Kapsch CarrierCom always one step ahead Fraud Management System.
EN
Kapsch CarrierCom
always one step ahead
Fraud Management System.
With fraud perpetrators becoming more sophisticated both in their techniques and their tools, fraud is an
increasing problem. Telecommunications service providers are currently second only to banks in losing money
through fraud, and experience shows that if no effective anti-fraud control exists, sooner or later an operator will
be hit by a major fraud problem. So as the number of subscribers, distribution channels, and enhanced services
grow, and more complex tariff structures are put in place, an effective fraud management system is now essential
to minimize losses. Investments in an integrated fraud management system pay off quickly even for operators of
small networks.
Kapsch CarrierCom Fraud Management System has been on the market since 1999, and is successfully used in
several GSM operator installations in Croatia, Slovenia and Austria. It serves as an assistant to fraud
management personnel, can detect and analyze potential problems and recommends counteractions.
Main advantages of the Kapsch CarrierCom Fraud Management System:
The product consists of a simple core with a rich set of the most common detection methods
The flexible architecture allows new features to be custom made to perfectly suit operator needs
Rapid application development model guarantees any new features are marketed quickly
Real-time detection enables quick reaction minimizing revenue leakage leading to a rapid return on investment
The scalability of the product enables it to fit the size of any customer
n
n
n
n
n
Fraud detection, analysis and decision
support application environment for mobile
telecommunications service providers.
Main Features of Kapsch CarrierCom Fraud Management System.
Data Collection and Rating
The basic source of data for Kapsch CarrierCom Fraud Management
System are raw CDR files collected by the mediation device and TAP
files received from roaming partners. The advantage of this is that
the number of participants is reduced, compared with using CDR-s
from gateways, converters and billing systems. Other relevant data
(tariff models, SDR exchange rate, number of contracts etc.) is
obtained from the billing system using an on-line interface or entered
manually through administration modules. Other sources of
information are also used if applicable, e.g. IN platform for prepaid
fraud detection etc.
Kapsch CarrierCom Fraud Management System uses its own
module for CDR pre-rating, taking into consideration all relevant
information from the billing system (tariff model, discounts etc.)
Work Lists and Scoring
Fraud Management System creates a set of cases of suspected
fraudulent activity that must be reviewed by fraud analysts. An
analyst has a personal work list, containing fraud events that become
invisible to other fraud analysts that they review.
Fraud cases are managed by a unique identifier of a person or
company, and not only by MSISDN (Contract ID) or Customer ID
from the billing system, as one person or company can have multiple
subscriptions.
Scoring parameters and other parameters relevant to the fraud
management system can be modified at the individual customer
level, a customer group level or for the whole system.
Reporting
The reporting subsystem of Kapsch CarrierCom Fraud Management
System generates many different reports that can be used by the
administrator or management. These include:
Working reports: reports about fraud analyst cases including
number of cases processed in a time interval, actions performed
by fraud analysts, time spent on cases by fraud analysts etc.
Error reports about the eventual anomalies or faults in the system
or interfaces.
Performance report about the system performance and
throughput: number of CDR records processed in a period of time,
average number of CDR records processed, resource monitor and
disk usage report.
Fraud alarms report includes: number of occurrences of each
alarm defined in the system, number of alarms assigned to each
fraud analyst etc.
Fraud cases report: number of cases in the system, number of
cases depending on their status in the system etc.
n
n
n
n
n
Fraud Alarms
The alarms generated by the system can be divided into five categories:
a) List driven alarms
Black lists
Suspicious IMEI or IMSI list
Premium rate service numbers
Suspicious A or B numbers
Suspicious countries list
b) Threshold alarms
Usage threshold exceeded alarms
Low usage alarms
c) Customer profile change alarms
d) Pre-paid fraud alarms
Too high account balance
Too many uncharged calls
Too big negative balance
Too many refunded SMS-s
Recharge attempt, stolen voucher
Too many recharges
High amount recharged
High amount assigned
M-commerce incorrect charge
Customer using fraudster's IMEI
Call after expiration date
Free SMS
Calls to PRS numbers
Calls to risk destinations
e) Other alarms
Overlapping calls
Velocity alarms
Cloning alarms
Manual entry of a fax received from roaming partner
SS7 signaling (e.g. number of tokens)
n
n
n
n
n
n
n
n
n
n
n
n
n
n
n
n
n
n
n
n
n
n
n
n
n
n
List driven alarms
Threshold alarms
Customer profile change alarms
Pre-paid fraud alarms
Other alarms
Fraud Alarms
NRTRDE (Near Real Time Roaming Data Exchange) Extension
The NRTRDE extension to Kapsch CarrierCom Fraud Management System implements a
method for fast detection of possible usage fraud in a foreign GSM network and transfers that
information, together with call details information, to the home network as soon as it is
detected.
Kapsch CarrierCom Fraud Management System supports the exchange of relevant fraud
information with other fraud management systems using the NRTRDE standard protocol
specified by the GSM Association.
Detection Methods used by Kapsch CarrierCom today.
Architecture in overview.
The number of interfaces to other systems
in each operator implementation depends
on the availability of these interfaces, but
in general the following interfaces are
always present in the Fraud Management
System:
Different sources of CDR data (CDR,
TAP, GPRS, UMTS, MMS …)
Billing system interface
IN system interface
Other systems (cell info, pre-paid
recharges, …)
n
n
n
n
n
n
n
n
n
Threshold analysis – a simple yet very effective way to process large amounts of data
and achieve very good results through a careful fine-tuning of the system parameters.
Credit limit analysis – each subscriber is assigned a credit limit for contracts. This limit
can be taken periodically from the billing system or recalculated dynamically based on
the subscriber's payment behavior. The system must perform on-line pre-rating which
imposes very strong requirements on server processing power.
Black / hot list processing – while hot lists raise immediate alarms, black lists only raise
alarms when a set threshold is exceeded. The lists can be based on called or caller
numbers, IMSIs, EMEIs or cells.
Profiling – a profile of a known fraudster can be used to detect others using
sophisticated pattern recognition. Also the changes in subscriber usage behavior (call
duration, time between calls, time zone, etc.).
General rule engine – detects fraudulent call patterns, and is very effective at picking up
practically any type of fraud.
Success Story
n1999 - First Fraud Management
System installed at Croatia's biggest
alternative mobile operator, VIPnet
n2001 - Si.Mobil Slovenia followed
n2002 – Successful completion of
complex installation at Austrian tier
1 operator mobilkom austria.
n2005 - Mobiltel Bulgaria installation
began operating
n2007 - Vip mobile, Serbia as well as
VIP operator, Macedonia go on-air
n2009 - Most recent installation at
Belarus' largest operator Velcom
n2010 - Most important installation
outside the Telekom Austria Group
completed in Saudi Arabia.
Network Elements
Fraud Management System
Rating Tables
ThresholdProcessing
List EventsGeneration
OvernightProcessing
Database Loader
Rule BasedAlarms
SuspensionsBarrings
Reactivations
Mediation
NRTRDE
CDRData Feeds
ProvisionningServer
AutosolvingAuto
Fraud Agents
Administrator
Manual
DecoderPreprocessor
Pre-rating
Rated Records
AggregatedVariables
Billing SystemVariables
Counter Variables
Subscriber Data
Billing System
CRM System
IN Platform
Pending Alarms Solved Alarms
Kapsch CarrierCom
Am Europlatz 5, 1120 Vienna, Austria
Phone +43 50 811 0
Fax +43 50 811 3201
E-mail [email protected]
www.kapschcarrier.com
About Kapsch TIS d.o.o.About Kapsch CarrierCom
Main benefits when using Kapsch CarrierCom Fraud Management System.
n
n
n
n
n
Multi-lingual user interface – enables operation of the product in any language.
Person (company) oriented – enables efficient detection of fraudster and organized
fraudster networks.
Complex event scoring – sophisticated algorithms with numerous parameters can be
fine-tuned to meet the operators business policies and fraud prevention strategies.
Automated processing – easy configuration using integrated provisioning system interface
allows the fraud agent to concentrate on complicated cases because the system
processes most cases without human intervention.
Pre-rating with real subscriber tariffs and other billing relevant parameters computes
amounts for each call in near-real-time enabling detection of potential financial losses at
the earliest possible stage.
Kapsch TIS is the result of Kapsch
CarrierCom's successful expansion
strategy in southern and eastern Europe.
It grew out of the merger of Kapsch
Croatia with TIS.KIS and RING Datacom.
It is a strong competence center in
transmission technologies as well as a
specialist in the development of software
solutions with the focus on messaging,
content download, CRM and fraud
management within the Kapsch
CarrierCom Group.
Kapsch Group. Kapsch is one of Austria's most successful technology corporations,
specialized in the future-oriented market segments of Intelligent
Transportation Systems (ITS), Railway and Public Operator
Telecommunications as well as Information and Communications
Technology (ICT). Kapsch, headquartered in Vienna, is organized
as a group company with the entities Kapsch TrafficCom, Kapsch
CarrierCom and Kapsch BusinessCom. The companies of the
Kapsch Group employ about 5,000 people around the world.
Kapsch. Always one step ahead.
Kapsch CarrierCom is the leading
supplier and independent system
integrator of telecommunication solutions
for public operators of core, access and
transmission networks.
In addition to services and applications
for next-generation networks and
innovative OSS/BSS solutions,
Kapsch CarrierCom covers the entire
value chain – from consulting, design,
development, deployment and integration,
to maintenance and operation of
complete networks.
www.kapschcarrier.com
© K
ap
sch
Ca
rrie
rCo
m A
G. A
ll rig
hts
re
serv
ed
. S
ub
ject
to
ch
an
ge
with
ou
t n
otic
e.
www.kapschcarrier.comwww.kapsch.net
KC
C 7
41
2-0
2 E
N 1
20
2