What Does the Subex-ElevenPaths FMaaS Do?

ElevenPaths, the cybersecurity unit of Telefonica, has announced they will partner with RAFM vendor Subex to deliver a Fraud Management-as-a-Service (FMaaS) solution. That much you can read from the press release on the Subex and ElevenPaths sites. What might be harder to determine is what the FMaaS actually does, and what each business will do as part of their partnership.

The solution addresses Subscription Fraud, Internal Fraud, Premium Rate Service Fraud (PRS Fraud), and International Revenue Share Fraud (IRSF), amongst others. Additionally, ROC Fraud Management technology deployed by Subex will deliver the ability to deploy client-specific detection processes, techniques and strategies, based on particular business needs at each site.

That sounds pretty good. On the other hand, nobody but a total moron would notice the phrase ‘internal fraud’ without questioning which internal frauds will be addressed. Many internal frauds are bound to fall outside of the solution’s capabilities because there must be a million kinds of internal fraud and only a dozen will be susceptible to data analysis of the type that Subex offers. It is also unclear why ‘client-specific’ detection is additional; are they suggesting there is a solution that is guaranteed to address lots of frauds generically, no matter where it has been implemented?

I know what Subex does: they write software. So it is not too hard to guess what Subex delivers as part of their partnership with ElevenPaths. It is less clear what Telefonica’s cybersecurity unit will contribute to the deal. This is what their CEO, Pedro Pablo Perez García, said in response to the deal:

Compared to traditional solutions, the enablement of FMaaS will ensure much faster deployment times, providing far more flexibility, easier access and agility, to our business operations. Subex’ (sic) capabilities together with ElevenPaths’ expertise in the development, deployment and operation of antifraud products and services across the world, will enable us to deliver customised Fraud Risk & Business Resilience though a best-of-breed Adaptive & Convergent Fraud Risk Management Solution. This, in turn, will help our customers deal with fraud risks more quickly and effectively.

Putting it another way, the ElevenPaths CEO is saying the new FMaas will be faster to deploy, more flexible, easier to access, and more agile than the software that Subex traditionally sells. But he probably would not choose to put it that way. He acknowledges that Subex has some ‘capabilities’ which complement ElevenPath’s expertise in development, deployment and operation of antifraud products and services… which makes me wonder what happened to Subex’s expertise in the development, deployment and operation of antifraud products and services. Did Subex forget how to do that kind of thing? Does ElevenPaths only do things that Subex can also do? What makes this a good deal for both firms and their investors?

Do not get me started on why businesses cannot employ proofreaders for their press releases. “Fraud Risk & Business Resilience” is not a proper noun, so should not be capitalized. And good luck to anyone who thinks “Adaptive & Convergent Fraud Risk Management Solution” means anything except that the writer never learned how to use the word ‘and’ in the English language. In my experience, proofreading is cheap! Even if the proofreader has no idea about the technology or the business proposition being described, he or she will explain that “an average of… 350 million accesses” is going to mean nothing to most people (on average).

My last paragraph may seem petty, but it gets to the heart of the problem. These businesses are often trying to pitch something complicated and niche. If they employ people who lack basic English language skills then they make their difficult task even harder still. I suspect part of the reason why these gobbledygook announcements have become so common is that nobody has the courage to question the basic grammar of what is supposedly being communicated, never mind challenging whether a typical reader will understand the business proposition that has just been outlined.

This reader thinks that perhaps:

  • Subex’s fraud software will be offered over the cloud;
  • that the cloud will be secured by ElevenPaths; and
  • that most Telefonica opcos will be encouraged to use the software.

But if that was what they were trying to tell us, they could have done it in just 29 words, because I just did. And if that was not what they were trying to tell us, then I do not know what they were trying to tell us. Good luck to anyone who thinks they do.

Eric Priezkalns
Eric Priezkalns
Eric is a recognized expert on communications risk and assurance. He was Director of Risk Management for Qatar Telecom and has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and others.   Eric was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He was a founding member of Qatar's National Committee for Internet Safety and the first leader of the TM Forum's Enterprise Risk Management team. Eric currently sits on the committee of the Risk & Assurance Group, and is an editorial advisor to Black Swan. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.   Commsrisk is edited by Eric. Look here for more about Eric's history as editor.
  • Andy Mayo

    I think that this article poses more questions than it provides answers. The question that I think now needs answering is ‘why seek the answers from your readers, rather than the companies in question?’ If you’d asked them in advance of your publication, it would have made for a far more informative read, i’m sure (or have i misinterpreted the point of the site?!).

    It also seems slightly perverse to be admonishing the issuers of the press release for their grasp of the English language when choosing to use the American spelling of ‘capitalise’…! Or maybe it wasn’t a choice and perhaps it just wasn’t proof read thoroughly…?!

    • Andy, your argument would be more impressive if you had a better grasp of the English language. In British English -ize spellings long predate -ise spellings. As with many words in British English, the writer has an option, both of which are correct. The spelling of words in British English has literally nothing to do with Noah Webster’s decision to standardize American English by only adopting the -ize form. The superior ancestry of the -ize spelling leads British scientific and academic bodies like the Oxford University Press to continue to adopt -ize in current use. It’s a common misconception that -ise is the only acceptable British English spelling, promulgated by people who seem to suffer from some subconscious anti-American bias (and a lack of education about their own language).

      Of course some people are capable of swapping from British English to American English. Though not routinely enforced on all contributors to Commsrisk, the overwhelming majority of articles are written in American English. Do you have a problem with that?

      Commsrisk has long been read worldwide, so questions about the ‘correct’ styling are far from new. The largest Commsrisk audiences are consistently found in the USA, UK and India, though the order of the top three keeps changing. Though British English spellings are more conventional in India, I adopt the practice of writing American English for my own articles, and I wouldn’t consider it helpful to change style just to reflect the subject of the piece.

      Irrespective of the choice of language, I am sure the Subexians reading this article will still understand this article perfectly well. That is why I can use this website to communicate with them publicly – I know there are many Subexians in the audience – rather than spending a large amount of time engaged in a tedious private conversation about a fluffy trivial press release. They can respond publicly, if they like, and they sometimes have in the past. I prefer that approach – a public, transparent dialogue – to worrying about how I might satisfy one lone person with an exaggerated sense of his own importance.

      • Andy Mayo

        Thanks for the prompt response, Eric. Just to be clear, my post wasn’t intended to be impressive. After all, I have no need to monitor page impressions, click throughs or the like.

        I’m also grateful for the history lesson, like they say, ‘you learn something new every day’. I’d like to say it was an impressive lesson, but I try to steer clear of hyperbole.

        I hope some of the Subexians do take the opportunity to comment publicly, it will make for a more rounded (also transparent) piece of writing, after all.

        And if you’re not interested in peoples’ comments, no matter how self important or not people might think they are, it could be an idea to disable this functionality from your site.

        • Why would I deny everybody the chance to leave a comment when I can simply bar individual trolls? But the truth is I like trolls like you, and it’s not just because you wanted to correct my spelling but made a fool of yourself in the process. This exchange confirms two facts I would like everybody to know:

          1. Commsrisk attracts readers with big fancy job titles from big global telcos.

          2. I’m not the kind of fawning sycophant those people are used to.

          • Andy Mayo

            Oh, Eric. There was no trolling here. If you thought there was then I apologise. Or perhaps I misunderstand what trolling is. Either way, I’m sure you’ll explain for my benefit. Maybe I’ll learn two things today.

            I don’t feel foolish as a result of trying to engage with you over one of your articles, like I said in my prior comment, I learned something about the history of -ise/-ize today. So, I feel enriched, if anything.

            In the interests of openness, I’m not sure what you think my job title is, but I can confirm it’s neither ‘big’ or ‘fancy’.

          • Apology accepted. Let’s draw a line under this episode.