SAS Manages an Analytics Hub of Internal, 3rd Party, and AI Data for Telco-Specific, Holistic Fraud Solutions

Telecom fraud control is no longer the stable, low-profile business function it once was.  Today, several factors are putting the spotlight on it:

• Subscription and onboarding fraud are growing as consumers’ attachment to their mobile phones makes the phone a lightning rod for fraudster attacks — and a key path to enable bank account takeovers;
  
• Toll fraud problems like IRSF and Wangiri remain a major threat, especially as fraudsters modify their schemes to stay below the radar;
  
• Powerful new tools like machine learning and digital identity networks are showing great promise in threat detection, but require smart integration;
  
• The complexity of next generation IoT connectivity and 5G services is inviting new fraud threats;
  
• Carriers are committed to moving a big slice of mobile device sales from retail and call center... to on-line digital ordering, a move which will further expose telecoms to identity spoofing threats; and,
  
• All these forces of change will cause organizational and strategic turmoil as fraud departments adjust to the new realities.
  

Fortunately, there are solution providers and consulting teams who recognize the telecom fraud control crisis and are stepping in to offer their help.  One such company is SAS, the $3.5 billion cross-industry analytics software giant who practically pioneered the field.

And joining us to discuss SAS’ new thrust into the telecom fraud control is Sundeep Tengur, Senior Business Solutions Manager for Fraud and Financial Crimes at SAS.  In our talk, Sundeep delivers: 1) a compelling picture of telecom’s current threats; 2) perspective on the increased importance of subscription and onboarding fraud, 3) interesting parallels to fraud control in banking; and 4) a quick rundown of the unique analytics-driven approach that SAS applies to the telecom fraud problem.

	Dan Baker, Editor, Black Swan Telecom Journal: Sundeep, I’m curious about SAS’ experience and activity in and around the telecom fraud problem.

Sundeep Tengur: Actually, Dan, we are ramping up our investment in the telco industry.  It’s unfortunate that the MWC in Barcelona was cancelled, because we had planned to attend and had many meetings booked.  However, health and safety come first, and we’re now running a webinar campaign instead.  We’re also planning activities with the CFCA.

Today SAS has several global Tier 1 and Tier 2 clients, and we’re delivering value for them in customer onboarding areas: subscription fraud, confirming identity, and dealer fraud.

But now we are expanding our telco coverage to include call traffic fraud, as well, through partnering with key industry players.

What we’re especially good at is data analytics, and we use that expertise to profile customers and applicants for postpaid phones.  We’ve also noticed that fraudsters are migrating from the banking, insurance, and other industries into the telco industry.

In recent history, telco onboarding control was not really on par with what’s done in banking and insurance.  The emphasis on “Know Your Customer” (KYC) was not as strong in telecom.  This is one reason why fraudsters have so far deemed telcos an easier prey.

But telcos now realize they must catch up and are looking for state-of-the-art solutions.

In banking, the fraud professionals have gone through different maturity levels and gradually moved to machine learning, and so on.  Fraud control has leaped forward from traditional rules-based systems to now fully embrace the AI and learning-from-data models.

When I speak to the heads of fraud departments, they realize they are sitting on a gold mine of data, whether it’s CDRs, custom onboarding data, consortia data or demographics data.

They’ve always had this data, but they never had the resources to extract meaning from it.  That’s why SAS is excited about expanding its business in telecom.

Today telecom is using mostly rules-based solutions with a layer of analytics on top.

What differentiates SAS is we attack analytics at the core by segmenting the data, organizing it into clusters, and then adding value by applying predictive modeling and profiling of customers with two key benefits:

• First, we’ve proven through many use cases that we can find more fraud than the traditional rules-based engines have detected.
  
• Secondly, we can reduce operational costs through optimization and by eliminating false alarms.
  

The other feedback I get from fraud departments is they have very limited budgets.  They don’t have teams to investigate like their counterparts in banking and insurance do, so they often don’t have the time to pay attention to all the alerts they should.

For a number of years, especially in markets like the US and UK, they accepted fraud as an unfortunate cost of doing business.  And the idea was to sell more to compensate for the fraud losses.

Though there’s always been an element of KYC, it was very much about getting more customers on the books and accelerating new orders rather than forcing stringent checks on new applicants.  Risk was therefore less important than acquiring new business.  But that hurt the industry, because once a bad guy is on your books, it invites new forms of fraud.

According to the latest CFCA report, subscription fraud is found to be the highest in terms of fraud losses.  However, as telcos transform and digitize their businesses, increasing numbers of customers are being pushed into the on-line channel where the risks of fraud are significantly higher.

For all these reasons, telcos now have a big appetite for fraud solutions and services — and SAS is stepping up to offer its help.

	As you look at the telecom industry, where do you see the primary threats coming from?

We have identified two categories of fraudsters:

• The Lone Wolves (or opportunistic fraudsters) are generally focused on getting their hands on the latest smartphone which they can sell on eBay — or even use themselves.
  
  The latest Apple and Samsung phones retail for over $1,000, so that’s very attractive.  Often, they will ship the phone to a different country, jailbreak the device, and sell it.
  
• The Organized Fraudsters have been pushing a new kind of fraud where they impersonate someone else with a synthetic identity.  With these more sophisticated criminals, the phone hardware is merely the first loss for the telco.
  
  The second thing they do is exploit the airtime on the SIM card.  They will inflate calls using several handsets to call premium rate numbers and commit International Revenue Share Fraud.
  
  This becomes a significant threat, where the subscription fraud becomes the gateway to other fraud — IRSF and Wangiri especially.  So subscription fraud is no longer a siloed issue.

Something else to recognize: old fraud problems don’t really go away.  Sometimes they boomerang back and hit you.  We see cases of legacy frauds re-emerging in telecom:

• Payment fraud risk is similar to what financial services firms experience.  When a fraudster’s application to subscribe for an expensive postpaid iPhone or Samsung is rejected on credit, they will often put down a deposit using a compromised card or opt to pay in full for a prepaid device.
  
  That’s how payments fraud directly impacts the telco industry, because now they are seeing a higher amount of chargebacks.  Telcos incur the loss of the phone itself, plus the payment.  It’s a significant issue for them.
• Dealer or internal fraud is where you have collusion within the telcos or with partners or franchise owners.  And this fraud is responsible for high losses, too.
  
  In the CFCA fraud study, subscription fraud is the top fraud threat, but if you look at fraud methods, we see payments fraud as the number one issue.
  
  A few years back, payments was probably 4th or 5th on the list, but now with everyone pushing their customers online for the mobile channel, it’s easier to perpetrate payments fraud through telcos, as well.

	How does SAS attack the identity problem in subscription fraud?

Verifying an applicant’s ‘identity’ is really the pre-cursor to any subscription fraud check.

To mitigate this threat, SAS has developed a new identity analytics offering for identity verification.  We acquire data from third parties which can include credit bureau data, device reputation, behavioral patterns, etc.  Now collecting that data is nothing new.  Banks and telecoms have always done that by requesting credit bureau info on a person.

Our new offering adds value two ways: 1) we can predict the risk based on the customer application data as someone signs up for a phone, and 2) we can automatically define which third party to call for more intelligence.

Obviously, when the telco makes those calls to service bureaus, there’s a significant cost incurred.  Great value can be gained by optimizing that process: deciding when to call which provider.  In this way, we streamline the costs and apply smarter decisions.

Throughout telecom, subscription and identity fraud has become a high-profile issue.  We speak to many banks and see lots of similarities — and opportunities to cross-pollinate business practices.  It’s clear that in the fraud arena, telcos and banks are learning from each other.

	I recently interviewed LexisNexis Risk Solutions who is a SAS partner.  How does your identity approach differ?

There’s definitely some overlap between SAS and LexisNexis.  But where SAS really adds value is in operationalizing analytics — helping telcos expand their culture of analytics within their fraud operations.

SAS is the hub that ingests all this data, from third parties and from the telcos themselves.  We work with telcos to define their risk appetite, define their resource constraints, and so on.  We then help apply the right scoring criteria, the right models, and the optimal workflows to deliver actionable value.

That level of customization is what makes a big difference to our customers.  Yes, you could get something that works off the shelf or works well for a certain set of telcos.  But they will have to compromise and adjust to a generic system, potentially causing operational pain and requiring additional resources to manage the change.

SAS tackles the problem the other way around, because we are flexible in the way we do things.  We are data agnostic and embrace the use of open source and third-party data.  Our approach is to wrap ourselves around the customer’s requirements and processes rather than imposing a rigid off-the-shelf solution.

	SAS brands itself as an Analytics Software and Solutions provider.  But at least in the fraud control space, you’re approaching the market more as a systems integrator rather than a software provider.

We certainly favor a consultative approach, Dan.  Software solutions are fading, because what banking and telcos want are answers to their business problems.  In discussing the tools they are actually using — whether cloud or on-premise — what really matters to them is, how are you solving my business problem?

How are you stopping my fraud issue while at the same time reducing customer friction — and optimizing my customer retention?

To do that, they need to have the right open ecosystem that can adapt.  Most importantly it must be a system that ages well with time.  I’ve worked for big companies before, and the issue with software is you always had to have someone to tune the system continually.  That meant hiring professional services every couple of months or maybe twice a year.  In the end, the cost of ownership was much higher.

Where you get better value is when — from the outset — you apply things like machine learning and the system matures as the threat landscape changes.  Being able to adjust means SAS will keep pace with the customer’s changing requirements.

Now having said that, SAS always applies a level of oversight.  We still do the annual reviews.  And what machine learning is very good at is learning from what you’ve seen before — from your history of threats.

What it might not catch are the new types of fraud.  If you, as a telco, have never seen SIM swap fraud, then your ML model will not perform accurately when responding to this new threat.

And that’s where complementary rules come into play — and that’s why we as industry consultants have periodic meetings and workshops with our clients.  We share best practices and keep them ahead of the curve on forward-looking threats.

	How does the DevOps trend impact what you do for telecom clients?

Certainly there are some carriers who have an appetite for DIY — Do-It-Yourself systems.

We are talking right now with one of the largest operators about a global solution for all the opcos in America, Europe and so on.

They told us, “We don’t want an off-the-shelf solution.  We want a solution ecosystem like SAS, with its machine learning capabilities and flexible tools, but we want to apply our own logic on top of that.”

The idea is they apply their own IP on top of our toolkits.  And that’s a unique one.  They believe they are so big that they have best-in-class IP, and that’s how they will differentiate themselves.

	What distinguishes SAS’ solutions?  In what areas do you typically help telco clients tackle their fraud problems?

There are four key areas where SAS works, and the first area is something that’s plagued the industry for quite some time.

• Getting value from data silos — Many telcos are looking to greater exploit the big data they’ve always had, though they have only rarely gotten optimal value from that data.  So we are really focused on that as a starting point.
  
  In fact, about 30% of our effort when we deliver a solution has nothing to do with finding fraud.  It’s really around data wrangling: bringing it together, transforming it, enriching it, extending it, and deriving meaning from it.
• Gaining a holistic view of fraud threats — For some clients, the dream is not only about stopping one particular type of fraud.
  
  A holistic view of fraud threats is necessary because fraudsters evolve.  For example, payments was a receding fraud issue, but it’s now coming back, because fraud threats come in cycles.  It’s a bit like a balloon: you squeeze on one side, and the balloon bulges out on the other side.
  
  If your solution only looks at Wangiri or IRSF, you might be covered while fraudsters are exploiting that fraud, but if they move onto something different, then your solution will not stop the new fraud.
• End-to-end consulting and professional services — One of the key benefits SAS brings to the table is our end-to-end coverage.  We cover the full spectrum, from raw data to machine learning, to case management and reporting, to business intelligence.  And our customers also benefit from our industry expertise throughout the journey.
  
  Telco fraud managers often don’t have a good feel for the severity of their fraud challenges compared to the industry.  They’re unsure where to start to tackle key problems.  Which portfolio I should look at?  What type of fraud is hitting me?
  
  To gain insights, they typically go to IT and only get reports weeks or months later.  That lack of clarity and lag time are incredibly detrimental.  They critically need a solution that not only stops fraud but also provides insight on where the risks are coming from and enables them to deploy preventative measures.
• Filling the gaps in current solutions — Often telcos have something in place, but they might not have the budget, appetite, or resources to go for a full end-to-end SAS solution.
  
  We therefore also deliver tactical value by complementing what they already have.  Or we fill in the gaps.  For example, they might have a customer onboarding solution, but it might be missing the identity verification element.  Because we have a very modular platform, it’s easy for us to slot in components in the right place.
  
  The modular approach also appeals to the smaller tier 2 telcos that might not have the budget or requirements for a full-fledged solution.

Click the image above to be taken to a larger scale image

	You mentioned that SAS uses AI and machine learning.  What’s your position on these new tools?

SAS is making tremendous investments in AI.  Our perspective is that AI is not an end state, it’s a journey.  You can’t achieve AI by flipping a switch.  You must have the right data.  You also need the right analytic maturity in your organization to operationalize AI.

In the past, artificial intelligence often was perceived more as a buzzword — a surge of hype coming in and promising to change the world.  What the industry is coming to realize is that the focus should be less about what you do and more about how you do it.  There’s more concentration on things like model governance, exploitability and how to effectively operationalize AI models into business workstreams.

The heads of risk at telcos are learning that to make AI effective they need to have the right building blocks in place.  Part of my role is to help educate them on where to start and deliver incremental steps.  It might be doing some internal analysis, then following up with unsupervised learning, then overlay some network analytics on top.

It’s a question of what the telco wants to achieve in the business.  What types of risk do they want to mitigate?

In the past, I would say there was a lot of focus on neural networks and on other individual techniques.  For me, these are great tools, but in isolation, they don’t solve the business problem.

Now we’re seeing a shift from process-driven initiatives to more value-driven initiatives.  It’s more about being pragmatic about the business problems you aim to solve.

	Sundeep, thank for you this great discussion.  We covered a lot of interesting ground and I learned a lot.  It’s exciting to hear that SAS is stepping up its investment in telecom fraud protection.

Thanks, Dan.  There’s a lot at stake for telcos in getting their onboarding process right.

Offering a $1,000 mobile phone on a two-year contract and seeing the phone stolen is a pretty substantial financial hit.  Plus, the steps to stop fraud can cause unintended friction and have a negative impact on telco customers.

It’s not just about the immediate financial loss.  Considerable damage can also be done to a telco’s brand and reputation.

In the past, fraud managers were really focused on preventing financial losses, but today it’s that plus brand reputation, customer satisfaction, and growing new business.

For instance, I recently spoke to a head of fraud at a large telco in Europe and one of his KPIs beyond stopping fraud was ensuring they were bringing the right customers onboard.

So, there’s a great need to solve the onboarding problem in the right manner — and get the strategy right.  And we’re uniquely experienced to deliver end-to-end solutions which meet all these new business requirements as opposed to merely preventing fraud.