Page 1
TELECOMMUNICATION FRAUD MANAGEMENT: IMPLEMENTING A SECURE AND
EFFICIENT ROAMING FRAUD DETECTION SYSTEM IN A GSM NETWORK
By
Joey E. Ironbar
A DISSERTATION
Submitted to
The University of Liverpool
in partial fulfillment of the requirements for the degree of
MASTER OF SCIENCE
October 2011
Page 2
1
ABSTRACT
TELECOMMUNICATION FRAUD MANAGEMENT: IMPLEMENTING A SECURE AND
EFFICIENT ROAMING FRAUD DETECTION SYSTEM IN A GSM NETWORK By
Joey E. Ironbar
The high costs associated with roaming fraud have been assimilated into the operational budgets of
telecommunications providers for the past decade. In spite of these losses, successful financial
performance and a growing number of subscribers have continued to limit the scale of response to fraud
prevention necessary to eliminate this subversive activity. International roaming is an increasingly
prevalent practice, one which requires a multi-network billing chain that raises a range of opportunities for
fraudsters to infiltrate gaps and deficiencies in the connected system. From subscription fraud to hacking,
the range of fraudulent activities continue to expand, resulting in an increased need for corporate
awareness and the installation of effective mitigation techniques. This research addresses particular
concerns regarding the dynamic (or lack thereof) nature of mitigation protocol, highlighting those areas in
which operators will find opportunity with substantive adjustments to their system characteristics.
Through an empirical review of industry perspectives and recommendations, this study finds that roaming
fraud must be eliminated through a more pragmatic, proactive system design that seeks to both predict
and eliminate sources of fraud before they can impact on a financial level. In addition, it was determined
that a key variable in fraud mitigation is the consumer, a factor that must be addressed more effectively
through coaching and information exchange in order to divert some responsibility away from the
secondary agent (the provider). Although the long term goal of eliminating fraud is largely embraced by
this industry, it is unrealistic. Therefore, this research will demonstrate that a more proactive, pragmatic
protocol is needed, thereby undermining both the exposure and the impact associated with this
multinational criminal behavior.
Page 3
2
DECLARATION
I hereby certify that this dissertation constitutes my own product, that where the language of others is set
forth, quotation marks so indicate, and that appropriate credit is given where I have used the language,
ideas, expressions, or writings of another.
I declare that the dissertation describes original work that has not previously been presented for the
award of any other degree of any institution.
Signed,
Joey E. Ironbar
Student, Supervisors and Classes:
Student name: Joey E. Ironbar
Student ID number: 15081229
GDI name: Yongge Wang
RMT (GDI) class ID: ComputingReserachMethodsTraining.2010.06.24.202
DA name: Anil Fernando
DST (DA) class ID: ComputingAdvisorClass. 20081127.227
Page 4
3
ACKNOWLEDGEMENTS
I would like to thank the University of Liverpool, APC for affording me the un-imaginable
opportunity to complete my study here, despite all challenges which had frustrated all my efforts. I
will not forget to thank Anil Fernando, my DA, whom for without his patience, guidance and
understanding, I wouldn’t have made it this far, especially with my dissertation. I also remain
grateful and thankful for all my SSMs whom have managed and guided me throughout my time of
study here. You are All special to me.
In addition I thank my sponsor Airtel Nigeria, and most precisely Ade Banjoko and his team
(Airtel Fraud Management) for their relentless support.
I would also like to thank Fred Kellenberger, my instructor on People, Technology, and
Management module, who empowered my skills measurably in the areas targeted.
Finally, and most importantly, huge thank you to my wife Princess for her full supports
and also the Almighty God, for His grace in me.
Page 5
4
This page is left intentionally blank
Page 6
5
Table of Contents
Table of Figures .............................................................................................................................. 7
Introduction ..................................................................................................................................... 8
1.1 Research Problem ............................................................................................................. 8
1.2 Aims and Objectives ........................................................................................................ 9
1.3 Research Questions ........................................................................................................ 10
1.4 Structure of Dissertation................................................................................................. 11
Chapter 2: Literature Review ........................................................................................................ 13
2.1 Introduction .................................................................................................................... 13
2.2 Roaming Fraud Overview .............................................................................................. 13
2.3 Fraud Detection and Prevention Strategies .................................................................... 18
2.3.1 Clearinghouse ......................................................................................................... 18
2.3.2 High Usage Report .................................................................................................. 18
2.3.3 Roamer CDR Exchange (Roam EX) ...................................................................... 19
2.3.4 NRTRDE................................................................................................................. 19
2.3.5 FraudX .................................................................................................................... 20
2.4 Fraud Management and Prevention Strategies ............................................................... 21
2.5 Practical Applications and the Future ............................................................................ 24
2.6 Summary ........................................................................................................................ 26
Chapter 3: Research Methodology................................................................................................ 27
3.1 Introduction .................................................................................................................... 27
3.2 Research Methods .......................................................................................................... 27
3.3 Survey Participants ......................................................................................................... 28
3.4 Ethical Concerns and Limitations .................................................................................. 29
3.5 Summary ........................................................................................................................ 29
Chapter 4: Data Presentation ........................................................................................................ 31
4.1 Introduction .................................................................................................................... 31
4.2 Survey Participant Demographics .................................................................................. 31
4.3 Quantitative Survey Results ........................................................................................... 32
4.4 Participant Ranked Foci for Fraud Detection and Management .................................... 37
Page 7
6
4.5 Participant Ranked Advantages of Fraud Detection and Mitigation Systems ............... 38
4.6 Participant Responses to Open Questionnaire ............................................................... 40
4.6.1 Question 1 ............................................................................................................... 40
4.6.2 Question 2 ............................................................................................................... 41
4.6.3 Question 3 ............................................................................................................... 42
4.6.4 Question 4 ............................................................................................................... 43
4.6.5 Question 5 ............................................................................................................... 43
4.7 Summary ........................................................................................................................ 44
5 Chapter 5: Achievements ...................................................................................................... 45
Chapter 6: Discussion and Analysis ............................................................................................. 46
7.1 Introduction .................................................................................................................... 46
7.2 Fraud Mitigation and Prevention Strategies ................................................................... 46
7.3 The Human Factor and Profiling Objectives.................................................................. 47
7.4 The Fraud Prevention Model.......................................................................................... 49
7.5 Summary ........................................................................................................................ 51
Chapter 7: Conclusions and Recommendations ........................................................................... 53
8.1 Conclusions .................................................................................................................... 53
8.2 Recommendations .......................................................................................................... 54
References ..................................................................................................................................... 56
Appendices .................................................................................................................................... 59
Appendix A: Participant Survey With Results ......................................................................... 59
Page 8
7
Table of Figures
Figure 1: Voice and Data Roaming Models (Source: Macia-Fernandez, 2008:2) ....................... 15
Figure 2: Model of RoamEx Network (Source: Lloyd, 2003:11) ................................................. 19
Figure 3: Model of Fraud-X System Integration (Source: Syniverse, 2011) ................................ 21
Figure 4 Participant Age Range .................................................................................................... 32
Figure 5: Participant Income Range ............................................................................................. 32
Figure 6: Participant Education Level .......................................................................................... 32
Figure 7: Participant Experience in Fraud Detection .................................................................... 32
Figure 8: Participant Experience in System Design ..................................................................... 32
Figure 9: Participant Role or Responsibility ................................................................................. 32
Figure 10: Detection Strategies and the Consumer Factor ........................................................... 33
Figure 11: Nature of Fraud and Strategic Detection Methods ...................................................... 35
Figure 12: Evolving Fraud Mitigation and Control Scenarios...................................................... 36
Figure 13: System Design and Partner Opportunities................................................................... 37
Figure 14: Most Valuable Fraud Detection and Management Systems ....................................... 38
Figure 15: Advantages of Implementing Strategic Fraud Detection and Mitigation System ....... 40
Figure 16: A Comprehensive Fraud Mitigation System ............................................................... 51
Figure 17: Participant Survey With Results.................................................................................. 63
Page 9
8
Introduction
1.1 Research Problem
The evolution of roaming fraud in recent years has resulted in a complex analytical
environment wherein operators continue to develop more advanced monitoring and detection
systems and protocol in order to prevent costly intrusions. Macia-Fernandez (2008:1) defines
roaming as the 'capacity of subscribers to a wireless network to make or receive voice calls, send
or receive data, or gain access to other services when they are outside the geographical area
covered by their home network by using the resources of a visited network'. In accordance with
this definition, there are three primary forces within the roaming dynamic including the
subscriber, the proprietary network (home), and the visited network (Macia-Fernandez, 2008). It
is between these three interests that fraud is perpetrated, whereby the call detail record (CDR) is
distributed from the visited network to the home network for payment for services rendered, only
for the home network to discover that the charges were unauthorised. The impact of wireless
roaming fraud is significant. In 2003, for example, Lloyd (2003) reported that between 1 to 3%
of operator revenue was lost annually as a result of fraud, of which roaming equated to around
24% of this total figure.
In spite of the widely recognised financial consequences of roaming fraud, during the
early 2000's, Deo (2008) recognised that many operators tolerated fraud related losses due to a
rapidly increasing customer population. Yet shareholder influences and an increasingly
advanced technological infrastructure continue to challenge firms to embrace a much more
analytical protocol. As subscription fraud alone was reported at an annual loss of over $22
billion in 2010, it is evident that the future of fraud prevention and mitigation services is an
absolutely fundamental component of the operator business model (Ghosh, 2010b). With
expanded services over mobile networks that include access to much more private information
such as banking services, credit card information, and premium service membership, the possible
impact on both operator and consumer liabilities by fraudulent initiatives is only increasing
(Ghosh, 2010b).
Page 10
9
The increase in delay for fraud detection results in a heightened total loss per handset
with extended delay mechanisms such as the Clearning house protocol costing upwards of
$50,000 per handset after a delay of more than 100 hours (Lloyd, 2003). Although alternative
fraud detection techniques (e.g. HUR, RoamEx, NRTRDE) have increased the speed to
detection, the potential losses are still significant, increasing over the term to identification. For
this reason, real-time detection systems are becoming a priority investment for most service
providers, allowing for the identification of possible incursions and mitigation of their influence
at a much more proactive rate than previously possible. With the development of more advanced
data mining prevention models such as the intuitive tool proposed by Farvaresh and Sepehri
(2011), organisations are finding that fraud reduction is possible through a much more critical
review of key indicators, particularly those that are identifiable through consumer and network
data analysis. For this reason, such robust tools are quickly becoming a leading component in
detection and mitigation systems, eliminating much of the uncertainty and reducing the overall
risk for exposure that once existed in non-predictive models.
1.2 Aims and Objectives
The field of fraud management and detection is robust and represents an extensive
network of research and a broad scope of academic research. This particular study distils such
evidence to a singular focus, emphasising the nature of fraud management and detection in
mobile telephony, with a particular focus on roaming services. Given the multinational equation
that evolves out of this operational dynamic, the fraud potential is significant, and as
globalisation continues to encourage multinational travel, the likelihood that consumers will be
exposed to fraudulent activities increases. This investigation provides a link between existing
and optimised fraud detection systems, addressing particular systemic deficiencies that have
arisen over the years as a result of both technological and ideological limitations. The following
details the primary research aim that will be accomplished over the subsequent presentation and
analysis of both academic and empirical evidence:
To identify and audit the best-fit characteristics for a secure and efficient roaming
fraud detection system, focusing on a platform to offer fraud trend analysis that will
Page 11
10
support operators in avoiding both known and unknown footprints of fraud and
providing advice for prompt resolution.
Based on this particular research aim, it is evident that the scope of this research will
involve both practical and theoretical applications of technologies that are more dynamic and
advanced than those existing today. Considering that in spite of best-practise fraud monitoring
and mitigation strategies this problem continues to affect the ROI and financial performance of
leading mobile providers, it is evident that the industry has yet to achieve a sufficient standard of
protection. Accordingly, more research is needed in this field in order to identify those areas in
which ineffective and under-valued system architecture continue to restrict the ability to
eliminate the influence of fraud on a global scale. Accordingly, the primary research objectives
that will be accomplished during this research process include the following:
To evaluate a secure and efficient solution to telecommunication roaming fraud
through identification and design of an active management system for current
challenges undermining the attainment of a successful system
To discuss and analyse the various characteristics associated with
telecommunications roaming fraud
To establish the credibility of fraud management systems for practical applications
in the management of roaming frauds
To identify possible future trends in fraud and fraud detection systems
To reduce fraud-related lost revenue and improve operators' ROI
To offer forward-seeking recommendations to enable system advancement at an
accelerated pace, faster than that of telecommunications fraud perpetrators.
1.3 Research Questions
This research attempts to generate solution-based evidence for the development and
implementation of a dynamic, secure, and efficient fraud detection system to protect against
roaming fraud activities. Given the large scale of propagation of this subversive behaviour and
the significant implications which such activities have on operator revenues, the need for more
Page 12
11
pragmatic, analytical solutions is absolutely essential. The following are primary research
questions which will be answered over the subsequent chapters:
Is there a means of developing a fraud typology in order to address particular
objectives and outcomes according to more systematic management techniques?
How effective are current systems for fraud management on a national level? On
a global level? Can this be improved?
Is it possible to eliminate the human element in the fraud detection and
management protocol? Would this be beneficial?
What is the value of fraud detection for major global operators from an revenue
perspective?
Would homogeneity of system design reduce the financial and structural impacts
of system installation?
What does the future of fraud and fraud detection hold for telecom operators and
how can proactive measures today reduce these incidences over the long term?
1.4 Structure of Dissertation
The following is a brief overview of the subsequent chapters in this dissertation,
highlighting the primary objectives that will be accomplished:
Chapter 2: Literature Review: This chapter presents a broad spectrum of
academic insights and evidence regarding roaming fraud, mitigation techniques,
and system design priorities and practises.
Chapter 3: Research Methodology: The methodological foundations are
discussed in this chapter, justifying particular techniques according to academic
precedence in this field and a range of researcher recommendations.
Chapter 4: Data Presentation: This chapter introduces and explores the results
from an empirical analysis of industry operator insights regarding roaming fraud
detection and management systems.
Chapter 5: Discussion and Analysis: Returning to an academic foundation, this
chapter analyses the research results and provides a comprehensive, model-based
analysis of roaming fraud detection system design.
Page 13
12
Chapter 6: Conclusions and Recommendations: In this final chapter, conclusions
from the entirety of this research are presented, describing a range of
opportunities for rehabilitating the universal fraud detection protocol, whilst
recommendations for additional research and system testing are provided.
Page 14
13
Chapter 2: Literature Review
2.1 Introduction
There is a broad spectrum of research in this field that is directly related to the
development and implementation of fraud detection systems that are not only effective, but that
provide an accelerated rate of recognition that reduces the possibility of operator losses. This
chapter will present a range of past academic studies in which both theoretical and empirical
models of fraud detection are defined and evaluated. Given the categorical differences between
various information management systems in today's mobile industry, key architecture including
clearinghouse, high usage report, RoamEX, and NRTDRE will all be discussed in relation to
their merits and limitations. This insight is extracted from leading theorists in this field;
however, it encompasses nearly a decade of testing, system design, and fraud-oriented analysis.
Therefore, the congruency amongst these researchers is limited to technological capabilities at
the time of writing, a limitation that provides for a broad range of variability within this
academic field. The synthesis of evidence in this chapter serves as a temporal and ideological
bridge, linking theory and applications according to best-fit opportunities for future fraud
detection system design and applications.
2.2 Roaming Fraud Overview
The roaming model continues to evolve across a vast array of network partnerships and
advanced capabilities. In her recent exploration of roaming fraud, Macia-Fernandez (2008)
developed two valuable models of roaming which include voice and data exchange services (See
Figure 1). The primary value of these particular models is to identify the intermediary nature of
the roaming network position during this process, a connection-based restriction that has direct
implications for the design and implementation of any fraud detection and prevention system.
Key conditions for roaming fraud perpetration include a longer time for detection, a greater time
to respond, and more technical difficulties in the resolution of the fraud (Macia-Fernandez,
Page 15
14
2008:2-3). In order to define the characteristics of roaming fraud more comprehensively, Macia-
Fernandez (2008) provides an in-depth review of six different techniques that originate from
either network area initiatives (take advantages of technical breakdowns in the configuration,
design, or architecture of the communication networks) or from other business areas (Inefficient
or poorly designed processes in the business because technical aspects do not relate directly to
telecommunication network):
Interoperability Breakdowns: Errors in the expected functioning between the
operators' network equipment that are likely triggered by the presence of
different technologies or equipment from various suppliers.
Information Transmission Delays: Takes advantage of the window of opportunity
between when it begins and when it is detected, most likely the result of the
delay in the tariff setting information sending between the visited and home
networks.
Configuration Flaws: Inadequate or insufficient operation and maintenance
procedures such as allowing roamers to dial premium rate numbers or operators
that do not protect their short message centres (SMSC)
Subscription Fraud: Imposter subscribers who obtain cards/SIMs and make calls
using a range of fraudulent techniques, ranging from call selling to call
forwarding to micropayment to premium number calling.
Internal Origin: Perpetrated by staff at the companies themselves because of
defective security systems or permissive performance protocols.
M-Commerce: Fraudulent purchases over the internet that are billed through the
mobile device and later charged to the client.
Copyright and Hacking: Downloads and information breaches that are designed
to capture photos, video, music, etc. from subscribers or their contacts through
mobile technologies.
Page 16
15
Figure 1: Voice and Data Roaming Models (Source: Macia-Fernandez, 2008:2)
There are a broad spectrum of fraud strategies that cannot be effectively classified using
singular, tactically-specific models; however, researchers such as Ghosh (2010a) attempts to
offer a more generalised overview of potential fraud efforts. In particular, the researchers
categorise fraud under one of three different categories including hacking fraud, contractual
fraud, technical fraud, and business procedural fraud (Ghosh, 2010a). The underlying modus
operandi for the perpetrators of fraud is defined according to their primary motives (e.g. financial
gains, disruption, payment avoidance, etc.), wherein motives are typically classified under either
Page 17
16
financial rewards for fraud or the use of fraud to avoid paying for services (Ghosh, 2010a).
Particular examples have been discussed in recent literature, highlighting the seriousness of this
issue from a management standpoint. For example, subscription-based roaming fraud typically
involves contact with consumers through their mobile number as fraudsters pose as employees of
telecom operators (Subex, 2011). Financial incentives are promised in exchange for survey
information and personal details are taken in order to gain access to an individual's information.
The information is then used to contact call centre staff and set up additional phone numbers
which are then transferred to the handsets of the fraudsters. Subsequent fraudulent charges are
only identified at a later period, either after the computer has recognised aberrations in the user
activity, or if the user recognises significant complications affecting their account billing (Subex,
2011). The problematic nature of such fraud activities evolves out of the user-initiated
information sharing process, emphasising a need for alternative information tracking and
analysis techniques, particularly those that identify variations in consumer behaviour (e.g. call
patterns, premium services, location, etc.).
Undercutting such unrecognised behaviour is what Hilas and Sahalos (2000:1) refer to as
'user profiling', or the identification of 'past behaviour of a user that can be accumulated in order
to construct a profile or a user dictionary'. Essentially, the user's unique behavioural patterns
serve as a system blueprint, one which provides validation of predictable activities and early
identification of what the authors recognise as suspicious behaviour which triggers the 'suspicion
score' alert (Hilas and Salahos, 2000:2). There are two basic fraud detection models which
employ this profiling technique including supervised and unsupervised detection models. Under
supervised detection, samples of normal and fraudulent behaviour are used to construct models
and the system assigns observations to the classes. For the unsupervised detection method,
observations that are dissimilar from the norm are detected through automated data analysis
(Hilas and Salahos, 2000). This particular study was able to design a fraud detection model
using just eight key testing features providing sufficient differentiation between users and
developing an intuitive, behaviour-based model of user patterns that can be used to immediately
identify potentially fraudulent aberrations (Hilas and Salahos, 2000). These particular testing
categories included the number of calls made to local and mobile destinations, and their
corresponding durations, and the number of calls to national and international destinations, and
their corresponding durations. Algorithmic comparison of equality functions were designed to
Page 18
17
explore threshold similarity equations associated with these particular variables, enabling the
researchers to check for equality between elements (Hilas and Salahos, 2000:3). The research is
extremely valuable when exploring more dynamic, active management systems for fraud
detection and aberrant consumer behaviour.
A similar study was conducted by Hollmen (2000) in an effort to employ probabilistic
and neural network analytical tools in the exploration and profiling of user behaviour according
to usage patterns from call data. Hollmen (2000:1) defined systemic learning as 'adaptation of
the parameterized models so that the inherent problem structure is coded into the model', or in
other words, a system design in which possible fraud is identified through pattern deviation from
normative values representative of user behaviour. There were two distinct methods for data
collecting that were employed in the Hollmen (2000) empirical study including block crediting,
or a representative-initiated credit that evolves out of consumer reported fraudulent activity and a
velocity trap, or the a computer-based geographical analysis of calling patterns to identify
distinctions in user behaviour. Fraud detection tools employed by Hollmen (200) included
quantitative analytical tools such asself organising maps for clustering probabilistic models and
learning vector quantization (LVQ). Each of these techniques involved relatively advanced
quantitative analysis of call profiles. Complexity in these models is the direct result of the
unpredictable nature of fraud, wherein call patterns include a mixture of both valid and
fraudulent behaviours; therefore, the challenge is for the system to identify the likelihood of one
being fraudulent. Although Hollmen (2000:33) does not confirm the validity of any one system
for fraud detection, his evidence does demonstrate that threshold requirements including low
false alarm probabilities must be low in effective systems in order to reduce unnecessary report
generation and focus the analysis on truly fraudulent behaviour.
In their recent discussion of emergent fraudulent techniques, Subex (2010) telecom
reported on a soft SIM variant of roaming fraud whereby particular international VoIP
technologies that are linked through a Skuku routing box are reverse pirated. With bulk SIM
numbers purchased in bulk, the fraudsters will connect to radio equipment in foreign countries
and perpetrate roaming frauds. Further, these SIMS which appear like cloned SIMs can be
switched to other roaming networks to SIM-swap in other countries, extending the fraud
network. Researchers such as Dix (2009) addressed authentication mechanisms that are
designed to circumvent these particular influences, the result of which
Page 19
18
2.3 Fraud Detection and Prevention Strategies
The following sections present background information on traditional and emergent fraud
detection and mitigation strategies and system components, highlighting a range of variability
that is likely addressed through the incorporation of several of these components or protocols at
the same time
2.3.1 Clearinghouse
The clearinghouse represents a last-effort approach to the identification of roaming fraud
and is likely initiated through the billing team or consumer following aberrant charges. The
2003 reported usage delay for fraud detection via clearinghouse was reported by Lloyd (2003) to
be between 1 and 3 days. As a detection method, this practise involves the identification of
individual call details including charges and specific billing data; however, these statistics take
over one day and increase the risk of operator exposure to roaming fraud (Lloyd, 2003). The
significant costs for operators associated with clearinghouse standards of monitoring increase
according to the delay in identification, thereby making this particular technique the most costly
of the detection and management strategies.
2.3.2 High Usage Report
Based on the average usage of subscribers, this report identifies those aberrations in
calling behaviour or activity that could signal fraudulent attempts. The high usage report delay
for fraud detection in 2003 was reported by Lloyd (2003) as between 24 and 36 hours, of which
exposure was projected at around $10k per day, per handset. As a detection method, this practise
involves the collected summary of subscriber usage that exceeds a predetermined threshold and
generates quantitative details on approximate charges; however, these statistics are only available
every 24 to 36 hours, exposing the operator to fraud activity during this time frame. Although a
superior method to clearinghouse resolution, the HUR is merely a reactive mechanism that likely
exposes the operator to fraudulent losses before alerting them to their perpetration.
Page 20
19
2.3.3 Roamer CDR Exchange (Roam EX)
Viewed as a rapid, real time opportunity for evaluating individual call details and fraud-
specific data, this analytical tool is unfortunately coverage dependent in spite of its immediate
reporting standards (Lloyd, 2003). Key benefits of the RoamEx network as identified by Lloyd
(2003) include the following:
Reduces fraudulent usage detection time by at least 50%
Decreases fraud losses by at least 50%
Increases roaming revenues (inbound and outbound)
Reduces percentage of false positives alarms
Higher productivity rate for fraud analysts
Provides full visibility into customer's activities
Figure 2: Model of RoamEx Network (Source: Lloyd, 2003:11)
2.3.4 NRTRDE
Similar to the RoamEx network infrastructure, the Near Real Time Roaming Data
Exchange (NRTRDE) is designed to eliminate the delay periods of HUR or Clearinghouse
reporting and fraud detection. With a 4 hour threshold delay period, customer's home operators
Page 21
20
are notified of possible fraud; however, if the visited operator is to miss this predetermined time
frame, the visited operator assumes liability for any associated fraud (Batheja, 2008). The
recognised benefits of the NRTRDE technique include a broader consumer access to roaming on
international networks due to the event reporting standards that may be qualified against defined
spending thresholds (Batheja, 2008). This particular solution is predicted by Batheja (2008) to
increase roaming revenues by over 20%, significantly expanding the consumer population with
access to international roaming privileges due to close to real time detection mechanisms.
2.3.5 FraudX
This system is a proprietary fraud detection system that is a 'knowledge based software
application that uses artificial intelligence to identify potentially fraudulent activity, specifically
cloning and subscription fraud' on a wireless network (Syniverse, 2011). Figure 3 provides a
comprehensive model of the various integrations associated with this profiler, demonstrating the
viability of FraudX for both subscription and prepaid services. Based on a data mining protocol,
FraudX captures near real time data from mobile switches, generating a comprehensive
subscriber profile based on incoming and outgoing call records, comparing future behaviour to
these particular events in order to address degrees of variability (Syniverse, 2011). In order to
reconcile regular changes to subscriber calling patterns over time, the system updates, generating
new, normal profiles that serve as the threshold for tracking of fraudulent activities. One of the
more valuable characteristics of this particular profiler is that Syniverse (2011) has designed it to
provide background on the most prevalent types of fraud in a particular market and identify those
dominant kinds of fraud that are increasing in frequency. Further, the system has the potential to
act automatically, eliminating the need for human intervention in order to reconcile particular
activities that are identified as fraudulent.
Page 22
21
Figure 3: Model of Fraud-X System Integration (Source: Syniverse, 2011)
2.4 Fraud Management and Prevention Strategies
Although there are a range of fraud detection tools that have been previously discussed,
the complexity of such initiatives continue to demand a more universal and expedited protocol,
one which can address a wide range of fraud efforts through a single system architecture. Cao et
al. (2004) recognise that there are several fundamental stages of the fraud analysis and control
practise including detection, prevention, analysis, prediction, alarm, and control. In this way, the
fraud effort is ideally detected and prevented; however, if it progresses, other stage-based control
mechanisms are introduced in order to mitigate its impact. As a result of complex fraud
techniques, the authors suggest that over time, the fraud detection model will need to advance at
a rate that is equal to or greater than that of the fraudsters, a package which is innately practical
and oriented towards more than just detection or post-fraud analysis (Cao et al., 2004)). One
mechanism that is associated with a more practical, dynamic system is a range of domain-
specific models that include predefinition, ad hoc, data mining, and online analytical processing
(OLAP) (Cao et al., 2004). In essence, such an integrated system would provide both an
identification and a control platform for more effective protections from multiple ranges of fraud
types and efforts.
An enterprise fraud management solution was recently proposed by Ghosh (2010b) in
which six distinct processes were identified as the key to what is referred to as an optimal
Page 23
22
solution. Deterrence, prevention, detection, mitigation, policy, and analysis are similar to those
categories presented by Cao et al. (2004); however, this particular intervention model is designed
to operate on an external third party network. Based on the concept of the 'golden database',
these services manage large amounts of information that are derived from user profiles, usage
statistics, account information, revenue exchange, and generic data sets (e.g. usage/non-usage
information) (Ghosh, 2010b). It is through this gateway-styled management system that fraud
mitigation services emphasise a first layer protection mechanism that addresses consumers as
liabilities, exploiting such tools as credit risk analysis and business intelligence to devise a
probabilistic profile of the consumer population. Second level mitigation initiatives then focus
on infrastructure control mechanisms and provider/partner security protocol. In spite of such
initiatives and an emergent population of fraud management organisations, the authors recognise
that providers are still exposed to a range of fraudulent potentialities including subscriber fraud,
unauthorised network use, leakage of sensitive information, accounting and reporting
irregularities, and internal/external misconduct (Ghosh, 2010b). Ultimately, the optimal fraud
management system is integrated into both the home and visitor network; however, more
exacting security control mechanisms beneath the operational surface were demonstrated in this
study as necessary support tools in the future.
Probabilistic fraud detection (and mitigation) strategies were recently explored by
Estevez et al. (2006) regarding their applicability in the prevention of subscription fraud
perpetration. Particular methods which underscored the design of this neural net-based service
included the creation of a data set, the categorisation of subscribers (e.g. subscription fraudulent,
insolvent, normal, otherwise fraudulent), the design of system architecture (e.g. inputs of
information about bills, payments, phone line blockings, etc.), and a classification model
(Estevez et al., 2006:340). Algorithmic analysis of these datasets involved If/Then equations
which were designed to automatically label the various categories of subscribers, within which
fraudulent and legitimate cases could be distinguished (Estevez et al., 2006:341). The design of
the neural network architecture for this particular system was based on an expectation of
predictability, where, based on particular qualifications, user activities could be identified as
either fraudulent or legitimate prior in order to mitigate fraud in the future. The results of the
study indicated that 3.5% of the subscribers were identified through this model with 56.2%
representing true fraudsters. The discrepancies in this predictive model evolved from those
Page 24
23
customers who failed to pay their bills on time but still had a median annual expenditure at some
point (Estevez et al., 2006:343). Accordingly, although the concept of this neural network
detection model is valuable from a design standpoint, more functional fraud detection and
prevention systems require a much more complex interrelationship between usage profiles and
algorithmic models.
A similar model of subscription fraud mitigation was proposed by Farvaresh and Sepehri
(2011) in which the authors discuss the merits of various analytical methods for identifying and
restricting fraud. The following is a brief description of these models, highlighting their distinct
value in the design and operation of an intuitive, automated detection system (Farvaresh and
Sepehri, 2011:183-4):
Discriminant Analysis and Logistic Regression: Based on statistical classification
problems, this method involves multivariate probability analysis of particular
system-defined characteristics.
Neural networks: An active, learning-based system that incorporates non-linear
data in order to evaluate complex problems without making rigorous assumptions.
Decision Tree: Classifies robust and noisy data in which discrete-valued
functions are approximated. Involves If-Then rules which allows for human-
based analysis and system design.
Support Vector Machines: Employed in binary classification problems, the SVM
tries to find a linear optimal hyperplane so that the margin of separation between
positive and negative cases is maximised.
Semi-Supervised Learning: Using analyst experience or knowledge, algorithmic
models are defined to detect fraud in datasets including labelled and unlabelled
instances, whereby rules that fail to detect anomalies are discarded.
Although these particular detection and information classification systems are not
comprehensive, they do represent the underlying characteristics of many of the existing
analytical tools that are employed by leading telecom providers. In their exploration of data
mining tools, Farvaresh and Sepehri (2011) proposed a hybrid model which included
preprocessing, clustering, and classification of datasets in order to identify subscription fraud
over time. Although the model was valuable from a statistical standpoint, the findings are
irrelevant for large scale application in roaming fraud detection, as the hybrid model requires
Page 25
24
sufficient background information in order to make classification decisions. What was most
valuable in this particular system was the use of an unsupervised classification mechanism that
effective distinguished between user behaviours that were legitimate and fraudulent, a
background validation tool that can be used in the design of much more advanced, intuitive
systems.
2.5 Practical Applications and the Future
One practical technique to circumventing roaming fraud involves what Steuernagel
(1997:31) refers to as roamer verification and reinstatement (RVR) which involves a series of
commands 'that can be used by the home cellular telephone carrier to control roaming use in
other markets'. Essentially, RVR is an operational protocol in which home carriers can limit
their liability for fraudulent activities by denying service prior to verifying that roamers are
authorised subscribers, reinstating these services once the status has been verified (Seuernagel,
1997). From a comprehensive analysis of mobile network architecture, Chen et al. (2011::350)
argue that due to advancement in technologies, the global handoff process and verification
schemes should continue to evolve towards a more homogenous foundation. Through their
proposed model of mutual authentication and underlying user verification techniques, the authors
emphasise that system integration over global networks will continue to incorporate a more
advanced security protocol that is designed to restrict exposure to fraudulent activities (Chen et
al., 2011) . What is evident in both of these studies is that any fraud detection and prevention
scheme requires authentication protocol in order to restrict the possibility of fraudsters assuming
a user's identity (e.g. cloned SIM, cloned handset, etc.).
Globalisation has resulted in a largely mobile human population, many of whom utilise
roaming services for a range of purposes when travelling on an international scale. Researchers
such as Lee and Cho (2006) propose that a more efficient location management scheme could be
developed to track the user movements and establish exacting geographical information during
the roaming process. Based on the concept of mobile terminal (MT) variance, this proposed
model is designed to keep track of the user's MT and identify its location when an incoming call
is initiated (Lee and Cho, 2006:3238). This new signalling model incorporates an intersystem
location management protocol based on a boundary location register (BLR). This system
Page 26
25
recognises when users cross particular network boundaries, recording movement data on the
basis of boundary location areas (BLAs) (Lee and Cho, 2006:3239). Although the Lee and Cho
(2006) model is designed to reduce signalling cost parameters for location identification during
user roaming, the extended relevance of this particular model to the current study could involve a
fraud detection system on the basis of location services information. Considering that much of
the roaming fraud that is perpetrated involves international actions, user monitoring through
mobile terminal registration standards is likely to allow for more accurate identification of
activities that are likely a user impossibility (e.g. never left the country or network BLA, etc.).
Recent developments in chip-based technologies aim to leverage SIM security protocol in
order to restrict fraudulent activities. Dix (2009) presented a range of future-cast commercial
applications including mobile banking and mobile computing in which SIM-based authentication
can be used to verify an individual's identity prior to allowing access. Behind this technology is
an out-of-band one-time-password (OTP) that is generated based on the unique user signature
that is provided by the SIM card (Dix, 2009). Even if the fraudster were to intercept the
communication between the client and the bank, for instance, they would still need to provide the
recently issued OTP, a localised password that can only be answered via the mobile device.
Underscoring this M-Commerce approach to mobile phone services, Dix (2009) recognises that
particular security processes must be employed including confidentiality, authentication,
integrity, authorization, availability, and non-repudiation. Essentially, these safeguards prescribe
the particular limitations that will circumvent fraudulent activities at one or more stages of the
commercial process. The authors do caution, however that exposure over GSM networks due to
a man-in-the-middle attack is possible due to the creation of false base stations, etc.; however,
manual authentication and encryption services continue to undermine the potential for such
underhanded tactics to succeed.
There is a particular opportunity for potentially eliminating the majority of roaming fraud
that has been recently discussed in academia emphasising a shift towards mobile payments
(Hwang et al., 2007). In their theoretical exploration of this concept, Hwang et al. (2007:188)
establish an electronic payment system that is distributed across the visited domains whereby
consumers are limited to their electronic account holdings (without depositing more funds).
From a security perspective, this process requires multiple points of authentication, thereby
restricting the liability of both the service provider (home or visitor network) and the consumer.
Page 27
26
Accordingly, the proposed scheme would generate a temporary identity for the consumer within
the visited network, authenticating them as one of the valid subscribers to their particular home
network. A virtual identity is then assigned that is used for the withdrawal of electronic monies
during the roaming period, an activity that is initiated by the consumer and cannot be denied,
providing a non-repudiation property (Hwang et al., 2007:190). Through a further element of
systemic encryption, security measures are further defined with this module, ensuring that
communication requests only originate from the consumer and that data transmission is
encrypted during the exchange process (Hwang et al., 2007:191). Although the authors
conceptualised this model in the context of variable mobile activities and applications, from a
purely telephony perspective, the underlying logic of the localisation of mobile payments could
offer a viable protective measure against fraudulent activities.
2.6 Summary
This chapter has presented background evidence regarding roaming fraud that has been
presented or evaluated by academics in recent years. The emergence of new strategies and
techniques for perpetrating fraud continues to challenge providers to evolve and advance their
system features on a regular basis, resulting in a dynamic but complex network of techniques and
system components that all serve as identification or mitigation techniques. From advanced
analytical systems such as FraudX to more basic, billing-oriented resolution methods such as the
Clearinghouse, it is unlikely that Fraud will go undetected; the challenge of the future is its
prevention. To predict and undermine the influence of fraud requires the ability to engage in
some form of probabilistic or risk-oriented analysis, a technique that employs any number of
data profiling and mining tools and techniques (See Estevez et al., 2006; Ghosh, 2010b). The
following chapter will present a model of the research methods employed in the collection of
empirical evidence relating to this phenomenon and the evolutionary techniques designed to
prevent its impact on telecommunications operators in the future.
Page 28
27
Chapter 3: Research Methodology
3.1 Introduction
This chapter introduces the data collection methods that were employed in the evaluation
of roaming fraud, mitigation measures, and the future outlook of system architecture in this
industry. Based on both past academic studies in this field and emergent methodological models
discussed by leading theorists, a mixed method of data collection and analysis was chosen.
These sections will introduce the model employed, the survey participants, and various ethical
concerns and research limitations.
3.2 Research Methods
Much of the research conducted in this field is experimental in nature and beyond the
scope of the current study. For example, the Hilas and Sahalos (2000) model of user profiling
provided a valuable, comprehensive interpretation of a categorically bounded algorithmic
analysis technique, one which could be applied on a much larger scale to multiple operators on a
diverse spectrum of networks. Given the propensity for fraud detection systems to be designed
and implemented on a singular network (e.g. NRTRDE module on GSMA), advancements in this
field are likely to require a more dynamic, multi-dimensional application that involves universal
detection properties. Although the methods employed in this study are not applicable to this
particular research, the eight categorical variables introduced by Hilas and Sahalos (2000)
provide a valuable starting point for the design of a tangible system model and will have
influence on the analysis of the participant results and consideration of profiling strategies for
implementation in this field.
There are few studies addressing fraud management and mitigation systems that are
based on participant survey and the exploration of industry perspectives. Goode and Lacey
(2011) provide one of the few studies that incorporate participant feedback regarding fraud
detection and the mobile billing process. Their research employs a mixed quantitative and
qualitative methodology whereby participant responses are compared and evaluated according to
their relevance and value to the various questions presented. In academia, researchers including
Page 29
28
Thomas (2003) and Creswell (2009) have both recognised that due to the evolving complex
nature of modern social problems, academic research has increasingly become more mixed,
capturing statistical and phenomenological evidence in order to analyse key characteristics and
relationships within a given model. Creswell (2009) offers several different methods for
conducting such investigations including one in which primary and secondary data stream
assignments are made in order to allow for one segment of evidence to validate and justify the
other. In an example of collecting empirical research in this format, Creswell (2009) presents a
likert-based scalar model for questionnaire design that is supplemented by open-ended
qualitative queries which generate evidence similar to that analysed by Goode and Lacey (2011).
Similar to the recommendations of Creswell (2009), a mixed method approach was
chosen for the collection of evidence in this industry. The primary segment of the survey was
quantitative in nature and was designed to include a range of demographic questions, a segment
of scalar, likert-based statement-responses, and sections to rank the value of fraud detection and
management systems and their advantages to operators. The secondary survey segment was
qualitative in nature and included five different questions that were designed to encourage
participant feedback regarding fraud, detection and mitigation systems, and the future of industry
techniques. Whilst the first segment of this survey was collected using a standard Excel
spreadsheet and then compared quantitatively, the second survey segment required a review of
participant feedback and a comparison of the responses for similarity and difference according to
the general thematic elements. Academics such as Boyatzis (1998) propose that both major and
minor themes may be extracted from experiential feedback, allowing the researcher to establish a
coded dataset for a particular question that is indicative of trends and relevant phenomena.
3.3 Survey Participants
The survey participants were identified through professional associations in the
telecommunications industry. Initially, fifteen individuals at one particular organisation were
contacted; however, after receiving limited responses (5), the scope was broadened to include
several other providers in the local industry. All participants were sourced according to their
relevant employment within the field of fraud detection or associated system
design/management. Of the other three organisations, an additional 16 participants completed
Page 30
29
the survey, yielding a total number of 21. The demographic background for these individuals
including age, education, income, and experience is presented in the subsequent chapter as
validation of the relevance of these insights. All surveys were administered via e-mail and the
participant responses were then captured, evaluated for completeness, and collated into a single
Excel spreadsheet. Although all of the 21 individuals completed the quantitative segments of the
survey, only around half took the time to provide comments in the final qualitative section,
limiting the scope of evidence collected for these queries.
3.4 Ethical Concerns and Limitations
In the collection and management of participant responses, there are a range of ethical
concerns that must be considered, namely those associated with exposure and the personal nature
of the responses. Each of the individuals surveyed in this process has responsibilities and career
commitments in the telecommunications industry, and although the line of questioning was not
controversial, it did address a topic that is largely debated and extremely important in this
industry: fraud. For this reason, the identities of all of the participants were kept anonymous
over this process, ensuring that through a randomised, grouped analysis of the research findings,
that their personal beliefs and experiences would be protected from industry scrutiny.
This research was limited by the scope and scale of the research focus, oriented the line
of questioning towards particular factors associated primarily with roaming fraud. There is no
doubt that this particular type of fraudulent activity has impacted the industry and its financial
performance. On the other hand, the management and restriction of this impact is largely
debated and widely criticised as a result of pervasive fraud detection. Accordingly the limitation
of these queries to this particular fraud aspect was both strategic and essential to the foundations
of this study.
3.5 Summary
This chapter has presented the chosen research methodology that was employed in the
collection and analysis of empirical evidence from employees and industry participants. Based
on a mixed-method approach, both quantitative and qualitative measures were incorporated into
Page 31
30
the survey design, allowing for the collection of valuable, multi-dimensional data. The
subsequent chapters will present this data in-depth and will discuss and evaluate these findings in
relation to the previously presented academic evidence.
Page 32
31
Chapter 4: Data Presentation
4.1 Introduction
This chapter presents the empirical evidence that was collected from active employees in
the telecommunications industry with direct experience in fraud mitigation and management.
Each section offers insight into the participant responses to targeted questions and statements
that were designed to establish a model of scale associated with opportunities for providers to
improve upon their current systems and dramatically reduce the industry exposure to roaming
fraud. Through a mixture of quantitative and qualitative analysis, these relevant participant
insights will be discussed and a model of redesign and optimisation will begin to be discussed.
4.2 Survey Participant Demographics
In order to establish both the expertise and the relevance of the participant feedback, the
respondents were asked to complete a brief demographic survey. Figures 4-9 offer background
regarding a range of independent variables that were considered during the data analysis. The
median participant age range fell between 26 and 45 (67%), whilst the majority of the
participants (67%) held some form of an advanced degree (Masters+). By general social
standards, the income levels for these individuals were relatively high with 76% earning greater
than $65K annually. In spite of a majority focus in fraud services (52%), there was a relatively
consistent distribution of experience levels in system design and integration and in fraud
detection practises. Accordingly, these findings are indicative of a valuable cross-sectional
analysis of participants who are educated, generally successful, and working with a range of
expertise sufficient to address both short and long term fraud considerations.
Page 33
Figure 4 Participant Age Range
Figure 5: Participant Income Range
Figure 6: Participant Education Level
Figure 7: Participant Experience in Fraud Detection
Figure 8: Participant Experience in System Design
Figure 9: Participant Role or Responsibility
4.3 Quantitative Survey Results
A range of 20 distinct statements were divided into four different categories of five
statements each and randomly arranged in the participant survey. In this way, the results could
be grouped in order to discuss particularities specific to effective fraud prevention strategies.
Figure 10 highlights one key influences that must be moderated in order to ensure that any fraud
detection and mitigation strategy is effective: the consumer. 76.2% of the survey participants
Page 34
33
confirmed what researchers including Hilas and Sahalos (2009) and Estevez et al. (2006) argued
regarding the merits of user profiling, suggesting that predictive measures may be developed in
order to identify possibilities for future fraud. Conversely, around 47.6% of the respondents
indicated that consumers would likely resist profiling agreements due to privacy concerns. As an
alternative to the data-oriented approach, 80.95% of the participants agreed that consumer
awareness should be a priority for service providers. One of the key challenges associated with
the mining of consumer information is the relative costs for information storage and collection
activities, whereby 57.1% of the participants cautioned that service providers might be resistant
to such increased attentively. On the other hand, 76.2% agreed that by focusing on areas in
which roaming fraud is particularly prevalent, organisations can begin to develop a behavioural
model of possible fraud trends. Therefore, it is evident that the accuracy and relevance of the
data sets plays a key role in fraud detection and mitigation, a source-based consideration that
could provide alternatives to more invasive practises.
Figure 10: Detection Strategies and the Consumer Factor
Page 35
34
Underlying the ability for organisations to detect and prevent fraud is a general
understanding of how it is propagated and where it is localised. Figure 11 highlights the
participant responses regarding five statements emphasising changes priorities in this industry as
fraud evolves. The majority of the participants (76.2%) recognise that due to the increased
complexity of fraudulent activities, ageing detection and management systems are ineffective
and insufficient for mitigating this problem. 61.9% agree that the fraud network is by default an
unorganised grouping of independent fraudsters, a factor that makes detection and management
even more difficult. Alternative management strategies include typological and probabilistic
methods, which 95.2% of the participants agreed would provide relevant insight into areas of
opportunity for focusing preventative activities. In spite of these findings, there were still five
participants that rejected the use of probabilistic modelling for localising fraud sources, a factor
that may be linked to the disintegrated nature of these cells. From a future-cast perspective,
57.14% of the respondents believe that fraudsters will engage more directly in commercial
activities, focusing on application-driven charging models that deals less with roaming as a
category and more with billing and subscription fraud as a means of capital gain.
Page 36
35
Figure 11: Nature of Fraud and Strategic Detection Methods
Although the participants may agree for the most part that the complexity and
disintegration of the fraud network continues to provide a substantive challenge for providers to
circumvent, there are those evolutionary mitigation strategies that are continuing to advance this
industry beyond historic limitations. Figure 12 highlights participant responses to key questions
regarding the evolution of fraud mitigation strategies and possible control scenarios. Although
real time analysis (See Lloyd, 2003) has been lauded as an opportune future tool for mitigating
delay-based fraud opportunities, 81% of the participants agreed that such systems will still
require human support in order to differentiate between fraud and non-fraudulent transactions.
Further, 100% of the participants agreed that even the best fraud detection systems are still
fallible and that there is no best-fit detection model that could be applied across all networks.
Optimistically, however, 81% of the participants recognise that more advanced tools including
fuzzy logic and probabilistic models will allow for a focus on fraud and user profiles that are
linked to network characteristics. Such findings are significant, as 42.9% of the respondents
Page 37
36
rejected the claim that even in local networks that fraud can be eliminated through provider
billing agreements and real time data management.
Figure 12: Evolving Fraud Mitigation and Control Scenarios
There are a range of options for the future, such as the NRTRDE protocol (Batheja,
2008), or the partnerships developing through GSMA agreements; however, system
characteristics have yet to be universally defined. Figure 13 highlights participant responses to a
range of questions emphasising such design dynamics and partnering opportunities. In spite of
the disunity experienced on a global scale, just 61.9% of the participants believe that global fraud
detection networks offer a valuable mutual investment opportunity for a single stream fraud
system, whilst only 33.3% believe that operator partnering can eliminate fees and losses
associated with roaming fraud. One of the most respected security devices within the global
network, the SIM card was viewed by 66.7% of the participants as a liability. As a solution,
66.7% of the participants believe that organisational priorities should focus on network
Page 38
37
architecture and mobile security, whilst 85.7% agree that advances in fraud management and
mitigation protocol will ultimately require personnel reorganisation.
Figure 13: System Design and Partner Opportunities
4.4 Participant Ranked Foci for Fraud Detection and Management
The survey participants were asked to rank those particular fraud detection and
management systems that they considered the most organisationally valuable. Figure 14
highlights the weighted averages of these responses, establishing a ranked model of system value
from 1-10. At the top of this list were those key mechanisms that the participants viewed as the
most valuable including 'consumer awareness and self-protection mechanisms' (2.20), 'integrated
multi-operator system links' (2.27), and 'user profiling and data analysis' (2.27). Two of these
systems are based on consumer-derived information and management schemes, whilst the third
has evolved out of a comprehensive multinational networking system that prioritises alliances in
the mitigation of fraud. These findings are consistent with the participant responses in the
Page 39
38
previous survey section regarding the responsibility held by consumers for maintaining
awareness and preventing fraud from a localised standpoint. Given that multi-operator systems
and consumer awareness/profiling all represent proactive strategies to fraud management, it is
evident that the priority in the future of these systems is to interrupt the fraud cycle, restricting
the impact which fraudsters have on the industry before it becomes problematic.
Most Valuable Fraud Detection and Management
Systems
1 Consumer awareness and self-
protection mechanisms 2.20
2 Integrated multi-operator system links
(e.g. NRTRDE) 2.27
3 User profiling and data analysis 2.27
4 High usage report reviews 2.73
5 Clearinghouse data analysis 2.80
6 Block crediting and customer service 2.93
7 Fraud-derived analytical knowledge
models 3.00
8 Statistical analysis and post-fraud data
profiling 3.13
9 Proprietary exchange management
protocol (e.g. RoamEx) 3.33
10 Velocity trap system monitoring 3.40
Figure 14: Most Valuable Fraud Detection and Management Systems
4.5 Participant Ranked Advantages of Fraud Detection and Mitigation
Systems
The participants were also asked to rank the advantages of detection and mitigation
systems in order to identify those areas in which organisations benefit from strategic investment
Page 40
39
in such priority standards. Figure 15 highlights the weighted averages from the participant
responses, establishing a hierarchy of advantages that may be used for organisations to moderate
their fraud detection and mitigation investment priorities. At the top of this model were three
variables that emphasise a value positioning for the service providers including 'higher
organisational value and reduced financial losses' (2.07), 'increased ROI on a global scale' (2.07),
and 'network architecture becoming more secure and restrictive' (2.27). Essentially, these three
advantages are representative of the same innate benefits that arise from comprehensive fraud
detection and mitigation techniques: decreased loss of revenue, increased system protections,
increased return on investment over time. As fraud creates both financial and psychological
problems for a breached organisation, it is evident that by implementing more advanced and
responsive systems, that the participants are emphasising a financial value position as an
organisational priority. Considering that key focus areas in Figure 3 regarding system dynamics
are oriented around consumer awareness and behaviour, it is evident that this priority-based
system is designed to provide a sufficient architecture within which consumers are able to act in
their own best interests, thereby preventing fraud proactively.
Advantages of Implementing Strategic Fraud Detection and
Mitigation System
1 Higher organisational value and
reduced financial losses 2.07
2 Increased ROI on a global scale 2.07
3 Network architecture becoming more
secure and restrictive 2.27
4 Increased consumer awareness and
self-protection 2.60
5 Advanced billing systems and real-time
optimisation 2.60
6 Increased consumer satisfaction and
confidence 2.73
7 Integrated operator networks and
support services which promote 2.93
Page 41
40
cooperation
8 Gradual degradation of international
fraud networks 3.07
9 Reduced human resource investment
and time consumption for billing events 3.07
10 Extensive databases regarding
consumer behaviour and characteristics 3.20
Figure 15: Advantages of Implementing Strategic Fraud Detection and Mitigation System
4.6 Participant Responses to Open Questionnaire
The survey participants were also asked to respond to five open-ended questions,
recording their answers verbatim in the survey form. Although not all participants were able to
complete this section, several did provide sufficiently complete responses to allow for thematic
comparison and analysis. The following sections present this respondent feedback and provide
analysis based on similarities and inconsistencies in the answers.
4.6.1 Question 1
Over the past decade, what are the most significant advances in fraud detection
technologies? Are these sufficient or are there systemic gaps and deficiencies that
need to be filled?
The survey participants were asked to identify particular advances in fraud detection in
order to determine whether these initiatives were of sufficient scope and scale. Participants 1
and 4 both reported on similar technological mechanisms including SIM card technologies,
subscription analysis tools, and NRTRDE. As a whole, the participants recognised that the
advances in this field have not only been significant, but they have sufficiently addressed the
evolutionary complexity of fraud. There were several participants, however, who voiced
Page 42
41
concerns regarding particular limitations with these systems, particularly their responsive (rather
than proactive) nature. In fact, Participant 8 would report the following:
There have been a lot of valuable tools developed, many by third party support
providers; the problem is that even using real time solutions to fraud analysis, the data
processing is retroactive. We are always working from behind and trying to catch up
with the perpetrators. By that time, they've moved on to something or somewhere else.
What we're missing is more effective security protocol that limits the possibility for these
incursions from the source.
Other participants cited such developments as increased consumer awareness projects and
a growing number of pre-screening analytical tools. There are two different schools of thought
related to these systems: the first is technologically oriented and emphasises the value and large
scale applicability of monitoring technologies; the second is humanistic in nature and defines
fraud aversion and mitigation strategies according to a frontline defence strategy. As participant
eleven would report: "even the best fraud detection programme is ineffective when it's the
consumer who's causing the breach". Although it is ultimately impossible to guarantee that pre-
screening and profiling initiatives will restrict the opportunism and incidental deviance by
consumers, these mechanisms to provide a first-stage defence mechanism that will largely
eliminate known fraudsters and high risk candidates from the operational equation.
4.6.2 Question 2
Is fraud an inevitability or can it be mitigated and managed so as to eliminate it
from the system completely?
This particular question was designed to challenge the participants to consider fraud as a
more tangible concept in a relatively intangible operational business model. There are likely to
always be individuals seeking to perpetrate fraud; however, system components that are designed
to restrict and undermine attempts to access this network could potentially eliminate all but
purposeful fraud activities. Participant 12 recognised that unfortunately,
Page 43
42
"fraud is inevitable and can be managed and mitigated but can't be eliminated from the system
completely". Corroborating this perspective, Participant 2 would recognise that "it cannot be
mitigated completely because of the human aspect, but can be reduced to the barest minimum".
These two perspectives were largely consistent across the majority of the participants, as the high
risk, unpredictable nature of humanistic variables has serious consequences for the relative
fallibility of even the most advanced system tools. One participant (14) would argue that with
the right personnel and tools, fraud could be mitigated; however, this strategy places emphasis on
a best-fit, optimised model of fraud protection, one which is likely not compliant with a global
spectrum of interconnected yet diverse network specifications.
4.6.3 Question 3
Should consumers maintain some responsibility/liability in their personal protection
from fraudulent activities?
The response from the participants to this particular query was inherently homogenous,
demonstrating the need for consumer profiling, usage analysis, and educational practises. Fraud,
as a concept has been largely discussed in mainstream society as it relates to a large range of
financial instruments (e.g. banking, credit card, loan, stock market, etc.). The consequence of
this publicity is a dilution of meaning and a relatively non-specific conceptualisation of fraud and
its related influences amongst the consumer population. Baker (2002) refers to this phenomenon
as 'hyper-reality', a social conditioning, wherein the significance of particular events and
processes (e.g. fraud, crime, deceit) becomes irrelevant unless perpetrated against the individual
in question. The survey participants overwhelmingly believe that consumers are frequently the
cause of fraudulent activities (either directly or indirectly) and should, therefore, share in the
financial burden. Although it is unrealistic to suggest that consumers pay for deficient security
protocol or network hacking, the participants do recognise that they have a particular
responsibility for protecting themselves from fraud exposure. From restricting the distribution of
information to not engaging in high risk activities, the burden of responsibility in this case was
consumer oriented in the responses of these participants, as demonstrated in a response from
Participant 15:
Page 44
43
Yes, consumers should maintain responsibility. The 'I didn't know' or 'It's not my fault'
excuses are getting old. It's time that people said 'I'm not going to let you take this from
me'. I don't know when corporations agreed to shoulder this burden, but consumers must
be active in this process in order to address a large portion of the fraud industry.
4.6.4 Question 4
What are the priorities for operators today regarding fraud detection and
mitigation? How has this changed the business model of these providers?
There are a range of opportunities in this modern technological era for operators to
dramatically enhance their position against fraud. The participants recognised that by improving
the quality of the systems in place and the skills of the personnel that are responsible for their
operation, fraudsters are continuing to lose access to a range of mechanisms. Some participants
reported that this recognition of system deficiency was a relatively new phenomenon, and as a
result, the emergent detection and mitigation tools that are being put into place are conceptually
diverse and far more complex than past operational systems. Accordingly, over the long term, it
was predicted through this survey that fraud mitigation will continue to garner substantial
investment from operators, establishing a prevention protocol that although costly, is far less
than the losses incurred through fraudulent activities.
4.6.5 Question 5
Given the new global boundaries and network capabilities associated with new mobile
systems, does roaming fraud present as significant a problem today as it did in the
past? Could operators eliminate roaming fraud charges internally by altering their
billing structures?
A common theme amongst the participant responses to this particular question was the
'bill and keep' strategy to eliminating the mobile termination rate and other associated roaming-
Page 45
44
based charges. Dodd et al. (2009) argue that due to the evolution of network architecture from
circuit-based networks to packet-switched next generation networks (NGNs) the elimination of
origination charges through the bill and keep technique is preferable to more traditional charging
methods. A key component in roaming fraud is the ability for the fraudsters to leverage system
delays and network discrepancies as a means of charging and collecting funds whilst users are
outside of their home network. Eliminating this origination-based charging protocol would
effectively unify the industry under a singular accounting protocol, one which acts as a barrier to
more subversive charging practises. Although the optimism of these participants has been
largely challenged throughout the telecommunications industry, it is evident that there is
potential for reducing the exposure of service providers to roaming fraud by establishing a more
cooperative protocol with the providers’ own visiting networks.
4.7 Summary
This chapter has presented a range of evidence collected from survey participants
currently operating within this field as decision makers, consultant, and fraud detection agents,
thereby highlighting those particular areas where systemic rehabilitation is becoming essential.
Based on this feedback, it is evident that there are a range of deficiencies within current fraud
mitigation systems, many of which are the result of the very nature of roaming service provision
and the network-based delays and accounting discrepancies. In the subsequent chapters, these
limitations will be discussed in more detail and alternative system configurations will be
proposed based on the primary objective of eliminating as much potential for fraud to propagate
as possible.
Page 46
45
5 Chapter 5: Achievements
This research began with the following research objectives that were designed to not only
capture evidence regarding the existing state of roaming fraud, but to determine what strategies
or alternatives are possible for overcoming this serious industry concern:
To evaluate a secure and efficient solution to telecommunication roaming fraud
through identification and design of an active management system for current
challenges undermining the attainment of a successful system
To discuss and analyse the various characteristics associated with
telecommunications roaming fraud
To establish the credibility of fraud management systems for practical applications
in the management of roaming frauds
To identify possible future trends in fraud and fraud detection systems
To reduce fraud-related lost revenue and improve operators' ROI
To offer forward-seeking recommendations to enable system advancement at an
accelerated pace, faster than that of telecommunications fraud perpetrators.
Through a comprehensive literature review, key elements in the fraud detection/mitigation
protocol were revealed including both temporal and architectural factors. Due to the delay that is
inherent within roaming billing services, the likelihood of fraud detection is decreased according
to a real time standard. Therefore, there is potential for exploitation which researchers such as
Cao et al. (2004) and Ghosh (2010b) recognised may be eliminated through real time monitoring,
consumer profiling, and an active control architecture. Based on the primary research objectives,
both the characteristics of roaming fraud and the fundamentals of fraud management systems
were discussed in detail during this analytical review of leading theorists in this field.
The participant feedback was also revelatory during the survey segment of this research,
providing justification for modulating fraud mitigation techniques and optimising existing and
forthcoming systems in order to reduce the risk of exposure. At the forefront of the participant
insights was a consensus that consumer responsibility remains a key factor in the detection and
management of these malicious initiatives. From an ROI and value perspective, reducing losses
Page 47
46
that result from roaming fraud is not only beneficial to the organisational bottom line, but it is
psychologically beneficial for the consumer, providing an otherwise intangible reward: peace of
mind. Key concerns revealed through this survey emphasised the currently reactive state of the
fraud management network, an operational protocol that seems to prioritise systems and
standards over more predictive capabilities. For this reason, a fundamental achievement in this
research was to demonstrate that from both an academic and an industry perspective, change is
an essential component in the architectural design of fraud management systems in the future.
Chapter 6: Discussion and Analysis
7.1 Introduction
This chapter provides a comprehensive analysis of the research findings in comparison to
the practical and past empirical examples previously discussed during the literature review.
These findings emphasise a forward-seeking direction for this industry that is based on
opportunity and rehabilitation of system designs. Although providers have continued to combat
the fraud phenomenon, the complexity of emergent fraudster tactics continues to challenge
organisations to reconsider their best practises and develop new strategies for the future.
Accordingly, this research presents justification for a new, priority-based tool for data mining,
analysis, and action. Based on the exploration of the feedback presented in the previous chapter,
these findings will provide predictive recommendations that are designed to offer value to
providers in this industry and optimise the fraud mitigation and prevention strategies employed
over the coming decade.
7.2 Fraud Mitigation and Prevention Strategies
Underlying the concept of fraud prevention and detection is a foundation of control, one
which Goode and Lacey (2011:712) describe as a fundamental component of the system design
whereby information management protocol and combinative control measures serve as tools for
detection and identification of various fraud techniques. Although the study itself doesn't
Page 48
47
sufficiently address the evolutionary nature of telecom fraud, the concept of multi-dimensional
control protocols is a fundamental mechanism in the design and implementation of more
dynamic, intervention-based fraud management systems. Within the Fraud-X system, for
example, Syniverse (2011) has integrated a database-driven profiler that evaluates call records
for a range of factors including pattern matching, suspicious digits, suspicious ESNs,
subscription fraud, collision and velocity, and profile specific variables (e.g. call cluster, count
and duration, call area, source and destination). This system is designed to identify the
probability of fraud on the basis of these observed phenomena and generate alarms or actions to
mitigate potential fraud before it can become a financial liability. In essence, the vision of
Goode and Lacey (2011) has been pragmatically conceptualised through the advanced analytical
tools which make Fraud-X an effective, near real-time detection and prevention system.
As profiling is largely discussed throughout academia and was a fundamental concept
presented by the survey participants in this research, it is evident that this technique is a
common, best-practise amongst industry players. Macia-Fernandez (2008:5) proposed
particular fraud prevention techniques that begin with operational protocol designed to restrict
the access of fraudsters to valuable or exploitable consumer systems. In particular, she proposes
that service restrictions should be imposed for roamers until they have developed a sufficient
history to justify their allowance. Further, roaming agreements should be improved in order to
limit the fraud exposure to all parties, whilst thorough roaming tests should be performed to
ensure that all network data exchanges are efficient and according to the standard protocol.
Finally, Macia-Fernandez (2008:5) proposes the development of blacklists or known fraudster
databases that prevent subscription type fraud by improving the awareness of charges that go to
particular sources. It is through such elimination of fraudulent individuals from the networks
themselves that analysts hope to circumvent their ability to exploit system deficiencies and
failures, undermining the ability to control fraud through more proactive techniques.
7.3 The Human Factor and Profiling Objectives
There is one variable in the fraud model that cannot be effectively controlled: humanity.
Key fraud objectives emphasise such underhanded activities as what Batheja (2008) refers to
international revenue share fraud (IRSF) whereby the fraud perpetrator will 'usurp customer
Page 49
48
connections to make multiple calls to revenue share numbers, usually premium rate numbers'. In
recent months, online watchdog Subex (2011) reported that bypass fraud continues to accelerate,
as arrests linked to such providers as Conatel (losses of over $750,000 per month) demonstrate
the complexity and depth of criminal activities. Direct contact is one mechanism employed by
fraudsters that remains extremely difficult to circumvent without comprehensive backdoor
monitoring protocols. It is the consumer based exposure of internal security systems (e.g.
passwords, encrypted information, etc.) to fraudsters that undermines all prevention techniques
employed by organisations in today's networks. Whether incidental or purposeful, consequences
of consumer-driven fraud can be significant, leading organisations to include robust profiling
techniques that are designed to prevent access to particular features for those consumers that
present a higher threat risk.
The Baker (2002) concept of hyperreality is one which has manifested in a technological
age, as social dissociation with particular activities such as fraud and criminality continues to
distance individuals from the more psycho-social impact of these factors. In such cases,
although fraud may be considered a negative possibility, the perceived likelihood of individual
affectation is so low that individuals will simply ignore the issue. For fraudsters, this ignorance
represents opportunity, allowing for subversive activities to gain access to consumer accounts
and resources using a similar archetype of fraudulent strategies, a toolbox of consistent yet
adaptable mechanisms. It is for this reason that the Hollmen (2000) and Hilas and Salahos
(2000) probabilistic, neural network models are so valuable to advances in the profiling and
identification of potential fraud. In a standard algorithm, researchers attempt to present an if-
then relationship that can be used to generate a probability of occurrence, one which will likely
determine the monitoring focus of the organisation's fraud department. Ghosh (2010b) defined a
data foundation called the 'golden database' that was designed to capture a range of variables
associated with fraudulent activities in order to effectively profile consumers, location-based
factors, and emergent fraudulent activities. Such data mining practises provide a profile on both
the network itself (e.g. due to this number of operators in this particular geographic area, the
organisation is exposed to this level of risk) and the consumer (e.g. due to this credit rating and
this payment history, the likelihood of fraud or default is this), thereby developing a more
comprehensive model of organisational risk for fraudulent impact.
Page 50
49
7.4 The Fraud Prevention Model
The best-fit fraud prevention model is an amalgam of such advanced system designs as
that employed by FraudX and the intuitive user and network profiling techniques discussed by
Farvaraesh and Sepehri (2011). Based on these information collection and management systems,
a proactive, fraud prevention system can be defined according to the primary objectives
associated with a pragmatic, proactive design:
1. Identify Sources of Fraud Before they Impact
2. Eliminate Sources of Fraud After They've Impacted
3. Design System Parameters to Prevent Similar Occurrences
4. Develop Educational Model to Support Consumer Awareness
5. Create a Universal Network Protocol For Mutual, Cross-Network Agreements
These five objectives are the underlying characteristics of any fraud detection and
mitigation system that is designed today, as they cover all of the possible influences,
consequences, and opportunities associated with such subversive behaviour. Based on these
objectives, the following multivariate model (Figure 16) has been designed in order to integrate a
range of features into categorical standards which exploit areas of progressive consequence to
the organisation. In this particular model, there are 8 particular categories of focus that are
designed to incrementally reduce the risk of fraud exposure for the organisation. If all categories
are working effectively, then a full-circle exposure to fraud would likely be attributable to the
network security protocol. Evaluating the nature of fraud and its means of incursion will allow
analysts to identify the particular node at which the system bypass was possible. The following
is a brief explanation of each of the analytical categories:
Security Protocol: The underlying network security protocol is responsible for
preventing access of consumer information and key system variables to external
parties. This protocol must be optimised for multinational operations in order to
prevent roaming fraudsters from gaining access to backdoor controls.
Consumer Awareness: Educating consumers on the risks of fraud and the
methods through which it is perpetrated is essential. In order to alleviate the
exposure of secured systems through this human factor, organisations must
emphasise educational practises throughout their branches.
Page 51
50
Network Agreements: The agreement system should consider the merits of a bill
and keep protocol designed to eliminate the need for separate roaming charges
altogether. If not possible, then real time integration of tracking systems is
necessary to ensure the accuracy of charges.
Profiling and Analysis: Pre-approval consumer profiling is necessary to prevent
fraudsters from becoming customers. Analysis of the consumer profile during
their service contract is essential for determining whether there are deviances that
might be detectable in real time.
Network Modelling: Fraud characteristics are detectable through network
models. By identifying the sources of fraud throughout the international
community and developing a mechanism to heighten security around these areas,
the possibility of incursion can be reduced.
Data Monitoring: Real time data monitoring via electronic channels is essential
for preventing the possibility of extended exposure to fraud activities.
Updates and Advances: Systems must remain dynamic and update according to
new types of fraud ad new technological advances in security protocol and
protections.
Fraud Subversion: Through effective authentication practises and more integrated
billing techniques, fraud may be subverted.
Page 52
51
Figure 16: A Comprehensive Fraud Mitigation System
7.5 Summary
This chapter has discussed the research findings in relation to the particular challenges
associated with developing an integrated, comprehensive fraud mitigation strategy. The
proposed model is considered comprehensive, addressing a broad range of the concerns and
limitations currently affecting the marketplace. The following chapter will draw summative
conclusions from the entirety of this research and provide recommendations for future
developments and advances.
Page 54
53
Chapter 7: Conclusions and Recommendations
8.1 Conclusions
Roaming fraud is of significant financial consequence to telecommunications providers,
and within a globalised society, the possibility for exposure continues to increase exponentially.
This research began with a recognition of the high degree of variability in fraud detection and
mitigation strategies that have evolved over the past decade, identifying a range of limitations
and opportunities afforded by such a complex learning process. From more basic, billing-based
clearinghouse fraud identification techniques to advanced, integrated analytical systems such as
FraudX, the capacity for managing this subversive financial liability is becoming increasingly
plausible. The survey participants in this study have identified key concerns, however, that lie
outside of the scope of a fraud-oriented system, emphasising the high degree of variability in
consumer awareness and personal protection strategies. Although the recognition of fraud in this
industry is largely universal, the overwhelming influence of hyperreality (Baker, 2002) has
resulted in lower concerns and a largely dismissive approach to consumer monitoring of these
influences. For this reason, it is clear that a more dynamic, predictive system design is needed,
one which has the capacity to reconcile such humanistic factors whilst simultaneously employing
significantly advanced security measures.
The inflexibility of the telecommunications network architecture has resulted in
limitations that are gradually eliminated over time as technological advances demand changes to
security protocol and system design. Global activities, on the other hand continue to warrant
some form of interconnected billing standard whereby roaming charges and delays are
eliminated, effectively reducing the possibility for roaming fraud. The bill and keep method of
agreement and origination charging provides a viable means of avoiding many of the pitfalls that
open doorways to roaming fraud. The challenge for providers is in relinquishing control of key
system components to the international marketplace. As a direct result, a much more analytical
model remains an essential condition of roaming activities, one which similar to FraudX ,
incorporates probabilistic analysis and profiling datasets.
Page 55
54
This investigation has provided a range of participant feedback that emphasises key
characteristics that are deficient in current telecommunications operational models including the
reactive nature of many analytical tools. The consumer's bill will likely reveal fraudulent
activities, regardless of their scale or cost. Post fraud bill review will allow firms to provide
consumers with credits for fraudulent activities, whilst exposing their organisation to these costs
in the name of customer service. The challenge for providers is to develop and implement a
probabilistic system that is able to detect fraud before it occurs. Proactivity in this sense
becomes the true mitigation mechanism of the attuned firm, allowing for fraud activities to
effectively be eliminated from the corporate radar before they can breach they system. A more
comprehensive analytical tool would provide for systemic evaluation of fraud potential at
multiple points of access, thereby avoiding the pitfalls of a 'wait and see' approach. From
partnerships to consumer restrictions, the only way to address the multidimensional problem is to
employ a truly multidimensional system.
8.2 Recommendations
This research has raised a broad spectrum of concerns regarding fraud and the
overarching costs of fraudulent activities. Such analysis cannot sufficiently address the true
costs of fraud and the value of a more comprehensive system protocol because of the proprietary
nature of such datasets. In spite of this particular limitation, it is evident that academics in this
field have gained access to these resources in order to design practical systems that address key
areas of exposure. For this reason, it is recommended that an in-depth empirical case study be
conducted using real world data from one of the leading telecommunications providers. By
exploring the actual profile of roaming consumers and the probability-based risk associated with
their global activities, it will be possible to address particular prevention concerns directly,
thereby advancing this model towards a much more tangible, integrated component of a given
business model.
In addition to the limitations associated with the access of proprietary information, the
performance metrics of existing analytical tools such as FraudX are not readily available due to
their protected status. This is another area where a comprehensive review of their performance
would provide valuable insights into the key segments in which fraud is still able to propagate.
Page 56
55
In this way, comparisons could be made with the proposed dimensions of protection in this study
in order to justify improved organisational focus and adaptation. Ultimately, the process of fraud
mitigation is cumulative, and although unwanted costs are likely to be incurred through
fraudulent activities over time, the ability to learn from this exposure will greatly improve
response and exposure reduction in the future.
Page 57
56
References
Baker, C.R. (2002) 'Crime, Fraud, and Deceit on the Internet: Is there Hyperreality in
Cyberspace?' Critical Perspectives on Accounting, Vol. 13, pp. 1-15.
Batheja, A. (2008) 'A New Era in Arresting Roaming Revenue Losses in Near-Real Time.'
Communications Today, Vol. 2, pp. 34-36, Online Resource. Accessed on 18 September From:
http://www.xaltedcorp.com/images/news/Communications_Today_Quarterly_Issue_II_Sept_08.
pdf.
Boyatzis, R.E. (1998) Transforming Qualitative Information: Thematic Analysis and Code
Development. Thousand Oaks, CA: Sage Publications.
Cao, L., Luo, C., Luo, D., Zhang, C. (2004) 'Hybrid Strategy of Analysis and Control of
Telecommunications Frauds.' 2nd International Conference on Information Technology for
Application (ICITA), Online Resource. Accessed on 18 September From: http://www-
staff.it.uts.edu.au/~lbcao/publication/62-1_ready.pdf.
Chaouchi, H., Laurent-Maknavicius, M. (2009) 'Security in Mobile Telecommunication
Networks.' Wireless and Mobile Network Security, pp. 315-360.
Chen, C., He, D., Chan, S., Bu, J., Gao, Y., Fan, R. (2011) 'Lightweight and Provably Secure
User Authentication With Anonymity for the Global Mobility Network.' International Journal of
Communication Systems, Vol. 24, pp. 347-362.
Creswell, J.W. (2009) Research Design: Qualitative, Quantitative, and Mixed Methods
Approaches. Thousand Oaks, CA: Sage Publications.
Deo, S.K. (2008) 'GSM Roaming, Fraud in International Roaming and Fraud Preventions
Techniques.' NRTRDE, Online Resource. Accessed on 18 September From:
http://www.ntc.net.np/publication/smarika/smarika64/sanjeeb_kumar_deo.pdf.
Dix, D. (2009) 'Reducing Fraud With Cell Phone Authentication.' Card Technology Today,
January, p. 9.
Dodd, M., Jung, A., Mitchell, B., Paterson, P., Reynols, P. (2009) 'Bill-and-Keep and the
Economics of Interconnection in Next-Generation Networks.' Telecommunications Policy, Vol.
33, pp. 324-337.
Page 58
57
Estevez, P.A., Held, C.M., Perez, C.A. (2006) 'Subscription Fraud Prevention in
Telecommunications Using Fuzzy Rules and Neural Networks.' Expert Systems With
Applications, Vol. 31, pp. 337-344.
Farvaresh, H., Sepehri, M.M. (2011) 'A Data Mining Framework for Detecting Subscription
Fraud in Telecommunication.' Engineering Applications of Artificial Intelligence, Vol. 24, pp.
182-194.
Ghosh, M. (2010a) 'Mobile ID Fraud: The Downside of Mobile Growth.' Computer Fraud and
Security, December, pp. 8-3.
Ghosh, M. (2010b) 'Telecoms Fraud.' Computer Fraud and Security, July, pp. 14-17.
Goode, S., Lacey, D. (2011) 'Detecting Complex Account Fraud in the Enterprise: The Role of
Technical and Non-Technical Controls.' Decision Support Systems, Vol. 50, pp. 702-714.
Hilas, C.S., Sahalos, J.N. (2000) 'User Profiling for Fraud Detection in Telecommunications
Networks.' Institute of Serres, Online Resource. Accessed on 18 September From:
http://icta05.teithe.gr/papers/69.pdf.
Hollmen, J. (2000) 'User Profiling and Classification for Fraud Detection in Mobile
Communications Networks.' Helsinki University of Technology, Online Resource. Accessed on
18 September From:
https://docs.google.com/viewer?a=v&q=cache:CGSFG6AROVUJ:citeseerx.ist.psu.edu/viewdoc/
download%3Fdoi%3D10.1.1.79.6058%26rep%3Drep1%26type%3Dpdf+'User+Profiling+and+
Classification+for+Fraud+Detection+in+Mobile+Communications+Networks&hl=en&gl=us&pi
d=bl&srcid=ADGEESj_0VkFi3yeDUe0UnIIOo1mNLOlHkfezRfMereQrsycAxq_TPkdfxAgh8i
nLdyus4JbiO1d7FcsHjq84k4kgkfd1S0kjl6770m7gZu6DLujj2kAkUKn4ewuGTFRbUz3zOj_tO
C_&sig=AHIEtbSOHLQlwuEQT0fZi--XLJsQ3wwRdw.
Hwang, R.J., Shiau, S.H., Jan, D.F. (2007) 'A New Mobile Payment Scheme for Roaming
Services.' Electronic Commerce Research and Applications, Vol. 6, pp. 184-191.
Kadhiwal, S., Zulfiquar, M.A.U.S. (2007) 'Analysis of Mobile Payment Security Measures and
Different Standards.' Computer Fraud and Security, June, pp. 12-17.
Lee, H.J., Cho, D.H. (2006) 'An Efficient Location Management Scheme Based on Replication
Strategy for Intersystem Roaming in Mobile Wireless Networks.' Computer Communications,
Vol. 29, pp. 3238-3249.
Lloyd, D. (2003) 'International Roaming Fraud Trends and Prevention Techniques.' Fair Isaac,
Online Resource. Accessed on 18 September From:
http://www.cdg.org/news/events/CDMASeminar/031211/10-
Fair%20Isaac%20Roaming%20Fraud.pdf.
Page 59
58
Macia-Fernandez, G. (2009) 'Roaming Fraud: Assault and Defense Strategies.' IIRSA/CITEL
Workshop on International Roaming Services, March, Online Resource. Accessed on 18
September From:
http://www.iirsa.org/BancoMedios/Documentos%20PDF/taller_roaming_pp_fraude_eng.pdf.
Steuernagel, R. (1998) 'Prevent Cellular Telephone Roaming Fraud Using the RVR Solution.'
EDPACS, Vol. 25, No. 8, pp. 15-16.
Subex. (2010) 'Subex Telecom Fraud Alerts.' Subex, February, Online Resource. Accessed on
18 September From: http://www.subexworld.com/pdf/fraud-alerts-feb2010.pdf.
Subex. (2011) 'Subex Telecom Fraud Alerts.' Subex, July-September, Online Resource.
Accessed on 18 September From: http://www.subexworld.com/pdf/subex-telecom-fraud-alerts-
july-to-sep-2011.pdf .
Syniverse. (2011) 'Fraud Detection for GSM and ANSI-41 Operators--FraudX.' Syniverse
Technologies, Online Resource. Accessed on 27 September From:
http://www.syniverse.com/files/service_solutions/pdf/fraudx.pdf.
Thomas, R.M. (2003) Blending Quantitative and Qualitative Information in Theses and
Dissertations. Thousand Oaks, CA: Sage Publications.
Page 60
59
Appendices
Appendix A: Participant Survey with Results
Please choose the best fit response
according to your personal
background for the following 5
questions. The scale is 1-5 according
to the categories at the right.
1 2 3 4 5
18-25 26-35 26-45 46-55 56+
1 Age Range 3 5 9 3 1
25-45K 45-65K 65-90K 90-150K 150K+
2 Annual Income Range 0 5 9 4 3
High
School Undergrad
Bachelo
rs Masters PhD
3 Highest Level Education Achieved 0 0 7 10 4
0-1 1-3 3-5 5-7 7+
4 Years of Experience in Fraud
Detection 4 3 6 3 5
0 1-2 3-4 5-6 7+
5
Years of Experience in Detection
System Design and
Implementation
2 1 1
Operator
Executive
Programm
er
Designe
r
IT
Manageme
nt
Fraud
Services
8 Role or Responsibility 2 7 1 0 11
Please choose the best fit response for
the following 30 questions based on
personal experience and opinion.
The scale is 1-5 according to the
categories at the right.
Strongly
Agree Agree Neutral Disagree
Strongly
Disagree
1
User profiling provides operators
with a comprehensive and accurate
predictive measure for the
identification of possible
fraudulent activities
7 9 4 1 0
2
Fraudsters are becoming
increasingly complex in their
behaviours to the point that many
ageing system standards (e.g.
clearinghouse) are simply
ineffective at fraud detection
6 10 3 1 1
Page 61
60
3
Real time services still require an
integrated human analyst in order
to ensure that fraud has actually
been perpetrated
6 11 4 0 0
4
Consumers are likely to resist
agreements that profile their
calling behaviour due to the
invasion of privacy and possibility
of operator data mining
3 7 6 3 2
5
Probabilistic models are extremely
valuable for localising fraud
sources and mitigating its influence
before large charges can be
incurred
3 8 5 5 0
6
Cross-operator agreements should
eliminate fees and losses
associated with roaming frauds in
order to lower the net cost of
operations for all global providers
2 5 4 7 3
7
The evolved nature of mobile
phone billing and national calling
plans has eliminated much of the
local roaming concerns for
providers
4 5 3 6 3
8
The fraud network is
fundamentally unorganised and is
likely the work of independent
cells operating with limited
knowledge of other agencies or
individuals in their same
geographic area
5 8 3 5 0
9
Fraud detection and mitigation
strategies should focus on
consumer awareness and personal
protection as a priority for
reduction opportunities
8 9 3 1 0
1
0
The future of fraud is likely to
evolve towards an app-driven,
online charge model that limits the
relevance of roaming losses for
most providers
3 9 6 3 0
1
1
The globalisation of large provider
networks (e.g. GSMA) offers a
mutual investment opportunity for
a singular fraud detection system
that is homogeneous and integrated
3 10 3 5 0
1
2
Even the best fraud detection
system is fallible and may be
breached by the fraudsters
9 12 0 0 0
Page 62
61
1
3
A typological analysis of
fraudulent practises is likely to
provide relevant insights into those
key areas on which systems should
focus
8 12 1 0 0
1
4
Fuzzy logic and probabilistic
models offer an opportunity to
focus on both fraud and user
profiles to network characteristics
and provide real time identification
of aberrations
5 12 3 1 0
1
5
The priority at this stage should
focus on network architecture and
increased mobile phone security
protocols (e.g. passwords,
fingerprint scanning, etc.)
3 11 4 2 1
1
6
The SIM card is an antiquated
technology that is more of a
liability for this industry than it is a
benefit for the travelling consumer
4 10 3 4 0
1
7
Predictive mechanisms that focus
on specific geographic areas of
known roaming fraud are more
likely to identify such behaviours
than more universal, global models
5 11 2 3 0
1
8
The large scale of data required for
effective user profiling will limit
the number of operators who
embrace this technology due to
high storage and management costs
4 8 4 4 1
1
9
For many operators, the advances
in fraud management objectives
will require a reorganisation of the
IT team to prioritise security
personnel with advanced
knowledge of detection systems
6 12 3 0 0
2
0
There is no best-fit detection
model that can be applied across
all networks
12 9 0 0 0
Please choose the best answer rating
on the scale of 1-5 to the right. The
Categories are designed to rank
particular areas of fraud detection
and management that are the most
valuable from a value position for
operators
1 2 3 4 5
The Ranking System:
Very
Importan
t
Somewh
at
Importa
nt
Neutra
l
Not Very
Importan
t
Not
Importa
nt at All
Page 63
62
1 Velocity trap system monitoring 4 8 6 2 1
2 Clearinghouse data analysis 7 9 3 2 0
3 High usage report reviews 7 9 4 1 0
4 Consumer awareness and self-
protection mechanisms 11 8 2 0 0
5 Proprietary exchange management
protocol (e.g. RoamEx) 7 4 5 5 0
6 Integrated multi-operator system
links (e.g. NRTRDE) 11 7 3 0 0
7 User profiling and data analysis 11 7 3 0 0
8 Block crediting and customer
service 8 6 4 3 0
9 Fraud-derived analytical
knowledge models 6 8 5 2 0
1
0
Statistical analysis and post-fraud
data profiling 4 10 5 2 0
Please choose the best answer rating
on the scale of 1-5 to the right. The
variables focus on the primary
advantages of implementing a
strategic fraud detection and
mitigation system
1 2 3 4 5
The Ranking System:
Very
Importan
t
Somewh
at
Importa
nt
Neutra
l
Not Very
Importan
t
Not
Importa
nt at All
1 Increased consumer satisfaction
and confidence 6 11 3 1 0
2 Higher organisational value and
reduced financial losses 12 8 1 0 0
3 Increased ROI on a global scale 12 8 1 0 0
4 Gradual degradation of
international fraud networks 6 8 4 3 0
5 Increased consumer awareness and
self-protection 9 7 4 1 0
6
Extensive databases regarding
consumer behaviour and
characteristics
5 8 5 3 0
7
Integrated operator networks and
support services which promote
cooperation
6 9 4 2 0
8 Advanced billing systems and real-
time optimisation 8 9 3 1 0
Page 64
63
9 Network architecture becoming
more secure and restrictive 9 11 1 0 0
1
0
Reduced human resource
investment and time consumption
for billing events
5 10 3 3 0
Please answer each of the following five questions as openly and honestly as possible.
There are no right answers, and the purpose is only to collect insight from your personal
experience and beliefs.
1 Over the past decade, what are the most significant advances in fraud detection technologies? Are
these sufficient or are there systemic gaps and deficiencies that need to be filled?
2 Is fraud an inevitability or can it be mitigated and managed so as to eliminate it from the system
completely?
3 Should consumers maintain some responsibility/liability in their personal protection from fraudulent
activities?
4 What are the priorities for operators today regarding fraud detection and mitigation? How has this
changed the business model of these providers?
5
Given the new global boundaries and network capabilities associated with new mobile systems, does
roaming fraud present as significant a problem today as it did in the past? Could operators eliminate
roaming fraud charges internally by altering their billing structures?
Figure 17: Participant Survey with Results