Roaming fraud is now of such concern to operators that the GSM Association has developed a new set of fraud detection standards for its operator members. Eugene Bergen Henegouwen details the development, and urges operators to implement compliant solutions today
Some roaming fraud is a fact of life for many mobile operators and, at its worst, has the potential to cause great harm to the bottom line. This type of illegal behavior seems to affect operators most acutely where the borders of rich countries meet those who are poorer. In one form of fraud, SIM cards are cloned by well-organized and technically savvy criminals, who then sell them to consumers who most likely have no knowledge that the cards they're using are illegal. Eventually, the cards are deactivated by the operator, but by then the fraud has been in place for some time and money has been lost.
The criminals who participate in this type of fraud are successful because fraud detection and resolution is hindered by the length of time it can take for a visited operator to notify the home operator of the roaming activity that has been taking place. Currently, data records that track subscribers' activities as they roam are exchanged with the home operator within about 36 hours. This leaves a big window of opportunity for criminals who often target their activity during weekends and holiday times when operators are most vulnerable to fraud.
Roaming fraud - when it does hit - hits hard. It is the equivalent of leaving for a weekend trip and returning to find the whole house flooded even though you only had a dripping tap when you left. Any loopholes are potentially exploited by criminals who will strike decisively and "flash flood" what they can in a short timeframe because they know the extent of the capabilities - and limitations - of the current reporting standard. Clearly, now is the time to form a more watertight seal to combat this fraud.
Roaming fraud has become such a concern for operators that the GSM Association (GSMA) has developed and mandated a new set of fraud detection standards for its operator members. The Near Real Time Roaming Data Exchange (NRTDRE) initiative has been developed in specific response to International Revenue Share Fraud (IRSF), which thrives on the clone-and-sell technique.
The new NRTDRE standard will dramatically reduce the record exchange time and make fraud easier to spot and stamp out. It's not that operators don't have systems in place to fight the risk of roaming fraud themselves, but the current High Usage Report (HUR) system is outmoded. NRTDRE has been developed in its place as the next generation of roaming fraud protection in an attempt to effectively cut fraudsters out of the picture and restore the level of security that operators need to operate successfully and - most importantly - profitably.
According to a GSMA survey of 37 operators some months ago, roaming fraud losses affect networks of all sizes and in all regions. In one instance, a single operator is reported to have suffered losses of c11.1 million in just less than two years, just one more piece of evidence that IRSF has grown to be a costly concern. This may not sound like a huge figure, given that operator turnover can often be in the multimillions or even the billions. But when you take into account that it is all a loss from the profit and not the turnover line - and cannot ever be invoiced - the percentage grows to an uncomfortable level.
In the view of many analysts, this form of fraud has grown to the point where it is not merely a minor irritant. Martina Kurth, principal research analyst for Gartner Group, recently acknowledged that "roaming fraud is a very real and present danger for operators the world over, and it is impacting their bottom lines. Any initiative that enables operators to minimize roaming fraud is, therefore, a strategic business issue on which operators must act if there is not to be further erosion into their profitability."
The GSMA NRTRDE initiative aims to replace HUR to keep operators ahead of the growing sophistication employed by the fraudsters. With NRTRDE, the visited network is required to forward Call Data Records (CDRs) to the subscriber's home operator within four hours of the call end time. If the visited operator is unable to get this information to the home operator in time, the visited operator is held liable for any fraud associated with those calls, and so there is a greater degree of motivation for all parties to make the measure successful.
This approach toward fraud is particularly important in garnering the support of the whole industry of operators because without a shift in responsibility to the visited operator, the motivation to adopt the new standard would be limited. NRTRDE is making operators more accountable for the behaviour of visiting subscribers, and where once it was hard to enforce anti-fraud protection, operators now are much more motivated to work together.
Once the home operator has received the CDR, it can detect fraud via a fraud management system. There is a record format for exchanging these near real-time records, which has been defined in the GSMA's Definition of Transferred Account Data Interchange Group (TADIG) standards document as "TD.35." Syniverse has played the lead role with the GSMA in the development of standards which support NRTRDE, serving both as chair of TADIG and as the official author and editor of TD.35, the fundamental building block of anti-roaming fraud resolution.
The adoption of NRTRDE is expected to reduce the incidence of roaming fraud by up to 90 per cent because of the closing of the roaming fraud window currently open on operator networks that use HUR. Just as importantly, NRTRDE offers operators a far more accurate and timely view of how their networks are performing against fraud.
Rather than waiting until October 2008, the date at which GSMA members are required to implement the new standard, both the GSMA and Syniverse are urging operators to implement compliant solutions today. We believe that as the adoption process gains momentum, operators who continue to rely on HUR will eventually become disadvantaged and may be prone to more attacks.
Syniverse has been taking part in GSMA trials to ensure our solution as well as the solutions of other providers have the interoperability needed for a global industry. All of the trial work undertaken thus far ensures operators can begin rolling out solutions ahead of the deadline and, in many cases, form a watertight boundary that excludes fraudsters and enables the operator to experience the cost benefits sooner rather than later.
The countdown to the GSMA's October 2008 NRTRDE implementation target date is moving closer by the day, and adoption is gaining momentum in the industry. Moreover, with the cost of roaming dropping in Europe for subscribers, it's reasonable to expect that the amount of roaming traffic will increase, making fraud patterns harder to spot and heightening the risk for those relying on HUR. In partnership with the GSMA, we believe the time to start forming a more watertight seal to combat sophisticated fraud is clearly now as the industry moves to protect not only the operators' revenues but also the future of roaming for subscribers worldwide.
Eugene Bergen Henegouwen is Executive Vice President, EMEA, for Syniverse Technologies