Email a colleague    

September 2011

Roaming Fraud: The Importance of Real-Time Data Exchange and Analysis

Roaming Fraud: The Importance of Real-Time Data Exchange and Analysis

Timeliness is crucial to minimizing the damage from telecom fraud.  It’s why so many operators speed their billing mediation data direct to their fraud systems as soon as they receive it at the switch.

Yet roaming fraud is a special case.  With roaming, the call data is collected by the visited location operator — in some countries this might still be another domestic operator, but often it can be a telecom service provider located half way around the world.  And normally you wouldn’t get access to the CDRs for those roaming calls until your data arrives days or weeks later.  The time it takes for those CDRs to arrive becomes a convenient window of opportunity for organized crime.

Fortunately, a few years ago, the GSMA recognized this problem and recommended a standard called NRTRDE (Near Real Time Roaming Data Exchange).  NRTRDE provides guidelines so that for every roaming call made, an extract of the call record gets sent back to the home network within four hours — usually much faster.  And in this way, the home network will see the call data and get a chance to analyze it quickly.

For this article, we spoke to James Stewart, who contributed significantly to the creation of the NRTRDE standard, and who is also Fraud Product Manager at MACH, the global provider of hub-based mobile communication clearing and settlement solutions headquartered in Luxembourg.  In the interview that follows, James gives insights on the many challenges of the roaming fraud arena.

Dan Baker: James, in brief, how does your service bureau work?

James Stewart: Dan, it’s one thing to collect NRTRDE data and quite another to exploit that valuable data on a worldwide scale.  That’s what we do at MACH.  We quickly analyze the data for suspicious characteristics, profiles and behaviors.  And because we have 65 percent of the roaming fraud protection market — that is, more than 65 percent of operators around the world use our real-time managed fraud protection service, with more than 400 customers using our NRTRDE service — we have unique intelligence on what’s happening across the globe.  In fact, we figure our client base represents well over half of all the mobile operators who have a robust NRTRDE-based capability.

Just like the operators themselves, we have our own fraud analysts with operational experience.  And we have fraud management systems that analyze the data as it comes in and provide our customers with fraud alerts.

In Europe, we have been working with a tier 1 operator customer who is very enthusiastic about what we do.  And they regard us, if you like, as a second lock on the door.  They already have a fraud department of their own as well as fraud analysis systems, but they like the idea of having someone else look at the problem from a different perspective.  An operator will know its own environment and its subscribers very well, but gaining a global view of what is happening elsewhere is an important dimension to understand.

How good are operators at detecting roaming fraud themselves?

Well, regardless of whether they outsource roaming fraud detection to MACH or not, operators all over the world have to adopt NRTRDE to get data back to the home network quickly for analysis.

The problem with operators doing it themselves is they don‘t necessarily know much about the country or the location their subscribers are roaming into.  If you are an operator in North America, you don’t necessarily know what kinds of fraud are being perpetrated in the Philippines.  So, when your subscribers are roaming in the Philippines, are you in a good position to be able to say what’s happening there?

To be good at detection, you need to have a micro-view of a particular market and understand the nature of fraud that has previously occurred, say, in the Philippines.  That sort of intelligence is not available to you at a macro level view.

What are some of the difficulties in roaming fraud that individual operators would have a hard time analyzing themselves?

Well first of all, roaming fraud can be very well-organized, involving groups of fraudsters working across international boundaries and at different points in the traffic chain.  Suppose you made a call to America and it was directed to a specific location on a Pacific Island, but the number on that Pacific Island doesn’t exist as it was sold off to a totally different location and turned into a premium rate service.  Now, ask yourself: How am I going to investigate that?  What police force can you call to check on that, especially if it’s viewed as an isolated problem?

So, the operators need to build a case for themselves by putting a lot of data together so they can approach security agencies with something substantial.

And this is a case where it’s good to know someone who has a global picture and collective memory, because a technique that works in one country can be cut off and reappear someplace else.  So recognizing the pattern is key to contacting the security authorities and blocking the fraud over the long term.  Many times the operator knows it’s been hit with fraud and the bills aren’t getting paid, but they need a speedy response to minimize losses.

What’s your take on the future of roaming fraud?  Is the problem getting worse or is it coming under control?  And how are smartphones affecting this picture?

It is hard to say whether it is growing or shrinking.  But I can say with certainty that it is evolving and the threat is constantly changing.  Some operators see an increase in roaming fraud but others who are smarter at this skill set are seeing a decline.  So, it’s like a balloon: You squeeze one part and it pops out in another part.

In terms of smartphones, mobile broadband is very important with regards to things like bill shock.  So, bill-shock prevention is another side of what we do.  For example, we are able to monitor data usage and alert the operators and their subscribers directly if that is how the operators wish us to respond.

Beside your strong expertise in roaming fraud, I understand you’re now becoming a wider provider of domestic fraud services, not just roaming fraud.

Yes, we have just acquired a German company called Optel Informatik, which means that we have broadened our offering to a full revenue protection solution — including domestic and international fraud management, revenue assurance and data retention.

Optel is a specialist provider of fraud management and revenue assurance solutions and the deal brings its real-time, high-volume data analytics, into the MACH product portfolio.  This complements our existing SaaS-based portfolio well.

So we are not just limiting ourselves to roaming fraud anymore.  We can now provide any kind of fraud detection for clients.  So, if an operator is interested in outsourcing fraud services, we offer that as a managed service or as SaaS.  That‘s attractive especially for small operators who find it hard to justify the investment in the software and the staffing required.

So our service would include fraud detection at a national/domestic level, and at a roaming level, as well as local fraud detection.  So with feeds from an operator’s billing, CRM, IN, HLR etc � we can actually replace the need for an operator to have to maintain their own local fraud management system.

This article first appeared in Billing and OSS World.

Copyright 2011 Black Swan Telecom Journal

James Stewart

James Stewart

James Stewart joined Syniverse in 2008 and brings more than 25 years of experience in the mobile industry, with a particular specialization in fraud prevention.  In addition to being Director for Product Management at Syniverse, he serves as the Chairman of the GSMA’s Roaming and Interconnect Fraud and Security Subgroup.

Before joining Syniverse, James was a Client Partner at Fair Isaac, in its telecoms division.  It was during his tenure with Fair Isaac that he became directly involved in the creation of the near-real-time roaming data exchange (NRTRDE).  Prior to his position at Fair Isaac, James worked at Neural Technologies and Cerebrus Solutions, and specialized in fraud and risk management.

Previously, he was with Nortel Networks, where he spent 10 years working in Nortel’s e-business group to help operators overcome revenue assurance challenges.  He holds a Bachelor of Science in electronics and electrical engineering from Brunel University in the U.K.

Black Swan Solution Guides & Papers

cSwans of a Feather

  • Deep Fraud Investigations: Mavenir and the Role of Machine Learning in IRSF Control interview with Ilia Abramov & Marie Casey — Machine Learning-based fraud protection promises an answer to blocking fraud with precision, especially in roaming and nextgen mobile networks.  An ML champion discusses unusual and interesting fraud schemes uncovered by deep investigations.
  • Safety in Numbers and NRTRDE: Syniverse’s Strategy to Constantly Enrich Its Mobile Fraud Intelligence interview with James Stewart — A discussion on NRTRDE, the Near Real Time Roaming Data Exchange, the complexity of the roaming settlement process, and the fraud challenges mobile operators face as their subscribers roam.
  • Global Interconnect Specialist iconectiv Ramps up its Fraud & Identity Solutions in Bypass & A2P Messaging interview with Bojan Andelkovic — Today’s IRSF, SIM Box, and SMS A2P frauds call for coordinated and broadly conceived FM programs.  A leading interconnect specialist explains the benefits of its managed services approach.
  • A Real-Time Packet-Based Solution to Detect & Block any Hijacked OTT Call interview with Paul David & Andy Gent — Two veterans of the SIM Box call bypass wars describe a new solution for stopping OTT bypass.  Get vital intel on the call hijacking of VIBER and other OTTs.  Learn why the revenue threat to roaming is as serious as it is to international calls.
  • Protecting the Roaming Cash Cow: Using a Global Test Network for LTE Deployments & Beyond interview with Florian Leeder — International is a premium service that operators must ensure the roaming business is reliable and optimized.  This article makes the case for a global roaming test service.  It explains the problems operators face in contracting with roaming partners, maintaining quality, and rolling out LTE.
  • Recruiting Smartphone Users as Partners in Telecom Fraud & Security Control by Tal Eisner — Premium Rate Service (PRS) fraud and spyware on a mobile phone can ruin an operator’s relationship with a  subscriber.  The attacker uses malware to automatically generate phone calls, SMSs and data sessions to high cost (premium) phone numbers.  This article discusses a new crowd sourcing mobile app that addresses the problem and helps operators better manage the threat.
  • Roaming — if Managed Correctly --  Can Be a Spark to Revenues by Brian Silvestri — Major analyst firms are predicting that roaming revenues will almost double in five years.  What’s more, roaming remains at the pivot point of Wireless Carrier strategy.  Drawing lessons from the incredible rise of AT&T’s Digital One Rate Plan, this article points to future challengtes and raises key  questions about how mobile operators will ultimately come to terms with smartphone market profitability, service quality, and data roaming.
  • International Revenue Share Fraud: Are We Winning the Battle Against Telecom Pirates? interview with Colin Yates — International Revenue Share Fraud (IRSF) is one of the telecom industry’s most enduring problems.  Yet many of us have only a foggy notion of how IRSF works and how operators around the globe are coping with the issue. This interview covers the bases: the origins of IRSF, typical fraud scenarios, efforts to get international cooperation on the issue, and the future outlook of IRSF.
  • Roaming Fraud: The Importance of Real-Time Data Exchange and Analysis interview with James Stewart — The Near Real Time Roaming Data Exchange (NRTRDE) is a GSM standard allowing operators to gain fast access to the roaming records of service providers half way around the world.  The article explains how 65 carriers are using this data to combat fraud through a service bureau.  Learn about the dangers of international roaming fraud and the value a roaming service bureau brings to the table.

Related Articles