|Dan Baker Blog|
cVidya on Keys to a Good Fraud Management System
You, me and everyone who works for a living is a “product expert." And if we don’t manage an actual product that’s sold to a customer, then the product we manage is ourselves – the value of the services we provide to our employer.
Now putting that product’s value into words is not easy. I mean, when you meet up with friends and family at a class reunion, party, or wedding, how do you explain to them what you do for a living? For me, it’s never easy, especially when my friend’s knowledge of telecom is limited to the cell phone in his hand.
So that’s what this interview is about. At the TM Forum in Orlando, Fla., I met up with Tal Eisner, senior director of fraud-management solutions and strategy at cVidya. Then I peppered him with questions to tease out the most important features of his software product — and more broadly, of any fraud management system (FMS).
So here you go: some highly edited Q&A that hopefully crystallizes many of the software features a buyer should consider when selecting any FMS.
Dan Baker: Fraud management solutions have been around for a long time, but there are still a lot of small operators out there who view an FMS solution as optional. What do you say to them?
Tal Eisner: Dan, I’d say they are gambling at the casino. Many people compare fraud management to buying auto or life insurance. I agree with that and I would add that an FMS is a unique kind of insurance, the kind that has a very short shelf life, because if you don’t keep it updated, it loses its value very quickly because the fraudsters are coming up with new threats all the time.
DB: What are the most important requirements for good fraud management software?
TE: I guess the short answer is that good fraud management software needs to continuously evolve and mature over many years.
An FMS is a living and dynamic thing because the threats are ever-changing. Our adversaries are technically savvy and well-funded criminal organizations who have targeted telecom as an ideal place to steal money. Yet as soon as you plug one fraud hole, they are finding other places to penetrate our defenses.
So the collective intelligence in the software and the operator-to-vendor partnership required to make it all come together makes a huge difference.
The scalability of the FMS solution also matters greatly to some clients. For instance, we have an operator customer in Brazil with more than 90 million subs and a footprint in mobile, fixed, cable and broadband Internet. Even the fraud management staff is big at this operator — more than 60 analysts working 24/7 shifts.
DB: How do you manage to keep the FraudView software up to date and synchronize the many rules changes and the need to constantly address new threats?
TE: An expertise in fraud management doesn’t come from sitting in a lab or reading articles on the Internet to find out what threat feature to add to the suite three months from now.
On the product side, we work hard to ensure the software is as flexible as possible. For instance, the FraudView “ad-hoc reports" capabilities enable non-SQL experts to easily generate queries and reports from free format text.
The number, size and variety of data sources ha[ve] greatly expanded over the years too. Call-detail records are still key, but today our customers are taking in feeds from a wide array of sources — even things like financial platforms supporting mobile money and malware-detection mechanisms in security. And these new interfaces and new patterns are then embedded back into the product.
DB: How do you get customers involved in improving the FMS product and getting new fraud scenarios into the suite?
TE: Our predefined controls library is key here. FraudView’s built-in controls library is constantly being written and updated with input from fraud managers and analysts around the world.
Let me give you an example. Bypass fraud is one of the most damaging fraud types worldwide. The customers that we have in Asia Pacific suffer huge losses because of bypass traffic. Fortunately we now supply them with a dedicated bypass module based on the experiences of our other customers.
One particularly helpful addition in this bypass area came from a customer’s ability to detect the activation of SIM batches — firing up multiple SIM cards at the same time. This batch-detection capability was a real breakthrough and it is now embedded in our FraudView baseline software, so all our customers can share and benefit from our experience.
In the mobile money area, we are often getting daily inputs from operators in Africa and Asia where that service is on the rise. In fact, a tier 1 operator in Africa (22 million subs) launched its mobile-payment service only after we provided them with the proper controls to monitor this new service. This set of controls are now offered as part of FraudView.
DB: What performance and scalability issues do fraud managers need to be concerned about in the future?
TE: With the rise of mobile broadband in particular, we expect FMS performance and scalability issues will spike in importance in the years ahead.
By the way, you can’t just plug in these systems and expect them to scale. It often takes years to stabilize such large systems. This is a key aspect of so-called “product maturity." Without that scalability, you’re not going to succeed with Tier 1 operators, such as one Asia Pacific client of ours [that] now processes over 10 billion records a day on our solution.
The need for real-time detection is another driver of high performance and scalability. Real-time detection can minimize financial damage because you are detecting it that much faster. In services such as PRS calling and PBX hacking, this is definitely the case. When you are detecting illegal attempts to hack into IVRs, it’s also key.
DB: Over the last decade, a number of software firms have dropped out of the fraud management market. Why did those companies fail?
TE: Fraud management is a constantly evolving space and fraud departments at the telcos have become more sophisticated. The challenge for fraud departments to keep up with evolving technology has never been greater. So I think the fast-paced nature of the fraud business is what’s made it hard for the small vendors to keep up.
Being in the fraud management space for many years, I remember certain niche players who launched big marketing campaigns, but in the end had a too-narrow product offering, so they could not stay in the game over the longer term.
DB: What will the impact of mobile money and LTE be on fraud?
TE: You’re right to identify LTE and the mobile money as the two biggies. I would say we are all still learning. There are still a lot of unknowns here.
Now mobile money has been established in several areas around the globe for more than two or three years in Africa and in the Far East. We have 2 customers that launched mobile-money services a year and a half ago and we work closely with them on detecting new fraud patterns in this domain.
Regarding LTE, we recently showed our capabilities in a catalyst project that was presented in the TM Forum Management World Americas event in Orlando. The project was championed by operators such as Digicel, Etisalat Misr, MTS Allstream and Rogers Communications, and it demonstrated detection and analysis of the vulnerabilities related to LTE.
DB: Is fraud management forever destined to be a cost to the business? Can it be turned into something that will enhance the telecom's relationship with its customers?
TE: I think the secret to turning an FMS into a business enhancer is to focus on protecting the enterprise customers who are affected by fraud threats. One particular area of promise here is feeding vital intelligence about PBX hacking.
PBX hacking is a headline topic with telecom operators these days. The CFCA says PBX hacking is the No. 1 fraud issue around the world with 4.6 billion U.S. dollars of damages worldwide. Early in 2012 we launched our enterprise fraud-management package which goes a long way to containing PBX hacking issues. Once again, this solution was the result of a customer contribution.
Actually, a fraud manager at one of our customers worked with an enterprise customer of theirs who owned a PBX. A reporting relationship was created where the fraud department would alert the enterprise PBX owner whenever there was a suspected case of PBX hacking.
Little by little, this relationship got tighter as the enterprise manager came to view the operator’s fraud report as a valuable service. So this is how we came to build the enterprise fraud-management module into FraudView. Today, some of our operator customers resell the solution to their enterprise customers as a service.
Not only does this fraud-alert service increase the stickiness of an enterprise customer, it also boosts the reputation of the fraud department within the larger telco organization because fraud management is no longer a mere cost center.
DB: Tal, thanks for these insights. To close, are there any other factors we’ve not yet discussed you view as important?
TE: Dan, the final thing I think buyers need to be mindful of is the actual business model of the FMS supplier. An FMS will generally gravitate to one of two poles: either a product-heavy or services-heavy solution. In the services-heavy model, the vendor sells a base software product, but makes most of its money on add-on professional services such as consulting and making configuration changes.
FraudView, by contrast, is a product-heavy solution. We throw as much intelligence as we can into the product itself, realizing that the client gets the freedom and flexibility to configure the product on its own with very little handholding required from us.
So how do we accomplish that? Well, many vendors will offer you additional consulting services around best practices, but to us, best practices is often a matter of simply embedding more predefined controls in the product. Similarly, rather than sell consulting around fraud-rule creation or the setting of thresholds and filters, we embed those rules into the product itself and let you decide which rules you want to activate.
To be honest, it’s the expert users and managers at our clients who supply many of the innovations in FraudView. Listening to our clients’ suggestions and studying their problems gives us valuable input on new features we need to add to FraudView, whether it’s to detect new threats, add new controls or improve other aspects of the product.
In a sense, we maintain two monitoring systems for fraud. The first is a our FMS product that detects fraud through rules, controls and analytics. But our second – and equally important – monitoring system is our own eyes and ears. It’s about being close enough to customers that when they have an issue, we can respond quickly to protect them, then add these new capabilities to the product so that the benefit can be shared with our greater family of customers.
Tal Eisner is senior director, product strategy, at cVidya Networks. He has more than a decade of telecom fraud management experience. Prior to cVidya, Tal served as fraud management department head at Orange Israel. Contact Tal at email@example.com.