Don Reinhart of LATRO Services wrote a fascinating blog earlier this year, and I am still digesting its implications for RAFM. Put simply, Don does not want customers who expect to always detect fraud, and so set targets that demand high levels of fraud be detected. As a consequence, those customers plan to fight a continuous but losing battle, when they should implement a strategy that will defeat the fraudsters.
Beating the fraudster is pretty simple. You just have to be faster than them. If you do not detect fraud before the fraudster makes a profit, you are not beating the fraud. When you detect the fraud faster than the fraudster makes money, you take away his profitability and reason to commit fraud in the first place. I doubt there are any fraudsters paying out of pocket to operate SIM Boxes because they enjoy doing it.
You see, the reason we turned down business already in Q1 is because the prospective client insisted, they wanted us to charge for our services based on number of SIM Box detections. Unfortunately, the Test Call Generation industry has conditioned many Fraud Managers to focus their SIM Box Bypass control KPIs on detection counts. That is insane. Anyone that wants to beat fraud will not incentivize their team and vendors to produce a continuous trend of detections. If your SIM Box detection metrics are consistent or growing over time, that is an indication you are not beating fraud. It is an indication that your TCG and CDR Analysis controls are too slow. At LATRO, we want our clients to beat fraud, not just meet their monthly detection KPIs.
I have written about this tension many times before, and the same pattern is found in revenue assurance and cybersecurity too. This syndrome recurs because of the dilemma created by doing such good work that you put yourself out of a job. If the root cause of a problem is dealt with permanently, or a threat is successfully eliminated, then there is no need to keep employing people to manage the issue. Many calculate it is better to allow the symptoms to persist, because it maintains the perceived need for them to keep doing what they have been doing.
This defeatist mode of thinking tries to present itself as a success, but the downsides are apparent if we look carefully enough. It manifests itself in measures of leakage that exhibit a ‘sawtooth’ pattern, where a period of sustained improvement must be followed by a sudden change that reports many new leaks not previously identified. The self-defeating attitude also leads to complaints about the poor design of systems of processes, but secretly wants practitioners to be excluded from design choices so there is greater need for an operational team to continually mitigate the consequences. I have previously compared this phenomenon to the difference between running a healthy business and taking drugs to medicate its sickness.
Most recently the tension between good and bad practice has been exhibited by corrupt governments and regulators, such as those found in Tanzania. They routinely insist they have done a tremendous job to reduce previously stratospheric levels of fraud, but the following year they state they have eliminated even more fraud than they did the year before.
Adopting a model of endless failure is unfortunate, because the job security created also results in a dead end for the practitioner’s career. No person achieves their full potential by repeatedly performing the tasks from year to year, especially if they are only performing them because of a deliberate refusal to implement a lasting solution. However, the worst result is that bad practitioners have created not just dead-ends for themselves, but also for the employees that follow them. They have trained the telco to be dependent on poor work, and so make it difficult for their successors to reverse course.
Perhaps this flawed attitude may result in 10 or 20 years of employment, but what happens when circumstances change so greatly that the root cause is eliminated for other reasons, such as the decline of usage assurance because of a switch to flat rate charging, or a decline in simbox fraud because of a change in termination rates? That is when the practitioner may regret milking old issues, because they have not shown they can adapt to new challenges.
Some people are weak. Others are corrupt. Not every person will have the same courage as a guy like Don Reinhart, who is willing to forego business if it otherwise means shackling himself to targets that demand failure. My concern is that the underlying problems are driven by the absence of professional standards of behavior, in the same way that a dentist who is not properly monitored will perform unnecessary dental work in order to increase his profits. We have a problem with bad incentives becoming the norm. Not only are we failing to debate the necessary standards, our discipline has repeatedly elevated unethical charlatans who encourage the adoption of incentives for bad behavior because it suited them in the short term.
I see few signs of a necessary debate, and even fewer signs of a common terminology to represent the complicated concepts that need to be understood to distinguish good practice from fundamentally dysfunctional behavior. People like Don understand the issues, but how we can force bad actors out of our discipline, and stop them polluting and corrupting the work of others? That is why honest professionals should all be contemplating Don’s paradox, and doing more to raise awareness of the conflict within our field.