Email a colleague    

June 2015

Law Enforcement & Security in a World Where Industry and National Boundaries are Blurred

Law Enforcement & Security in a World Where Industry and National Boundaries are Blurred

Society never advances.  It recedes as fast on one side as it gains on the other.  The civilized man has built a coach, but has lost the use of his feet.  He is supported on crutches, but lacks so much support of muscle.  He has a fine Geneva watch, but he can no longer tell the hour by the sun.             Emerson, Self-Reliance 1844

Our society loves technological advances but often fails to see the downsides of its progress.  And in telecoms, the trade-off for greater convenience and versatility is very often increased fraud and lower security.

Take GSM.  It triumphed over CDMA partly because it was more versatile.  Users loved the idea of popping a SIM card in and out of a handset.  But that versatility also came at a cost, for it has enabled SIM box fraud.

Likewise, a PBX’s ability to redirect phone calls is a huge convenience for business people, but that feature opened the door for International Revenue Share Fraud (IRSF), a fraud which costs telecoms $4 billion a year according to the CFCA.

Are we destined to be forever reactive over security, fraud, and risk issues?  Or will we put wise standards, regulations, and frameworks in place that allow us to deliver technology that’s relatively secure and fraud-resistant?

This is a key issue of our time and here to discuss that — plus a broad range of fraud/security/risk threats on the horizon — is Mark Johnson, principal consultant at The Risk Management Group (TRMG).

Dan Baker: Mark, it’s been three years since we did our last interview together here.  I understand today you are focusing on a much broader plate of fraud and security issues — across both telecoms and other industries.

Mark Johmson: Dan, it’s well-understood that the technically-savvy need to be up to speed on fraud and security issues, but today tremendous education is also required of the decision-makers — the non-technical people, and lately we’ve focused on helping those folks understand the big picture.

Certain things are inextricably linked, I think.  We make a distinction between telecom fraud, financial theft, and cyber security, but the fraudsters don’t really care what silo we put a problem in.

When you look at the modern handset, it is a cyber device that happens to do phone calls — and lots of financial fraud is being pumped through that device too.

So our main audience today is folks at the Board level, executive board, middle management — people who are not computer geeks or telecom experts but who make decisions that are relevant.

We do a lot of one-day seminars and other awareness-raising activities and we have got quite a lot of business out of the public sector, the police and what they call in the UK, the Home Office, which is a mixed bag.  From a US perspective, imagine Homeland Security with all the main agencies reporting to it, it’s something like that.

Great, so as you and your colleagues in fraud, security and law enforcement look out on this complex and vulnerable scene, what concerns you the most?

Certainly one of the key things we are concerned about is big data.

Our view of big data is that big data brokers have already taken out all the information and are now packaging it up and selling it.  It may already be too late to think about effective privacy controls for the current generation of consumers, but we do need to think about them for the future.

The impact of big data on fraud and security is enormous for two reasons.  One is obviously that the exposure of citizen’s data is a security risk; fraudsters would love to get their hands on that kind of personally identifiable information and the concern is that outside the financial services sector, control is pretty lax in terms of who can collect the data and what they can do with it.

The second side of big data, though, is an opportunity for security professionals to profile good customers and digitally fingerprint suspected ones.  Powerful things can be done in terms of looking at a customer'’s online behaviors, at the signatures left by their devices, how they move through a website, where they land on the site, etc.  This information can be used to build up intelligence on what good and what bad customer actions look like.

And of course, the law enforcement use of sensitive data to track terrorists is one of the biggest news stories of our time.

Perhaps you heard about the case of these girls who went to Syria from the U.K. to join ISIS?  They had been following a blogger who was radicalizing people and encouraging them to go.

Demystifying Comms Risk

The parents of the kids complained, saying, if they follow a tweet, that should have been sufficient for the authorities to take some action.  In fact, the authorities did take some action but they blundered a little bit, sending letters that ended up in the hands of the girls themselves instead of going to the girls’ parents.

The girls were 16 and 15.  The case demonstrates, on the one hand, the authorities were aware and following this radical conversation and were sufficiently concerned to send the letter: — that was a good thing.  But obviously, they need to get it right next time and they have been intercepting would-be travelers since that time, based on a combination of tip-offs and surveillance.

My point here is there’s huge potential for technologies to be used for good and to prevent crime as well as obviously investigating crimes that have occurred.

Now the same principles would apply to a pattern of phone calls or text messaging between individuals.  I’m fairly agnostic in terms of whether it falls in the bucket or the cyber bucket.  I don’t make that distinction myself these days; data is data and a network is a network.

The Eric Snowden case and abuses of the Patriot Act are the stuff of legend in the US right now.  How well are privacy matters handled in the UK and Europe?

RIPA in the UK, which is the Regulation of Investigatory Powers Act, has one of the strictest regimes limiting what the authorities can see and the sense I have, based on some recent hearings in Parliament and a fair bit of press is that those restrictions work.

There may be individuals or departments that I am not aware of who are doing something they shouldn’t be doing, but the average law enforcement organization is not getting that data without demonstrating a genuine need.  If fact, they are frustrated over the tightness of controls.

So, obviously in other countries different rules apply but that is how it seems to be in the UK and Europe in general, so I think it’s fairly safe to say that across the EU, citizens are quite well protected in that sense, relative to many other parts of the world.

Aside from the question of law enforcement’s access to big data, the problem of sifting through all this information to find something is a huge challenge in itself.

Dan, one of the biggest problems there is the wide range of communications options that are open to people.

Users are rather agnostic about how they communicate.  So I can WhatsApp you and then 10 minutes later call you by phone.  We might have a Skype call an hour after that, and then I will send you an email with an attachment.  Then I will point you to a drop box to download something.  I will send you a message through Facebook and you will answer me with a LinkedIn message.

So these multi-channel correspondences between individuals are commonplace today.  And this is one of the biggest challenges security and law enforcement face because they now need to talk to multiple sources in order to access data.  And that’s assuming they even know which services an individual is using, and under what identity.

And we’ve become highly reliant on this multi-channel communications network.

Yes, with every passing year, we become more dependent on communications technology to the point that if we lost our phone networks and the internet for a few days, we will probably lose the entire global economic system.

That is not an exaggeration.  Take a look at something as simple as food supply here in the UK.  Our grocery stores use just-in-time delivery systems right now.  There’s only minimal warehousing, and if you lost the ability to process orders, there is no manual backup.  The consequence?  We wouldn’t eat.  Most of us would have three or four days food supply and that would be it — if they didn’t get it working again.

In the words of Black Swan author, Nassim Taleb, the world has become more fragile.

Absolutely, and it concerns me greatly.  When I think just how fragile it is and what the implications of the loss of communications really would be, it does worry me.

But the warehouses and sufficient reserves were eliminated to become more efficient.  From a risk management perspective, what we have is a single point of failure and that single point of failure, which is IP, is riddled with security vulnerabilities, under constant attack, and accessible to every enemy on the planet.

I think the cause is our migration to an online world.  We have reached a point where not only is everything online, but people have forgotten the manual process behind their systems.  Today a whole generation of employees only knows the automated process.  And as time passes, it becomes harder and harder to envision how you would recover if you lost that technical capability.  It might sound like I am overstating this, but I do worry about that.

What about the Internet of Things.  What are the chief security concerns around that?

It should really be called ‘The Internet of Hackable Things’!  However, I think the most interesting thing about the Internet of Things is how it leads into robotics and related technologies.  And this is everything from the driverless vehicle to the embedded chip in the body.

Some clinical trials are going on with chips embedded in the back of the eye: it’s almost like Google Glass technology but without the glass.

Now naturally, the initial trials are focusing on helping those with impaired vision but longer term this will become an enhancement for someone whose vision is perfectly fine.  And they will have communications, location information, and other data on that chip in the future.

I think that becomes really interesting when you look at malware.  You think about a mobile connected chip embedded in the body providing location-based information and perhaps having a payment capability for automatic payments if I pass through a given location, etc. and you think about malware in that context, you think about hacking, and in law enforcement you think about evidence.

What does a law enforcement official need to do to recover that chip from a suspect, for example?  This is not as far away in the future as we think.  There is already a company in Scotland that has chipped its employees, if they volunteer.  They chip them ostensibly so they can pay for lunch in the canteen without producing a card, but allegedly they are also using that technology to monitor their location in the building!

It brings back memories of Brave New World and 1984.

This is not science fiction anymore, and there are a lot of issues around integrating communications and computing equipment with human physiology.  The field has become quite active and it is going to be an issue for fraud and security and risk managers.

Now there are precedents in terms of contraceptives.  There are contraceptive devices put under the skin that sort of leak chemicals into your system.  So, the practice of inserting a device in the body for lifestyle reasons is already out there.

Then you marry in things like 3D printing and intellectual property of designs.  Nano or micro technology is something else on the horizon.  So these are a few of the future risks.  Google any one of those topics and you might be surprised on what you find.

One of the key challenges in communications fraud is the fraudster’s ability to mimic human behaviors to hide their activities.

Well, that takes you back to big data, which tends to establish what normal human behavior is because it creates a profile.  Therefore anyone who can access that data can create similar profiles.  So that is certainly a big issue, especially if you tie that into spoofing the IP address.  Companies look at the IP address as a marker of whether or not to allow a transaction to take place or allow a film to be watched even.  And people are using tools like Hideman to spoof their IP address and put themselves where they would like to appear to be, so that sort of undermines a lot of security.

So the big data world is the wild west.  It is poorly managed as a security platform: In fact, the internet is very badly designed as a security platform: and that creates a whole range of challenges for society.

Writing certain laws could help in telecom fraud.  For instance, if certain countries like the US and the UK had laws requiring PBX manufacturers to open up their APIs for anti-fraud protection, a lot of IRSF fraud would disappear.

One of the problems with the regulatory framework is the best we have are national regulatory frameworks.  We use Westphalian legal frameworks in a globalized market and that is never going to work.

Globalized networks demand a global legal framework.  Nothing else can succeed and it seems it’s going to take 50 years for them to understand that.  So, you can pass as many laws as you want to in America, it’s not going to stop someone in Taiwan doing something, unless their actions have a direct impact on the US.  So, you have got to have universal rules and all nations need to sign up and those who won’t sign up, need to be barred.

And it’s not only for telecoms.  Look at something like malware.  It’s my view that regulators should have said years ago to device manufacturers of mobile devices, laptops, PCs, and other computing devices — you can’t retail anywhere unless you have pre-installed antivirus.  It shouldn’t be down to the consumers to opt in to an anti-virus program.

In fact, the same principle should apply to baseline security levels, social media, and identity validation.  I should at least have the option in Facebook to validate my identity in the same way that I would for online banking services so that I can then apply a filter and say if you haven’t validated your identity on Facebook, I don’t want to be your friend.

That will take away 80% of the fraud right there.  So, I think there are some basic 101 level security controls that regulators just fail to enforce, and companies fail here because they do not exercise sufficient due diligence.

Mark, this is marvelous perspective.  Thank you.  To close, I’d be curious about your methodology when you consult with companies.

Well, the last telecom project we did was an interesting one.  It was a risk assessment.

I think one of the main things a consultant does is to slice through the politics in the sense that you don’t care: you have no axe to grind.  And everybody recognizes that you have no ulterior motives.  You can listen to all the different views, filter them, produce a set of outputs that you think make sense, but you also think is balanced.  Best of all, people will actually read it because you are an external consultant.

A guy in the organization could write and report it ten times better, but no one would read it because he is from a different department.  So, as a consultant you have that advantage.

The key in consultancy is to be a good listener and be careful not to be influenced by the guy who brought you in, because they will always try to influence you.  At the same time, you have to be reasonable, and not too extreme.  But you shouldn’t be afraid to make the recommendations and to point out things that could be improved because you will be listened to — at least the first time, you have got an audience.

They will tend to give you an audience with the senior managers who have funded the project, so there you have the opportunity to get into a room with five, six or maybe ten decision makers — which again the guy down the ladder probably tried to arrange years ago, but never succeeded.  So you have got that 20 or 30-minute period where you are going to really get that key message across to them.

That’s the key thing.  You can effect change by winning hearts and minds in a way that nobody inside the building can do.

Copyright 2015 Black Swan Telecom Journal

 

About the Expert

Mark Johnson

Mark Johnson

Mark Johnson is a former drug enforcement operative and a corporate fraud manager for several major international communications firms, including Ericsson and Cable & Wireless.  He is the author of two books on communications and cyber security, and another two on Second World War history.

Mark now provides training and consultancy for UK Police forces, the UK Home Office, the financial services sector and a number of global compliance and risk training organisations.   Contact Mark via

Related Stories

  • WeDo Offers Fraud Detection via a New Cloud Platform interview with Thomas Steagall — A leading vendor introduces a cloud fraud control solution to serve the low cost, easy-to-deploy-learn-and-support requirements of many new operators, OTTs, and MVNOs.
  • A Herculean Task: Battling Fraud in an Increasingly Complex Comms World interview with Michalis Mavis — A fraud control expert walks through some interesting cases, gives us his advice on FMS software, and offers four key lessons on the path to fraud management excellence.
  • The Early Warning Power of IPRN Test Call Detection in Blocking IRSF Fraud interview with Colin Yates — Detecting the test calls made to International Premium Rate Numbers (IPRN) is helping telcos block IRSF fraud.  An expert explains fraudster methods and the value of IPRN databases.
  • Calculating the Fraud Risks of the Digital Era by Dror Eshet — Digital and mobile technology are an integral part of our daily lives.  Not only is the technology evolving at a frantic rate, but a leading fraud expert explains how fraudsters now team with one another to commit their crimes and magnify the risks to users, companies, and global infrastructure.
  • SIM Box Bypass: The Damage to Developing Nations and the Actions Regulators Must Take interview with Lex Wilkinson — Bypass fraud via the SIM box causes great revenue loss and poses many other dangers, especially in developing nations.  An expert discusses the regulator issues and recommended actions in the fight to control bypass.
  • Nine Simple Strategies for Protecting an Operator or MVNO from Telecom Fraud interview with Jim Bolzenius — An expert in telecom fraud management explains essential strategies for aiming a carrier’s or MVNO’s fraud prevention program in the right direction.
  • A Sweeping 239-Page Research Report on Fraud Management Solutions & Strategies by Dan Baker — TRI has released a comprehensive  analyst report on fraud management solutions.  The study is based on interviews with three dozen leading FM consultants and solution experts.  Download the free Executive Summary.
  • SMS Bypass Blocking: A Service that Protects & Maximizes A2P Revenue for Mobile Operators interview with Claire Cassar — A2P messaging is a multi-billion dollar revenue stream that mobile operators need to protect.  In this interview, you’ll learn how a managed service solution blocks bulk marketing messages and other bypass fraud in enterprise-to-operator SMS traffic.
  • Device Intelligence and Big Data Linkage: Guarding Consumer Access Points from the Fraudsters interview with Matt Ehrlich — Preventing subscription fraud today means supplementing traditional identity checks with a host of new processes, technology, and big data analytics.  A credit and fraud risk expert explains the roles of predictive scores, device risk assessment, and linkage analysis.
  • Mapping the Interconnect Resale Routes of Fraudsters: How a Global Robot Network Detects Voice and SMS Bypass interview with Xavier Lesage — SIM box voice bypass is a persistent problem, but now, bypass is spreading to SMS, OTT apps on the smartphone, and ghost trunks.  This interview explains the fast evolving bypass scene, highlights the strategy of fraudsters, and provides case studies.
  • Law Enforcement & Security in a World Where Industry and National Boundaries are Blurred interview with Mark Johnson — Are we destined to be forever reactive over security, fraud, and risk issues?  Or will we put wise standards, regulations, and frameworks in place that allow us to deliver technology that’s relatively secure and fraud-resistant? 
  • Thinking Outside the Comms Box: A New, Cross Industry Fraud Check Service that Telecoms can Leverage interview with Jim Rice — For decades, telecoms have done fraud and identity checks using comms industry data.  This interview explains the power of using cross-industry data to pinpoint known fraudsters and suspicious individuals in finance, retail, and other industry data sets.
  • Integrated Test Call & CDR Analysis: A New Tool in the Fight Against SIM Box & OTT Bypass Fraud interview with Kenneth Mouton — Why not combine the virtues of FMS CDR analysis and test call generators to create a single integrated tool for bypass fraud control?  The benefits of that idea, a tutorial on test call systems in SIM box detection, and OTT bypass via mobile services like VIBER are all discussed in this interview.
  • White Paper: How to Defend Your Network Against the New SIM Server Threat by Dan Baker — SIM box bypass is a very stubborn fraud problem: fraudsters are succeeding despite carriers‘ best efforts to defeat the fraud.  This white paper explains the impact of SIM Servers as a powerful stealth weapon of the fraudsters.  In turn, the paper discusses new technologies and strategies that can defeat the more sophisticated types of SIM box fraud emerging.
  • Intelligent Routing: The Case for Blocking IRSF Fraud at the SIP Session Border Controller interview with Jim Dalton — A bad fraud event can be a huge loss, especially to OTT players who provide a VoIP service.  In this interview, you’ll learn about an anti-fraud solution that works in concert with  intelligent routing.
  • A Privacy-Enabled Data Exchange that Expands Analytics Uses in Fraud, Credit Risk and Beyond interview with Michelle Wheeler — Analytics data today is managed in a privacy-negligent way.  This interview discusses an ingenious privacy and analytics exchange that allows telecoms, banks, and money lenders to trade fraud, credit risk and other data with each other in complete confidence and control.
  • From Rules Design to Adaptive Learning Systems in Telecom Fraud Control interview with Shankar Palaniandy — Adaptive and behaviorial learning systems are at the forefront of R&D in telecom fraud management systems.  Here an expert developer explains their usefulness in use cases such as IRSF detection, subscription fraud, application fraud, and voice biometrics.
  • Protecting 900+ MVNOs around the Globe from IRSF Fraud Pirates interview with Colin Yates — Telecom fraudsters are seeking a new, more vulnerable path to riches.  Their target: 900+ MVNOs around the globe who generally own no mobile networks, but sell mobile service virtually.  This interview with a fraud control expert explains what steps MVNOs must take to protect themselves from IRSF fraud.
  • Combating SIM Box Fraud: Network Protocol Analysis to the Revenue Rescue interview with Lex Wilkinson — International call bypass is fraud perpetrated through SIM boxes equipped with dozens to hundreds of SIM cards that disguise international calls as local domestic phone calls.  This article give a backgrounder on SIM box detection techniques and talks about a new, rapid-detection technology based on network protocol analysis.
  • Making the Retail Operator Case for Anti-Fraud Protection via Wholesalers interview with Jan Dingenouts — Small retail operators are highly vulnerable to fraud, so enlisting the anti-fraud assistance of wholesalers is a great idea.  This interview explains useful negoiating tactics for retail operators and shows how wholesalers can lend support and grow their business at the same time.
  • A Wholesaler’s Fraud Prevention Creed: If You Lose the Trust, You Lose the Traffic interview with Robert Benlolo — Large wholesalers play a major role in keeping a lid on international telecom fraud.  In this interview, a wholesale voice and fraud management expert explains the role of its vendor systems and multi-threaded internal processes in protecting customers from fraud losses and shady wholesale suppliers.
  • Telecom Fraud & Credit Protection: A Desperate Need in Unbanked Regions of the World interview with Luke Taylor — Mobile money plus related fraud and credit protection are crucial to the prosperity of developing nations where most “unbanked” people live.  This article discusses the special issues of the unbanked market as well as broader revenue protection challenges and opportunities.
  • The Grey Market in Prepaid: Tactics to Combat International Bypass via the SIM Box interview with Ahmad Nadeem Syed — SIM box fraud is one of the toughest revenue threats that telecoms face.  It is the redirection of international calls via the internet to drop illegal VoIP traffic onto mobile networks.  This interview with an expert RA and fraud manager provides a detailed overview of the threat scenario, current SIM box tactics, and some creative ideas for bringing this problem under control.
  • Why Deep Packet Inspection Analysis is Essential for Detecting IP Fraud by Dror Eshet — The IP and mobile broadband revolution is in full swing: time for fraud managers to totally rethink their existing controls and areas of exposure.  In this article, a fraud expert discusses the power of DPI technology and the key impact its analysis is having in an FM world where knowing what’s inside the packets is as important as figuring out where those IP packages are going.
  • Flexibility & Fraud Management Systems: 8 Questions for Luke Taylor of Neural Technologies interview with Luke Taylor — Meeting today’s fraud threats is not just about technology, but also the speed of threat detection, the scanning of data outliers, and being enormously flexible.  A leading fraud management vendor takes a bead on current FM issues and points to where software is headed.
  • What Makes Good Fraud Management Software?  9 Questions for Tal Eisner of cVidya interview with Tal Eisner — How do you know if the fraud management software you own or are considering is a good one?  That’s the starting point of a conversation Black Swan had with a product strategist of a leading FMS vendor.  The article discusses everything from maturity and customer collaboration... to PBX hacking and enabling the FMS to actually enhance the relationship a telco has with its enterprise customers.
  • Fraud Management at Kyivstar in Ukraine interview with Anton Pivala — Kyivstar from Ukraine is a leading mobile operator in both  voice service quality and consumer value.  This case study gives details on Kyivstar’s fraud control program, reveals some of the unique operator challenges faced in Eastern Europe, and explains how Kyivstar is successfully winning the battle against  IRSF and SIMbox fraud.
  • Gratifying Ghana: Why Listening to Operators Trumps Vendor Technology and Size interview with Ludvig Lindqvist — The value of technically excellent software is negated if the solution is not implemented right.  This article makes a strong case that vendors need to focus on first things first — get in full synch with a service provider’s business, capabilities and unique needs before you recommend or implement any software.  Topics discussed include: the benefits of retaining in-house expertise, implementation challenges in Africa, and the meaning of “thorough engagement” with the client.
  • “Fraud Is a Wind that Always Blows” and Other Wisdom From a 28-Year Old Software Firm interview with Gary Beck — Here’s the amazing story of how Beck Computers was pulled out of a Tier 1 account only to be brought back in a few months later.  The article explores software vendor service and support challenges, real-time computing requirements, advanced fraud management functions, and ways to educate management on the value an FMS investment.
  • Fraud & Credit Risk Software: Setting the Client Free to Innovate interview with Luke Taylor — Not every operator wants the freedom to configure its own fraud management solution, but certain providers wouldn‘t live without such a “framework” approach .  This article discusses: the reasons why operator choose this strategy as it covers many other fraud and credit software implementation issues.

Related Articles

  • Stealth Test Calls: A Powerful New Weapon in the Fight to Block SIM Box Bypass interview with Kenneth Mouton — SIM Box bypass is highly challenging interconnect fraud to detect.  An expert explains the benefits of a new hybrid test call and CDR profiling systems.  Also discussed is a major anti-fraud breakthrough: stealth test calls.
  • Telecoms Need to Step Up their Game in Subscription Fraud and Customer Onboarding Control interview with Luke Taylor — Know your customer and subscription fraud systems critical investments for telcos today.  An expert discusses: delivering first-class onboarding controls; selecting risk mitigation priorities; and integrating back end systems.
  • WeDo Offers Fraud Detection via a New Cloud Platform interview with Thomas Steagall — A leading vendor introduces a cloud fraud control solution to serve the low cost, easy-to-deploy-learn-and-support requirements of many new operators, OTTs, and MVNOs.
  • Bypass Fraud Evolves: New Threats from Outgoing SIM Box Bypass & Spikes in CLI-Tampering interview with Philippe Orsini — An overview of explosive fraud threats like outgoing SIM box call dumping and CLI spoofing.  What roles do human experts play and technical platforms in battling SIM box via electronic warfare?
  • A Herculean Task: Battling Fraud in an Increasingly Complex Comms World interview with Michalis Mavis — A fraud control expert walks through some interesting cases, gives us his advice on FMS software, and offers four key lessons on the path to fraud management excellence.
  • The Race to Develop Cross-Industry “Know Your Customer” Biometrics to Verify Identity Remotely interview with Shankar Palaniandy — ground-breaking cross-industry ID verification software. India’s 1 billion-people-strong national identity database could become the model for cross-industry ID verification worldwide.  An expert trialing visual biometrics at several Indian banks explains the latest in Know Your Customer technology.  
  • The Early Warning Power of IPRN Test Call Detection in Blocking IRSF Fraud interview with Colin Yates — Detecting the test calls made to International Premium Rate Numbers (IPRN) is helping telcos block IRSF fraud.  An expert explains fraudster methods and the value of IPRN databases.
  • How Regulators can Lead the Fight Against International Bypass Fraud by Dan Baker — As a regulator in a country infected by SIM box fraud, what can you do to improve the situation?  A white paper explains the steps you can and should you take — at the national government level — to better protect your country’s tax revenue, quality of communications, and national infrastructure.
  • Global Interconnect Specialist iconectiv Ramps up its Fraud & Identity Solutions in Bypass & A2P Messaging interview with Bojan Andelkovic — Today’s IRSF, SIM Box, and SMS A2P frauds call for coordinated and broadly conceived FM programs.  A leading interconnect specialist explains the benefits of its managed services approach.
  • A Real-Time Packet-Based Solution to Detect & Block any Hijacked OTT Call interview with Paul David & Andy Gent — Two veterans of the SIM Box call bypass wars describe a new solution for stopping OTT bypass.  Get vital intel on the call hijacking of VIBER and other OTTs.  Learn why the revenue threat to roaming is as serious as it is to international calls.
  • Calculating the Fraud Risks of the Digital Era by Dror Eshet — Digital and mobile technology are an integral part of our daily lives.  Not only is the technology evolving at a frantic rate, but a leading fraud expert explains how fraudsters now team with one another to commit their crimes and magnify the risks to users, companies, and global infrastructure.
  • SIM Box Bypass: The Damage to Developing Nations and the Actions Regulators Must Take interview with Lex Wilkinson — Bypass fraud via the SIM box causes great revenue loss and poses many other dangers, especially in developing nations.  An expert discusses the regulator issues and recommended actions in the fight to control bypass.
  • Protecting the Roaming Cash Cow: Using a Global Test Network for LTE Deployments & Beyond interview with Florian Leeder — International is a premium service that operators must ensure the roaming business is reliable and optimized.  This article makes the case for a global roaming test service.  It explains the problems operators face in contracting with roaming partners, maintaining quality, and rolling out LTE.
  • Nine Simple Strategies for Protecting an Operator or MVNO from Telecom Fraud interview with Jim Bolzenius — An expert in telecom fraud management explains essential strategies for aiming a carrier’s or MVNO’s fraud prevention program in the right direction.
  • A Sweeping 239-Page Research Report on Fraud Management Solutions & Strategies by Dan Baker — TRI has released a comprehensive  analyst report on fraud management solutions.  The study is based on interviews with three dozen leading FM consultants and solution experts.  Download the free Executive Summary.
  • SMS Bypass Blocking: A Service that Protects & Maximizes A2P Revenue for Mobile Operators interview with Claire Cassar — A2P messaging is a multi-billion dollar revenue stream that mobile operators need to protect.  In this interview, you’ll learn how a managed service solution blocks bulk marketing messages and other bypass fraud in enterprise-to-operator SMS traffic.
  • Device Intelligence and Big Data Linkage: Guarding Consumer Access Points from the Fraudsters interview with Matt Ehrlich — Preventing subscription fraud today means supplementing traditional identity checks with a host of new processes, technology, and big data analytics.  A credit and fraud risk expert explains the roles of predictive scores, device risk assessment, and linkage analysis.
  • Mapping the Interconnect Resale Routes of Fraudsters: How a Global Robot Network Detects Voice and SMS Bypass interview with Xavier Lesage — SIM box voice bypass is a persistent problem, but now, bypass is spreading to SMS, OTT apps on the smartphone, and ghost trunks.  This interview explains the fast evolving bypass scene, highlights the strategy of fraudsters, and provides case studies.
  • Law Enforcement & Security in a World Where Industry and National Boundaries are Blurred interview with Mark Johnson — Are we destined to be forever reactive over security, fraud, and risk issues?  Or will we put wise standards, regulations, and frameworks in place that allow us to deliver technology that’s relatively secure and fraud-resistant? 
  • Thinking Outside the Comms Box: A New, Cross Industry Fraud Check Service that Telecoms can Leverage interview with Jim Rice — For decades, telecoms have done fraud and identity checks using comms industry data.  This interview explains the power of using cross-industry data to pinpoint known fraudsters and suspicious individuals in finance, retail, and other industry data sets.
  • Integrated Test Call & CDR Analysis: A New Tool in the Fight Against SIM Box & OTT Bypass Fraud interview with Kenneth Mouton — Why not combine the virtues of FMS CDR analysis and test call generators to create a single integrated tool for bypass fraud control?  The benefits of that idea, a tutorial on test call systems in SIM box detection, and OTT bypass via mobile services like VIBER are all discussed in this interview.
  • White Paper: How to Defend Your Network Against the New SIM Server Threat by Dan Baker — SIM box bypass is a very stubborn fraud problem: fraudsters are succeeding despite carriers‘ best efforts to defeat the fraud.  This white paper explains the impact of SIM Servers as a powerful stealth weapon of the fraudsters.  In turn, the paper discusses new technologies and strategies that can defeat the more sophisticated types of SIM box fraud emerging.
  • Intelligent Routing: The Case for Blocking IRSF Fraud at the SIP Session Border Controller interview with Jim Dalton — A bad fraud event can be a huge loss, especially to OTT players who provide a VoIP service.  In this interview, you’ll learn about an anti-fraud solution that works in concert with  intelligent routing.
  • A Privacy-Enabled Data Exchange that Expands Analytics Uses in Fraud, Credit Risk and Beyond interview with Michelle Wheeler — Analytics data today is managed in a privacy-negligent way.  This interview discusses an ingenious privacy and analytics exchange that allows telecoms, banks, and money lenders to trade fraud, credit risk and other data with each other in complete confidence and control.
  • From Rules Design to Adaptive Learning Systems in Telecom Fraud Control interview with Shankar Palaniandy — Adaptive and behaviorial learning systems are at the forefront of R&D in telecom fraud management systems.  Here an expert developer explains their usefulness in use cases such as IRSF detection, subscription fraud, application fraud, and voice biometrics.
  • Protecting 900+ MVNOs around the Globe from IRSF Fraud Pirates interview with Colin Yates — Telecom fraudsters are seeking a new, more vulnerable path to riches.  Their target: 900+ MVNOs around the globe who generally own no mobile networks, but sell mobile service virtually.  This interview with a fraud control expert explains what steps MVNOs must take to protect themselves from IRSF fraud.
  • Insider Fraud: How to Create an Anti-Fraud Culture in Your Telecom Organization interview with Mark Yelland — Thirteen years after the WorldCom scandal, experts generally agree that insider fraud remains a massive problem in telecom.  In this article you’ll learn the outlines of building a program to instill an anti-fund culture at your telecoms organization.
  • IRSF Protection: Software that Blocks Telecom Fraud at the Enterprise PBX interview with Roger Ansin — The richest criminal path to International Revenue Share Fraud (IRSF) goes through the enterprise PBX.  Hijacking the PBX has cost businesses and telecoms countless billions of dollars in the past 15 years.  In this interview you’ll learn about this industry challenge and an affordable and proven tool that blocks IRSF at the enterprise.
  • Combating SIM Box Fraud: Network Protocol Analysis to the Revenue Rescue interview with Lex Wilkinson — International call bypass is fraud perpetrated through SIM boxes equipped with dozens to hundreds of SIM cards that disguise international calls as local domestic phone calls.  This article give a backgrounder on SIM box detection techniques and talks about a new, rapid-detection technology based on network protocol analysis.
  • Making the Retail Operator Case for Anti-Fraud Protection via Wholesalers interview with Jan Dingenouts — Small retail operators are highly vulnerable to fraud, so enlisting the anti-fraud assistance of wholesalers is a great idea.  This interview explains useful negoiating tactics for retail operators and shows how wholesalers can lend support and grow their business at the same time.
  • A Wholesaler’s Fraud Prevention Creed: If You Lose the Trust, You Lose the Traffic interview with Robert Benlolo — Large wholesalers play a major role in keeping a lid on international telecom fraud.  In this interview, a wholesale voice and fraud management expert explains the role of its vendor systems and multi-threaded internal processes in protecting customers from fraud losses and shady wholesale suppliers.
  • Telecom Fraud & Credit Protection: A Desperate Need in Unbanked Regions of the World interview with Luke Taylor — Mobile money plus related fraud and credit protection are crucial to the prosperity of developing nations where most “unbanked” people live.  This article discusses the special issues of the unbanked market as well as broader revenue protection challenges and opportunities.
  • The Grey Market in Prepaid: Tactics to Combat International Bypass via the SIM Box interview with Ahmad Nadeem Syed — SIM box fraud is one of the toughest revenue threats that telecoms face.  It is the redirection of international calls via the internet to drop illegal VoIP traffic onto mobile networks.  This interview with an expert RA and fraud manager provides a detailed overview of the threat scenario, current SIM box tactics, and some creative ideas for bringing this problem under control.
  • Why Deep Packet Inspection Analysis is Essential for Detecting IP Fraud by Dror Eshet — The IP and mobile broadband revolution is in full swing: time for fraud managers to totally rethink their existing controls and areas of exposure.  In this article, a fraud expert discusses the power of DPI technology and the key impact its analysis is having in an FM world where knowing what’s inside the packets is as important as figuring out where those IP packages are going.
  • Flexibility & Fraud Management Systems: 8 Questions for Luke Taylor of Neural Technologies interview with Luke Taylor — Meeting today’s fraud threats is not just about technology, but also the speed of threat detection, the scanning of data outliers, and being enormously flexible.  A leading fraud management vendor takes a bead on current FM issues and points to where software is headed.
  • Recruiting Smartphone Users as Partners in Telecom Fraud & Security Control by Tal Eisner — Premium Rate Service (PRS) fraud and spyware on a mobile phone can ruin an operator’s relationship with a  subscriber.  The attacker uses malware to automatically generate phone calls, SMSs and data sessions to high cost (premium) phone numbers.  This article discusses a new crowd sourcing mobile app that addresses the problem and helps operators better manage the threat.
  • Roaming — if Managed Correctly --  Can Be a Spark to Revenues by Brian Silvestri — Major analyst firms are predicting that roaming revenues will almost double in five years.  What’s more, roaming remains at the pivot point of Wireless Carrier strategy.  Drawing lessons from the incredible rise of AT&T’s Digital One Rate Plan, this article points to future challengtes and raises key  questions about how mobile operators will ultimately come to terms with smartphone market profitability, service quality, and data roaming.
  • What Makes Good Fraud Management Software?  9 Questions for Tal Eisner of cVidya interview with Tal Eisner — How do you know if the fraud management software you own or are considering is a good one?  That’s the starting point of a conversation Black Swan had with a product strategist of a leading FMS vendor.  The article discusses everything from maturity and customer collaboration... to PBX hacking and enabling the FMS to actually enhance the relationship a telco has with its enterprise customers.
  • International Revenue Share Fraud: Are We Winning the Battle Against Telecom Pirates? interview with Colin Yates — International Revenue Share Fraud (IRSF) is one of the telecom industry’s most enduring problems.  Yet many of us have only a foggy notion of how IRSF works and how operators around the globe are coping with the issue. This interview covers the bases: the origins of IRSF, typical fraud scenarios, efforts to get international cooperation on the issue, and the future outlook of IRSF.
  • Fraud Management at Kyivstar in Ukraine interview with Anton Pivala — Kyivstar from Ukraine is a leading mobile operator in both  voice service quality and consumer value.  This case study gives details on Kyivstar’s fraud control program, reveals some of the unique operator challenges faced in Eastern Europe, and explains how Kyivstar is successfully winning the battle against  IRSF and SIMbox fraud.
  • Converging Criminal and Technical Intelligence: Secret to Combating the Explosion in Telecom Fraud and Security Threats interview with Mark Johnson — A fraud and security expert gives a big picture talk on why industry convergence is driving the need for a broader “revenue risk intelligence.”  His prescription?  Yes, telecoms surely need to excel in technical  infrastructure such as traffic usage data, IP intrusion appliances, and physical barriers.  But just as important is the need to pair that knowledge with the real-life lessons of fighting criminals in general.
  • Gratifying Ghana: Why Listening to Operators Trumps Vendor Technology and Size interview with Ludvig Lindqvist — The value of technically excellent software is negated if the solution is not implemented right.  This article makes a strong case that vendors need to focus on first things first — get in full synch with a service provider’s business, capabilities and unique needs before you recommend or implement any software.  Topics discussed include: the benefits of retaining in-house expertise, implementation challenges in Africa, and the meaning of “thorough engagement” with the client.
  • Roaming Fraud: The Importance of Real-Time Data Exchange and Analysis interview with James Stewart — The Near Real Time Roaming Data Exchange (NRTRDE) is a GSM standard allowing operators to gain fast access to the roaming records of service providers half way around the world.  The article explains how 65 carriers are using this data to combat fraud through a service bureau.  Learn about the dangers of international roaming fraud and the value a roaming service bureau brings to the table.
  • Is the M2M Device in Your Refrigerator a Telecom Fraud Threat? interview with Simon Collins — Machine to machine (M2M) technology is being applied in hundreds of monitoring apps, such as smart metering and health diagnosis.  It’s even being used to monitor driving patterns tied to auto insurance rates.  But this article shows the serious M2M fraud and security threat that stem from the theft of the SIM/USIM device used in every M2M device.  The article discusses the RA and fraud strategies operators need to employ to manage the risks that will come from wider M2M deployments.
  • “Fraud Is a Wind that Always Blows” and Other Wisdom From a 28-Year Old Software Firm interview with Gary Beck — Here’s the amazing story of how Beck Computers was pulled out of a Tier 1 account only to be brought back in a few months later.  The article explores software vendor service and support challenges, real-time computing requirements, advanced fraud management functions, and ways to educate management on the value an FMS investment.
  • Insider Fraud: Detecting Criminal Activity in the Telecom Sales Process interview with Tal Eisner — One of the biggest problems telecoms now face is fraud done inside their offices, dealer stores and firewalls.  This type of fraud is especially dangerous because it’s performed by people fully authorized to transact for the company.  The story dicusses the major causes of insider fraud, presents a case study, and explains basic techniques that software uses to detect insider fraud.
  • Fraud & Credit Risk Software: Setting the Client Free to Innovate interview with Luke Taylor — Not every operator wants the freedom to configure its own fraud management solution, but certain providers wouldn‘t live without such a “framework” approach .  This article discusses: the reasons why operator choose this strategy as it covers many other fraud and credit software implementation issues.
  • Why Selling to Business Customers Makes You a High Risk Target for Fraud by David West — There’s a saying in the fraud business: “It’s not a question of whether you’ll be hit by fraud — only when, how bad, and from which direction.“  Citing four recent cases where operators were hit by fraud, this article explains why investing in a fraud soluiont — and keeping up-to-date — are so critical.  The article gives several examples of vulnerability points that fraudsters commonly exploit.