Lee is group director of enterprise risk management, with overall responsibility for revenue assurance, fraud, risk management, financial controls, and finance systems at Qtel Group. Based at the head-office in Qatar, Lee provides the leadership and strategy for Qtel Group's 16 business units, covering a combined subscriber base of 83 million people across Middle East, North Africa, and Asia.
Lee has over 15 years experience of the telecommunications industry, holding previous positions as Head of revenue assurance and risk management at Cable & Wireless, and also as business development manager at T‑Mobile, UK. Lee has also been employed by Deloitte Consulting, working on projects for both mobile and fixed-line operators across Europe and the US.
Lee was awarded a PhD in Electrical and Electronic Engineering from the University of Newcastle upon Tyne, UK, for advanced research in to 3G video-telephony.
The answer to LTT-13 was A = Yes. With relatively new products and service streams like mobile money remittance, there are a whole new set of non-traditional telecoms fraud risks. In summary, there are many types of fraud that can occur in the mobile money remittance domain that could lead to fraudulent transactions that would not be detected by the three controls proposed by the RAFM manager, namely:
- Handset theft
- Digital value smurfing
- Fraudulent credits
- Identity / Subscription fraud
- Network employee collusion
- Bank/Agent employee corruption
- Mobile malware
- Social engineering / Impersonation
- Phishing / Smishing / Vishing
- SIM swaps
- Cashing out process.
Congratulations to Arun Rishi Kapoor and Herbert Galiano for providing a correct answer. The winning response came from Daniel Peter in India, with the following explanation:
Yes. It is possible to commit fraud as the mentioned controls — A daily cash-in reconciliation, A daily eWallet reconciliation and A daily balance reconciliation – only checks the completeness of the transactions.
The below list of frauds can still be committed when the mentioned 3 controls are in place:
- Money Laundering: the process of making criminal assets appear legitimate. For example: proceeds from drug deals/ terrorists appear legitimate hence making the detection of the origin of these criminal money difficult for the law enforcement agencies. There are a few stages to money laundering — Placement, layering and integration — where black money at first gets placed into an account without arousing suspicion, later moved around from account to account reducing the funds into smaller amounts by using different people disguise its original source, finally the same is put back into the legal financial system and appears to be legitimate funds or assets. Controls are required for these kind of frauds
- Registration / KYC fraud: Illegitimate customers get to register for MM transactions. Customers can provide fake documents to register for the service or the agent can also fraudulently let an illegitimate customer register
- Fraud during MM transaction such as unauthorized person receiving the money. This type of fraud is possible when the SMS is possessed by an unauthorized person
- Agent deducting excess charges – over and above the rate published by the MNO — from the customer, and also paying lesser cash to the customer by claiming commission when they were not supposed to. Agent here takes advantage of consumers’ lack of education and ignorance about MM
- Not repaying the outstanding amount to the customer on disconnection of service
- Agents and consumers colluding together to defraud the system. For example: The agent can claim commission from MNO for adding subscribers whereas the added subscriber does not have any intention to avail the service but only to help the agent gain commission
- Customers can also defraud the agent by obtaining access to an agent’s account and sending SMS messages to initiate cash-out transactions.
Welcome to this month’s LTT.
You work for a mobile operator in a country with a very high corruption perception index, as defined by Transparency International. The marketing team is planning to launch their latest product, a Mobile Money service, which allows customers to remit money overseas. Customers “cash-in” their money at service kiosks, and the same amount is credited to their eWallet. When a customer wants to send money to an overseas recipient, they receive an SMS with a unique 16 digit code. The recipient then goes to their nearest “cashing-out” facility, and presents the teller with the SMS and they receive the cash.
All of the “cash-in” received is deposited into a holding account at the local bank.
The marketing team want you to put some controls in place to detect any fraud, so you ask them for the product service description, and technical solution design documents. Unfortunately, since the business has been in such a hurry to get the service launched before the other operator, these documents do not exist. The launch day is tomorrow, so you need to act quickly.
With the limited information you know about the service, you decide upon the following key controls.
- A daily cash-in reconciliation: all the money collected at the service kiosks matches the total amount credited to the eWallet, and is deposited to the company’s holding account
- A daily eWallet reconciliation: (opening balance) – (closing balance) + (cash-in) – (cash-out) = 0
- A daily balance reconciliation: eWallet balance = holding account balance at the bank
If these high-level controls are performed and everything reconciles, is it still possible for any fraud to be committed without being detected by these controls?
If your answer is A = Yes, please state how the fraud could be committed.
Please send your response to quiz@talkRA.com – the most comprehensive answer received will be published on Monday 26 January.
The answer to LTT-12 was B = Grey routing / Sim boxing. Revenue leakage occurs when inbound calls do not transit through the gateway (interconnect) switch, resulting in lost termination revenues. Instead, the call is routed to a local SIM box gateway (usually over the internet) and the call appears to originate as an on-net call.
The following action plan is recommended to eradicate bypass activity:-
- Ring fence 1 or 2 resources to permanently monitor and close down bypass for the next few months.
- Undertake a sustained calling campaign to identify the source of the bypass.
- Automate the disconnection process to reduce the time from detection to disconnection to under 30 minutes.
- Utilize daily reports from the FMS or data warehouse to identify signatures / profiles of suspected MSISDNs based on characteristic usage patterns.
- Define a disconnection process with cross functional agreement with legal, regulatory, marketing etc based on usage patterns e.g. high outbound usage but with no inbound calls, zero SMS, zero WAP contexts, etc, and with all calls originating within a limited number of cell sites.
- Co-ordinate with local police enforcement officers to arrest fraudsters committing bypass, and confiscate their equipment. Also identify the common point of SIM card sale and monitor dealers suspected of collusion.
- Cross industry collaboration with local operators to close down International bypass traffic transiting via national interconnect routes.
- Align interconnection and retail pricing strategy to minimize opportunities for bypass.
The correct answer came from Michael Lazarou, with the following action plan:
The actions I’d take would be to run some test calls – get the CDRs (both retail and interconnect) and check the details – basically if the CLI matches the A_Number. In addition, we can check the latest subscriptions of the 1000 free onnet minutes promo – whether there was anyone that bought a large amount together or used strange customers details or many lines to one subscriber…
The next LTT will be published on 12 January.
Welcome to this month’s LTT. You work for Acme-Telecom and it’s your first day in the job. You receive a phone call from the CFO’s secretary requesting you to meet him at 9am in his office. When you enter the room the Wholesale Manager is also sat at the table with a handful of papers and looking a little dismayed. He shows you the interconnect voice traffic stats for the month, which shows an unexpected decline on Monday 24 November.
Figure 1: Interconnect voice traffic statistics for November.
The Wholesale Manager also shows you a screenshot of the termination rates being offered on the wholesale market in to Acme-Telecom. One particular company, called Dubious Voice Solutions, is offering rates which are lower than your termination rate.
When you entered the building this morning, you can remember seeing all the posters from the latest marketing campaign, offering 1000 on-net minutes for $2 per month. The launch day was Monday 24 November.
This is your chance to impress the CFO on your first day in the office. He asks you to put together an action plan detailing all the controls, reconciliation, and tests that would help to stop this revenue leakage. He wants to meet you for lunch to discuss your proposal.
What is mostly likely to be the problem, and what would your plan of action be?
- A = Drop in traffic due to half-term school holidays
- B = Grey routing / Sim boxing
- C = Trunk route information missing in i/c billing system
- D = An increase in the termination rate
- E = None of the above
Please send your answer along with the plan of action to quiz@talkRA.com – the most comprehensive action plan received will be published on Monday 22 December, as a guest blog.
The answer to LTT-13 is A = Yes.
Here’s a list of some of some of the fraud risks relating to mobile money.
- Handset theft.
- Digital value smurfing.
- Fraudulent credits.
- Identity / subscription fraud.
- Employee collusion.
- Bank/Agent employee corruption.
- Mobile malware.
- Social engineering / impersonation.
- Phishing / smishing / vishing.
- SIM swaps.
- Foreign exchange.
- Cashing out.