small telco or large. everyone!...revenue > usd 100 million ebitda higher than most oss vendors...
TRANSCRIPT
Small Telco or LargeLarge.
Fraud Affects Everyone!
October 6, 2010Fraud Management
Webinar
COMPTEL WEBINAR PROGRAM POWERED BY:
www.subexworld.com
The Speakers
Matt WilkinsonVP of Global On-Demand Solutions at Subex
D l YDale YoungsHead of Fraud Product Development at Subex
2Subex - Proprietary and Confidential
Agenda
Subex at a glance
What is telecommunications fraud?
Wh d d t f d?Why do we need to manage fraud?
How do we manage fraud?
Subex solution … ROCcloud
What are the challenges to managing fraud effectively?
3Subex - Proprietary and Confidential
About Subex
Industry Leadership Financial StrengthIndustry Leadership
Comprehensive OSS/BSS portfolioMarket leader in Business Optimization (2007 & 2008)W ld' N b 1 id f f d t
Financial Strength
Revenue > USD 100 MillionEBITDA higher than most OSS vendors
World's Number 1 provider of fraud management and revenue assurance solutionsMarket leader in service activation solutions
Global Presence
Development centers in India, US, Canada and UKOver 200 customers and 300+ installations across
People
Global workforce with local presenceOver 1,200 Subexians dedicated to technology
70+ countriesCustomers include 36 of world’s top 72 service providers (from Forbes 2009 list)
gyleadership and customer commitment
4Subex - Proprietary and Confidential
Subex Portfolio
S bSubex Product Portfolio
New ProductHosted Environment
5
Product Platformfor Fraud Management
Industry Recognition
Rocware 2.0 Operational Excellence Tech Fast 50 India 2007
Tech Fast 500 APAC 2006
Most Promising TMF Operational
Excellence Award 2003gCompany 2005
Excellence Award 2003Leader of TMF Fraud Management group
Active Contributor to GSMA Fraud Forum
Best Provisioning System
Customer Service
Customer Service Excellence
6Subex - Proprietary and Confidential
Subex Fraud Management Solution: 100+ Operator InstallationspAmericas Europe, Middle East and Africa Asia Pacific
Representative List
7Subex - Proprietary and Confidential
Subex at a glance
What is telecommunications fraud?
Wh d d t f d?Why do we need to manage fraud?
How do we manage fraud?
Subex solution … ROCcloud
What are the challenges to managing fraud effectively?
8Subex - Proprietary and Confidential
Definition of Fraud
The procurement or use of a
telecommunications product ortelecommunications product or
service with intent to avoid payment with
respect to that product or service.
9Subex - Proprietary and Confidential
Types of Fraud and their Impact
The 2009 CFCA* Survey observed the following fraud types and their corresponding losses:
Fraud Loss % of TotalCardholder Not Present
2% Calling
Fraud Loss (in $Billlions)
Fraud TypeFraud Loss
(in $Billlions)% of Total Fraud
Subscription & ID Theft 22.3 29%PBX/ Voice Mail 15.1 20%Premium Rate Service 4.6 6%Hacking 3.2 4%Arbitrage 3 4%
Social Engineering
Theft of Equip2%
Roaming2% Dealer
Pre‐Paid2% Call Sell
2%
2%
Content1% Call Forward
1%Clip‐on1%
SS7 Manipulation
1%
Calling Card0% Cable
0%
Bypass0%
Arbitrage 3 4%Other 2.6 3%Carrier Interconnect 2.5 3%Internet 2.1 3%Internal/Employee 2.1 3%SIM box 2 3%Theft of Service 2 3%
Subscription & ID Theft29%
SIM box3%
Theft of Service3%
Engineering3% Technical
2%2%
Theft of Service 2 3%Social Engineering 2 3%Theft of Equip 1.7 2%Technical 1.6 2%Roaming 1.6 2%Dealer 1.5 2%Pre Paid 1 4 2%
PBX/ Voice Mail20%
Internet3%
Internal/Employee3%
Pre‐Paid 1.4 2%Call Sell 1.4 2%Cardholder Not Present 1.4 2%Content 0.8 1%Call Forward 0.7 1%Clip‐on 0.6 1%SS7M i l ti 0 4 1% Premium Rate Service
Arbitrage4%
Other3%
Carrier Interconnect3%
SS7 Manipulation 0.4 1%Calling Card 0.3 0%Cable 0.2 0%Bypass 0.2 0%
Premium Rate Service6%Hacking
4%
4%
10Subex - Proprietary and Confidential
*CFCA (Communications Fraud Control Association)
Fraud Types
Subscription FraudIdentity theftR i
Content FraudIRSFRoaming
Call Forward / Call BackPayment Fraud
IRSFBad debtBill spreading
Network &Technical FraudPBX / VoicemailSpoofingClip-on
Prepaid FraudSIM Card CloningGateways Clip on
Virus AttacksInterconnect
yBypassIntrusion
Insider & Dealer FraudSystem HackingUnauthorized provisioning of services
IT data theft, ghostingCommissions on fraudulent salesBox SplittingSubsidy Abuse Box Splitting
11Subex - Proprietary and Confidential
Motives for Committing Fraud
To make money – professional fraudsterProfit by selling the airtime to others (call selling)Profit by selling the airtime to others (call selling)A competing business, offering calls at a cheaper price than the network
To save money – casual fraudsterP fit b t i f th i i tiProfit by not paying for their own airtime usageFree / reduced cost communications
For anonymity – criminaly y
For kudos – hacker
To cause loss or damage – vandal
Provision of a public service – Robin Hood!p
12Subex - Proprietary and Confidential
Subex at a glance
What is telecommunications fraud?
Wh d d t f d?
How do we manage fraud?
Why do we need to manage fraud?
Subex solution … ROCcloud
What are the challenges to managing fraud effectively?
13Subex - Proprietary and Confidential
The Impact of Fraud
Direct CostsUncompensated payments to other terminating, interconnect carriers and roaming partnersUncompensated payments to content providersUse of network resourcesUse of resources in Sales, Provisioning, Billing, Collections, Customer Services, etc
Indirect CostsDecreased customer satisfactionN ti bli itNegative publicityReduced credibility amongst partners/investors
14Subex - Proprietary and Confidential
The Size of the Problem?
Fraud loss statistics are staggering:*Approx. 4.5% of annual telecom revenues lost due to fraudEstimated global fraud loss: $72 -$80 billion (USD) annually91% say global fraud losses had increased or stayed the sameThese are only the reported lossesy p
Top 3 Fraud Types:Subscription Fraud and Identity TheftSubscription Fraud and Identity TheftCompromised PBX and Voicemail systemsPremium Rate Service Fraud
These fraud types affect all telcos- large, medium and small
15Subex - Proprietary and Confidential
*All figures from 2009 CFCA Global Fraud Loss Survey
Rationale for implementing a Fraud Management Solutiong
Return on Investment (RoI) Illustration:Assume operator has 100K customers and ARPU $25/monthTurnover ~ $30MSmall Fraud Management Operation without comprehensive FMSIndustry standard figures suggest that ~ $1.35M is lost to fraud
Using typical figures for the number of alarms, percentage of positive alarms & analyst productivity, the expected benefits of employing an effective FMS can be calculated:
200% analyst team productivity improvement due to prioritization of alarms$0.75M reduction in losses due to earlier fraud detection $ 0.7M operating cost saving per year
* Comprehensive RoI evaluation tool is available
16Subex - Proprietary and Confidential
Subex at a glance
What is telecommunications fraud?
Why do we need to manage fraud?
How do we manage fraud?
Why do we need to manage fraud?
Subex solution … ROCcloud
What are the challenges to managing fraud effectively?
17Subex - Proprietary and Confidential
Fraud Management Lifecycle
DetectFlexible rules for known fraud scenarios Behavioral profiles and patterns for existing and new fraudBehavioral profiles and patterns for existing and new fraud typesAnalytical techniques to optimize detection and prioritization of threats
CorrectInvestigation tools to allow rapid fraud determinationCapabilities for rapid response to terminate fraudulent
Fraud Management Approach
Capabilities for rapid response to terminate fraudulent behavior
EnsureCapability to prevent re entry of known fraudsters into theCapability to prevent re-entry of known fraudsters into the network Capability to scale and expand for future service monitoring requirements Flexibility to adapt to manage future threatsBusinesses processes to protect against future attacks
18Subex - Proprietary and Confidential
General Business Process
1. Identify risk
Check subscribers’ credentials during activation phase e.g. subscription fraud and other re-offenders
2. Define usage
controls6. Prevent recurrence Monitor subscribers’ behavior
e g volumes and value
Take steps to prevent re-occurrence pro-active business change and/or Fraud Management changes controls e.g. volumes and value,
destinations, and any other suspicious or abnormal patterns
g ge.g. policy, process, config., system
General Business Process
3. Monitor service usage
5. Take corrective
action
Generate alarms when unusual or suspect behaviour is observed
Take the necessary corrective action to stop any fraudulent or malicious activity e.g. barring, hot-listing, etc.
4. Present and
analyze reports
Present end-users with unified alarms, supporting information and intelligence to permit rapid assessment
Subex - Proprietary and Confidential 19
to permit rapid assessment
Sources of Information
IP P k t S
External Partners
IP Packet ScrapersVirus Scanners and Firewalls
Switches & SS7
Billing &
and Firewalls
Other Fraud Management Mediation
Service Providers
Networks
System Logs
Solution
Content and GGSN Nodes IP Routers
y g
IN Platform
20Subex - Proprietary and Confidential
Case Management
How do we investigate suspect behaviour?Assess alarm details to determine the likelihood of fraud – Look at all of the available informationWho’s doing it e.g. a new customer or an established customer?Wh t i th i P i t l l tWhat services are they using e.g. Premium rate local on-netAre the destination number ranges or services ‘hot’?What is the exposure to the business - What is the outstanding balance on their account?Take action e.g.
Close as non-fraudClose as non fraudCall the customer and ask for paymentPlace an outgoing Premium rate barDisconnect the customer
21Subex - Proprietary and Confidential
Integration within the business
Effective Fraud Management cannot work in isolation. It requires close working relationships across the businessg pA typical example:
Customer Care – contacting or barring customersProduct Development assessing and correcting product and systemProduct Development – assessing and correcting product and system weaknessesFinance & Executive – business reporting and sponsorshipIT s stem s pport and data miningIT – system support and data mining Engineering/Technical – technical investigation supportMarketing/Sales - assessing and correcting product portfolio and policy weaknessesHuman Resources – Managing internal fraud
22Subex - Proprietary and Confidential
Subex at a glance
What is telecommunications fraud?
Wh d d t f d?
How do we manage fraud?
Why do we need to manage fraud?
Subex solution … ROCcloud
What are the challenges to managing fraud effectively?
23Subex - Proprietary and Confidential
Evolving Business Model
24Subex - Proprietary and Confidential
Typical Challenges forSmall and Medium Telcos
Upfront investment in softwareProduct licensesImplementation service feesDedicated infrastructure
Management attention to invest in (what are generally perceived to be)Management attention to invest in (what are generally perceived to be) non-core functionsBandwidth to engage with vendors Absorbing new BSS solutions into existing organization
25Subex - Proprietary and Confidential
…More Challenges forSmall and Medium Telcos
Domain expertise for operating complex systemsPressure on managing with available human resourcesDifficult to justify dedicated resourcesDifficult to stay up to date with domain
Maintenance costsMaintenance costsOngoing support costsProduct enhancementsInfrastructure upgradesInfrastructure upgrades
26Subex - Proprietary and Confidential
Subex at a glance
What is telecommunications fraud?
Wh d d t f d?Why do we need to manage fraud?
How do we manage fraud?
Subex Solution … ROCcloud
What are the challenges to managing fraud effectively?
27Subex - Proprietary and Confidential
Subex ROCcloud Value Proposition
We offer small and medium telcos the ability to identify and prevent the same complex fraud attacks that large telcos are protected against
ROCcloud provides stronger control over your operations with full visibility to your fraud threatsy y
28Subex - Proprietary and Confidential
ROCcloud Fraud Management
Low monthly costsMinimal capital outlay, low subscription feesNo need for dedicated infrastructureNo maintenance
Intuitive & Easy to useSimple user interface built-in tutorials and wizardsSimple user interface, built in tutorials and wizardsSubexLive! online community for direct support
Greater control over revenue and costsGreater control over revenue and costs
Q i k ROI & L I t t th O i ti & F t P f
29
Quick ROI & Low Impact to the Organization & Future Proof
ROCcloud Hosted Environment
ROCcloud Security Details
Compliance and Controls in placeSAS-70 Type II Audit - conducted annuallyComprehensive security controls independently auditedRegular Security Vulnerability ScanningPenetration testing quarterly and before application change rollouts
S it d O ti B t P ti
SAS 70 Type II
Security and Operations Best PracticesIntrusion detection/preventionFIPS-140 compliant data transferWeb UI secured by 128bit SSLWeb UI secured by 128bit SSLPhysical and logical security between platform application tiers Host based security
Local firewalls , active local security monitoring of local processes, constant change monitoroca e a s , ac e oca secu y o o g o oca p ocesses, co s a c a ge o oCentralized loggingComplete service levels with 99.9% uptimeBackups encrypted end-to-end
Request ourwhite paper on
Media is encrypted “at rest” and during network transport
31
p pROCcloud Data Security
How is ROCcloud different?
Implementation
License Model Hosted Custom Model Managed ServicesStandard Industry offerings
I l t ti I l t ti
Fraud
Implementation / Professional
Services(Vendor)
Infrastruct(Telco)
Operation(Telco)rg
e Te
lcos O
peration(Telco)
Infrastruct(Vendor
Operation(Vendor
Support(Vendor
Implementation / Professional
Services(Vendor)
Fraud
Infrastruct(Vendor
Support(Vendor
Implementation / Professional
Services(Vendor)
Fraud
Support(Vendor
ROCcloud Fraud Management Service Features:
Fraud Management
Product
ure
ns
Lar ns ure
) ns)
N L h
t) Fraud Management
Product
ure) t) Fraud
Management Product
t)
ROCcloud Fraud Management Service Features:• Addresses most common fraud threats• Pre-configured user types and detection rules• Rule management capabilitiesed
ium
Practically NO Implementation / Professional
Infr O
New Launch
• User notifications for suspect alarms• Alarm and case management• Robust suite of operational and management reports• All aspects fully configurable and customizableSm
all a
nd M
eTe
lcos
ROCcloud Service
Services
rastructure(Subex)
Operations(Telco)
Support(Subex)
Subex - Proprietary and Confidential 32
All aspects fully configurable and customizableS
Vendor Scope
Telco ScopeLegend :
Selecting a Fraud Management Solution
What to look for in a Fraud Management provider?Company reputationRobust offeringEstablished customer baseSecure and auditable – SAS 70 & ISO 27001
Why a hosted solution?Pre config red for q ick deplo mentPre-configured for quick deploymentFully web-enabled and secureNo setup fees and minimal installation effortEasy to engage / disengage
It is much easier to hold a solution provider accountable to their service levels than it is to manage internal staff that may have
Subex - Proprietary and Confidential 33
service levels, than it is to manage internal staff that may have conflicting priorities
Thank YouThank You
Any Questions?y
COMPTEL WEBINAR PROGRAM POWERED BY:
www.subexworld.com