Report from the PITA Fraud Forum

Telecoms is a huge part of the global economy but RAFM is a small and specialized niche. As a consequence the people who work in RAFM may need to travel a considerable distance to meet their peers and discuss how much they have in common. These were the factors that motivated me to start blogging about RAFM almost ten years ago, using the web to reach out to practitioners all over the world. More recently the same desire to make connections has turned full circle, with people inviting me to faraway events because of what they read on Commsrisk. It was a privilege to be invited to travel half way around the planet to participate in the fraud forum of the Pacific Island Telecommunications Association (PITA), and I jumped at the opportunity. There I met RAFM practitioners from New Zealand and Australia as well as many Pacific islands including Fiji, Samoa, Tonga, Vanuatu, New Caledonia, the Solomons and the Cook Islands. Put simply, I went all the way to Auckland to learn that the Pacific Islanders face all the same challenges as telcos back home!

The forum discussed fraud and revenue assurance issues that most telcos have to endure, and the quality of the work done in response is similarly comparable to that found elsewhere, even though the resources may sometimes be limited because the Pacific telcos serve relatively small populations. The conclusions I reached were that the best work done in this region deserves to be shared much more widely, and we need to redouble our efforts to collaborate with specialists everywhere. We owe it to ourselves to recognize all accomplishments in our field, even when (or especially when) they are achieved by the remotest telcos. We should avoid the temptation to focus solely on those regions where it is easiest to draw people to a central location.

The PITA Fraud Forum had a strong agenda spread over two and a half days. As usual I am loathe to single out presentations for praise, not least because of the high quality of all the talks that were given (with the possible exception of my own). However, the contributions made by Colin Yates and Trevor Harris deserve to be mentioned. They freely shared a wealth of knowledge throughout the course of the event, as well as injecting plenty of common sense and good humor into proceedings. Both men are consultants, and that line of work encourages some to be tight-lipped with their experience, only revealing their insights to paying customers. Trevor and Colin show how the top consultants are not afraid to display their knowledge, because they expect to gain more by forming many strong relationships and freely bouncing ideas around.

It was also heartening to listen to the highly informative presentation of Detective Sergeant Greg Dalziel of the New Zealand Police Force’s national cybercrime unit. We need the police to work with telcos, even though some taxpayers may not think protecting big businesses is the best use of public resources. The crimes that are focused on modern telcos – international frauds, money laundering, stealing identities and invasion of privacy – can devastate ordinary people’s lives, either because they are used to support terrorism or because the telco is merely a conduit to attack private citizens. And more mundane crimes like the theft of handsets can lead to plenty of upset when the devices are blocked, because people depend on their phones like never before.

One important topic we discussed with Greg was the possibility of seizing the proceeds of telecoms fraud more often. It seems that New Zealand has similar laws to those which are the subject of our UK campaign for more extensive confiscation of criminal proceeds; if either country can make progress with increasing the use of these powers then I hope the other will take notice and do likewise.

This was the third time the PITA fraud forum has met, having come together every two years since 2012. It may be hard to plan the agenda and get so many far-flung professionals to commit to the same schedule, but I believe they would benefit by seeking to increase the frequency of their meetings. Many of the frauds discussed are well-known and established, like PBX hacking and IRSF fraud. However, the pace of change is accelerating, and two years is too long to wait before taking action to counter some of the emerging threats to telco revenues. International criminals work across borders, and the nature of modern cybercrime means that any nation which becomes a weak link will also increase the risk to all telcos everywhere. We have more reason to cooperate and combine our efforts than ever before.

My talk discussed the hot topics in RAFM globally, and I concluded by describing the problem of OTT bypass. The audience reaction made it plain how much of a threat OTT bypass poses to Pacific nations. The income from international call termination is an important source of investment in those countries. My advice to all the telcos attending was that they must start a conversation with strategists, lawyers, governments, regulators and customers about OTT bypass. In particular they must instigate debate over whether laws and contracts need to be changed to mitigate the impact of OTT bypass. Monitoring needs to be put in place, and relevant stakeholders need to be warned. Otherwise the danger is that there will be a dramatic collapse in revenues but telcos and authorities will have left it too late to usefully mitigate the consequences. OTT bypass will likely lead to more rapid substitution of OTT for traditional telecoms revenue streams. Satisfied customers of OTT services will not happily revert to more expensive services if they feel that corporate greed is obstructing progress, and this will leave telcos in an untenable political position if they wait too long before lobbying governments to recognize all the consequences of OTT substitution. On the plus side, there is no reason why a small island nation cannot establish precedents which others will choose to follow. I often cite the example of Lesotho being leaders of AML regulation of mobile payments. A Pacific island nation could just as easily set an example for managing the consequences of OTT bypass.

RAFM practitioners in small telcos often find themselves wearing many occupational hats, including the management of IT security and data protection on behalf of customers. As such, they already have a head start when it comes to the trends that are pushing fraud managers to work more closely with security functions, and they appreciate the need to protect the telco’s brand and reputation as well as the bottom line. Even so, I expect the educational demands to increase as security issues become more complicated and intertwined with the work of RAFM. This is being driven by various factors, including the proliferation of smartphones and mobile malware, the growing popularity of OTT services and the increasing frequency of hacking attacks aimed at compromising customer data. Combine these trends with the increased pressure on boards to safeguard shareholder value and the risk environment is likely to evolve much more rapidly than it has before. This leads me to argue that the participants in the PITA Fraud Forum would benefit from being more ambitious in future, by seeking to meet on an annual basis.

I will also badger the organizers of the PITA Fraud Forum to join forces with the Risk & Assurance Group (RAG) in order to share intelligence and arrange joint events. This is easier said than done; the cost of flying people around the world places a limit on how much we can share speakers and develop common content. At the same time, there was much that was presented at the PITA Fraud Forum which would be equally useful to the telcos that attend our RAG meetings in London, and I always prefer the recycling of good work to the duplication of effort. Individuals like Colin and Trevor are world-class experts, so if they develop materials and share them with Pacific telcos then I want them to be shared with everybody everywhere.

Let us ensure the best work is acknowledged whether it originates in a major city in a Western country or on a small island a long way from anywhere else. The challenges we face are global in scope, and keep mutating ever more rapidly. We must seek to close the gaps between us, and to pool our combined human and intellectual resources in order to fight the fraudsters and combat emerging risks. Pursuing better and more extensive communication and collaboration was the right approach when I started blogging ten years ago, and is even more important today.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.