Neural and the New Risk Environment

Luke Taylor, CCO of Neural Technologies, is a man on a mission. When I met him in a London coffee shop, I expected our conversation would retrace the highlights of Neural’s history, as the British business celebrates its 25th year of supplying risk and assurance software to telecoms operators. However, the focus soon shifted to the future, with Luke articulating his views on where the industry is headed, and how Neural is anticipating new ways of working to address evolving challenges.

Eric: I admit I’ve long known about Neural, but not known your business well. Neural has a very solid reputation for expertise in fraud management, and whenever I’ve seen Neural’s representatives give presentations about fraud, I’ve always learned a lot, though fraud isn’t an area where I have the detailed knowledge that your team obviously does. However, I get the sense that Neural is changing the way it is seen in the market, with less of an emphasis on fraud management as a specialism, and more emphasis on how your solutions can address a variety of risks and challenges.

Luke: Yes, that’s right. We’ve always made software that is very configurable in how it analyzes data. That’s good for fraud, because you can precisely configure the system to identify frauds as specific to the requirements of the telco. Neural has done well from satisfying the fraud management needs of our customers. But we don’t want to be so focused on fraud that we exclude other goals that our software supports. Neural has always talked a lot about fraud detection as an objective, that doesn’t mean the same configurability can’t also be harnessed to meet other objectives. Our tools also support revenue assurance, and one of the other major uses of our software is managing credit risk.

Credit risk is an interesting area because, say if you’re a multiplay operator, you’ll need to understand the customer’s situation across all the services they buy, in order to properly evaluate the credit risk. If you’re doing that, it begs a question as to whether you can use that same data to do other things, like predicting which additional services a customer is most likely to buy. Is that an area where Neural would like to help customers?

Yes, exactly. We develop our products in cooperation with customers, because it’s important to have that real-world understanding to ensure the software is providing a genuine solution for their needs. The hard part can be talking to existing and prospective customers about alternative uses for your software, when you already have a strong reputation in one particular field. But it’s the kind of conversation we need and want to have.

And let’s be honest, if Neural already has close links with a fraud or assurance team that reports to a CFO, then that can make it harder to speak to the Marketing division about how they might use the same software, because of the historical antipathy between Finance and Marketing that is found in some operators. But it wouldn’t be fair for me to ask you to comment on that. Instead, let me ask you about a broader question about how you’re trying to market yourselves to new customers.

We’re keen to do more marketing. However, I’d like to turn the question around. Neural has a get-together where we invite all our customers to one place. Last year we had it in Capetown. This year, because it’s our 25th birthday, it’ll be here in London. I saw what you wrote about WeDo’s user conference, and how they’ll invite existing customers and new targets to the same event. Is that an approach you’d recommend?

It says a lot about a company’s confidence if they encourage prospective targets to meet current customers. We all know about the importance of reference sites and the like. Having worked in telcos myself, when I was looking at a new supplier, there was nothing more reassuring than listening to an established customer of that supplier, talking frankly about their experience. Let’s be honest: no project is ever perfect. But if the customer is satisfied overall, then it’s actually reassuring to hear about what went wrong. If the things that went wrong aren’t that serious, you feel more confident of success. If all you hear is that everything is perfect, or you only talk about theory instead of actual practice, then it won’t reduce your doubts at all. So let me ask you a difficult question: what is your confidence in your customers?

We’re very keen to keep our customers satisfied. Neural has not lost a customer in 15 years.

I think you’ve just made my argument for me! But seriously, you shouldn’t be afraid to let people speak to each other. One thing that happened at the Subex user event last year was that existing customers would ask each other really detailed questions about the success of various projects to upgrade software. They wanted to know about problems, issues, bugs… all the things that went wrong. Whilst the questions may be negative in tone, at the end everybody has a more positive frame of mind. Talking gives a kind of relief, because afterwards you know that people aren’t hiding skeletons in the closet.

We’re always keen to be open with customers. As you say, no project is ever perfect, so it’s good to have a healthy relationship with the customer where you feel you’re working together, overcoming the hurdles together. We want long-term relationships with our customers, and you can’t manage that without being honest. The conversation goes two ways, because you want customers to talk about what they are doing, and the things they need, so you can think of ways to address those by developing your software. I get the impression that vendors do something similar during the RAG meetings that you help organize.

Cartesian’s founders were very clever when they first offered to host a meeting for telcos interested in revenue assurance. They had a spare room, and they invited some telcos – it didn’t matter if they were customers or not – to come and meet in their building, so they could talk about revenue assurance. Cartesian didn’t try to sell anything. They just sat in the room, and listened to what the telcos were talking about. It’s a great way to get intelligence about customer needs. Those RAG meetings are still going 10 years later, which proves it was a good idea. The only downside is that it wouldn’t make sense for each individual supplier to ask the same telcos to come to lots of separate meetings to hold effectively the same conversation, especially when many suppliers aren’t direct competitors with each other. I think it’s smarter if suppliers recognize that the telco managers are busy people, so everyone is better off when they collaborate, collectively listening to the same telco-to-telco conversation. Of course, fraud management has always been better than revenue assurance when it comes to collaboration, so I always felt RAG was essentially copying what lots of fraud guys were doing on a bigger scale. For example, the GSMA Fraud Forum was obviously a great source of intelligence for people who attended. That said, I hear some people aren’t as satisfied with that meeting as they used to be.

I don’t know if people are less satisfied, but the hard part of being a vendor is that you get excluded from some sessions at the GSMA, or at other industry meetings. You’re a member of the group, you’re in the room, you’re part of the conversation, and then the next session the telcos want to talk about what’s on their fraud reports, so they ask you to leave. You come back after, but you don’t know what they’ve been talking about. We’re not there to do any hard selling. We’re trying to help, we want to know what the issues are. Obviously we’d prefer to hear the whole conversation, because, as with your example involving Cartesian and the Revenue Assurance Group, we want to be in a position to learn and improve what we offer to customers.

Knowledge is very important, both to determining your development roadmap, and to selling your services. That can lead to two ways to look at domain expertise, when you’re a supplier. You can see yourselves primarily as domain experts, and hence you build solutions to solve problems in that domain. Or you can see yourself primarily as a technology company, and so the locus of expertise is in the technology you develop, and it may happen to be that technology may be of use to solving problems in one or more domains. If you take the latter approach you still need domain expertise, but you have a different view of how it relates to the roadmap. How does Neural see itself?

The way Neural sees itself has changed over time. We’ve been proficient and active in the domain of fraud management, and it was natural to think of fraud management as being our domain. On the other hand, our technology is highly configurable, and can be used to analyze data for various purposes. We don’t help ourselves if we focus on fraud management to the exclusion of other possibilities. So I think we’re a lot clearer now, that we’re a business that develops technology, and we’re interested in realizing several ways to utilize that technology for the benefit of customers.

That’s interesting because domain knowledge also lends itself to offering consulting services, in addition to software. But the way you’re talking, you don’t sound so interested in offering consulting.

We have a consulting infrastructure, but the best approach is to partner with consulting firms with possibly a broader range of experience, knowledge, etc., and we do that, we are not afraid of collaboration/consortiums to provide the best solution. We’d like to do more of that in future. When you’re working in different parts of the world, the right consulting partner can add a lot. It makes sense to be working with the best people for each project, recognizing where our strengths lie and where others have complementary strengths.

Luke, you’ve emphasized configuration a few times. Isn’t configuring a fraud management system a lot like consulting?

I take your point. One of the benefits of our system is that it’s so highly configurable. However, for a customer, the number of choices that need to be made can feel overwhelming, especially if they’re not used to them. We’ve bid for work where ultimately the customer didn’t want all the choices we offered to them – they only wanted to press a big button marked ‘go’ and let somebody else worry about detailed decisions about how the system worked in practice.

What we’re finding is that it’s generally easier to promote the advantages of configurability to customers who already have more experience of working with fraud management systems. Maybe they’re looking to replace their first or their second fraud management system. After the difficulties caused by having limits on what their previous system could do, or the hassles of asking for coding changes to tailor the system to their needs, they feel more strongly about the benefits of a system where coding isn’t necessary because changes can be made through configuration.

Ultimately configurability is an advantage, though it does mean you need to make those configuration choices. That is a lot like consulting, and we bring a lot of experience. We want to offer customers the benefit of our experience, and we also want the customer to be engaged in making the best decisions for them. Sometimes that might involve third-party consultants, other times it’s all done by the customer and us.

The other thing about domain knowledge is that it lends itself to training. Do you provide training?

We train our customers about the product, and about the domain. We also encourage our customers to share information. Most of our customers participate in a common email group where they share information and talk to each other.

It’s important to be clear about the limits of what you know. We don’t say we can train a telco on everything, but we share whatever we can – updated blacklists, case studies, research, and so on. Our customers also do a lot to educate each other, based on the experiences they are going through.

Small telco departments can face particular challenges in training and maintaining the range of knowledge they need. Businesses like Subex are taking a stance that managed services are the way of the future. The spectrum of managed services is quite broad, ranging from supplying the servers which run the software, to actually employing the staff who remotely do the work that might have been done by telco employees. Does Neural provide managed services? How do you feel about them?

We do manage services for customers, but the managed services tend to be focused around the IT, such as the managed service we supply to the Zain group. We also get asked if we can provide managed services for the fraud analysis, and we can, but we caveat that there’s a limit to what we can do, because you need someone on the ground to have a level of awareness you cannot gain from only looking at the data in an abstract way. We can remotely go through all the cases and prioritize them, and then feed them back to someone on the ground, but you do need those people on the ground. It can’t be done purely from another country.

Talking about the strategies of other firms, there’s an argument that fraud management will undergo significant growth because of the proliferation of smartphones and all the security-related fraud issues that come with malware etc. WeDo’s parent group acquired a company called 21Sec, which specializes in security. Soon afterwards, WeDo’s Praesidium consulting division, which had a good reputation in the field of fraud management, was transferred from WeDo to 21Sec. They obviously expect that security concerns will drive growth in that general area. How do Neural see themselves in relation to security?

We’re looking at that and saying we need to get involved in security. Your phone is now a computer – you have a firewall for your work computer, but what about your phone? I’m not sure if we’ll look to acquire, but we’re definitely looking to partner with people who have security capability.

Will that be a British firm?

We will look to see if we can find a British partner, partly because Britain is seen to be quite a leader in the area of security. There’s a lot to learn, as we’ve seen ourselves. Take Hutchinson Denmark for instance. Denmark is a small country, but the amount of data we’re processing there is phenomenal. It’s all data, there’s lots of Facebook, there’s lots of downloads, huge amounts of data. We’d like to look at the security aspects: is there hacking, is there spamming, is there spoofing? We don’t know because we’re not pulling enough rich data. We collect data about customers and volumes but we’d need more to identify SMS spamming over IP, and all these other weird and wonderful things that are starting to happen. To do that we need a partner, who can complement our existing products, and will work with deep packet inspection and these other techniques, so we can go with a complete business case to the customer. And when it comes to deep packet inspection, taking all the data will be a killer – enough servers to fill the coffee shop we’re sitting in – so we’ll have to work cleverly. We wouldn’t want to have too much data – it’s not quantity but quality.

And when companies take more data than they really need, they create an unnecessary security risk.

Yes, you become a security risk in your own right. So we want to develop a business model where we process relevant information, forewarning the telco about certain issues identified from that data, and also partnering with someone who is better resourced to get involved in detailed security investigations. We’ll need to go that way because we see the telco industry going that way.

It’s about a different way of looking at telco budgets and priorities too. Instead of talking to CFOs about how much it costs to buy a fraud solution, and how much cash they will get back in return, security doesn’t involve such simple evaluations.

Poor security damages reputation, and hurts customers. We worked with Safaricom on the M-Pesa network, and could you imagine the damage to them if there were security flaws with a system like that? You’re not just talking about the amounts lost at the time, you’re also talking about how much business you’ll never receive because customers have been scared away, and you can’t easily put a value on that.

Fraud happens everywhere, and you’ll never eradicate it. People are always looking to commit fraud. Telcos need to think ahead and understand the data needed to anticipate the frauds of tomorrow. If they don’t, the damage to their business will be greater than just the value of the fraud losses, when viewed in isolation.

It’s all about seeing the big picture, isn’t it? Thanks for chatting today, Luke. You’ve broadened my horizons.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.