Archive for the Opinion Category

If you have not seen it yet, check out the interview given by fraud management specialist Jan Dingenouts for Black Swan. I will not repeat everything Jan said, but he made some key observations that resonate with my own views.

  • In a larger telco, it is hard for a team of 20 or 30 employees to acquire and maintain a broad enough range of revenue protection knowledge and skills. In small telcos, the two or three people responsible for fraud management and revenue assurance have no chance of maintaining comprehensive awareness of all the relevant risks. This is not a criticism; even hard-working super-geniuses cannot understand every complicated cause of fraud and leakage. Employees of small telcos need to draw on outside help to maintain a desirable level of risk coverage.
  • Big wholesalers need to provide more fraud protection for their small retail telco customers.
  • The nature of bargaining power means it is harder for a smaller business to make demands of a larger supplier. However, small telcos need to factor losses from fraud into any assessment of the cost of routing traffic via various wholesalers. If they insist on better fraud cover, they will eventually get it from their current wholesale partners – or from the wholesalers they switch to.
  • A small telco that belongs to a group has increased bargaining power if the group has the intelligence to exercise its bargaining power. But irrespective of who owns which telco, it makes sense for small retail telcos to speak to their peers and collectively drive up expectations for how wholesalers prevent and respond to fraud.

Jan Dingenouts is a new name to me, but this interview gives me the impression that Jan is a plain-speaking no-nonsense consultant. I hope to hear more of his advice in future.

Bookmark and Share

It is tricky to analyze the financial performance of cVidya, the Israeli assurance business. They are a privately-owned company, and do not need to publicly report audited numbers. Their management team occasionally volunteers information about the company’s performance, but their comments have sometimes been contradictory or otherwise suspicious. I most trust the data available from an unlikely source: Deloitte’s Fast 50 index, which ranks high-growth companies in various geographical regions. Because that index measures growth over a period of 5 years, and because cVidya has been listed in Israel’s Fast 50 every year since 2008, the data is more trustworthy than that presented in a one-off press release. Put simply, if cVidya gave Deloitte numbers that exaggerated their growth in one year, then they would likely suffer from depressed growth statistics in subsequent years. As a consequence, there is no sensible way to massage these numbers in the long run.

Using the Fast 50 data and other highly reliable data points – such as the information available when cVidya merged with publicly-listed ECtel at the beginning of 2010 – I have maintained a simple model that estimates cVidya’s annual revenues. The latest data comes from the 2014 Fast 50 index for Israel. This states that cVidya enjoyed 128% growth between the 2008 financial year and the 2013 financial year. This may sound like a lot of growth, but bear in mind that the 2010 merger with ECtel doubled the revenues of the company. Plugging the new number into the model gives the following analysis of how cVidya’s revenues have grown from year to year.

cvidya_growth_13

This model estimates that cVidya generated revenues of USD45.6mn in the 2013 financial year, a rise of 8% compared to the previous year. Growth like that would be modestly impressive, especially when compared to the poor results of some competitors. So why was there no positive announcement hailing the success of cVidya’s sales team? I can only speculate about possible explanations. Previous exaggerations suggested cVidya’s annual revenues were between USD60mn and USD70mn. Growth of 8% is not something you can boast about if it means admitting current revenues are 25% lower than the bottom end of prior claims. It is also difficult to trumpet this success if it clarifies that annual revenues are 13% below the FY11 peak revenues of USD52.5mn, as estimated by this model.

cVidya recently recruited John Gillespie as EVP of Sales and Marketing. If these revenue estimates are accurate, Gillespie’s biggest challenge may not be delivering growth per se. He needs to deliver enough additional sales to align cVidya’s revenues with previous expectations, which were overinflated. To do that, cVidya will need to buck market trends and make offers that set them apart from their rivals. It will be interesting to see how Gillespie responds to the challenge.

Bookmark and Share

The Intercept has broken a major story about US and UK intelligence agencies hacking into a SIM card manufacturer and stealing encryption keys used to protect the privacy of mobile phone users worldwide; see the full story here. Whistleblower Edward Snowden provided them with a secret 2010 document from GCHQ, the UK’s electronic surveillance agency. Dutch SIM card manufacturer Gemalto is named in the document, which states:

…successfully implanted several machines and believe we have their entire network – TDSD are working the data

Gemalto is the world’s biggest manufacturer of SIM cards, making 2 billion of them every year. The firm provides a variety of encryption-based security solutions to governments, telcos and banks. Gemalto describe themselves as “a world leader in digital security” and their motto is “security to be free”.

The article also reports that:

Additionally, the spy agency targeted unnamed cellular companies’ core networks, giving it access to “sales staff machines for customer information and network engineers machines for network maps.” GCHQ also claimed the ability to manipulate the billing servers of cell companies to “suppress” charges in an effort to conceal the spy agency’s secret actions against an individual’s phone. Most significantly, GCHQ also penetrated “authentication servers,” allowing it to decrypt data and voice communications between a targeted individual’s phone and his or her telecom provider’s network. A note accompanying the slide asserted that the spy agency was “very happy with the data so far and [was] working through the vast quantity of product.”

The Intercept also provides some insight into how the hacking took place:

Top-secret GCHQ documents reveal that the intelligence agencies accessed the email and Facebook accounts of engineers and other employees of major telecom corporations and SIM card manufacturers in an effort to secretly obtain information that could give them access to millions of encryption keys. They did this by utilizing the NSA’s X-KEYSCORE program, which allowed them access to private emails hosted by the SIM card and mobile companies’ servers, as well as those of major tech corporations, including Yahoo and Google.

I recommend you read the full story for yourself. It makes for fascinating reading for anyone who works in the telecoms sector, describing the infiltration of mobile networks in various countries and naming Telenor, Mobilink, MTN and Belgacom amongst the victims.

This news makes me angry. Whilst the UK and US governments have repeatedly talked about the need for the legal power to intercept communications in order to protect the public from criminals and extremists, there is no legal or moral justification for how these spy agencies have behaved in this instance. The possession of these keys would allow spy agencies to spy on mobile communications, both at home and abroad, without anyone knowing. Moreover, this particular hacking was not aimed at criminals or terrorists. The targets were private companies and their employees, all of whom were going about their lawful business. Western governments have often chided the Chinese government for stealing commercial secrets, but that is exactly what the NSA and GCHQ did when they eavesdropped on the communications of employees of SIM makers, equipment manufacturers and telcos. And where is the court order that permitted them to do that? The US and UK governments have lost any moral high ground that they previously pretended to. And US President Barack Obama has been outed as a baldfaced liar, or an ignorant buffoon, when he said in January 2014:

…people around the world, regardless of their nationality, should know that the United States is not spying on ordinary people who don’t threaten our national security and that we take their privacy concerns into account in our policies and procedures…

You work in telcos. These governments have shown they can, and will, spy on you too, just because you work in the communications sector. You need to get angry, and stay angry. Telcos in the private sector have become increasingly robust when standing up to governments and their insatiable desire for surveillance. Yet, at the same time, politicians like Obama call for ever more government control of the communications sector. The public needs a strong, healthy, vibrant and privately-owned communications industry that will serve its customers by opposing government overreach. The public needs people like you, to stand up for them.

Bookmark and Share

Have you ever left a smiley :) or other emoticon at the end of a text message? Maybe you need to check your handset and your tariff before you do, warns British consumer website MoneySavingExpert.com. After being warned by readers, they wrote a brilliant article which elegantly explains how unanticipated interdependencies between systems can lead to very unhappy customers. Some handsets will automatically convert the text of a smiley into an image, prompting the message to be sent as an MMS instead of being an SMS. Many tariffs include free text messages in the customer’s allowance, but charge for every picture message. As a consequence, prolific texters might rack up big bills before realizing that the use of emoticons will cost them money.

MoneySavingExpert.com does a great job of listing the handsets that will convert emoticons into pictures. But the real story is that the telecoms industry insists on giving itself a black eye, when there is no need. As pointed out by MoneySavingExpert.com, apps like Facebook Chat and Whatsapp allow customers to send any message, including images. Telcos do not want customers to switch to these apps. However, we know that confusing tariffs and bill shock drives customers towards experimenting with these apps. When people turn to a website like MoneySavingExpert.com to understand bill shock, it inevitably means more people will try alternative messaging apps, further undermining telco revenue streams.

Perhaps some telcos calculate it is worth upsetting a few customers in order to benefit from inflated bills and increased revenues. After all, they can always try to blame the handset manufacturers for converting the text into a picture. However, the response on MoneySavingExpert.com shows it is foolish for telcos to think this way. Customers invariably blame big bills on the comms provider that sent them. And why should handset manufacturers care about telco tariffs? The manufacturers make the same money, irrespective of whether the customer uses Whatsapp or sends an SMS.

Telcos need to protect their own interests by proactively informing customers of potential charges for silly little elements like emoticons. Better still, they should present themselves as champions who will defend customers by fighting against unhelpful handset features that drive up bills. A good way to start would be to give customers guidance about how handsets vary in how efficiently they consume data. Modern electrical appliances are rated, so customers can compare the electricity used by two different washing machines, or two different televisions. Why not rate handsets based on how efficiently they use data bandwidth? The differences may not be large, but the increased focus on handset manufacturers will discourage the tendency to solely blame telco ‘greed’ for network congestion and all the other issues that anger net neutrality advocates.

When people visit sites like MoneySavingExpert.com to get important tariff information they have not been told elsewhere, it means the comms provider is failing to effectively communicate with their customers. Unexpectedly large bills are proof of a failure to communicate. Every failure encourages those who push for more price controls to be imposed on telcos. The only sensible strategy is to keep our customers looking like :) and never like :(

Bookmark and Share

Those who work in telecoms assurance know it is not the centre of the universe, though some believe and wish it was closer to the centre. However, the attention currently being given to assurance in Ghana offers some insights into how and why assurance can rise up the public agenda. It also shows that such exposure has downsides as well as benefits. Recently talkRA has featured stories about the implementation of a new national interconnect clearing house in Ghana, and how this has been linked to the prevalence of simbox fraud and the consequential impact on government tax revenues; see here and here. In the last week, there have been yet more developments in this story. Opposition MP Kwaku Kwarteng has blasted the government’s clearing house plans, saying they are “dishonest”. In an article for Ghana’s JoyOnline news station, the MP wrote:

Government is in the process of appointing an Interconnect Clearing House (ICH) operator to connect calls from one network to the other on behalf of the telecommunications service providers.

This is nothing but connivance between government and its cronies posing as some Interconnect Clearing House company to make undeserved money from subscribers and users of telecommunications services…

…perhaps the strangest of all government conduct is the attempt to justify the ICH by presenting it as an answer to sim box fraud. Not only is this deceitful, it is also laughable. Sim box fraud is the practice of routing international calls through the internet in order to bypass the legitimate route for international calls. This is done criminally to avoid taxes. There is nothing about an ICH that can check this bypassing, and government knows this.

I must agree with Kwaku Kwarteng, who also sits on the Communications Select Committee in the Ghanian Parliament. It makes no sense to combat the illegal bypass of legitimate telecoms operators by imposing a new mechanism for transferring interconnect traffic between them.

The real issue is whether Ghana’s government is getting all the tax they are entitled to, and want, from Ghana’s telcos. You can decide for yourself if what they want is the same as what they are entitled to. However, we can all agree there is a fine line between assurance work designed to validate the accuracy of revenues reported, and audit work designed to extract more tax from businesses. The distinction lies in the objectives and motives of the professionals who review accuracy, and of the people who employ them. Clearly political tensions are running high following a special government-mandated audit of Ghanian telcos. In response to various insinuations, Vodafone Ghana has felt it necessary to make a public statement about the results of the audit, and how it should be interpreted. When discussing one fine subsequently imposed by the regulator, Vodafone asserted the following:

The fact that Vodafone was providing handling fees to International Carriers for securing its traffic from going via SIMbox fraudsters was perceived by the NCA [Ghana's regulator], based on an ambiguous regulatory clause, as a regulatory breach (not a revenue assurance breach) and that accounted for the penalty.

In other words, Vodafone took care to say their data was accurate but they disagreed with how the regulatory rules were interpreted and applied.

Vodafone clearly feel they have received unfair criticism from some quarters, as emphasized by the closing paragraph of their statement:

In the name of fairness and transparency, Vodafone reserves the right to exercise all available options, including legal, against any individual or group, who impugns on the hard won image and reputation of the company by peddling falsehoods about this issue.

Meanwhile, rivals MTN Ghana released an extraordinary press release stating they ‘remain committed to the fight against simboxing‘. What makes the press release so unusual is that it efficiently explains what simboxing is, before detailing the various ways that MTN detects and responds to the crime. They then go on to give a table comparing local call rates to international termination costs in several African countries. It shows that simbox fraud occurs where the difference between these prices creates the incentive for crime. This leads MTN to conclude:

The so-called monitoring solution that is practiced by many countries in Africa is one that attempts to treat the problem after the fact, in other words, attempt to put out the fire after it has started. By its very definition monitoring is aimed at detecting the fraud while it is already in progress. Due to the lucrative nature of the business, SIMboxers are able to employ highly skilled technicians adept at detection avoidance. They are also able to side-step controls instituted by telcos to streamline SIM registration.

MTN believes steps must be taken to stop the illegal practice altogether. If the US$0.19 mandatory pricing is removed SIMBox fraudsters will have no commercial reason to even practice SIMboxing in Ghana.

Ghana is not the first country to have debated the purpose of telecoms assurance, only to discover that political and selfish reasons can lead to contradictory conclusions. However, I doubt that any country in the world has ever engaged in such a high-profile and tense public debate about what is, and what is not, telecoms revenue assurance. In my view, this is a foretaste of an increasingly public debate that will occur in more countries. Industry consolidation will lead to less competition between telcos. This will encourage increased political speculation about whether telcos charge ‘fair’ prices, and if their revenues, profits and taxes have been transparently and accurately calculated. Distinctions will be drawn between assurance work done within telcos, and audits conducted on behalf of the government. In turn, this will draw attention to grey areas in the calculation and reporting of some numbers. If our profession is weak, there will be plenty of people employed on either side, each pulling in different directions. It would be better to have a strong profession, that avoids such conflict by being rigorous about its techniques and its terminology. But either way, this tension will make additional work for audit and assurance practitioners.

Bookmark and Share