Addressing Old Telecoms Frauds

It was an absolute pleasure to be invited to the RAG Nairobi conference this past week, so generously hosted by Safaricom. I believe it was one of the strongest and most stimulating RAG events I have attended. So to both Safaricom and the RAG Committee, Asante!

It was also a privilege to be asked to participate in two of the panels, although given how long we stayed up reminiscing and putting the world to rights at the Sankara hotel on the final evening I have to seriously question the use of the moniker ”Wise” to describe anything I am involved in.

This is my first article for Commsrisk and it is long overdue – I have been promising Eric something for many, many years but it was probably the brief conversation I had with the prolific Joseph Nderitu that gave me the impetus to put fingertip to keyboard.

This article will not provide an exhaustive catalogue of how to address these Frauds but rather, drawing on the content of the RAG Nairobi conference, a collation of some of the approaches discussed and presented. I will also attempt to offer an explanation to a question that was asked but remained unanswered during the event: “why has our industry failed to mitigate Bypass and Wangiri frauds effectively?”

Bypass Fraud

By way of a brief introduction to the uninitiated, this fraud occurs when a voice call is intercepted and not delivered to the operator that hosts the called party. It thus avoids the traditional operator termination and settlement process. The called operator therefore loses revenues, and the customer often suffers a degradation of call quality.

Lack of Collaboration

There is a disincentive to collaborate – it is far easier to push the problem to a competitor’s network than for competitors to meet and discuss strategic solutions to the issue. As I observed in the “Wise Heads” closing panel at RAG Nairobi, this is akin to the scenario in that rather old joke where Bob and Joe are walking in the woods. Bob sees a bear and immediately gets some running shoes out of his backpack and starts putting them on. Joe turns to him and points out that he is never going to be able to outrun the bear, even with the running shoes. Bob says “I don’t need to outrun the bear, I just need to outrun you!”

As an industry there is an assumption that these frauds are systemic and can never be fixed because the profits being made through them are so high that the fraudsters will always find a way to make them work. How can we know this with any certainty? If we are honest with ourselves, we have rarely made the necessary coordinated effort. Currently there are more initiatives and examples of inter-operator collaboration to tackle Fraud than there have been in the past, but these are most effective when all the operators in a country are committed and this behaviour is not currently widespread. I am certainly more hopeful that operators are moving in this direction, especially with the impetus of RAG clearly demonstrating that the sharing of knowledge strengthens all of our businesses, operator and vendor alike.

Profit, Profit, Profit!!

We are all well aware that there is massive pressure on margins – networks are just as costly to build and maintain as ever but competition is driving down prices in all markets with regulation capping prices as well. Operators inevitably seek to reduce cost to protect margins and one of the chief variable costs that can be targeted is interconnect cost. The result is that operators put pressure on interconnect carriers to lower prices. If prices are not lowered then the operators seek new direct relationships with other carriers.

Unless carriers are willing to reduce their own margins they will only be able to offer lower prices to operators by seeking cheaper routes for their traffic. At some point in this chain, the only way to lower prices and maintain margins is to lower quality. This means handing the traffic over to a disreputable carrier who will use some form of exploit, be it a SIM box, grey route or refiling to achieve a low cost.

Operators are even directly engaging with OTT Bypass operators and at the same time they complain about the losses inflicted on them by disreputable carriers and fraudsters. Ironically, Revenue Assurance activity can also contribute to the pressure to lower these costs if it focusses purely on the adoption of least cost routing without also carefully considering the wider impact on quality of making a choice based purely on input price. It is entirely unreasonable to expect others in the industry to behave ethically and in the interests of the industry as a whole if you, yourself, do not.

Lack of a Holistic Approach

Of course there is also the case that the RAFM departments could be doing more. There are still not enough operators using multiple detection methods:

  • Active detection; using Test Call Generators to detect calls terminated irregularly.
  • Passive detection; analysing CDR data to identify behaviours associated with bypass activity.
  • Using signalling to identify grey routes, refiling and bypass activity.
  • Further analysis and/or machine learning once a fraudulent SIM has been discovered, to identify other SIMs that are exhibiting similar behaviours on the network.

Fraudsters adapt rapidly to the techniques we employ. Having multiple detection techniques is analogous to sheltering from a rainstorm using multiple, overlapping umbrellas rather than a single sheet of canvas that could tear at any given point in time.

Additionally, due to the massive profits being earned by these fraudsters, it is almost certain that internal staff have been compromised, possibly including members of the Revenue Assurance and Fraud Management teams. Other than the RAFM teams, staff working in Networks are likely to be targeted in order to reduce the effectiveness of TCG techniques. Sales and Distribution teams, including not only dealer partners but also internal staff, may be directly involved in supplying the massive numbers of SIM cards required for the fraud. In some cases they will supply SIM boxing equipment also. Operators need to get better at identifying criminal syndicates working within their organisations. This is not beyond the bounds of capability given the modern technologies available to us.

Safaricom identifies fraudsters, dismisses them from the company and reports the results publicly. This is a good initiative and more operators need to follow suit. They need to ensure that the employees are prosecuted where possible. This will prevent the fraudsters repeating their practices somewhere else.

Creating a real deterrent through effective forensics and disciplinary action is essential but it is also necessary to pay a decent wage to all staff, from Customer Service Agents upwards. If staff are well paid they have a significant disincentive to risk their income by colluding with criminals.

As MTN’s Anthony Sani pointed out during his joint presentation with Symbox, KPIs must be used to drive the desired behaviour within the business. It follows that selecting the wrong KPIs will drive the wrong behaviour. There are still Operators that target Gross Adds as a strategic KPI, rather than being focussed on ARPU. Giving bonus payments to the sales force, be they internal sales staff or the commissions paid to dealers on Gross Adds, actively encourages them to sell SIMs to fraudsters, who need them in large volumes. Setting more imaginative targets based on revenue contribution will help to reduce fraud. It is also sensible to claw back commissions and bonuses paid for fraudulent connections to the network.

It will be difficult to build a business case that is believed by the executive community if the wrong KPIs are used to report on the effectiveness of anti-bypass activity, or if the positive benefits are overstated. That business case is a vital component of persuading an organisation that they should invest in multiple tools and techniques to tackle fraud. It is a mistake to tell the executive community about operational metrics that do not really speak to the overall effectiveness of your solutions. Neither a CEO nor CFO will see much value in reports about the number of SIMs detected and blocked each week, or figures about the time taken to identify and block a SIM. What they want to know is the benefit to their business. Tell them about balances on the blocked card that have been recognised as revenue. Or let them know about the sustained improvement in interconnect revenues that flow from your work in Fraud Management. The latter metric is a complicated calculation but it is possible to at least construct an approximation that will be accepted as conservative and reasonable.

The final reason this issue has not been effectively addressed is the possible involvement of regulators and/or governments in some markets. They should respond to the argument that customers, operators and the whole country would benefit from higher tax revenues following a reduction in fraud. If regulators and governments ignore this argument it suggests there are decision-makers who benefit from crime. I have seen evidence of this myself in two African countries and one European country.

Wangiri Fraud

This occurs when a customer is dialled, often by automated call diallers, and then the call is terminated after a single ring. This leaves a missed call notification. Many customers will impulsively call the number back. The number they have just dialled is typically an international premium rate number, leading to substantial charges.

Lack of Ownership of the Problem

It is laughable that some suggest contracts should be so inflexible that customers must always pay for calls they have been tricked into making. The belief demonstrates that operators keep failing to take responsibility for historic issues. This is the very opposite of the behaviour you would expect from a modern operator focused on improving customer experience in order to build trust and loyalty amongst its customer base. Morgan Ramsey of Vodafone offered a better way forward. He explained how Vodafone UK detects Wangiri, then informs the customer of the fraud. The cost of the call is refunded proactively. Vodafone hence sets a good example that other operators should follow.

There is also a role here for regulators and carriers – they allocate the number ranges and the premium rate numbers themselves. Contract clauses relating to artificial inflation of traffic should be more standardised and more strictly worded. They should then be enforced by operators whenever fraud has been proven, with a view to ensuring the entire carrier revenue chain is engaged with the task of clawing back revenues from the owner of the premium rate number.

The premium number ranges themselves should be allocated in clear, understandable blocks and not allocated outside of these ranges. Ideally, destination countries that fail to even attempt to regulate themselves in this manner should be blocked entirely until they fall into line. However, this is an approach that would be almost impossible for an operator to adopt unilaterally.

That these steps haven’t been taken is a major part of the reason that this Fraud has been around as long as we can all remember – there has always been a massive financial incentive to do nothing about it. The end customer should no longer tolerate this behaviour.

Until the regulators and carriers catch up, the operators themselves will have to do more. Detecting and reacting to the fraud to improve customer experience is a step in the right direction but it falls short of providing the ideal customer experience. Only a tiny percentage of customers actually ever want to dial an international premium rate number. Even on my wildest evenings in my early twenties, dialling such a number was not something I considered after I had staggered home from the pub.

Associating these numbers with a destination and barring them by default would allow users to opt-in to the service via their online portal, a USSD code or SMS. This also means that the operator must know about all international premium number ranges. There are databases with this kind of information. BIAAS maintain a very detailed and comprehensive database, as available through a free proof of concept with RAG. Another RAG sponsor, iconnectiv, also maintains such a database.

Wangiri has a very distinctive pattern which makes it easy to detect through signalling: allowing the call to ring briefly and then terminating the call. When these are seen in volumes an analysis of the presented calling party should identify the offending premium rate numbers. With that detection in place it is important to ensure there is a feedback loop back to the configuration of the platform barring these numbers where premium rate numbers are found hiding within standard number ranges. Associating new numbers with such a destination band is one of the simplest and quickest changes that can be made on a rating and billing platform.

Finally, operators must take some responsibility for the education of their customers. I will admit that I rarely read anything that my UK, Bulgarian or South African operator sends me. But operators still need to try to reach out to customers. Supplying information to customers will help more of them to make the correct decision, and ignore Wangiri calls. Customers are also helped by the “true caller” functionality that is present on the latest version of Android, and apps that work similarly.


There are substantial shifts in attitude that are needed from the operator and carrier community to address these frauds properly. The shift needs to be two-fold. Firstly, we need to understand the end customer and appreciate that in today’s highly competitive markets the customer experience must come first. Secondly, we must embrace genuine inter-operator collaboration.

Wangiri Fraud is a terrible customer experience. Operators that do not address it will have no option but to absorb the cost for themselves or risk losing their customer permanently. In the case of Bypass Fraud, it is critical that operators perform a cost-benefit analysis of the multiple detection and prevention techniques.

For both frauds, collaboration and the sharing of information between operators would be a significant step forward, but it will require them to set aside their competitive instincts. Additionally, operators need to invest equally in the required tools and techniques. To do otherwise would represent an attempt to free ride on the investment made by peers, and would quickly undermine collaboration.

Marcus Bryant
Marcus Bryant
Marcus is a consultant who specializes in Business Assurance, predominantly serving clients in Africa and Europe. He has worked with such firms as MTN Group, MTN South Africa, Mascom Botswana, Ericsson, T-Mobile, Vivatel, cVidya and Vodafone.

As a graduate in Economics with a focus on financial statistics and econometrics, and having spent his early career developing reporting solutions and reconciliation tools, Marcus found he naturally transitioned into revenue assurance during the early 2000's. He maintains a passion for RAFM strategy, framework and methodology development, and measurement and quantification.