At a time when every penny of expenditure has to be signed off in triplicate it is strange to think that mobile operators are losing billions of euros through fraud and leakage but that is what’s happening. Alun Lewis reports on the problems and some ways to counteract them.
The old adage that any chain is only as strong as its weakest link has a particular relevance in mobile communications these days. Making the move towards higher value content and application services may bring with it higher revenues, but it also increases a service provider’s vulnerabilities to fraud and revenue leakage. On top of that, and given the far more complex value chains that are growing out there, any revenue assurance problems that a service provider may have will soon reverberate across that value chain, impacting content providers, mobile commerce merchants and, of course, the paying customer.
While fraud has always been with us — from those now almost nostalgic days of phone phreakers using children’s toy whistles to control the international PSTN during the 1960s — these days it truly has become big business, both for crooks and for those companies seeking to eliminate it. On top of that, the introduction of choice and competition into the telecoms space in the late 1990s brought a far more open and far more complex interconnection environment that was prone to both billing inaccuracies that could add up to millions and to outright fraudulent practice from the telecommunications equivalent of ‘fly by night’ companies
Direct challenge
Taking direct fraud first, much work to combat it is distributed across a number of different bodies such as the international GSMA Fraud Forum and regional bodies such as the Telecommunications UK Fraud Forum (www.tuff.co.uk) and the USA’s Communications Fraud Control Association (www.cfca.org). Many of these organisations reflect particular concerns in different countries, as well as the differences that occur in legislation and approaches to fraud and, for the time being at least, there is little in the way of truly coordinated formal activity between different countries — despite the fact that frauds are increasingly international in focus.
The whole interconnect regime in particular can be vulnerable to both outright fraud, as well as what might more charitably be called ‘creative billing’, as Martin Brown, ceo of Azure, BT’s specialist revenue assurance company, explains, “Revenue assurance is an extremely broad discipline and can cover everything from the efficient management of least cost routing to actual criminal fraud. While telecom-munications fraud has traditionally concentrated on the retail end of things, over the last few years there’s been an increase in companies looking to exploit weaknesses in the intercon-nect environment to make more money than they should.
“For example, a service provider in one country might set up a dialling scheme so that extra digits are added when dialling into another country. The call is received and then trans-ferred — but is billed back at local rates. Similarly, an element of ‘spoofing’ can be invoked so that they’re actually presented to billing systems as being mobile to mobile, for example, when in fact they are mobile to fixed or vice versa and involve a premium charge.
The implications of interconnect are also highlighted by Graham Coffey, wireless solutions manager at Agilent, “While the quality of radio links can lead to a lot of retransmits and longer time on-line, the interconnect regimes behind these services — the GRXs involve a lot more complexity — and vulnerability, especially when roaming is involved.”
The move towards added value and more advanced services also carries direct fraud risks — even in what are known as ‘developing countries’. Azure’s Brown continues, “In many regions in the world, the mobile infrastructure is the only public service that actually works. In South Africa, for example, the lack of ATMs and banks means that many poor people use their phones to transfer money to friends and family and there have been many cases of fraud exploiting this opportunity.”
Pat MaCarthy of ADC believes that we need new approaches to fraud, “Traditional fraud management focuses on detection and action follow up, analysing large electronic data record files and transactions to identify unusual activity. What we need now are fraud provisioning strategies that can identify some of the more common issues in real time and, using ‘Pay Now’ mechanisms, get the user, via their device, to authorise large transactions.”
In many cases however, revenues aren’t being collected because of the inefficiency of the service providers’ own infrastructure. Doug Carr, managing director of mediation company Narus sets out the issues, “It is no secret that many carriers have yet to address the problems of revenue leakage. But even when carriers are aware of the problem, they may well be unaware of its full extent, as fraudulent usage goes undetected.”
This point is echoed by Chris Merrick, wireless director at billing company Convergys, “While most operators have woken up to the importance of revenue services for voice only services, recent figures from Chorleywood Consulting seem incredible given that profitability has been pushed to the top of the operators’ agendas. Chorleywood estimate that operators are currently failing to capture up to 15% of all possible revenues — for an operator with a turnover of £20million, that could add up to an annual loss of £3m (â‚-4.36m). Acquisitions and mergers are a particular headache in this area. In the fixed service environment, for example, UK cable and telecoms operator Telewest inherited 63 switches and 15 billing systems when it acquired or absorbed other licensees. By putting in place a multi-disciplinary team to address revenue assurance they produced additional revenues of UKP3m (â‚-4.36m) per year.”
While these figures are impressive, they in reality reflect the past — and not the future. If the marketeers’ plans come to fruition, we’ll be spending far more on multimedia messaging, content and other entertainment services than we currently do on voice alone. Andrew Rodaway, corporate communications director at Intec raises some interesting caveats, “For a long time now, every year has been going to be the year of revenue assurance. Faced with a variety of challenges, operators now aren’t so much looking to invest in entirely new systems to combat fraud and leakage — what they are doing instead is looking to make far better use of the data that they have available at the moment. It’s important to realise that like many engineering and design problems, there’s a law of diminishing returns on investment,” he says.
Squaring the circle
“When you start adding premium content-based services to the equation, what was a trickle of billing or Quality of Service data can turn into a flood and it can be difficult to correlate and manage this effectively to get meaningful results. Squaring the revenue assurance circle in the 2.5 and 3G world now necessarily involves mediation companies like us interworking with other parts of the value chain, such as media or location-based services servers — which may be owned by entirely separate companies from the mobile operator,” Rodaway concludes.
Before looking at advanced services, we need to establish where we are with current services. Revenue assurance here already has an impact on nascent relationships being formed between operators and content providers. “30% of premium SMS is bad debt,” is the blunt comment of Rob Ellis, MD of iTouch. “The question is who covers this debt? While it is currently met by the operators, they effectively pass it on to content suppliers — bad debt is their argument for keeping out-payments to content partners low. We believe that this is a serious problem, as low out payments are stifling the m-Commerce industry by failing to incentivise content developers to produce compelling content.”
The length and multi-dimensional complexity of this service cycle also create what Frederick Aries, EMEA managing director of Kabira calls ‘pinch points’ in the flow of data — much of which has to be processed in real time to support pre-paid services, “Engineers sometimes get too focused on individual issues when what the ceo wants is an efficient return on investment. When you look at all the problems that can, and do, cause leakage, it’s essential to take as wide a view as possible across the multiple systems involved. Causes, for example, can involve data collection failures, data parsing failures, error log overruns, poor data correlation, time-expired matching, CDR rejections and data source identification errors. Ideally, you need to be able to touch multiple systems at different points if you’re to get a clear view of what’s going wrong and correct it accordingly.”
The other revenue assurance issue closely allied with next generation services involves Quality of Service and how this relates to billing and customer satisfaction. Paul Bassa of Tertio Telecoms says, “Elements of QoS may have been lurking in the revenue assurance toolbox for some time, but when will they really be put to use ? The answer inevitably depends on a combination of evolving technological capabilities and the benefits they could offer users. If a user decides to upgrade from silver to gold service on the spot, will they then be told on completion that they got the service and what the charge was?”
Bill Branagh EMEA vice president of Watchmark believes that there’s a crucial relationship between revenue assurance and QoS, “If you dropped the occasional voice call, the customer might have been unhappy for a short time. Drop an expensive multimedia transaction however and you’ll lose the money as well as the customer’s trust. Unless a mobile service provider is going to waste money over-provisioning, they’ll need to balance QoS and revenues in near real time.”
“Ultimately, revenue assurance in a world of advanced mobile devices and services is going to involve a far closer control of the handset environment,” comments Stephen Artim ceo of device management specialists DoOnGo. “That involves being able to do a lot more to the handset remotely than has previously been possible, in order to block or enable services and updates as the customer relationship changes.”
So, all in all, a longer and potentially more vulnerable chain, but one that has opportunities for everyone involved, but with hopefully smaller chances for crooks to exploit any inherent weaknesses.