Fighting Fraud: Increased Uses for Billing Data

The estimate of expected losses due to telecommunications fraud in 1998 is more than $4.5 billion. Even though telecommunication companies have invested tens of millions of dollars in advanced systems and technology to improve fraud detection, the losses consistently increase. The reasons for the continuing growth in fraud are many, including increased competition, intelligent platforms and product sets, the scramble for customers and a lack of customer awareness.

The trend in subscription fraud is one of the biggest concerns for carriers today. While many carriers consider this type of fraud a form of bad debt, it is actually a form of fraudulent activity in which service is taken with no intention of ever making payment.

To start with, the fraud applications most telecom companies use are most often focused on the product sets where the provider faces the most liability, such as calling card and cellular services. With these services, the carrier assumes all liability, releasing the end user from financial responsibility, similar to the liability a credit card company faces when fraud is discovered.

Almost all carriers push liability on products such as Operator Services, Dial-1 and PBXs toward the end user. This is due to the common belief that the customer is responsible for calls originating from his location or because the customer is actually accepting the charges. Only recently have the big three long distance carriers offered limited liability for businesses. Therefore, fraud occurs at the end user premises without their knowledge. But is $15,000 or $20,000 limited liability a situation that business customers wish to face? Or pity the poor consumer, who is stuck with a $1,500-plus bill resulting from a scam or abuse and is required to make restitution.

How Do Fraud Applications Use Billing Information?

Fraud systems are, for the most part, driven by call detail records. This basic informational billing component is the keystone of every known fraud system. What differentiates one fraud system from another is the speed of call detail record delivery, analytical capability, alarm presentation and analyst acceptance and action.

Fraud systems have placed priority on the near-real time detection of fraud events. They have begun to incorporate SS7 signaling, where available, to assist in the evaluation of calling records and to create a possible fraud alarm that activates as soon as possible. Some systems have initiated--as the base from which to begin evaluation--profiling or signature alarms based upon deviations from customer behavior patterns using call detail records. Fraud applications such as these are inadequate in two respects: They base evaluations on 12-hour timeframes or less, and traffic must first flow across the network. In both instances, the fraud applications are reactive; a call event must first occur.

Because most carriers have only a reactive approach to fraudulent activity, the picture is incomplete. Most fraud systems are phone number-based. All evaluations occur in the testing of one number, whether it is a calling card number or a billing number. The systems do not take into account a wider customer view. To take a proactive approach to fraud, carriers also must make use of the information they acquire simply to bill a customer for a service or services. Consider the items below:
* Name and Address
* Billing Phone Number
* Additional Phone Numbers
* Landline
* Wireless
* Promotional or Plan Codes
* Service Types
* Card
* Pager
* Dial-one
* Personal 800
* Call Forwarding/Conferencing capabilities
This is just a partial list. Consider also the information your company has available in customer records and in a call record that could be used to fight fraud as well. For example, when the customer is evaluated at the point of installation, billing components can provide information on potential fraudulent accounts well before call records are ever produced. Here are a few examples where the evaluation of data other than call detail records revealed interesting trends.

Loyalty Programs

A few years ago, AT&T and MCI were very active in buying customer loyalty through highly effective programs of mailing customers checks valued between $25 and $100, depending on how much they perceived the customer typically spent on long distance each month.

Some entrepreneurial individuals who had figured out that they could obtain these checks directly by calling customer service created a sideline business. Having quotas to meet, the customer service personnel were extremely cooperative. These individuals then "slammed" phone numbers to the carriers. But one piece of billing information was the same: the address! In some cases, hundreds of checks were sent to the same location. Because call records weren't created, this abuse went undetected by the fraud system. It was stopped only when someone decided to compare the check mailing addresses against prior runs to see if there might be a problem. Imagine the surprise of the folks running this promotion.

Customer Credits

Every company has a premier customer service organization. In fact, in some companies, credits are issued with little or no questions asked, in the spirit of servicing the customer. This occurs whether or not the customer requesting the credit actually has a genuine problem. When a customer calls in for credit every month, or even every few days, most carriers can't detect it or know the magnitude. In some cases, a customer of this type is actually costing money and will remain a loyal customer because they really are getting the best deal in town-service no one else can match.

The Repetitive Debtor

One area of concern in the telecom industry is the repetitive debtor. This is the person who didn't pay for services and was written off the books; suddenly he's back again as a new premier customer. This happens because old customer records aren't kept long enough and are deleted from on-line systems within a few months to save space and processing time. Also, customer installation systems will allow new accounts to be set up with the same address as a previous bad debt account.

The Slammer

Slamming is one of the more costly forms of fraud. Not only does it impact a company's reputation, but carriers also can incur heavy penalties leveled by the government. Data contained within the billing record can provide indications as to who or what is the driving office behind the slamming issue. For example, it could be a series of rogue sales agents or a promotional campaign that provides monetary rewards for the largest number of installations.

The Pay Phone Steal

Many people use pay phones and go through an operator to place a call. The operators can see phone fraud being committed yet, unfortunately, they can do nothing. Their responsibility is to process the call efficiently and quickly. Operators notice when their consoles show calls originating from pay phones with "bill to station" as an option. This option allows a person to make an operator-assisted call without ever paying. The carrier will never receive compensation, but still will have to pay operator and access fees. By passing the operators' knowledge and information on to the fraud group, this type of fraud can be reduced.

By making basic billing information available, these fraudulent situations can be addressed before massive losses occur. Again, because call records have not yet been generated, even the most advanced fraud system is of no value here. These are examples where a proactive approach to fraud using billing information is essential. By moving from a reactive to a proactive approach to fraud, the overall loss of revenue will be reduced.

Expanding Fraud Analysis

First, members of the fraud management group must take off their blinders and understand that fraud is not just what they find in their systems from a quick, hit-and-run activity or from information derived from call detail analysis and modeling. Although the dollar impact can be quite high if they lose sight of the objective, their investigative talents must be expanded into other areas of the business. One reason is that the bad guys perform their own testing to determine the thresholds within any real time fraud system. This testing allows them the ability to surf just under the alarm thresholds and continue their fraudulent activity.

One method includes expanding the time frames of call detail record evaluation. Call accumulation over daily or weekly time frames can identify fraudulent trends that do not trip alarms in the real time fraud system, such as collect calling from prison. Most prisons allow collect calling only but, with outside assistance, prisoners can have a new account set up with call forwarding and route all their calls through the forwarded phone to the final destination. This way, the person accepting the call will not be billed. This often occurs at a low volume that most fraud systems will not catch. But if the total cost of the calls were $100 per day, a monthly invoice of $3,000 would result and, following normal collection practices, could become $6,000 to $9,000 in fraudulent charges.

In another case, a business may have an increased volume in international "entertainment" calls. If these are spread over 30 phone lines, and thus not picked up by the real time fraud system, the business owner may not realize his PBX is compromised. Imagine his surprise when he checks some of the calls he supposedly made.

Each of these examples demonstrates the many benefits of utilizing billing information. For example, carriers can accumulate costs over a longer time span based on billing records. In this manner, a new account with a substantial pre-invoice balance of high-risk calling can be evaluated for fraud instead of waiting for collections. It also is more effective to consolidate the information on all phone numbers under a given account and evaluate the total usage instead of using alarm triggering from each individual phone number. Consolidation allows the fraud analyst to have a complete picture of a customer's traffic pattern on all types of services for all phone numbers and an average usage amount. These can be leading indicators of fraud that a real time system would miss. But keep in mind that the problem with accumulating calls is that the volume of customers who trigger alarms could quickly exceed the capacity to review.

Another method is to incorporate product functionality and installation promotional practices into an evaluation process that can pinpoint potential fraud, prior to service turn-up, calling card mailings or check cutting. Sharing ideas prior to product or promotion release can identify shortcomings and provide the opportunity to either fix the problem, build a solution or accept the inevitable, but at least everyone is aware of the problem prior to the release.

The true benefit from these methods is the expansion of communication between departments toward solving a company problem, not a departmental one. By breaking down the barrier of the "us versus them" philosophy, billing and other organizations in the company can provide fraud groups with useful data and, in turn, the fraud groups can share their knowledge of fraudulent tactics. The end result? Protecting the bottom line.

Jim Marsh is a Senior Consultant with The Management Network Group, a telecommunications consulting company. He can be contacted at 314.458.1390 or by E-mail at Marshgrp@aol.com.