International Revenue Share Fraud (IRSF) is a big problem for communications service providers generally, and a threat to MVNO wellbeing. The Eurotariff is set to fuel the opportunity for this type of fraud even further. Here’s how.
According to the Communication Fraud Control Association (CFCA), the communications industry loses over USD38 billion to fraud annually. The good news is that the total global fraud loss is reducing (by 18% between 2013 and 2015). However, certain types of fraud are on the increase. During that same period, the amount lost to IRSF increased by a staggering 487%. MVNOPro spoke to fraud expert Colin Yates to find out more about the risk from IRSF and the effect that the new Eurotariff would have on MVNOs’ risk profile.
MVNOPro: Hi Colin. What is the risk here for MVNOs?
CY: The industry as a whole is losing about USD38 billion to fraud per year. Of that USD10.86 billion is lost to IRSF. MVNOs are not immune to this type of fraud and are, in fact, being targeted by some IRS fraudsters. This is because this type of fraud tends to occur out of hours – 80% of IRSF attacks occur between Friday evening and Monday morning – and fraudsters are aware that MVNOs have minimal staffing during those hours.
Many cases that I’ve investigated do have an ‘organised’ component. Fraudsters will test a network and if a device or number is blocked very quickly they will assume that there is a robust fraud strategy in place and move on to another network. If a fraud call is permitted, however, they will sometimes take weeks to put in place whatever is required (identities, hardware, Simcards etc) to mount a planned attack that can result in losses of more than USD10,000 per hour. If an MVNO has no-one looking at fraud indicators over the weekend, then losses over a 2-3 day period will be huge.
MVNOPro: How is the Eurotariff going to impact on the issue?
CY: The new EU Eurotariff – also known as the ‘Roam Like at Home’ initiative or RLAH – is going to increase the IRSF risk for MVNOs, given that EU Roaming is now available to anyone who has a local on-account or PAYG Simcard. Thirteen EU countries currently have their numbers advertised by IPRN Providers for use as International Revenue Share numbers. Under the new EU regulation, these numbers could be called as part of a RLAH package. This could result in significant out-payments being required from the MVNO providing that service.
MVNOPro: But what about prepaid fraud?
CY: In the prepaid market I’m seeing an increase in Wangiri Fraud, as a means to fraudulently decrement a prepaid user’s balance through returning a missed call from an IPR Number.
MVNOPro: What challenges do MVNOs face in terms of addressing IRSF or Wangiri fraud issues?
CY: One of the biggest challenges for an MVNO is access to fraud information and/or intelligence. Information regarding new and emerging fraud trends, along with examples of how other CSPs are mitigating these risks, is of significant value to all service providers. But while the MNO community has access to this analysis and data through the GSM Association, specifically the Fraud and Security Group, the MVNO community do not qualify for GSMA membership.
GSMA rules also dictate that their documents cannot be shared outside their membership. Sometimes MNOs will share this information with the MVNOs they are hosting, but MVNOs should identify and pursue ways of accessing this type of information.
There is also still a perception among many MNOs and MVNOs that providing the capability to manage fraud and RA is expensive and requires huge budgets to implement and maintain. This used to be the case, but it isn’t any longer. Often part of this function can be performed as a managed service by the partner MNO, MVNE or other vendor.
MVNOPro: What would your advice be in terms of current action? What are your top tips for MVNOs?
CY: Arrange for an independent Fraud and/or RA expert to come in to the business for a few weeks and complete a full fraud and RA risk review. This would involve interviewing key personnel – ranging from the CEO through to Customer Service Representatives – to fully understand the business, what the risks are, and what control weakness there are that require strengthening (including any training requirements or skill shortages).
An output of this review should also be to document a Fraud and Revenue Assurance Strategy along with a Fraud Operations Manual. I’d also strongly advise that MVNOs should implement a fraud reporting methodology that allows accurate fraud information to be reported to the Board on a monthly, quarterly and annual basis. MVNOs need to understand that managing fraud and RA is a business enabler that should be fully resourced and funded from an MVNO Go-Live date, and is not a function that should only be considered after the business has suffered a significant loss.
Establishing an effective Fraud and RA function allows the business to take more risks when acquiring customers and providing new products and services. Across all MVNO market segments, ARPU is generally lower than that achieved by MNOs, and a contributing factor to this is that most MNOs are more mature in terms of their fraud management capabilities. This allows them to take more risks because they know that they are prepared and ready to identify fraud early on, if it occurs.
Yates Fraud Consulting is a specialist Telecommunications Fraud, Revenue Risk and Investigations Consulting company. Its founder, Colin Yates, held Fraud Management, Revenue Assurance and general Threat Management positions in both Telecom New Zealand and Vodafone Group for over 22 years. Colin has been Deputy Chair of the GSM Fraud Forum, Chair of the GSM Asia Pacific Fraud Forum, Chair of the GSM Fraud Forum Intelligence Sub-Committee, Chairman of FIINA and the FIINA Intelligence Sub-Committee, Secretary and Executive Director of CFCA and other similar roles within Pacific based Fraud Forums. Colin was appointed as a Judge for the GSMA Global Mobile Awards in the Best Security/Anti-Fraud Product or Solution category in 2014, and again reappointed in 2015. He was also appointed to the GSMA Fraud and Security Advisory Panel.
For more information about the services offered by Colin’s company see Yates Fraud Consulting.