Archive for February, 2013

This month’s winning answers came from Maheedhar Bose Juvva in India, Lionel Griache at ProactiveRA, and Guy Howie from BIAAS.

The solution

IRSF fraud usually involves multiple hacked PBXs, all in different geographical locations to avoid detection. The more PBXs involved makes it harder to trace back to the source, especially if it involves international borders. It is not uncommon for at least 4 PBXs (as in this example) to be involved in IRSF fraud, and in reality, many other International operator’s CDRs would need to be considered because IRSF rarely involves a single operator.

To solve  LTT-02 you have to first identify the number relating to São Tomé, which has a country code of 239. In IRSF/PBX hacking, the hijacked PBX is usually set to call forward to another number (C-number). So, a quick search of column C of the CDR data reveals the number 2392204071 in cell C77 of the switch file. The number in cell B77 (4485861595789) relates to the customer who complained to the CFO, and the data in cell A77 (4485855998974) appears to be where the fraud originated from.

However, as IRSF fraud usually involves multiple PBXs being hacked, a quick search of the CDR data shows the A-number in cell A77 (4485855998974) also appears in cell C67, which belongs to another PBX customer, that has also been hijacked and had their number set to call forward. The originator of the fraud now appears to come from 4485860241398, which is located in cell A67.

Another search shows 4485860241398 also appears in cell C90, which reveals yet another PBX customer has been hacked and elaborates the extent some fraudsters will go to hide their traces. Repeating the same process of searching numbers back to the originating source, finally stops at cell A50 (4485863051726 – Fervex Systems) which is the answer to LTT-02. The linkage is illustrated here in the following file.

The next LTT will be published on Monday 18th March.

Disclaimer: none of the data in the CDR file is real, and no frauds were ever committed by, or involved the named parties or numbers appearing in the file.

Bookmark and Share

Vinton Cerf may be called one of the ‘fathers of the internet’, but he hardly ever uses Twitter. However, a little tweet from the 69 year old co-designer of TCP/IP may have tipped the balance and created a big headache for US President Barack Obama and some US mobile phone companies. With only a few days left to go, it looked like that petitioners demanding a change in the law for unlocking US mobile phones were likely to fall short of their target. Petitioners at whitehouse.gov needed a minimum of 100,000 digital signatures to force an official reply, after the government recently raised the minimum threshold from 25,000 signatures. It seems that Cerf’s call to support unlocking of mobile phones generated a late surge of support, pushing the petition over the limit. Now Obama’s administration will need to explain why US mobile contract customers who unlock their handsets face a first-time punishment of 5 years in prison, a USD50k fine, or both.

Yup, you read that correctly. 5 years in prison. A fine of 50,000 US dollars. Or both. That is the penalty that potentially faces any US customer that unlocks their mobile phone. It could be argued that no actual customer will be treated this harshly in practice. But such harsh penalties make it easy to force plea bargains, where customers accept lesser punishment rather than engage in a legal fight and risk a disproportionate penalty. And this kind of threat – the over-leveraging of excessive punishment – was a key factor in the recent prosecution, and suicide, of internet entrepreneur and activist Aaron Swartz. So when Obama’s administration issues its response, emotions might run high, especially if Obama is perceived to be engaging in ‘crony capitalism’.

Does this have anything to do with you? Well, yes, I think it does. Telcos are big private enterprises that have complicated relationships with governments. Some telcos are state-owned, whilst most others are heavily regulated. These relationships between telcos and government sometimes leads to control of, or distortion of, prices and free markets. When this occurs, the usual rhetoric of free markets and pleasing customers needs to be put into context. Success, and risk, can become more dependent on pleasing government than on normal competitive factors, as I mentioned in a recent post discussing which risks are core to telcos. So if government is effectively changing the business objectives, that alters the role of everybody who supports the business’ objectives, whether they are checking compliance to a government-determined price, or relying on government to enforce laws aimed at the telco’s customers.

The particular situation in the USA is further complicated by the fact that people are complaining about a law which, on the face of it, has nothing to do with locking or unlocking mobile phones. The Digital Millenium Copyright Act (DMCA) is aimed at stopping piracy of copyrighted material (the clue is in the name). It includes provisions that make it illegal to circumvent the kinds of technologies used to protect copyright. The DMCA also gives a very special power to the Librarian of Congress (who is not an actual Librarian) to make rulings about exemptions to the DMCA. This is important, because without the exemptions, there might be rioting. Without the exemptions, so many ‘normal’ kinds of behaviour become punishable that people might stop shrugging their shoulders and start getting seriously angry at their government. For example, blind people would be considered to be breaking DMCA rules when using technology to turn written content into spoken content; see here. The new fuss about unlocking mobile phones was caused because the Librarian of Congress previously made an exception for the locking of mobile phones, but will not make an exception any longer. So a law designed to make it difficult to infringe copyright has, in effect, been extended to make it difficult to unlock mobile phones.

It is reasonable to point out that customers sign a contract and that operators may choose to provide subsidized handsets with the aim of locking the customer in for the duration of their contract. But this change in US law does not alter the nature of any contract between customer and provider. What has changed is that the violation of a contract, which is a matter of civil law, is being transformed into a crime. In other words, instead of resolving a contract violation by one party (the telco) suing the other party (the customer), government is getting involved by giving itself the power to punish the customer. And before anyone jumps in to applaud the US government for ‘helping’ telcos, let me point out that smaller telcos like the idea of customers being able to change supplier, as shown by the campaigns of T-Mobile USA, which encouraged people to unlock their phones. T-Mobile USA issued a statement in response to the change in DMCA enforcement.

Do telcos want governments, like the US government, intervening in the market this way? It is fair to say that many people working for telcos love love love love government intervention when it suits them. They love it. But as far as I am concerned, those people can go to hell. They might as well sell their soul to the Devil whilst they are at it, because when government decides which private businesses are ‘winners’, then governments are likely to create far more losers than winners, because they kill real competition. A level-playing field gives a chance to new, small, innovative providers, and is not designed to favour those few companies that already dominate their markets. And a level-playing field is in the interests of consumers, as ably demonstrated by the intelligent and informed consumers who signed the petition at whitehouse.gov (and also by the many business, legal and political writers who support it, such as those found here, here and here). In fact, the petition has been extraordinary in comparison to most other petitions on whitehouse.gov. Most petitions appeal to support from the political left or right, but this petition has appealed not only to lefties worried about consumer protection and government interference with digital freedoms, but also to righties who are keen on small government and free enterprise. With that in mind, what telco really wants to have a Big Brother government supervising their customers, threatening them with prison and huge fines because they tried to change supplier?

A simpler approach would be to do what happens in so many markets: price handsets based on what they are really worth, without tie-ins and subsidies. Better still, offer both options, with subsidized tied handsets, and unsubsidized, untied handsets. Then you can make it clear to customers if they opt to take the subsidy, the telco will enforce the terms of the contract. Of course, I am suffering from idealism. The real problem here is that too few customers care about their network, and so operators want tie-ins between popular handsets and networks. They are afraid of offering untied handsets. But that brings us back to the very essence of the matter: what it means to have competition and a level-playing field. There is no obvious intrinsic reason why a consumer should be denied some channels if they watch a particular make of television set, or be restricted from driving on certain roads depending on the manufacturer of their car, or be only allowed to use one mobile network with their mobile handset. An inter-operable world is a better world. For all the talk of competition, many operators do not really compete, because customers do not care about who supplies them with the undifferentiated commodity of bandwidth. They care about their handset, much more than they care about their network. And unless telcos deal with that issue effectively, they will always be engaged in the risky business of courting governments and lawmakers at least as much as they compete for customers.

Bookmark and Share

MACH, specialists in mobile roaming data and clearing, has issued a new press release which…

…revealed the telecom industry’s first revenue assurance solution available over the cloud

Reading MACH’s press release got me so excited that I instantly fell into a deep sleep. Yawn. Eyelids heavy. Zzzzz. Feeling so tired. ***Slaps face to wake himself up*** Hmmm… there must be a reason why this topic is interesting enough to blog about. RA in the cloud… when have we heard that phrase before? Oh yes, in 2010.

Like most of you, I do not care who does something ‘first’. I want to know what a product or service really does. Full stop. Finding that out is hard enough, without verifying how many competitors can offer the same. Too few vendors explain what products and services do in straightforward and honest language. The remainder fear that customers will instantly compare them with rival products and services, and hence quickly determine which matches their requirements (and quickly dismiss those which do not). So perhaps MACH are ‘first’, in which case they should kindly explain how their ‘first’ comes ahead of the following:

  • Subex debuted ROCcloud in April 2010. Is MACH saying that Subex’s offering does not count as revenue assurance because it focuses on fraud?
  • cVidya launched cVidyaCloud later in 2010. cVidya deserve credit for being relatively modest in their claims. They did not describe cVidyaCloud as a ‘first’, even though they said it covers revenue assurance and many other assurance activities.
  • Neural Technologies offered MinotaurCloud in September 2009. To be honest, I dismissed this press release at the time because I had doubts about the true extent of the functionality that was being offered. (Sometimes I ignore dubious press releases, instead of mocking them.) Even so, I think this illustrates, rather than excuses, the problems with MACH’s extraordinary new claim.
  • Apologies to every other RA vendor with a product called XYZcloud, but this is getting boring. For no particular reason, let me highlight that Razorsight, and Kognitio also claimed to offer cloud-based revenue assurance, and did so before MACH.

What lessons should be learned from this (comical) case study? First, marketeers love vague language, as epitomized by the word ‘cloud’. The phrase ‘revenue assurance’ has also been badly used and abused over the years. Put the two together, and nobody knows what the heck you are really saying, or selling. You cannot persistently rape language, leaving it devoid of meaning, and then expect customers to trust what you say. Although use of the word ‘cloud’ is ambiguous, SaaS services, as offered by some of the vendors named above, fit within a reasonable definition of cloud computing. Which means MACH must be claiming to offer something new in terms of ‘revenue assurance’. That sounds extremely unlikely, but if it is true, they could at least spell out the detail. Instead, we get the usual drivel about being ‘end to end’ and that typical leakage is estimated at being between 5% and 15%. Yawn. Zzzzz.

***Slaps face again*** Where was I? Oh yes. Second, vendors can point to other vendors and call them liars, but that helps nobody. To be fair, vendors do not do that. I do that. But when somebody claims to be ‘first’ and somebody else previously said they did the exact same thing, then logic demands that somebody is fibbing. That undermines trust in every vendor. As the MACH press release points out, “competition is tough” for telcos, so why should they waste money (or time) investigating what sounds like a fat load of marketing hype?

Finally, MACH’s marketeers need to learn how to use Google. Any halfway decent RA practitioner will google ‘revenue assurance cloud’ and then be forced to ask why MACH’s offering is a ‘first’ in any meaningful sense. Better than halfway decent RA practitioners already read talkRA and hence know that other firms offer cloud-based RA. For example, cloud-based RA was mentioned several times in the talkRA annual review of 2010. So we all learned something valuable about Joseph George, MACH’s Director of Revenue Protection and Interconnect, who generously commented for his own press release:

“As the first vendor to launch a revenue assurance solution over the cloud, we are especially proud of CASHBACK v8. Not only is it quick to market and instantly scalable to an operator’s needs, but it also provides operators with comprehensive intelligence and broad team knowledge that goes beyond the scope of most other comparable solutions.” [My emphasis]

We learned that Joseph George does not read talkRA – the first and best source for comprehensive intelligence about telecoms business assurance. You do, which is why you know more than him! George’s competitors read this site (even the ones who hate what we write). Our survey of industry experts concluded talkRA provides knowledge that goes beyond the scope of any comparable solution; they estimated that the average talkRA post contains between 85% to 100% more information than you find in a typical press release. So do yourselves a favour, and avoid George’s mistake. Stay on top of the intelligence curve by reading talkRA, and you will be two steps ahead of your rivals, and three years ahead of the marketing hype.

Bookmark and Share

Welcome to this month’s lunch time teaser; A practical problem, which is solvable within a 30 minute lunch break. So why not see if you have the skills to solve the problem? The first three names of those able to provide the correct answer will be published.

The Challenge

You work for a telecommunications company that offers hosted PBX solutions for corporate customers. You have just had a very brief and cryptic meeting with the CFO. He says a corporate customer has complained to him about a call appearing on his bill to a very expensive premium rate number in São Tomé, that he claims he did not make. The CFO passes you a switch file that contains some CDRs, and tells you he wants to know who did this. He wants the answer from you within 30 minutes.

Please email your answer to lee@talkRA.com

The answer will be revealed in two weeks time.

Bookmark and Share

WeDo, the Portuguese-based business assurance vendor, have announced the release of version 7 of their RAID business assurance suite; see here.

The pitch is glossy. First impressions are that you could be visiting Apple’s website, not least because RAID’s attractive dashboards and reports are shown displayed on a variety of Macs and iPads. But whilst WeDo are pushing RAID’s improved interface, what will really matter is the popularity of the new features under the hood. These include recalculation of xDRs, which WeDo describes as ‘rating validation’. Recalculation is a kind of testing that has been around for a long while but has never really appealed to that many RA departments, so it will be interesting to see whether this matters more to WeDo’s existing customers, or if it is a way to reach new customers. WeDo has linked this to its new ‘billing validation’ capability, which makes it sound like the two are closely related. However, billing validation is described as:

comparing the customer’s historical behavior and statistical data to any additional sources and the invoice itself, at both an aggregated and a detailed level.

In other words, what WeDo calls ‘billing validation’ is the kind of clever re-use of fraud detection techniques that should have become standard for RA teams – but which many real-life RA teams do not use. Comparing the current bill to historical and statistical data might indicate fraud, or it might indicate an accidental error in how the bill has been processed. So here the vendor is intelligently joining the dots, through its product, in ways that telcos sometimes fail to do with their internal processes.

WeDo is also trumpeting the upgrade to RAID’s fraud detection capabilities, but it would be hard to form an opinion about this without examining the system in use. Their pitch is the inclusion of “new pre-built scenarios and detection techniques”. It is interesting they then list a series of telecoms-specific frauds, as WeDo’s overall push is much broader than the telecoms market. The promotional material identifies four sectors that will be served by RAID. Alongside telcos, WeDo are promoting the use of RAID in retailers, energy companies and financial companies. Reading between the lines, the order of this list may have some significance. Whilst telcos continue to be the heart of the customer base, the oft-projected crossover of RA into the finance sector may have been significantly overhyped. Margin-conscious retailers may turn out to be far more receptive to innovative enhancement of analysis and assurance in areas like stock management and the supply chain.

Bookmark and Share