Recognize the Risks: VoWiMAX is Vulnerable to Loss, Cannibalization and Fraud
David Ronen, ECtel Ltd.
03/01/2007
VoWiMAX and VoIP services offer companies new ways to maintain their customer base, but introduce new and different challenges. There is a fundamental difference between revenue management in other environments and with VoWiMAX. In most environments, operators can perform revenue management with the information they have in their networks and OSS/BSS systems. In VoWiMAX environments, however, service providers may no longer have sufficient information on the voice services provided over their networks to do that effectively. VoWiMAX opens the door wider for third parties to offer cheap voice services to subscribers in WiMAX coverage areas. Separating the access service from the application will likely lead to situations where a competitor or fraudster takes voice market share from an operator using the operator’s own access networks.
To enable their companies to manage revenues, risks and promotions in this environment, risk and revenue assurance managers must stay ahead of three key risk areas in particular: CDR/IPDR verification, service cannibalization and fraud. Operators should extend their revenue assurance processes to cover the new services, while also implementing tools to monitor third-party VoIP services that traverse their networks and threaten to cannibalize their revenues. They should also anticipate fraudulent activity that will abuse their bandwidth, such as call-sell operations, and put tools in place to identify and stop it. Because IP probes can monitor and identify specific types of IP traffic, they will be critical to any WiMAX revenue assurance and fraud prevention strategy.
Sidestep Revenue Assurance Hazards
One of the first challenges is to verify the proper accounting and metering of these new IP services. As with all standard telecom services, VoWiMAX and VoIP must be measured, trended and balanced. However, operators have to make sure they are working with accurate and trusted data. In many cases, operators launching VoWiMAX service are replacing or migrating to new versions of their OSS/BSS systems. Such changes increase the danger of creating new sources of data leakage from factors such as newly integrated system interfaces, configuration changes or bugs in the new software.
VoWiMAX services create new complications for accounting and metering, because it becomes more difficult to identify and therefore meter IP-based voice traffic separately as it mixes with other IP traffic in the network. Metering VoIP traffic accurately on any multi-service data links usually requires IP probes. An IP probe will sift through all packets of data passing through an IP network looking for those associated with VoWiMAX and VoIP traffic, in order to account for them and establish an unbiased source of IPDRs (IP data records). Systems that lack IP probes do not inspect IP packets and therefore cannot distinguish among traffic types. As a result they are vulnerable to revenue leakage, service cannibalization and fraud.
Softswitches are prime suspects in revenue leakage, because of the potential for creating inaccurate or incomplete call detail records (CDRs). PSTN switches are generally susceptible to accounting and CDR errors as well, so essentially the risk is no different in the IP softswitch world. IP probes can add a revenue assurance check to the billing process by allowing an operator to reconcile CDRs or IPDRs coming from the softswitch with those the probes can produce. This sort of process ensures that all traffic that should be billed is actually billed. The probes would also detect any third-party voice traffic that bypasses the softswitch and goes unbilled.
Identify Service Cannibalization
As with VoIP, we can expect subscribers to shift from PSTN to VoWiMAX services over time and thus to cannibalize existing voice revenues. The growth of third-party VoIP offerings like Skype and Google Talk will threaten to be an even greater source of cannibalization, because the separation of application and access services makes them even easier to use in the WiMAX environment. Revenue assurance managers must be able to determine and report the extent of any cannibalization, and IP probes can be used in this role.
The IPDRs that billing mediation systems collect usually cannot provide the kind of specific information needed to identify third-party traffic. Skype provides a good example, because it uses network obfuscation and data ciphering techniques as part of its global voice service that make it especially difficult to detect. Only a couple of IP probes on the market can measure VoIP traffic that uses proprietary protocols, but this is an important requirement for an IP probe. Not only should it be able to detect a range of such protocols, but the vendor should also be able to demonstrate a roadmap and process for staying ahead of the new ones that eventually will emerge. Proprietary protocols are likely to keep springing up not because third-party voice providers are trying to avoid detection with any sort of fraud in mind, but because they are continually working to differentiate their offerings and improve their quality.
Stay Ahead of Fraud
Judging by the history of landline and mobile telephony, perpetrators of fraud can be expected to also exploit the opportunities afforded by Wi-Fi and WiMAX technologies. Unlicensed companies can quickly start up, offering call services to anywhere in the world by subscribing to a Wi-Fi or WiMAX service and using a third-party VoIP service provider to complete calls. Call-sell operations—in which fraudsters make unauthorized use of long-distance telephone services by selling a carrier’s traffic without specific permission—can drive some of the biggest losses.
For example, fraudsters can locate themselves within range of a Wi-Fi or WiMAX service at an airport or coffee shop. They then use the free wireless connection, or else hack into or pay for access to it. Using a flat-rate, unlimited VoIP service, the fraudsters then sell long-distance and international calling by the minute at a premium and can make millions in a very short time. Because the fraudsters don’t even need to have a physical line connected in this scenario, they become even more difficult to detect than in the landline world. And even when such a call-sell operation is detected, it is easy for the crook to move to a different location and start over again.
Without a clear method to separate normal Internet data from VoIP services, it is impossible to detect and react to this kind of fraud. IP probes are especially useful in detecting this kind of abuse, because they find the UDP or TCP packets that are associated with most types of VoIP. After an operator detects VoIP in a customer’s traffic, it must determine whether the usage is casual or abusive. The following are among the types of analysis that can detect unlicensed VoIP providers:
1. Call volume: Casual users of VoIP will make a few calls per day. However, fraudsters—unlicensed voice service providers—will have usage patterns that are very different from the casual user.
2. Call destination diversity: Call-sell operations run by fraudsters often cater to immigrants and tourists who call to a diverse set of domestic and international destinations. Casual users have a much smaller set of call destinations.
3. Simultaneous calls: Fraudsters will use as much of the bandwidth as possible to make as much money as possible. To do this they will have many simultaneous calls. Also their ratio of VoIP bandwidth used, compared to normal Internet bandwidth used, will be much higher than that of the casual users.
4. Time of day: Fraudulent users have continual traffic around the clock. For example, someone who is making VoIP calls 20 out of 24 hours a day is not a casual user. Casual users usually work during the day and sleep at night, and would not be able to make calls throughout both day and night.
Once fraudulent activity is detected, a risk manager can address the fraud in several ways. The first is to disconnect or block the user from the Wi-Fi or WiMAX service. This is perhaps the easiest and often is the best, most cost-effective option for fighting fraud. Fraudsters usually have no real interest in the other uses of Wi-Fi and WiMAX, apart from VoIP.
A more gentle approach is to block specific VoIP sessions for certain IP addresses. Instead of outright disconnecting a customer, the operator blocks his ability to use VoIP. This is better for customers who do have an interest in the other usages of Wi-Fi and WiMAX. A good example of such an approach is in an airport, where customers would be able to use the Internet for email and surfing, but fraudsters intending to abuse VoIP would be blocked. To block VoIP for specific IP addresses identified as fraudulent, an operator will need to have that capability embedded in its network. Standard network elements do not support selective blocking, but IP probes and specialized VoIP firewalls with blocking capabilities can be added to a network to provide it.
The bottom line is that VoWiMAX is extremely promising because it enables multi-mode capabilities and further drives the separation of access networks and applications. But, like any new service, it is inherently fraught with vulnerabilities, and revenue assurance is essential to ensure billing and cost accuracy. In the larger picture, any operator planning to launch WiMAX services should recognize that it makes third-party VoIP cannibalization and call-sell fraud significantly easier, and specific steps are necessary to address this fact.
Email this article
Add a comment
Printer version
Order reprints
RSS Feed
Bookmark article