Upload
jcsobreira
View
159
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Fraud Classification Model at Telecom Industry
Citation preview
17th March, 2014
1
Fraud Classification Model (FCM)A New Perspective for the IndustryZonOptimus, Portugal
AGENDA1. Project Context2. Reason for FCM Project3. Core Concept of FCM4. Industry Reaction to FCM5. FCM Register Explained6. FIINA Fraud Reporting Template7. An Industry Perspective
FCM (Fraud Classification Model) 2
1. Project ContextZonOptimus Collaboration with TMForum
3
TM FORUM ANDFraud Group Overview
TM Forum Fraud Group works to assemble and maintain best practices from operators around the world relating to Fraud Management. This information will continue to be updated and expanded to account for evolving fraud tactics.
TM Forum is a global, non-profit industry association focused on enabling service provider agility and innovation, through the development of several projects at key business areas:
65,000 Member Professionals 900+ Member Companies 195 Countries Represented
4
TM FORUM FRAUD GROUPFraud Management Guidebooks
GB954 Fraud Classification Guide
Arm operators with fraud information and offers them a best practice for the properly Classification of Fraud Cases:o Fraud Classification Modelo Fraud Enablers Definitionso Fraud Types Definitionso Categories and Atributes
ZonOptimus attended TMForum Fraud Group sessions and proposed the development of a Fraud Classification Model for the benefit of Telecom Industry- Project started in January, 2012
5
2. Reason for FCM ProjectWhy the Telecom Industry Requires a Model
6
TMForum 2012 Fraud Survey results, highlighted the lack of a common Fraud Classification at Industry level:
o Distinct names for the same Fraud Types
o Distinct interpretations of same fraud incidents
o Multiple Frauds perpetrated in the same case
There is a clear need for a Multi-Dimensional Analysis with different levels of abstraction.
Telecommunications Industry was
presented with many different and not
synchronized ways of Fraud Classification
Roaming Fraud
Internal Fraud
Subscription Fraud
Payment Fraud
Credit Card Fraud
Hacking
SIM Cloning
Mobile Malware
Prepaid Fraud
Dealer Fraud
Wangiri
SS7 Tampering
Handset Subsidy Loss
PROBLEM AT INDUSTRY LEVEL(at the time of project start up, January 2012)
7
Environment
“Example of Distinct Interpretations of Same Fraud Incident”
At 2011 CFCA Fraud Survey
3. Core Concept of FCMThe Baseline for Fraud Classification Model
9
TECHNOLOGYFRAUDSTER OBJECTIVE ENVIRONMENT ATTACK CUSTOMER SERVICE PAYMENT IMPACTS
AAA
ViG
WLAN Network
UTRAN
CS-CSCS-MS
CS-DS CS-WS
CS-AS
EFWS
SRD EMA
Portal FOCAMN-OSS
MM
RSS-CSCF
S-CSCFI-CSCF
ENUM/DNS
MGCF/SG
MGN-SBGA-SBG
HSS
PSTNPLMN
FTP
H.248SIP
SIP
DIAMETER
ISC LDAP
DNS
SIP
ISUP
TDM
IMT
LDAP
HTTP
/HTT
PS
HTTP
/HTT
PS
BRIPRI
BRIPOTS
SIPH.323
SIP RTP
RTP
IP Backbone
GGSN
SGSN
PDG
WAG
P-CSCF
PCRFGx+
Rx+
Gm (SIP)
DIAMETER
DIAMETER
PPSDIAMETER
OSS-RC
Other VoIP Networks
CORBA
Fraud Classification Attributes
FRAUD CASES CLASSIFICATION
FRAUDTYPE
ENABLERTECHNIQUE
The core concept of the “Fraud Classification Model” is a clear differentiation at the Classification of Fraud Cases between the: o ENABLER TECHNIQUE
What was the vulnerability method explored to get access to network, products or services?versuso FRAUD TYPE
What was the fraud committed at network, products or services by exploring the vulnerability above?
FRAUD CLASSIFICATION MODEL(BASIC PRINCIPLES)
10
In some circumstances the “Enabler Technique” is not a fraudulent attack but the exploitation of a risk vulnerability from other Business Assurance areas, such as Revenue Assurance and Security Management:
o The FCM assumes the relationship of the Fraud Management activity to Security Management; Revenue Assurance and Risk Management Functions
The Fraud Classification Model assures CSPs/Operators with data collection to allow the Understanding of Fraud and the development of Mitigation Strategies at the following levels:
o Revision of Internal Procedures, Processes and Products/Services
o Implementation of Technical Solutions at Network and Service Platforms
o Development, Enhancement and Updated Configuration of Fraud Management Systems (FMS)/Control Solutions
11
FRAUD CLASSIFICATION MODEL(BASIC PRINCIPLES)
“Fraud Classification Model Brain-Center”
- Revision of Internal Procedures, Processes and Products/Services
- Implementation of Technical Solutions at Network and Service Platforms
Development, Enhancement and Reconfiguration of Fraud Management Systems (FMS)/Control Solutions
Subscription Fraud
Hacking
Customer Account Take-Over
Mobile Malware
FRAUD ENABLER(fraudulent way to obtain/access
service)
FRAUD TYPE(fraudulent scheme)
TELE
COM
S SE
RVIC
E FR
AUD
SIM Card Cloning
Network/Protocol/Signalling Manipulation
Tariff Rates/Pricing Plan Abuse
Social Engineering
Arbitrage
International Revenue Share Fraud
Service Reselling
Wholesale Fraud
Private Use
Commissions Fraud
Traffic Inflation for Credits/Bonus
Charging BypassInterconnect Bypass
SIMBox GatewayTheft of Company
Handsets/Equipments
OBJECTIVE(Scope)
Make Money/Profit Obtain Free
Services/Goods Obtain
Credits/Bonuses Obtain Commissions Access User Bank
Account Access Subscriber
Information ……….
BUSINESS ASSURANCE
AREAS
Security Managemen
t
FraudManagemen
t
RevenueAssurance
12
FRAUD CLASSIFICATION MODEL (BASIC PRINCIPLES)
The Effective Relation Between “Fraud Enablers” and “Fraud Types”
Fraud TypesAdvance Payment Fraud a aCharging Bypass a a a aCommissions Fraud a a a aInterconnect Bypass / SIMBox Gateway a a a aInternational Revenue Share Fraud (IRSF) a a a a a a a a a a a a a a a a a aToll Free Number Fraud a a a aMoney Laundering aOnline Banking Fraud a a a a a a aPremium Rate Service Fraud a a a a a a a a a a a a a a a a a aPrivate Use a a a a a a a aService Reselling a a a a a a a a a a aSpamming a a a a a a a a aTheft of Company Handsets / Equipment a a a aTheft of Information a a a a a aTraffic Inflation for Credits / Bonus a a a a a aWholesale Fraud a a a a a
Tariff
Rat
es /
Pric
ing
Plan
s Abu
se
Clip
On
Abus
e
Tech
nica
l Fai
lure
at N
etw
ork
/ Ser
vice
Pla
tfor
ms
Soci
al E
ngin
eerin
g
Subs
crip
tion
Frau
d
Frau
d En
able
rs
Net
wor
k / P
roto
col /
Sig
nalin
g M
anip
ulati
on
Ope
n SM
S-C
Abus
e
Ope
rato
r / C
ompa
ny /
Bran
d / S
taff
Impe
rson
ation
Phis
hing
Cust
omer
Han
dset
/ Eq
uipm
ent T
heft
Fals
e Ba
se S
tatio
n Att
ack
Hack
ing
Mal
icio
us A
pplic
ation
/ So
ftw
are
Mis
confi
gura
tion
of N
etw
ork
/ Ser
vice
Pla
tfor
ms
Mob
ile M
alw
are
Abus
e of
Com
pany
Pro
cedu
res /
Pro
cess
es
Arbi
trag
e
Clon
ing
Com
prom
ised
Cre
dit C
ards
Cust
omer
Acc
ount
Tak
e-O
ver
Relational Matrix | Fraud Enablers vs Fraud TypesFraud Classification Model (Basic Principles)
13
GB954 Fraud Classification Guide
4. Industry Reaction to FCMModel Sharing with Global Fraud Organisations
14
GSMA Fraud Forum | Ireland and Malta Meetings
May and September 2012
ZonOptimus presented the Core Concept of the Fraud Classification Model at the GSMA Fraud Forum event held in Ireland (May 2012).
Fraud Forum updated its Fraud Incident Reporting template, readapting it to include FCM Core Concept and issued a new version at the FF meeting held in Malta (September 2012).
15
MODEL SHARING WITH GSMA FRAUD FORUM
FF Classification before September, 2012 FF Classification after September, 2012BEFORE AFTER
16
MODEL SHARING WITH GSMA FRAUD FORUM
CFCA Educational Event | Scottsdale, USA | September 2012
Presentation of Fraud Classification Model to CFCA (Communications Fraud Control Association) organisation.
CFCA updated its Fraud Reporting template, readapting it to include FCM Core Concept.
CFCA (Communications Fraud Control Association)
17
MODEL SHARING WITH CFCA
Fraud Classification before October, 2012 Fraud Classification after October, 2012BEFORE AFTER
18
MODEL SHARING WITH CFCA
2013 CFCA Worldwide Communications Industry Fraud Survey
Released at 5th September, 2013 the annual CFCA Fraud Survey, is now reflecting the Core Concept (Fraud Enablers vs Fraud Types) of the Fraud Classification Model, but still some adjustments need to be made to the survey in the future.
FRAUD TYPE(fraudulent abuse)
Wholesale Fraud | USD$ 5.32 B
Premium Rate Service | USD$ 4.73 B
Cable or Satellite Signal | USD$ 3.55 B
Hardware Reselling | USD$ 2.96 B
Hacking | USD$ 8,04 Billion - PBX (USD$ 4.42B)
- VoIP System (USD$3.62B)
Account Take Over | USD$ 3.62 B
FRAUD ENABLER(fraudulent way to obtain/access service)
TELE
COM
S SE
RVIC
E FR
AUD
(Val
ues
in U
SD$
Billi
ons)
Subscription Fraud | USD$ 5.22 B
USD$ 6.11 Billion of the frauds have been committed in Roaming
USD$ 3.35 Billion of the frauds have been perpetrated by DealersNO
TES
Estimated Global Fraud Losses
o USD$ 46.3 Billion
Estimated Global Telecoms Revenues
o USD$ 2.214 Trillion
Fraud Losses as % of Telecoms Revenues
o 2.09%
19
FIINA Plenary | Port Louis, Mauritius | November 2012
Presentation of Fraud Classification Model to the FIINA (Forum for Irregular Network Access) plenary meeting held in Mauritius.
Liaison Agreement signed between TMForum and FIINA for future cooperation and joint activities on FCM (project running).
MODEL SHARING WITH FIINA
20
5. FCM Register ExplainedCategories and Attributes
21
GEN
ERA
L DATE:
CUSTOMER TYPE:
CUSTOMER SUB TYPE:
ACQUISITION SALES CHANNEL:
PAYMENT METHOD:
PAYMENT TYPE:
LOSSES QUALITATIVE:
LOSSES QUANTITATIVE:
MAIN IMPACTS:
CASE DESCRIPTION:
OPERATOR:
COUNTRY:
REGION:
FMS STATUS:
ENA
BLE
RFR
AU
D T
YPE
FRAUD ENABLER:
ATTACK TYPE -
FRAUDSTER TYPE -
LOCATION -
ENVIRONMENT - FRAUD ABUSE/TYPE: LOCATION - ENVIRONMENT - OBJECTIVE - TECHNOLOGY - SERVICE - SUPPLEMENTARY SERVICE -
FRAUD CLASSIFICATION FRAUD MITIGATION
DETECTION:
DETECTION SYSTEM -
PREVENTION:
PREVENTION SYSTEM -
MITIGATION DESCRIPTION:
22
Fraud Classification Model RegisterModel Concept Template
Fraud Classification Model Register
ENA
BLE
R T
ECH
FRA
UD
TYP
E
FRAUD ENABLER: …..
ATTACK TYPE -
FRAUDSTER TYPE –
LOCATION –
ENVIRONMENT –
FRAUD ABUSE/TYPE: …..
LOCATION –
ENVIRONMENT –
OBJECTIVE –
TECHNOLOGY -
SERVICE –
SUPPLEMENTARY SERVICE -
FRAUD CLASSIFICATIONFRAUD ENABLERS
Abuse of Business Procedures/Processes Weaknesses
Abuse of Technical Failure at Network/Service Platforms
Arbitrage
Cloning
Compromised Credit Cards
Customer Account Take-Over
Customer Handset/Equipment Theft
Customer Handset/Equipment Configuration Abuse
False Base Station Attack
Hacking
Malicious Application/Software
Misconfiguration Abuse of Network/Service Platforms
Mobile Malware
Network/IT Systems Access Abuse
Network/Protocol/Signalling Manipulation
Open SMS-C Abuse
Operator/Company/Brand/Staff Impersonation
Phishing
Social Engineering/Single Ring Solicitation
Subscription Fraud
Tariff Rates/Pricing Plans Abuse
Clip On Abuse
Abuse of Contract Terms and Conditions
ATTACK TYPE
External
Internal
FRAUDSTER TYPE
Hacker
Dealer
Business Partner
Service User
Third Party
Employee
Service Provider
…….
LOCATION
Home Network
Visited Network
Home and Visited Network
National Network
International Network
Customer Offices
Dealer Offices
World Wide Web
…….
ENVIRONMENT
National Territory
International Territory
Roaming IN
Roaming OUT
…..
Categories and Attributes Description – Fraud Classification (1)
23
Fraud Classification Model Register
ENAB
LER
TECH
FRAU
D TY
PE
FRAUD ENABLER: …..
ATTACK TYPE -
FRAUDSTER TYPE –
LOCATION –
ENVIRONMENT –
FRAUD ABUSE/TYPE: …..
LOCATION –
ENVIRONMENT –
OBJECTIVE –
TECHNOLOGY -
SERVICE –
SUPPLEMENTARY SERVICE -
FRAUD CLASSIFICATIONFRAUD TYPES
Advanced Payment/Fee Fraud
Charging Bypass
Commissions Fraud
National Revenue Share Fraud
Interconnect Bypass/SIMBox Gateway
IRSF (International Revenue Share Fraud)
Money Laundering
Online Banking Fraud
Premium Rate Service Fraud
Private Use
Service Reselling
Spamming
Theft of Company Handsets/Equipments
Theft of Information/Content
Toll Free Number Fraud
Traffic Inflation for Credits/Bónus
Wholesale Fraud
……….
LOCATION
Home Network
Visited Network
Home and Visited Network
National Network
International Network
Customer Offices
Dealer Offices
World Wide Web
…….
ENVIRONMENT
National Territory
International Territory
Roaming IN
Roaming OUT
…..
OBJECTIVE
Make Money/Profit
Obtain Free Services/Goods
Collect Credits/Bonuses/Cash
Obtain Commissions
Access/Steal Information
Access User Bank Account
Operator’s Impersonation
……….
TECHNOLOGY
GSM
GPRS
3G
4G/LTE
IP /IMS
CDMA
ADSL
FTTH
……….
SERVICE
Voice Inbound
Voice Outbound
VoIP Inbound
VoIP Outbound
SMS Inbound
SMS Outbound
MMS Inbound
MMS Outbound
Data
M – Commerce
M – Payments
Mobile Financial Services
……..
SUPPLEMENTSERVICE
Call Conference
Call Forward
Call Hold
……….
Categories and Attributes Description – Fraud Classification (2)
24
GEN
ERA
L DATE: June, 2013
CUSTOMER TYPE: Postpaid
CUSTOMER SUB TYPE: Corporate Business
ACQUISITION CHANNEL: NAp
PAYMENT METHOD: Postpaid Invoice Payment
PAYMENT TYPE: Various
LOSSES QUALITATIVE: Very High
LOSSES QUANTITATIVE: Financials NAv (150.000 minutes)
MAIN IMPACTS: Financial
CASE DESCRIPTION: Tests performed at Network/Session Border Gateway (SBG) for new VoIP Services left a backdoor at network level.This vulnerability was used by an IP Address originating from Palestine who hacked SBG and performed 150.000 minutes of calls to Int. Premium Rate Services.
OPERATOR: Eagle Telecom
COUNTRY: USA
REGION: North America
FMS STATUS: In-House FMS
ENA
BLE
R T
ECH
FRA
UD
TYP
E
FRAUD ENABLER: Hacking: Session Border Gateway
ATTACK TYPE - External
FRAUDSTER TYPE – Hacker
LOCATION – Home Network
ENVIRONMENT – National Territory
FRAUD TYPE: IRSF (Spain; Somalia and Zimbabwe) LOCATION – Home Network
ENVIRONMENT – National Territory
OBJECTIVE – Make Money/Profit
TECHNOLOGY – IP IMS
SERVICE – VoIP Outbound
SUPPLEMENTARY SERVICE – NAp
FRAUD CLASSIFICATION FRAUD MITIGATION
DETECTION: Traffic Monitoring/Analysis
DETECTION SYSTEM – Fraud Management System (FMS)
PREVENTION: Network Technical Solution
PREVENTION SYSTEM – Session Border Gateway (SBG)
MITIGATION DESCRIPTION: Engineering Department secured SBG and blocked calls to International Premium Rate Services for all futureNetwork testing programs.
Case 1
25
6. FIINA Fraud Reporting Template
The Summary of the Work Made at FIINA
26
Fraud Classification ModelFIINA Fraud Reporting Template
Fraud Classification ModelFIINA Fraud Reporting Template
Fraud Classification ModelFIINA Fraud Reporting Template
7. An Industry Perspective Through the Model?
The Model Potential- Graphics hereby presented do not represent an Industry reality- Fraud varies from region-to-region
30
31
Subscription FraudNetwork/Protocol/Signalling Manipulation
Hacking
Misconfiguration Abuse of Network/Service Platforms
Arbitrage
Tariff Rates/Pricing Plans Abuse
Customer Account Take-OverCustomer Handset/Equipment Theft
World-Wide Fraud Enablers
IRSF (International RevenueShare Fraud)
Interconnect Bypass/SIMBox GatewayCharging Bypass
Private Use
Wholesale Fraud
Theft of Company Handsets/Equipments
Commisions Fraud
Theft of Information
Service Reselling
Traffic Inflation for Credits/Bonus
32
World–Wide Fraud Types
IRSF (International Revenue Share Fraud)
Service Reselling
Theft of InformationPremium Rate Service Fraud
Wholesale Fraud
Spamming
What Are the Main Fraud TypesCommitted Through Hacking?
Fraud Types Through Hacking
PABXVoIP Gateway/Switch
SMS - C
IP Broadband RouterMobile Voice Mail System
WebsitesSIP Switch
Network Elements Victim of Hacking?
33
34
Wholesale Fraud Through HackingFRAUD OPERATION SCENARIO | TRAFFIC BROKERING | CASE STUDY
Negotiating “Traffic Termination Rates” at the Wholesale Market.
Traffic Brokers offer the lowest price for call termination at a specific country.
TRAFFIC BROKERS (Least Cost
Routers)
TELECOM OPERATORS(Mobile-Fixed-Convergent)
END CUSTOMERS(Mobile-Fixed-Convergent)
Pays Termination
Pays Termination
Pays Termination
Hacking Corporate Customers IP-BX Systems to terminate traffic for free, forcing the Billing of these calls upon Telecom Clients.
Hacked Corporate Customers pay the termination rate.
Traffic Negotiation
Traffic Negotiation
Traffic Negotiation
CORPORATE CUSTOMER
CORPORATE CUSTOMER
CORPORATE CUSTOMER
HACKING
HACKING
HACKING
Breaking IP-PBX System
Breaking IP-PBX System
Breaking IP-PBX System
IRSF (International Revenue Share Fraud)
Theft of Company Handsets/Equipments
Commisions Fraud
Traffic Inflation for Credits/Bonus
Premium Rate Service Fraud
Interconnect Bypass/SIMBox Gateway
Private Use
Fraud Types Through Subscription Fraud
IRSF (InternationalRevenue Share Fraud)Wholesale Fraud
Interconnect Bypass/SIMBox Gateway
Traffic Inflation for Credits/Bonus
Fraud Types Through Arbitrage
Interconnect Bypass/SIMBox Gateway
Traffic Inflation for Credits/Bonus
Spamming
Fraud Types Through Tariff Rates Abuse
Service Reselling
Theft of Company Handsets/Equipments
Premium Rate Service Fraud
HomeBanking Fraud
Commisions Fraud
IRSF (International Revenue Share Fraud)
Fraud Types Through Customer Account Take-Over
Revenue Assurance- Arbitrage- Open SMS-C Abuse- Tariff Rates/Pricing Plans Abuse- Misconfiguration Abuse of Network/Service Platforms - Abuse of Technical Failure at Network/Service Platforms
Fraud Management- Customer Account Take-Over- Operator/Company/Brand/Staff Impersonation- Phishing- Social Engineering- Subscription Fraud- Customer Handset/Equipment Theft- Abuse of Business Procedures/Processes Weaknesses
Security Management- Cloning- Compromised Credit Cards- False Base Station Attack- Hacking- Malicious Application/Software- Mobile Malware- Network/Protocol/Signalling Manipulation- Misconfiguration Abuse of Network/Service Platforms
Fraud Management
Security Management
Revenue Assurance
Classification of Enablers by Business Assurance Area
Service User
Hacker
Third Party
Dealer
Employee
Main Fraud Perpetrators by Enablers
Make Money/Profit
Obtain Free Services/Goods
Collect Credits/Bonuses
Obtain Com-missions
Objectives of Fraud Types
Subscription Fraud
HackingArbitrage
Social Engineering
Customer Handset/Equipment Theft
Misconfiguration Abuse of Network/Service Platforms
Compromised Credit Cards
Customer Account Take-Over
Enablers Contributing to IRSF (International Revenue Share Fraud)
Tariff Rates/Pricing Plans Abuse
Subscription Fraud
Abuse of Business Procedures/Processes Weaknesses
Arbitrage
Enablers Contributing to SIMBox Gateway Fraud
IRSF (International Revenue Share Fraud)
Interconnect Bypass/SIMBox
Gateway
Private Use
Charging Bypass
Traffic Inflation for Credits/Bonus
Wholesale Fraud
Credit Balance Reselling
Commisions Fraud
Fraud Types at Prepaid
Variations of Fraud Types at Prepaid vs Postpaid Customers
IRSF (International Revenue Share Fraud)
Theft of Company Handsets/Equipments
Service Reselling
Premium Rate Service Fraud
Commisions Fraud
Private Use
Interconnect Bypass/SIMBox Gateway
Wholesale Fraud
Fraud Types at Postpaid
Traffic Monitoring/Analysis
Customer Complains
Security Report/Alert
CDR/Transaction Analysis
Proactive Review
Revenue Assurance Report/Alert
High Usage Report (HUR)
Test Calls Generation
Main Fraud Detection Methods