GLF Wants Global Anti-Fraud Enforcement and Data Sharing

The second annual fraud report from the ITW Global Leaders’ Forum (GLF), a club for large wholesale carriers, envisions a “fraud free industry” policed by extensive automated information sharing. Presenting a refreshingly ambitious plan for how to tackle telecoms fraud worldwide, they also call for telcos to adopt standardized measures of their anti-fraud performance, and to make themselves accountable for their compliance with anti-fraud standards, possibly by hiring independent auditors.

The GLF’s report may prove to be uncomfortable reading for some other associations that prefer not to drive the adoption of more effective fraud controls. The content of the report is challenging, but the writing is superb; I wish more report authors had as good a grasp of language, technology and business. Credit goes to Delta Partners, who produced the report on behalf of the GLF, and to a long list of contributors whose pithy quotes reinforce the strong overarching message that telcos can and should do better. The report is candid about the strengths and weaknesses of current anti-fraud practices, whilst presenting a forward-looking plan for change that is firmly grounded in current realities.

One of the key takeaways is that it is no longer acceptable to treat fraud as a ‘cost’ of doing business.

It was reported by carriers that “absolutely yes, there has been an upward trend for the last three years with an increased interest in combating fraud. MNO used to be the only ones that cared, but recent history has shown that more wholesalers are getting more involved as well.” One carrier went as far as to say fraud was comparable to price in importance noting that “more people realize that fraud is just as important as cost/quality.”

Competition between telcos means fraud must be driven down to protect customers, profits and reputations. The current era demands telcos that are lean and efficient; we can no longer assume there will be plenty of fat to feed to criminals alongside our employees and shareholders. This leads to the paradoxical conclusion that price should no longer be the sole basis for choosing a wholesale carrier, because the harm done by fraud outweighs the modest gains from using the cheapest provider. The report argues that perceived call quality is badly affected by fraud, with the result that customers have become more willing to change carriers.

Wangiri receives a lot of attention in the report, having grown rapidly in recent years. However, the authors argue wangiri may have reached a peak, with far fewer telcos reporting a rise in wangiri compared to last year’s report. More action is needed though, with the report identifying the reactive nature of current anti-wangiri programs as a serious issue that needs to be addressed. Telcos can only currently block wangiri calls after establishing a pattern of abuse from the calls that have been connected to end users.

Carriers have to collect enough data through identified fraud destinations – typically after one or more successful fraud transactions occur – before they can establish a pattern and block calls. Once a number is blocked, the fraudsters can then just migrate to another premium-rate number and restart the pattern. Wangiri can be difficult to identify and block because the nature of the fraud takes advantage of customer behavior to return missed calls. The customer unknowingly end-up being the initiating source of the fraudulent traffic.

The GLF is keen to propose industry-wide solutions that would more effectively prevent wangiri before end users are put at risk. They also observed that robocalling scams, like wangiri, are ‘top of mind’ for many telcos. Both are embarrassing problems that have rapidly worsened. Though the report gives a superb analysis of the current fraud environment I felt this was one area where the report writers could have been more specific in targeting the root causes and highlighting the increasing dangers. Whilst much thought is applied to automating the way telcos guard against fraud, we should also be mindful of the extent to which criminals will increasingly use automation to pursue their objectives. Both robocalling and wangiri are rising in popularity because the technology of crime is more accessible than ever before.

This report is unusually strong at diagnosing the challenges that lie in the immediate future. Human fraud analysts will not be able to cope with the increased burden stemming from: a rise in the total number of network transactions; the increase in the number of devices connected to the internet of things (IoT); the vulnerability of IoT devices; the rising use of bots and virtual machines to execute fraud; and the increased likelihood that a customer’s phone will be hijacked by malware. 5G also gives rise to new risks, such as the abuse of network slicing. Thankfully, the report writers were equally adept at proposing solutions to the emerging problems.

The authors present a robust case for technology coming to the aid of embattled fraud managers. For example, the reader’s attention is drawn to the way eSIMS could support superior controls compared to the pieces of plastic that are easily swapped from device to device. Network virtualization is said to be amenable to the adoption of risk mitigation strategies that are more flexible and configurable than ever before. Artificial intelligence and machine learning will lead to the identification of frauds that would be missed by human analysts. Big data, automation and blockchain are also highlighted as technologies with an important role to play in managing the risk of fraud. The overall theme is that these technologies will shift the balance of anti-fraud work from detection to prevention, which can only be a good thing.

The GLF already encourages carriers to adopt the i3forum’s robust KPIs for fraud management. These include measures of the value of fraud prevented as well as that detected. This report builds upon that foundation by explaining why increased alignment and transparency will enable superior collaboration, further contributing to the trend where customers show their preference for carriers that better prevent fraud. Blockchain ledgers are singled out as a key technology that will encourage far greater information sharing than carriers have been willing to support before.

The encouraging conclusion to the report consists of a realistic but bold roadmap for change. This will involve the widespread adoption of information sharing between telcos to highlight the sources of fraud. The report writers anticipate that telcos will voluntarily become more accountable for compliance to anti-fraud standards, not just saying they abide by the rules, but demonstrating that they do. I was especially pleased to see the GLF is willing to countenance external audits of anti-fraud compliance, not least because many telco fraud managers lack the courage to welcome robust enforcement of standards they should already embrace.

Whilst other anti-fraud bodies are content to passively report on the frauds their members have already suffered, the GLF is offering a forward-looking program for defeating fraud. This is exemplified by the following quote.

The best way to combat the collective methods of fraudsters around the world is learn from as many instances of observed fraudulent traffic. Carriers recognize that collectively they will be more effective in reducing the value and impact of fraud. Creating and sharing data through the following actions will succeed in creating a fraud-free industry.

Bravo! Anyone with an interest in telecoms risk should read this informative and readable report from the GLF and Delta Partners. You can download the complete report from here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.