The Synergy of Billing Verification and Fraud Management

In this post I would like to provide a different perspective on the supposedly separate disciplines of fraud management and billing verification and to show that there is significant synergy to be gained by an integrated approach. Another objective is to obtain the feedback of the RA community.

Fraud management systems (FMS) and billing verification (BV) systems are among the technologies available to RA managers at telcos. Each technology tackles a different aspects of RA – fraud management handles mainly external attacks on the SP’s revenue while BV handles internal failures due to human error, misspelled product/tariff specifications or misinterpreted business rules.

Fraud management is a “cat and mouse” game between fraud perpetrators, usually well organized and technologically sophisticated criminal groups, and telecom service providers (SP). FMS comprise a large family of techniques that aim to tackle the wide variety of types of fraud. However, there is no final victory possible for two reasons: (i) New types of fraud are regularly invented and new fraud opportunities are created by the service and technology advancements of telecom networks, (ii) FMS have inherent technological and manpower limitations. Practical FMS discover new types of fraud after considerable damage has been done and are expensive to purchase and operate, as they require highly skilled manpower in order to be used effectively. One major shortcoming of FMS is that they can’t accurately prioritize quantitatively the revenue losses due to fraud, so system operators may waste much time chasing after the less costly frauds.

RA/BV systems has traditionally been viewed as a financial audit tool rather than as a fraud management technique. I would like to show that BV can enhance the capabilities of existing FMS by (a) detecting frauds missed by the fraud management system, (b) detecting suspected fraud patterns earlier, (c) helping tune the FMS’s detection algorithms to changes in legitimate customer behavior in order to avoid false alarms, and (d) assisting with content and eCommerce fraud prevention. The BV system’s ability to monitor and reconcile all of the SP’s revenue streams and to prioritize revenue loss sources are especially important. They enable the SP’s fraud management experts to focus their efforts in fruitful directions.

Both fraud management and BV systems process CDRs at a different stage and format. FMS process mainly raw CDRs or SS7 events, while BV systems process CDRs that are revenue bearing events and contain customer related information for billing (e.g. calling circle discount indicators, cell info, package info and much more). After the initial step of CDR collection, the information is processed quite differently in these systems. In addition, FMS are usually operated by technological experts while the BV systems are operated by personnel with a financial background.

I want to think that the performance of FMS can be improved by using effectively the capabilities and information available from BV systems.

The main desired features of a fraud management system are the following:

  • Real-time monitoring of the network to enable proactive prevention of fraud as it happens, rather than reactive “management” of the fraud
  • Coverage of a maximum number of the SP’s customers and of different types of fraud
  • A minimum of false positive alarms
  • Ability to detect new types of fraud quickly
  • Efficient case management
  • A minimum total cost of system ownership (TCO)

BV systems can play two major roles in the fraud management process by offering :

  • Enhancement of the fraud detection capabilities of the FMS
  • Interfacing the FMS to the business processes of the SP to achieve a better overall systems integration

The BV system has the capability of detecting unbalanced revenue flows into and out of the SP’s system. Such an imbalance may result from a number of causes, one being fraud. So the basic question that needs to be asked is whether there are fraud types that create such revenue imbalances. The answer is positive. The following are two examples, one of fraud and one of service abuse.

Example 1. Internal fraud
Internal fraud is a generic name for several sub-types of fraud. These frauds are tough to detect because they are perpetrated by people from inside the organization who know where the network’s loopholes are, and because they usually are not detectable by systems that rely on obtaining CDRs from SS7 signaling probes. The examples illustrate some typical internal frauds and how they affect the revenue flow:

An account is provisioned in a network switch, but not in the billing system -> Calls are not charged

Incorrect setting of subscriber service category -> Calls are charged at a lower rate than they should

The affected SP has to pay to various interconnect and content partners, yet does not collect the amounts due from the retail customer.

Example 2. Service abuse
A SP did not charge the retail customers for the first few seconds of use of a particular premium rate service. This enabled fraudsters to install automatic call generators that placed a high volume of calls of short duration to accomplice premium rate services providers in another country. So the SP did not collect any retail revenues but had to pay for such calls to its interconnect partners. This is a classic premium rate fraud, but in this case the fraudsters were simply taking advantage of a service loophole and were not breaking any law.

These types of frauds and service abuses would be discovered by the BV system within one billing cycle. In real-time systems they would be discovered much earlier.

In some cases it may be possible to replace FMS algorithms with BV system rules and rate parameters, reducing the processing load on the FMS. For example, one of the toughest and most prevalent types of fraud is subscription fraud, where a false identity is used to open an account with a SP and to obtain services until the SP realizes that there is no intention to pay for such services. A BV system could check the reasonableness of the call pattern (how fast are charges accumulating, are they accumulating at all times of day and night, are they all to the same destinations, are particular services used unusually frequently, does it match known patterns of behavior of any other known legitimate customers, does it match known patterns of fraudulent behavior, etc.). This check, based on the single variable of price/revenue, would be easier than a multi-field check of CDRs.

Enhancement of the fraud detection capabilities of the FMS has several aspects:

  • Detection of frauds missed by the FMS
  • Early detection of suspected fraud patterns
  • Helping tune the FMS’s detection algorithms to changes in legitimate customer behavior
  • Assisting with mCommerce and content fraud processing

In my view the proposed approach can contribute to the achievement of each of these goals.

David Leshem
David Leshem
David is an expert in enterprise solutions: billing, profitability, business intelligence, customer retention, churn and revenue assurance.

Away from the office, David is a keen photographer. Visit to sample his photographic work.