Archive for January, 2013

I received an interesting email recently. It came from a well known vendor in the RA and Fraud Management space and was titled “Are Fraud Management Systems the centre of gravity for telecom fraud?”

So much food for thought, I said to myself. I like questions. Of course answers would be even better.

Inside the email was a quote from GRAPA (no doubt intended to be some sort of endorsement).

“The return on investment (ROI) on a FMS is fantastic and it’s always the backbone and a core competency of every fraud department.”

Please read that again. Allow me to highlight a few things.

“The return on investment (ROI) on a FMS is FANTASTIC and it’s ALWAYS the BACKBONE and a CORE COMPETENCY of EVERY fraud department.”

I nearly fell off my seat but quickly re-established my centre of gravity, with great difficulty.

For one to make such wild claim, I can only think of several scenarios.

(1) The person has never worked in a telco revenue assurance/fraud management team
(2) The person wishes to sell FMS and is willing to pull any amount of wool over unsuspecting CSPs
(3) This is a person reading a dictionary that has a very unusual way of defining “fantastic”, “backbone”, “core” and “competency”

Of course somebody who is depending on GRAPA for insight would likely fall in any of the above categories.

I have nothing against tools. I think a CSP that consciously evaluates, plans and project-manages an automation project is doing a wise thing and perhaps the naturally logical thing. Tools exist for a purpose. They make work easier. They help us out. They can put fun in the work. That happens when they are deployed sensibly. Otherwise, they also have the capacity to achieve the exact opposite of what I have just outlined above!

But I have a problem with anybody who wishes to make people believe that a tool is some fantastic thing which is ALWAYS the backbone of this or that. If you think a tool is the backbone of your revenue assurance and fraud management program, you deserve a good kick on your backside.

I have therefore taken liberty to correct the statement made by GRAPA.

“The return on investment (ROI) on any tool is dependent on many factors. A tool can never be the end in and of itself. Rather, to have an effective revenue assurance and fraud management program, a CSP’s RA and FM program will need appropriately-skilled people, the right organizational placement and sponsorship (which depends on the specific CSP and can even be subject to office politics), flexible use of technology (including freely-available software as and when needed), good old common sense and a healthy amount of luck”.

Since the issue of centre of gravity has been raised, it is only fair that I state that a matter that is as grave as RA tools should not be left to the wild claims of GRAPA. Of course, I could be wrong, because I have only relied on my experience, which is not much. And that is why I invite GRAPA to provide statistics to back that claim.

Bookmark and Share

Given the track record of Anonymous, the faceless group of hacker vigilantes, it would be easy to dismiss their latest attack on the US Sentencing Commission as just another example of what they like to do for fun. But that understates the significance of the first demand they made. Their attack was presented as a response to the suicide of Aaron Swartz, hacktivist and co-developer of RSS and Reddit, who faced a potential 35-year prison sentence after using MIT’s network to download a large number of academic articles from the JSTOR repository. Swartz’s suicide is an emotive matter. One of the most popular petitions on the US Government’s official petition site asks for the removal of Swartz’s prosecutor from office, because of ‘overreach’. Underneath all the current emotion, a genuine legal question is being raised, about the role of the criminal law as a backstop to civil agreements over the use of networks. The Anonymous attack linked to a slick video that looks professional enough to be worthy of the villains in Bond movies. Over a barrage of warlike imagery, it would be easy to miss the significance of their first demand:

There must be reform of outdated and poorly-envisioned legislation, written to be so broadly applied as to make a felony crime out of violation of terms of service, creating in effect vast swathes of crimes, and allowing for selective punishment.

Laws may not change because of Anonymous‘ implied threat to out the ‘secrets’ of the US legal system. But this issue will not go away. In the US and other countries, there are diametrically opposed forces, absolutely rejecting, or insisting upon, a role for criminal law in protecting networks and intellectual property that is privately owned and managed. Choices need to be made, over the proportionality of punishment faced by individuals like Swartz, and why state prosecutors choose to act when there is no desire to pursue compensation amongst the private entities that have supposedly been wronged. Anonymous may very well be wrong, because they may not stand a chance if instigating war against a truly determined government. But private citizens and network providers need to be sensitive to how much they want, or need, the criminal legal system to overtake the role of contractual agreements. In the meantime, take a look at the Anonymous video, and judge for yourself just how serious, and angry, they are:

Bookmark and Share

The ‘internet of things’ is what we get when we let machines talk to each other. Hoorah! Yippee! Our industry becomes ecstatic at the prospect of extra traffic generating additional revenues. In other words, our industry does what it always does: it starts counting the revenues before it considers the costs. And when I mean costs, I mean more than the up-front costs that make their way into a cost-benefit analysis. I mean the hidden costs, when things do not work properly, when customers are unhappy, and when we failed to consider the implications for what we are doing. After attending CES 2013, Andrew Rose of Forrester Research wrote a succinct but timely article for Wired, highlighting the security downside to the ‘internet of things’. You can read it here, and I recommend you do.

Bookmark and Share

Welcome to this month’s lunch time teaser; A practical RA problem, which is solvable within a 30 minute lunch break. So why not see if you have the skills to solve the problem? Sadly, there is no prize but I will publish the names of those able to provide the correct answer.

The challenge

There are four sets of data that need to be reconciled to solve the problem.

The first file contains the link between the MSISDN, IMSI, and Account Number. The second file contains the “service type”, which is a binary flag with the following definitions:
• 00 = Incoming voice calls only
• 01 = Outgoing voice calls only
• 10 = Data calls only
• 11 = Voice calls and data

The third file contains the “network status”, which has the following definitions:
• A = Active
• B = Barred on the network
• C = Cancelled on the network

And the fourth file contains the subscriber’s prepay “balance”.

The rules are simple, in order to make a voice call, the subscriber should be “active” on the network, have the appropriate “service type”, and also have balance available. The challenge is to work out the MSISDN of the subscriber that is theoretically able to make a voice call.

Please email your answers to  – the answer will be revealed in two weeks time.

Bookmark and Share

Xinhua has reported the discovery of a trojan that has infected over one million Android smartphones in China. For an English translation of the original story, see here.

Bookmark and Share