BEGINNERS GUIDE TO UNDERSTANDING ROAMING FRAUD IN THE DEVELOPING MARKET
IN THE BEGINNING…there BEGINNING…there was Roaming.
Or maybe the title of the chapter isn’t quite apt since International roaming only became technically
possible in the early 1990s as of the launch launch of GSM though. Working in the Fraud Management unit unit and specializing on Roaming fraud, I have come to discover that it is one of the highest revenue earners in telecoms and also contribute to major losses; however the home network bears all the risks but must share revenue. The visited network is only liable where it fails to send required fraud alerts on time. Wikipedia on Answers.com described roaming as a general term referring to the extension of connectivity
service in a location that is different from the home location where the service was registered. Roaming ensures that the wireless device is kept connected to the network, without losing the connection. Roaming can be classified into several groups/types, in fact according to Wikipedia, there are eight (8) types of roaming but for the sake of this document we shall concentrate on International Roaming. Put simply, International Roaming offers subscribers the facility to use a mobile phone outside the country in which the user has a contract and it is noteworthy to know that it is used by over 80% of the world’s mobile operators. Mobile operators conclude ‘roaming contracts’ between themselves in order to provide opportunities for
making calls and receiving calls from abroad, and in this way the operators can charge the call on the ordinary telecom bill without the foreign operator needing to send any bill to the end user. Roaming contracts govern, among other things, the compensation the operators charge each other for allowing other operators’ foreign subscribers to use mobile telephones in their own network.
International roaming, which is the core of this article, can be split into two parts:
Inbound Roaming are the calls received, etc when on a different network than your home
network. A lay mans definition could be roaming activities carried out by say a Ghanaian visiting Nigeria. So to us at Airtel Nigeria our Ghanaian visitor is an inbound roamer. Outbound Roaming is the exact opposite of Inbound Roaming. In this case Nigerian subscribers s ubscribers are roaming on foreign networks.
Inbound Roaming activities are in the hands of our roaming partners, as it falls on them to flag any suspicious usage; unless such anomaly’s are flagged the roaming partner bears all liability. Conversely we shall focus mainly on Outbound Roaming since major fraud takes place here and revenue running into millions of dollars can be lost. Our country of interest of-course will be Nigeria. The first time I understood what roaming entailed, I was truly amazed at the seamlessness of it all, (everything being equal that is); You are a subscriber (prepaid or postpaid), you plan to travel and want to roam when you do so, you request for roaming from your local operator, roaming is activated and bingo…you can make and receive calls, send sms and even use data in a geographically different zone all on your own MSISDN (your mobile mobile phone number). It offers the convenience of of a single number, a single bill and a single phone with worldwide access to a number of countries. It’s quite fascinating when you think about it.
BEGINNERS GUIDE TO UNDERSTANDING ROAMING FRAUD IN THE DEVELOPING MARKET
But here comes the snag and you guessed it… roaming charges. This is both MO (mobile originating and
MT (mobile terminating) meaning that you ar e charged for making and receiving calls and these charges are dependent on the country you’re in (zone) and the operator you are roaming on and they are not cheap! The Roaming Process
Figure A1 is a simple diagram showing the different stages of an outbound roaming call. The host operator being the network in the country in which you are roaming.
Fig.A1
In general the actual process is as outlined below:
1.
When the mobile device is turned on, this new visited network sees the device, notices that it is not registered with its own system, and attempts to identify its home network. If there is no roaming agreement between the two networks, maintenance of service is impossible, and service is denied by the visited network.
2. The visited network contacts the home network and requests service information (including whether or not the mobile should be allowed to roam) about the roaming device using the IMSI number (this is a unique identification associated with all mobile phone users).
3. If successful, the visited network begins to maintain a temporary subscriber record for the device. Likewise, the home network updates its information to indicate that the mobile is on the host network so that any information sent to that device can be correctly routed. As observed, there are three t hree major players that intervene in roaming: the subscriber, the home network (HPMN) and the visited network (VPMN). In order for the visited network to charge on the basis of the services provided to the roaming subscriber, all information gathered about calls made and data transmitted are collected in billing records also known as CDRs (call detail records) and these are compiled in a well defined structure known as TAP files (transfer account procedure) which are now sent to the home network for billing. To save the operators that have a large number of roaming agreements from the
BEGINNERS GUIDE TO UNDERSTANDING ROAMING FRAUD IN THE DEVELOPING MARKET
hassle of managing the sending and receiving of TAP files, certain companies are used to act as clearing house for these data, they are called data clearing houses. Data Roaming occurs when a subscriber is roaming and using data services such as internet access, data
transfer or text messaging. Its process is not much different from voice calls, though here the subscriber is associated with the Serving GPRS Support Node (SGSN) which belongs to the VPMN and the Gateway GPRS Support Node (GGSN) which belongs to HPMN. The data received by the subscriber must pass by way of the HPMN and this does not happen with voice traffic. Generally the main concern about tariffs is centered on costs related to making and receiving calls more so the tariffs here differ and it is often not straightforward to figure out how the operator charges the different data services. However fraud losses are occurring greatly on voice services.
This is all very straightforward and looks trouble free however when we consider system issues, scheming subscribers and internal collusions (yes that does happen!), we have a big spanner in the wheel of things.
ROAMING FRAUD…demystified.
Now that we have a basic idea of how International Roaming works, let’s look at the fraud that happens behind the scenes. According to the EMC document #42, the average roaming fraud incident is valued at $750,000 and $1.93M for large operators. The highest loss from one operator was $15,000,000. As earlier pointed out, Roaming Fraud can be as a result of many factors. In my experience I have learnt that the majority of factors are a product of system issues. This is not to say that the other factors mentioned should be downplayed in any way as they all have very serious implications. Let’s examine the different factors that can be responsible for Roaming Fraud:
System/Network System/Network Issues – this is a very brief title to give a very br oad subject. These issues arise from a
technical breakdown in the configuration configuration and design of communication communication networks of operators. Such breakdown can lead to:
Delays in information transmission or no information being transmitted at all and with roaming, timing is everything Network configuration flaws which can be as a result of poor quality of configuration and procedures or in some cases, staff with inadequate training Legacy also creates an avenue for fraud to take place. Legacy is a situation where a company inherits the systems of another by way of a merger or outright acquisition. The hitch with this is that the shortcomings of the systems are ar e also inherited.
BEGINNERS GUIDE TO UNDERSTANDING ROAMING FRAUD IN THE DEVELOPING MARKET
On another hand as a company increases in size, its customer/subscriber base also increases. If the systems on ground are not able to support the subscriber size then all manners of malfunctioning and down times should be expected.
Any situation where a subscriber knowingly procures a mobile line with the intent Scheming Subscribers Subscribers – Any of using it for f or fraudulent activities is classified under this heading. There have been situations where subscribers, claiming ignorance or insufficient information, go ahead to enjoy roaming services and refuse to settle their bills afterwards claiming the service was never requested for. This is also one of the prevalent scenarios.
Subscription Fraud- undoubtedly the most rampant subscriber based fraud (though not very common in
this part of the world) in recent times. It should be taken seriously as not only is this type of fraud very organized and losses can run into millions of dollars, other fraudulent acts are contained in it e.g. Identity fraud. Its methodology involves obtaining postpaid Sim cards from the HPMN (using f alsified documentation and information) with international roaming activated on them. The Sims are transported to the VPMN and begin making many long duration outgoing calls. The VPMN’s HUR (high usage reports) alarms expose the high traffic on these lines and naturally this is escalated to the HPMN who should barr/disconnect the lines immediately. Between the period where these lines are ar e making high value calls and when they are picked up by the VPMN, there is a window of opportunity for huge sums of money to be lost to the fraudsters.
These fraudulent lines are used for:
Call selling: this varies from phone rentals to phone shops (business centers)
Call forwarding: local call services forwarded to a more expensive number
Calls to premium rate numbers (PRN): these are very expensive numbers to call and in some
cases the fraudster actually owns the lines, he makes a lot of calls to the PRNs and thus gets benefits for himself. `
International Revenue Share Fraud (IRSF) : this type of fraud is similar to the PRN mentioned above but
much more profitable. The GSMA identified that the IRSF started having major problems from mid 2005.
BEGINNERS GUIDE TO UNDERSTANDING ROAMING FRAUD IN THE DEVELOPING MARKET
After the subscription fraud the roaming Sims are used to make high duration calls to high cost international destinations. Some Some of these calls will terminate on a PRN which as pointed out earlier may be owned by the fraudster. However on another front, the calls will never reach the intended destination (short stopped) but are routed by an intermediate operator to a third provider that has a shared payment service (e.g. Audiotext) most times the routing takes place without the knowledge of the number range owner, thus the shared payment service provider obtains the benefit of these calls and does not pay the operator with which it owns the fraudulent subscription.
Internal Collusion - this type of fraud is carried out by the st aff of the company. It could be as a result of
bad blood between the staff and the company or the staff taking advantage of defective internal security systems or performance protocols that are lax. In some cases the staffs collude with subscribers to perpetrate subscription fraud. This type of fraud is very frequent when it involves the theft of roaming scenario test cards and their subsequent abuse.
The Nigerian Roaming Fraud Scenarios
At this stage I would like for us to have a succinct but detailed look at the prevalent roaming fraud issues observed in this part of the world. There are three roaming flags on the network; Global Roaming which can be postpaid or prepaid. It allows a postpaid subscriber roam on over 300 different operators. For prepaid pr epaid subscribers a standard signaling known as Camel enables them roam globally in over 30 countries. One-network is given as a default to all subscribers and allows them roam in about 20 countries while retaining their home network functionalities.
ROAMING BEYOND CREDIT LIMIT
This is a scenario where post-paid subscribers are able to roam well beyond their credit limits. Ordinarily the billing application is meant to cut off post-paid subscribers immediately they reach their credit limits, but due maybe to systems limitation it does not do this. The implication is that such s ubscribers accumulate very high bills and are understandably reluctant to settle their bills since they assume that they should be cut-off as soon as the credit limit is reached. r eached. However experience has shown that usually 90% of the time such subs end up settling their bills in order for their lines not to be barred, therefore the revenue loss is almost negligible. ROAMING ON INSUFFICIENT AIRTIME
This issue has to do with Pre-paid subscribers who are able to roam on very insufficient to no airtime at all. The subs make very high value calls and we have seen occasions where no revenue generating activity is carried out on these lines. The technical team has associated the issue with HLR profiling and escalations are based on re-profiling of the lines. The implication of this is that while subs are able to roam and make calls they are not billed for, roaming partners still have to be settled regardless.
BEGINNERS GUIDE TO UNDERSTANDING ROAMING FRAUD IN THE DEVELOPING MARKET
ROAMING ON NO AGREEMENT NETWORKS
We currently have Camel Roaming agreements in more than 30 countries, it has been noted however that some prepaid subscribers are able to roam on networks where such agreements do not exist. The implications of this is since no tariff has been implemented on the IN for these operators, subscribers will not be billed for these calls and at the same time revenue loss from settlement of roaming partners for calls where no revenue was earned. Countries where this issue occurs have greatly reduced but the problem itself is still prevalent. The technical team attributed the problem to wrong profiling on the HLR. ZERO LIMIT SUBSCRIBERS ABLE TO ROAM
In the case of zero limit subscribers they are seen as Pre paid on the IN while on billing system they have Post-paid profiles. Investigations revealed that these subscribers are actually on a closed user group (CUG) which allows them to make free local calls to other members on the same CUG. These should not be provisioned on these lines except where requested for but investigations have revealed that such subs are able to roam globally, on no airtime, make very high value calls and end up refusing to settle their bills stating that they didn’t request for roaming to be activated on their lines. The IT experts have also associated the issue with HLR configuration. As observed the cause of all the issues are attributed to system challenges. It should be noted though, that even as the issue persists, revenue losses have greatly reduced over time due to identification and better understanding of the problem.
Reducing Roaming Fraud
Yes, reducing as fraud in general can never be totally done away with we can only work to better protect our systems. There are sseveral everal protection systems that can be employed and are currently being employed by various operators to minimize the effects of roaming fraud, but even with all these systems, my experience has taught me that timing is everything and can make one serious difference! Let’s look at the two most effective eff ective and popular protection techniques i. High Usage Reports (HURs) This consists of the VPMN monitoring roaming traffic on the network and flagging MSISDNs that have exceeded the stipulated threshold (which is contained in the agreement between both operators) to the HPMN who investigate the lines and determine the level of fraud if present. Another picture could be where the clearing house is responsible for sending the HURs to the operator. Remember when we discussed TAP files and the data clearing houses (DCH) being responsible for sending and receiving them, the DCH can equally act in that same capacity with the HURs. The major setback with HURs is the time lag as it reportedly takes 36hours to send the report. Another setback is the limited information contained in the HURs. For instance the reports we presently receive come without the subscribers MSISDN so additional analysis have to be done on the data to get this.
BEGINNERS GUIDE TO UNDERSTANDING ROAMING FRAUD IN THE DEVELOPING MARKET
ii. Near Real Time Roaming Data Exchange (NRTRDE) There are presently several documentations on NRTRDE and a lot of forums have held concerning this and rightly so since it was developed by the GSMA. In a nut shell the aim here is for roaming CDRs to be transmitted to the HPMN in near real time (there is a 4hour time limit for the CDRs to be transmitted…compare transmitted…compare that to 36hours!)
There are several advantages with the NRTRDE one of which being that since the CDRs are not sent as TAP files, data inconsistencies are better detected and system integrity checked. But even as fantastic as the scheme is it does have its own set of drawbacks the major one being that the data will still need additional processing to surmise fraud alarms. The VPMN don’t have a lot to benefit from the scheme, in fact it’s quite
the opposite as they lose potential revenue they would otherwise have gained (even if as a result of fraud) and so they are reluctant to roll it out. In any case the NRTRDE is more efficient than the the HURs. In Conclusion
This document was written to give a somewhat concise but in depth look at the international roaming process and the fraud it has to grapple with. There are pertinent questions that should be taken into consideration, these include:
What is the magnitude of the problem in terms of the impact of losses and the frequency of the frauds? What are the deficiencies of the fraud prevention systems on ground and what are the inhibiting factors preventing operators from rolling out the NRTRDE scheme? What sector of the population could potentially benefit from roaming fraud and what does the law provide as regards benefits from roaming fraud? What kind of collective action can be taken among operators to tackle roaming fraud?
An operator’s answer to the above can very well mark its turning point as far having a firm hold on
roaming problems. The benefits of roaming cannot be disputed but the losses incurred by operators as a result of fraud cannot and should not be ignored.
Author: Joyce O. Akujobi.
[email protected] Akujobi.
[email protected] 0234 802 222 7458
BEGINNERS GUIDE TO UNDERSTANDING ROAMING FRAUD IN THE DEVELOPING MARKET
REFERENCES
IIRSA/CITEL Workshop on International Roaming Services (March 11, 2008) http://www.roamingsims.com/data-roaming.php NRTRDE Briefing Pack July 2008 Daniel M. Ferreira, Mobility Services – VSNL International (December 3, 2007) GSMA, PRD BA.08, v19.0, Timescales for Data Transfer, May 2007 GSMA, PRD FF. 01, v2.0, GSM Subscription Fraud Management Guidelines, Aug, 2006 Yoav Kantor, Starhome Roaming Fraud Detection and Prevention (December, 2007) http://www.mach.com GSMA, PRD FF.02, v3.0, Fraud Management Systems- Guidelines to GSM operators, June 1996
GLOSSARY
CAMEL: Customized Applications for Mobile Networks Enhanced Logic- is a signaling protocol used in the
Intelligent Network architecture
CDR: Call Detail Record- a computer record produced by a telephone exchange containing details of a
phone call that passed through it
DCH: Data Clearing House- an agency or separate body responsible for receiving and sending roaming
CDRs
BEGINNERS GUIDE TO UNDERSTANDING ROAMING FRAUD IN THE DEVELOPING MARKET
GSM: Global System Mobile- the world's most popular standard for mobile telephone systems
GSMA- GSM Association
GGSN: Gateway GPRS Support Node- is the gateway between the GPRS (General Packet Radio Service)
wireless data network and other external packet data networks or private networks.
r oaming HPMN: Home Public Mobile Network-proprietary network of the subscription for a subscriber roaming
HUR: High Usage Report- contains a subscriber roaming exceptions which are forwarded to the HPMN
NRTRDE : Near Real Time Roaming Data Exchange-system for gathering roaming data in near real time SGSN: Serving GPRS Support Node- data network node controlling the mobiles access to the network
TAP: Transfer Account Procedure- consists of a file compiled with information on roaming tariff-setting
records VPMN : Visited Public Mobile Network- this is the network visited by the roaming subscriber/operator