James Stewart is product manager for fraud and revenue assurance solutions at MACH.
Fraud detection evolves to RAM
Telecom fraud is becoming increasingly sophisticated as networks move inexorably toward packet-based technology and the commercial telecommunications value chain become more complex, leading to a more varied threat landscape.
The view is not all bleak, however, as robust data management and detection techniques are evolving to protect operators against financial losses related to fraud.
With the growth of service delivery in real-time, fraud identification and action must be faster than ever before. Recently, approaches to accelerating data analysis and implementing counter-action have received a boost from the introduction of a technology called in-memory computing. In-memory computing promises benefits including reduced system vulnerability caused by poor rule provisioning and more efficient use of hardware that helps ensure system scalability and improved accuracy.
Essentially, in-memory computing places the query data used by reporting tools within the RAM of a fraud system, rather than having it on disk as with the traditional approach. With in-memory techniques the information is first loaded into memory on the manager’s workstation. The fraud analyst can then query and interact with the data already loaded into his or her workstation’s own memory. Unlike caching techniques, where the available data is only a portion of the total, in-memory computing ensures that data available for analysis is as complete as possible.
The most obvious advantage of in-memory computing, and more specifically in-memory analysis, is the speed of analysis it enables. In addition to near real-time analytics, in-memory techniques can also enable predictive analysis with equally fast responses.
A fraud analyst could apply a data query using a defined formula or algorithm to help predict a potential fraud situation and receive not just the possible revenue loss outcome, but also information on how to respond to a particular case. With immediate results to queries and proactive pattern matching, this approach contrasts very favorably with the use of a disk-based tool for the same task. The latter approach can require recalculations or even database updates taking up valuable time, during which operators may be losing money to fraud.
Other options available in the fight against fraud include what might seem very obvious, which is to ensure that systems used for fraud management are not vulnerable to user error. Systems that are vulnerable to user error can fail because of poor rule provisioning, so controls should be in place to ensure the prevention of errors leading to bad rules, which themselves can impact on the entire system’s performance.
It should also be considered that running a fraud management system using potentially inefficient rules can mean additional processing that requires more hardware. If the fraud management system itself is not particularly scalable, this may limit the ultimate capability of the system to protect against fraud. With optimum data management efficiency, more complex detection methods can be implemented improving both accuracy and the productivity of the fraud department.
For fraud management to be effective the business rules set to define thresholds and patterns need constant review and pro-active management. This requires a responsive and flexible business rules management capability within the fraud management system, one that lets fraud managers define and manage decision logic without any delays caused by needing IT support.
A disciplined and proactive approach to rules definition and management ensures a combination of better control, more precision and improved process efficiency. Applying rules indiscriminately will have a negative effect on the ability to detect fraud and could potentially damage subscribers’ experience, so it is important to understand the impact a new rule will have on the ‘False / Positive’ ratio. It is a fine balancing act. Obviously it is easy to find all fraud, with simple thresholds which are set far too high. The result will be many false alarms with a significant impact to performance and of no value to the fraud analyst.
Further options against fraud
Then there is subscriber categorization. A well-defined subscriber-segment is easier to characterize and to monitor for behavior that is inconsistent with their usual behavior. This refers to usage type, for example, treating roaming subscribers differently to subscribers on the home network. Patterns of usage behavior are highly informative, so well-defined rules associated with usage patterns present a much more accurate approach to simple threshold definition.
Additionally, case management is used to progress potential and actual fraud cases. This includes building cases for handover internally for further investigation, or to help build forensic cases for handover to law-enforcement agencies.
It may well be that some fraud analysts focus on analysis and detection of fraud while others work on the forensic part of the process, building cases to provide evidence for the legal agencies. The more workflow automation the better, as this builds efficiency into the monitoring and progress of case management. It is equally important to be able to use methods to identify when a case is not progressing as it should.
Faster identification and reaction to potential cases of fraud using in-memory computing can be complemented by opportunities to take a more proactive approach to fraud protection, using predictive analytics, process automation, more sophisticated rules definition and subscriber profiling. Used individually or in combination these provide effective ways to fight fraud.