Bill Shock and Roaming Frauds Can Be Tackled

Like many people I attended the GSMA World Congress in Barcelona. And like many other visitors to Barcelona, my phone was stolen. This is rather ironic, as I am a director of a company that provides fraud management software to the telecom industry…

I have been in the fraud and risk business for over 18 years and am fully aware of the crimes and modus operandi of these criminals and fraudsters. However, even after all the years of travelling on business to many different countries and cities and ensuring my possessions such as phone, passport and money were always secure on my person, on my recent trip to Barcelona, the phone was extracted from my front trouser pocket without me noticing immediately.

So what does one do in such a situation? Call your telecom service provider? Call home? Alert the police? Kick yourself? Well you should certainly kick yourself and then attempt all of the others, though maybe not in the order I suggested. But what seems a simple set of tasks is actually extremely challenging. When the crime was perpetrated, it was late at night. The only means of communication has just disappeared in the greasy hands of some low-life down a side street… Once I was over the initial shock, you suddenly realise you have relied on the contacts facility on your phone to simply press a button or speak and get the right contact details for years… with no phone you now realise you cannot recall any numbers, not even your own home…

You also face more challenges. For instance, trying to find some money to make a call from one of those public phones on the street, if you can find one. You may be lucky, like myself, that they have not also taken your wallet, so you can get a taxi back to your hotel or, of course, the requisite visit to police station. The tribulations of trying to get a crime number for this offence, so one could look to get some legal recourse and also be able claim on travel insurance, is not easy by any means and actually seems impossible. It appears the Cuerpo Nacional de Policía find theft of high value handsets a minor misdemeanour and that, if I want to register this as a crime and file the relevant paperwork, I would need to know the serial number of my phone… (a piece of information always on the tip of my tongue… and a great way to stop policeman sitting at desks filing paperwork…) I could comment further, but for my sanity, and not to bore you further, I am going to move on in my tale.

After trying to understand the fables of the Spanish Law Enforcement, several hours have gone by and the sun will be shortly rising on a new day. So, with despondency, you then need to look at options to try and communicate home to cancel the SIM/phone and inform people that calling you over the next few days will be futile. At this point, it is now hours after the crime has been perpetrated. You send emails to work colleagues to assist in barring the SIM, you skype family and colleagues to tell them that you will be offline for a while. You then get some much needed sleep and look forward to a new day in a foreign country with no phone.

As you would gather, the entire episode is one you would wish to forget. It’s rather embarrassing, tiring, frustrating, you feel rather foolish and just a little abused. Sadly a few weeks later all these feelings are reinitiated. When I received my company phone bill from my service provider there was an additional GBP1,800 (USD2,600) of calls on the bill. They were from Premium Rate Service calls to Burundi. After years of discussing International Revenue Share Frauds (IRSF) with our clients, I now have my own real-life personal experience. Reviewing the bill, it seems that immediately after the phone was taken from the warm security of my pocket the SIM was placed in an automated simbox and went on to make repeated consecutive calls until the SIM was eventually barred later in the morning. At worst there should only be a maximum of three/four hours of financial exposure as there would be an NRTRDE report sent to my home network showing this unusual behaviour of calling Burundi non-stop…

So I should ask, where is this NRTRDE report? If the report had been sent by the roaming partner in the agreed timescales there would only be a maximum of three hours of calling/activity – in my case there was nearly 8 hours. Where were the processes or systems to identify this unusual behaviour on my phone? Have I ever called Burundi before? No. Do the volume of calls match my profile? No. Are such repeated calls humanly possible? No. All these questions seemed to have no positive response. I now have a large bill and am a very dissatisfied customer. I will not name the Service Provider involved, purely out of professionalism. However, this experience must be the same as that suffered by many unfortunate tourists.

All of these simple tests could be applied by the service provider to each and every subscriber whist roaming (our own Minotaur product is undertaking it for many service providers around the world). The rate of financial losses, and the number of disgruntled customers, will only increase and wealthy fraudsters will proliferate if not tackled.

There is no excuse for my own stupidity and naivety. I hold my hands up. But there is also no excuse for telecommunication service providers to turn a blind eye to this issue. They should have the duty of care to be able to protect their customers from such threats. It is not a cost to them either. With some very simple analytics this issue could be stopped dead. Alternatively, you put some of the onus in the hands of the phone owner, providing self-care portals where they set their own risk profiles whilst roaming. Whichever model, both are practical and achievable.

In the meantime I have informed my own technical team to configure a specific IRSF module that all service providers can simply plug in and use to mitigate this ongoing issue at a very minimal cost. I implore service providers to contact me to discuss how we can resolve this manageable issue or at least look at their own systems and processes to ensure they possess simple analytics that can resolve a growing issue that we should all seek to eradicate.

This article was originally published on the corporate blog of Neural Technologies. It has been reproduced with their permission.

Luke Taylor
Luke Taylor
Luke is the founder of Risk Reward Awards, an association whose goal is to encourage recognition of the best work done by risk professionals. Previously he was the Group Chief Commercial Officer and Deputy Chief Executive Officer of a risk management software developer. Luke now divides his time between Risk Reward Awards, RAG and Lateral Alliances, his consultancy business where he works with the likes of Symmetry Solutions, XINTEC, GBSDTech, Yates Fraud Consulting and Focus Data, to name a few.