How to prevent fraud in the Indian telecom industry
Understand the different types of fraud and what you can do to combat them
Amitava Ghosh, Senior Vice President of Reliance Communications
The Indian telecommunications industry is the second-largest and fastest growing in the world. According to a March 2012 Telecom Regulatory Authority of India (TRAI) report, there were more than 919 million wireless subscribers in the country with an annual growth rate of 0.88 percent. During that same time period, annual telecom fraud worldwide was estimated at US$40.1 billion, according to the Communications Fraud Control Association (CFCA) Fraud survey for 2011.
Globally, telecom fraud decreased 33 percent from 2008 to 2011. However, fraud in Indian telecom, as well as other industries, is rising. According to a KPMG Fraud Survey Report from 2010, 75 percent of respondents from all industry sectors believe fraud incidence has increased in India over the past two years, 54 percent feel that fraud is on the rise in their own industry and 45 percent feel that fraud has increased in their own organization.
To prevent fraud, 13 percent of survey respondents said they are using IT controls for fraud detection and 21 percent are using data analytics to detect fraud.
A growing marketplace presents many challenges, including learning how to curb the fraud and abuse that naturally multiply as the market size increases. In this article, I will classify fraud into three main areas and describe different methods for combating fraud for each type. The categories are:
Sales and distribution fraud:
Network and device fraud:
Impersonation fraud or identity duplication is a common entry-level fraud in India. Most customers in India subscribe for service through a retailer. While retailers are required by law to verify the subscriber documentation (CAF), the retailer or a subscriber is able to use the same document repeatedly, sometimes just changing part of the name or address. With each acquisition, the retailer makes a significant commission.
SOLUTION: Use good de-duping software to match the CAF against the subscriber. Telecom companies can then check for multiple connections and, if duplication is discovered, terminate the subscription and withdraw the commission from the retailer. If a history or pattern of fraud is uncovered, offending retailers and subscribers can be blacklisted.
Another prevention method is to check for the reuse of International Mobile Equipment Identity (IMEI) numbers. Since most SIM cards are activated by sending an SMS as part of the activation process, the IMEI number of the handset can be captured by a fraudster. Single handsets used to activate multiple SIM cards within a certain time span can indicate fraudulent activity.
Subscription fraud, another entry-level fraud that is prevalent in India, happens when a retail agent or call center agent attaches a value-added service (VAS ) to an unsuspecting subscriber. For example, a ringtone can be added without the customer's knowledge or permission, resulting in a commission for the agent.
SOLUTION: Check the call detail records (CDR) to determine if a subscription request was made by the subscriber via SMS or by contacting the call center. These kinds of audits should be performed regularly.
Network and device fraud
SOLUTION: Monitor calls to hot-listed international destinations that you know are popular with fraudsters. You should also monitor the length of international calls.
SIM box and interconnect fraud is perpetrated to avoid call charges. A SIM box is a device that maps an international voice over Internet protocol (VoIP) call to a SIM card of the mobile operator on the receiving end of the call. By doing this, the international call appears to the destination operator as a local domestic call rather than an international call, thus cheating that operator out of the international terminating charges, which can be significant. The same technique can be used to make a local out-of-network call appear as if it were in network, resulting in significant revenue losses since out-of-network calls have termination charges.
SOLUTION: Telecom companies should be on the lookout for subscribers who have a very high number of distinct called parties but too few distinct base transceiver stations. Also, look for a series of calls where roaming is very low or nonexistent and watch for international calls with masked domestic numbers.
SIM card cloning fraud involves cloning the SIM cards of unsuspecting subscribers. By cloning the SIM card, the fraudsters have free access to all of the services paid for by legitimate customers.
SOLUTION: Extensive call detail analysis must be done using data analytics techniques. For example, checking for call start overlaps from the same multiple directory number is usually a good indicator once conference calls have been ruled out.
SOLUTION: Monitor the system logs in the HLR for unauthorized access and changes. A service request that corresponds to the conversion must be present. Audits should be performed very frequently to make sure the HLR configuration processes don't have weaknesses that can be exploited.
Suppression of billing call detail records (CDR) fraud involves suppressing the generation of CDRs in the network switch and is usually carried out by a company employee.
SOLUTION: Control and monitor access to configuration switch processes to prohibit unauthorized activities. The revenue assurance team must check for a decline in the number of CDRs generated from a switch based on past history. Any significant drop in the rate should be examined.
Incorrect prepaid billing configuration fraud happens when an employee changes the configuration in the prepaid billing systems called IN (Intelligent Network).
SOLUTION: A separate billing system is used, usually called Mediation, to take unrated CDRs directly from the network switch and rate them by using the same billing configuration. This information should then be matched with the data provided by IN. Any significant differences should be examined for fraud. Normally this is the function of a revenue assurance team.
Analytics is the answer
Fraud connected to prepaid accounts is much easier to commit and harder to combat, since there is very little information on the subscriber, unlike postpaid accounts, where a credit check is usually done. Entry-level fraudulent activities such as subscription and impersonation are very serious since the cost is coming straight from the bottom line in the form of commissions and incentives. All of the Asian and African prepaid telecom markets are affected by each of the frauds mentioned above.
The most important weapon against prepaid fraud is data analytics. At Reliance Communications, we use DataFlux® from SAS to de-dupe subscribers and to check for impersonation fraud; we also use SAS® Analytics to detect subscription fraud. The revenue assurance team ensures that billing and usage records reconcile. We are also implementing a pilot project that will use subscriber history to build profiles and check for anomalies in user calling patterns that would indicate fraudulent behavior.
Bio: As a Senior Vice President at Reliance Communications, Amitava Ghosh implemented a SAS analytic platform for the wireless business. He has many years of experience constructing complex systems in all types of operating systems and a solid background in building scalable, high-performance solutions.
The results illustrated in this article are specific to the particular situations, business models, data input, and computing environments described herein. Each SAS customer’s experience is unique based on business and technical variables and all statements must be considered non-typical. Actual savings, results, and performance characteristics will vary depending on individual customer configurations and conditions. SAS does not guarantee or represent that every customer will achieve similar results. The only warranties for SAS products and services are those that are set forth in the express warranty statements in the written agreement for such products and services. Nothing herein should be construed as constituting an additional warranty. Customers have shared their successes with SAS as part of an agreed-upon contractual exchange or project success summarization following a successful implementation of SAS software. Brand and product names are trademarks of their respective companies.
Copyright © SAS Institute Inc. All Rights Reserved.
The annual telecom fraud worldwide was estimated at US$40.1 billion. Reliance Communications required a solution for preventing fraud.
Reliance Communications used SAS DataFlux® to de-dupe subscribers and to check for impersonation fraud and SAS® Analytics to detect subscription fraud.
“"The most important weapon against prepaid fraud is data analytics."”
Senior Vice President at Reliance Communications