Fraud Management System.

Kapsch CarrierCom
EN
Fraud Management System.
always one step ahead
Fraud detection, analysis and decision
support application environment for mobile
telecommunications service providers.
With fraud perpetrators becoming more sophisticated both in their techniques and their tools, fraud is an
increasing problem. Telecommunications service providers are currently second only to banks in losing money
through fraud, and experience shows that if no effective anti-fraud control exists, sooner or later an operator will
be hit by a major fraud problem. So as the number of subscribers, distribution channels, and enhanced services
grow, and more complex tariff structures are put in place, an effective fraud management system is now essential
to minimize losses. Investments in an integrated fraud management system pay off quickly even for operators of
small networks.
Kapsch CarrierCom Fraud Management System has been on the market since 1999, and is successfully used in
several GSM operator installations in Croatia, Slovenia and Austria. It serves as an assistant to fraud
management personnel, can detect and analyze potential problems and recommends counteractions.
Main advantages of the Kapsch CarrierCom Fraud Management System:
The product consists of a simple core with a rich set of the most common detection methods
n
The flexible architecture allows new features to be custom made to perfectly suit operator needs
n
n
Rapid application development model guarantees any new features are marketed quickly
n
Real-time detection enables quick reaction minimizing revenue leakage leading to a rapid return on investment
n
The scalability of the product enables it to fit the size of any customer
Main Features of Kapsch CarrierCom Fraud Management System.
Data Collection and Rating
The basic source of data for Kapsch CarrierCom Fraud Management
System are raw CDR files collected by the mediation device and TAP
files received from roaming partners. The advantage of this is that
the number of participants is reduced, compared with using CDR-s
from gateways, converters and billing systems. Other relevant data
(tariff models, SDR exchange rate, number of contracts etc.) is
obtained from the billing system using an on-line interface or entered
manually through administration modules. Other sources of
information are also used if applicable, e.g. IN platform for prepaid
fraud detection etc.
Kapsch CarrierCom Fraud Management System uses its own
module for CDR pre-rating, taking into consideration all relevant
information from the billing system (tariff model, discounts etc.)
Work Lists and Scoring
Fraud Management System creates a set of cases of suspected
fraudulent activity that must be reviewed by fraud analysts. An
analyst has a personal work list, containing fraud events that become
invisible to other fraud analysts that they review.
Fraud cases are managed by a unique identifier of a person or
company, and not only by MSISDN (Contract ID) or Customer ID
from the billing system, as one person or company can have multiple
subscriptions.
Scoring parameters and other parameters relevant to the fraud
management system can be modified at the individual customer
level, a customer group level or for the whole system.
Reporting
The reporting subsystem of Kapsch CarrierCom Fraud Management
System generates many different reports that can be used by the
administrator or management. These include:
n
Working reports: reports about fraud analyst cases including
number of cases processed in a time interval, actions performed
by fraud analysts, time spent on cases by fraud analysts etc.
n
Error reports about the eventual anomalies or faults in the system
or interfaces.
n
Performance report about the system performance and
throughput: number of CDR records processed in a period of time,
average number of CDR records processed, resource monitor and
disk usage report.
n
Fraud alarms report includes: number of occurrences of each
alarm defined in the system, number of alarms assigned to each
fraud analyst etc.
n
Fraud cases report: number of cases in the system, number of
cases depending on their status in the system etc.
NRTRDE (Near Real Time Roaming Data Exchange) Extension
The NRTRDE extension to Kapsch CarrierCom Fraud Management System implements a
method for fast detection of possible usage fraud in a foreign GSM network and transfers that
information, together with call details information, to the home network as soon as it is
detected.
Kapsch CarrierCom Fraud Management System supports the exchange of relevant fraud
information with other fraud management systems using the NRTRDE standard protocol
specified by the GSM Association.
Fraud Alarms
The alarms generated by the system can be divided into five categories:
a) List driven alarms
n
Black lists
n
Suspicious IMEI or IMSI list
n
Premium rate service numbers
Fraud Alarms
n
Suspicious A or B numbers
n
Suspicious countries list
List driven alarms
b) Threshold alarms
n
Usage threshold exceeded alarms
n
Low usage alarms
Threshold alarms
Customer profile
change alarms
c) Customer profile change alarms
Pre-paid
fraud alarms
d) Pre-paid fraud alarms
Other alarms
n
Too high account balance
n
Too many uncharged calls
n
Too big negative balance
n
Too many refunded SMS-s
n
Recharge attempt, stolen voucher
n
Too many recharges
n
High amount recharged
n
High amount assigned
n
M-commerce incorrect charge
n
Customer using fraudster's IMEI
n
Call after expiration date
n
Free SMS
n
Calls to PRS numbers
n
Calls to risk destinations
e) Other alarms
n
Overlapping calls
n
Velocity alarms
n
Cloning alarms
n
Manual entry of a fax received from roaming partner
n
SS7 signaling (e.g. number of tokens)
Architecture in overview.
The number of interfaces to other systems
in each operator implementation depends
NR
on the availability of these interfaces, but
in general the following interfaces are
TR
D
E
Administrator
Fraud Management System
CDR
Data Feeds
Decoder
Preprocessor
Pre-rating
Rating Tables
always present in the Fraud Management
System:
Database
Loader
Mediation
Network
Elements
Billing System
n
Different sources of CDR data (CDR,
Rated Records
Subscriber Data
TAP, GPRS, UMTS, MMS …)
CRM System
n
Billing system interface
Counter
Variables
Aggregated
Variables
Billing System
Variables
n
IN system interface
Threshold
Processing
n
Other systems (cell info, pre-paid
List Events
Generation
Overnight
Processing
Rule Based
Alarms
IN Platform
recharges, …)
Suspensions
Barrings
Reactivations
Provisionning
Server
Auto
Autosolving
Pending Alarms
Solved Alarms
Man
ual
Fraud Agents
Detection Methods used by Kapsch CarrierCom today.
Success Story
n
1999 - First Fraud Management
Threshold analysis – a simple yet very effective way to process large amounts of data
n
and achieve very good results through a careful fine-tuning of the system parameters.
System installed at Croatia's biggest
alternative mobile operator, VIPnet
Credit limit analysis – each subscriber is assigned a credit limit for contracts. This limit
n
can be taken periodically from the billing system or recalculated dynamically based on
n
2001 - Si.Mobil Slovenia followed
the subscriber's payment behavior. The system must perform on-line pre-rating which
imposes very strong requirements on server processing power.
Black / hot list processing – while hot lists raise immediate alarms, black lists only raise
n
alarms when a set threshold is exceeded. The lists can be based on called or caller
numbers, IMSIs, EMEIs or cells.
Profiling – a profile of a known fraudster can be used to detect others using
n
n
2002 – Successful completion of
complex installation at Austrian tier
1 operator mobilkom austria.
n
2005 - Mobiltel Bulgaria installation
began operating
sophisticated pattern recognition. Also the changes in subscriber usage behavior (call
duration, time between calls, time zone, etc.).
General rule engine – detects fraudulent call patterns, and is very effective at picking up
n
n
2007 - Vip mobile, Serbia as well as
VIP operator, Macedonia go on-air
practically any type of fraud.
n
2009 - Most recent installation at
Belarus' largest operator Velcom
n
2010 - Most important installation
outside the Telekom Austria Group
completed in Saudi Arabia.
Main benefits when using Kapsch CarrierCom Fraud Management System.
Multi-lingual user interface – enables operation of the product in any language.
n
Person (company) oriented – enables efficient detection of fraudster and organized
n
fraudster networks.
Complex event scoring – sophisticated algorithms with numerous parameters can be
n
fine-tuned to meet the operators business policies and fraud prevention strategies.
Automated processing – easy configuration using integrated provisioning system interface
n
allows the fraud agent to concentrate on complicated cases because the system
processes most cases without human intervention.
Pre-rating with real subscriber tariffs and other billing relevant parameters computes
n
amounts for each call in near-real-time enabling detection of potential financial losses at
the earliest possible stage.
About Kapsch CarrierCom
About Kapsch TIS d.o.o.
Kapsch CarrierCom is the leading
Kapsch TIS is the result of Kapsch
supplier and independent system
CarrierCom's successful expansion
integrator of telecommunication solutions
strategy in southern and eastern Europe.
for public operators of core, access and
It grew out of the merger of Kapsch
transmission networks.
Croatia with TIS.KIS and RING Datacom.
In addition to services and applications
It is a strong competence center in
for next-generation networks and
transmission technologies as well as a
innovative OSS/BSS solutions,
specialist in the development of software
Kapsch CarrierCom covers the entire
solutions with the focus on messaging,
value chain – from consulting, design,
content download, CRM and fraud
development, deployment and integration,
management within the Kapsch
to maintenance and operation of
CarrierCom Group.
complete networks.
www.kapschcarrier.com
Kapsch CarrierCom
Kapsch Group.
Am Europlatz 5, 1120 Vienna, Austria
Kapsch is one of Austria's most successful technology corporations,
specialized in the future-oriented market segments of Intelligent
Transportation Systems (ITS), Railway and Public Operator
Telecommunications as well as Information and Communications
Technology (ICT). Kapsch, headquartered in Vienna, is organized
as a group company with the entities Kapsch TrafficCom, Kapsch
CarrierCom and Kapsch BusinessCom. The companies of the
Kapsch Group employ about 5,000 people around the world.
Kapsch. Always one step ahead.
Phone
+43 50 811 0
Fax
+43 50 811 3201
E-mail
[email protected]
www.kapschcarrier.com
KCC 7412-02 EN 1202
www.kapschcarrier.com
www.kapsch.net
© Kapsch CarrierCom AG. All rights reserved. Subject to change without notice.