Yet roaming fraud is a special case. With roaming, the call data is collected by the visited location operator – in some countries this might still be another domestic operator, but often it can be a telecom service provider located half way around the world. And normally you wouldn’t get access to the CDRs for those roaming calls until your data arrives days or weeks later. The time it takes for those CDRs to arrive becomes a convenient window of opportunity for organized crime.
Fortunately, a few years ago, the GSMA recognized this problem and recommended a standard called NRTRDE (Near Real Time Roaming Data Exchange). NRTRDE provides guidelines so that for every roaming call made, an extract of the call record gets sent back to the home network within four hours – usually much faster. And in this way, the home network will see the call data and get a chance to analyze it quickly.
Well, a few weeks ago, I spoke to James Stewart, who contributed significantly to the creation of the NRTRDE standard, and who is also Fraud Product Manager at MACH, the global provider of hub-based mobile communication clearing and settlement solutions headquartered in Luxembourg. In the interview that follows, James gives insights on the many challenges of the roaming fraud arena.
Dan Baker: James, in brief, how does your service bureau work?
MACH's James StewartJames Stewart: Dan, it’s one thing to collect NRTRDE data and quite another to exploit that valuable data on a worldwide scale. That’s what we do at MACH. We quickly analyze the data for suspicious characteristics, profiles and behaviors. And because we have 65 percent of the roaming fraud protection market – that is, more than 65 percent of operators around the world use our real-time managed fraud protection service, with more than 400 customers using our NRTRDE service – we have unique intelligence on what’s happening across the globe. In fact, we figure our client base represents well over half of all the mobile operators who have a robust NRTRDE-based capability.
Just like the operators themselves, we have our own fraud analysts with operational experience. And we have fraud management systems that analyze the data as it comes in and provide our customers with fraud alerts.
In Europe, we have been working with a tier 1 operator customer who is very enthusiastic about what we do. And they regard us, if you like, as a second lock on the door. They already have a fraud department of their own as well as fraud analysis systems, but they like the idea of having someone else look at the problem from a different perspective. An operator will know its own environment and its subscribers very well, but gaining a global view of what is happening elsewhere is an important dimension to understand.
DB: How good are operators at detecting roaming fraud themselves?
JS: Well, regardless of whether they outsource roaming fraud detection to MACH or not, operators all over the world have to adopt NRTRDE to get data back to the home network quickly for analysis.
The problem with operators doing it themselves is they don't necessarily know much about the country or the location their subscribers are roaming into. If you are an operator in North America, you don't necessarily know what kinds of fraud are being perpetrated in the Philippines. So, when your subscribers are roaming in the Philippines, are you in a good position to be able to say what's happening there?
To be good at detection, you need to have a micro-view of a particular market and understand the nature of fraud that has previously occurred, say, in the Philippines. That sort of intelligence is not available to you at a macro level view.
DB: What are some of the difficulties in roaming fraud that individual operators would have a hard time analyzing themselves?
JS: Well first of all, roaming fraud can be very well-organized, involving groups of fraudsters working across international boundaries and at different points in the traffic chain. Suppose you made a call to America and it was directed to a specific location on a Pacific Island, but the number on that Pacific Island doesn’t exist as it was sold off to a totally different location and turned into a premium rate service. Now, ask yourself: How am I going to investigate that? What police force can you call to check on that, especially if it’s viewed as an isolated problem?
So, the operators need to build a case for themselves by putting a lot of data together so they can approach security agencies with something substantial.
And this is a case where it’s good to know someone who has a global picture and collective memory, because a technique that works in one country can be cut off and reappear someplace else. So recognizing the pattern is key to contacting the security authorities and blocking the fraud over the long term. Many times the operator knows it’s been hit with fraud and the bills aren’t getting paid, but they need a speedy response to minimize losses.
DB: What’s your take on the future of roaming fraud? Is the problem getting worse or is it coming under control? And how are smartphones affecting this picture?
JS: It is hard to say whether it is growing or shrinking. But I can say with certainty that it is evolving and the threat is constantly changing. Some operators see an increase in roaming fraud but others who are smarter at this skill set are seeing a decline. So, it’s like a balloon: You squeeze one part and it pops out in another part.
In terms of smartphones, mobile broadband is very important with regards to things like bill shock. So, bill-shock prevention is another side of what we do. For example, we are able to monitor data usage and alert the operators and their subscribers directly if that is how the operators wish us to respond.
DB: Beside your strong expertise in roaming fraud, I understand you’re now becoming a wider provider of domestic fraud services, not just roaming fraud.
JS: Yes, we have just acquired a German company called Optel Informatik, which means that we have broadened our offering to a full revenue protection solution – including domestic and international fraud management, revenue assurance and data retention.
Optel is a specialist provider of fraud management and revenue assurance solutions and the deal brings its real-time, high-volume data analytics, into the MACH product portfolio. This complements our existing SaaS-based portfolio well.
So we are not just limiting ourselves to roaming fraud anymore. We can now provide any kind of fraud detection for clients. So, if an operator is interested in outsourcing fraud services, we offer that as a managed service or as SaaS. That‘s attractive especially for small operators who find it hard to justify the investment in the software and the staffing required.
So our service would include fraud detection at a national/domestic level, and at a roaming level, as well as local fraud detection. So with feeds from an operator’s billing, CRM, IN, HLR etc … we can actually replace the need for an operator to have to maintain their own local fraud management system.