRAI has made mandatory for all operators to verify the identity of all their prepaid and postpaid
subscribers. The internal auditor should evaluate whether the company has adopted requisite
practices. They should be more vigilant while verifying the proof of identity and proof of address of the
subscribers as the connections taken through fraudulent documents may lead to serious implications
in addition to loss of revenue to the company.

ILLEGAL TELEPHONE EXCHANGES

These exchanges terminate voice over internet protocol (VoIP) International calls over public switched
telephone network (PSTN). Fraudster receives international calls from foreign countries over VoIP
(through an ISP).

Such frauds can be prevented or detected by adopting following measures : -

i) Encourage the customers to report the display of local calling numbers for International calls.
ii) By putting an appropriate configuration of alarms in the Fraud Management System for long
duration ILD/NLD calls and analysis of high usage of suspicious calls.
iii) Implement a system to identify the subscribers of high usage in a BTS or nearby BTS,
iv) Subscribers verification process to be tightened
v) Analyse the incoming and outgoing call ratios.
CLONING OF HANDSETS AND SIM CARDS

phone's authentication parameters are copied into other handsets, so that the network believes that it is
the original handset that is being authenticated. The telecom company charges the calls to original
customer who will obviously deny having made such calls and consequently the telecom company will
lose its revenue.

It allows fraudsters to make high value calls for which the telecom company can not collect any revenue.
In addition, in most cases of cloning, the operator will have to make substantial payments to other telecom
companies.

MITIGATION
Such frauds can be identified by analyzing the call , call velocity and calling pattern.

CREDIT CARD FRAUDS

Many telecom companies accept e-payments and credit card payments. A fraudster may make payment
by using a third party credit card number and three digit Card Verification Value (CVV) number.
Subsequently, original card holder may refuse to pay the amount, claiming that he has not used the credit
card.

MITIGATION
a) Putting a limit on number of swipes in a given time frame.
b) Specifying the limit on the maximum of amount of payment which can be made through credit card.
c) Monitoring of payments of multiple bills using same credit card.
PREMIUM RATE / VALUE ADDED SERVICES RELATED FRAUDS

Telecom Companies are providing Premium Rate Numbers (i.e. 52222, 59999, 57777 etc.) to their
customers for value added services, wherein, all calls are charged at a very high rate. Content provider for
Premium Number Service is entitled for revenue share on the basis of the number of incoming calls.

In such a scenario, a content provider may try to get the maximum number of calls using all tactics e.g.
content provider may obtain another number with fraudulent documents / information with no intention to
pay the bill and will make calls to Premium Rate Number for getting higher revenue.

MITIGATION

This can be detected and prevented by monitoring the activities of Premium Rate Services, traffic pattern
and CDR's of Premium Rate Numbers.
INTERNAL FRAUDS

• Internal fraud represents 8.2% of incidences but generates 40.3% of value lost which is equal in
value of the following four types of fraud combined: roaming (11.4%), pre-paid (10.8%),
subscription (11.6%) and premium (13.2%).

• Motivation for such a fraud is caused by companies not prosecuting, shady management
accounting practices, unrealistic performance targets, few checks and balances, and disgruntled
employees.

• Partners can mis-represent their transactions. They often have significant access to OSS/BSS
systems or how your business works.

• Outsourcing creates opportunities for fraud.

• Distributors may have access to authentication activation codes, they can create
customer accounts, misrepresent sales volumes, etc.

• A telecom company appoints dealers, distributors, channel partners

for various business activities such as acquisition of customers,
collection of bills, etc. These channels will get commission/incentives
on the basis of different slabs for total number of new acquisitions /
connections, collection targets achieved, etc. On the other hand
they are penalized for not achieving the collection targets.
Sometimes to maximize commission/ incentives or to avoid
penalties these channels may use fake documents for acquisitions
of customers or may make fake entries for collection of bills.
MITIGATING

• Review of channel partner’s profitability and policies on an ongoing basis.

WRONG CONFIGURATION IN OPERATING SYSTEMS

Telecom Company has to configure various data, such as subscriber data, tariff plans, Call
charges, in the various operating systems like switches, phonegen, billing system, etc. The bills
are generated after matching of entire data in these operating systems. The employee of Telecom
Company may fraudulently modify the data, i.e. they may configure the switches in such a manner
that the CDR is not generated for particular Number(s) or they may configure/modify the different
tariff plan etc. This can be detected by effective monitoring of configuration of tariff plans
and exceptional reports of billing systems/ switches etc.