Colin Yates

MVNOs are often blissfully unaware of how fraud and revenue leakage is sapping their business. Sometimes they largely escape its effects for a considerable period of time, until fraudsters decide to target them. The results can be so severe that they take out an otherwise healthy business.

There are many reasons why MVNOs fail, but an easily overlooked one is due to the effects of severe revenue leakage or sustained fraudulent activity. MVNOpro spoke to MVNO fraud expert Colin Yates to find out how bad this problem is, and what MVNOs can do about it.

MVNOpro: Hi Colin. How severe a problem is fraud management and revenue leakage for MVNOs?

CY: MVNOs do not have immunity from fraud. With no effective fraud prevention strategy in place, they may continue in business for months or even years but eventually they will be hit.

I’ve recently dealt with two MVNOs who were in this category. One suffered a major fraud after six years in business with no major fraud issues. This fraud attack resulted in losses of USD2.13 million which had to be paid to their host MNO. They were unable to make this payment and the business went into liquidation.

The second MVNO had been in business for three years, again with no major fraud issues. They were attacked by an organised fraud which cost them EUR550,000. While this business survived the loss, it required some uncomfortable conversations between their senior management and shareholders.

In both of these operations there was no effective strategy to protect the business against fraud or revenue loss. My company was brought in to conduct a full fraud and revenue risk review for the second MVNO. This review resulted in 38 improvement opportunities being recommended. The MVNO implemented the recommendations and is now in good shape

MVNOpro: Are MVNOs particularly vulnerable to fraud?

CY:   Fraudsters will always target the weakest link, and some organised crime groups who constantly target communications service providers consider MVNOs to be the weakest link. This is primarily because this sector is not as mature in terms of their fraud management capabilities.

Light MVNOs are vulnerable because they rely on their MNO host to manage their fraud risk or to provide them with realtime information to manage their own risk.  Full MVNOs are still reliant on their MNO to perform some basic risk management tasks, such as blocking lost and stolen handsets, responding to Law Enforcement Agency call trace requests and so on.

With regards to revenue assurance – which is about preventing inadvertent revenue leakage rather than preventing deliberate theft – the same issues apply. The MVNO relies on the MNO to provide the data required for the end-to-end reconciliation that ensures billing and collections are accurate. This requires the MVNO to have complete confidence that the MNO is providing correct and accurate information.

MVNOpro: Is there anything an MVNO can do to ensure the MNO is doing its part?

CY: Yes. Firstly, it’s essential that the MVNO ensures that it has a robust and strong contractual relationship with their MNO to either manage their fraud and revenue assurance risks for them, or supply the information required to enable the MVNO to manage this for themselves in a timely and agreed fashion.

It would be unusual for an MNO to accept responsibility for any losses suffered by the MVNO over a certain threshold. However, they should be contractually required to pay penalties if the information the MVNO needs to manage their fraud and revenue risk is not provided within an agreed timeframe.

A Full MVNO will be less reliant on their MNO for the information it needs to manage revenue risk, as they have their own Core Network and access to much of the information required for this purpose. But the Light MVNO requires a lot more support from their MNO. In some cases they need access to the MNO’s Fraud Management System, where they can view their own IMSIs which will have been filtered to a controlled area that only they have access to.

MVNOs must be aware of their requirements with respect to Fraud Management and Revenue Assurance prior to the onset of their contractual agreement with their host MNO. There should be a penalty clause in place for any areas of non-compliance or delivery by the MNO. Any future requirements that are not covered within the existing agreement are likely to require a change request, and therefore additional costs to the MVNO. So my message here is save yourself cost and trouble by getting it right at the very start of the relationship.

To avoid future problems, I have found it invaluable when negotiating these agreements that a fraud matrix is developed identifying every known fraud type or revenue risk, and clearly identifying what aspect of that fraud or revenue risk is the responsibility of the MNO, what actions are required by the MNO, and what is to be managed by the MVNO.

MVNOPro: That’s good advice. But often in the rush to get to market these kind of issues are frequently overlooked aren’t they?

CY: Yes. Fraud management and revenue assurance are often overlooked during the business development cycle by both Light and Full MVNOs. My advice is that these functions should be in place before the go-live date to ensure robust controls have been developed and tested.

Yates Fraud Consulting is a specialist Telecommunications Fraud, Revenue Risk and Investigations Consulting company. Its founder, Colin Yates, held Fraud Management, Revenue Assurance and general Threat Management positions in both Telecom New Zealand and Vodafone Group for over 22 years. Colin has been Deputy Chair of the GSM Fraud Forum, Chair of the GSM Asia Pacific Fraud Forum, Chair of the GSM Fraud Forum Intelligence Sub-Committee, Chairman of FIINA and the FIINA Intelligence Sub-Committee, Secretary and Executive Director of CFCA and other similar roles within Pacific based Fraud Forums. Colin was appointed as a Judge for the GSMA Global Mobile Awards in the Best Security/Anti-Fraud Product or Solution category in 2014, and again reappointed in 2015. He was also appointed to the GSMA Fraud and Security Advisory Panel.

For more information about the services offered by Colin’s company see Yates Fraud Consulting.