Webinar

“Intelligence Driven Risk Assurance”

www.subex.com 1

The Webinar is about to begin in a few minutes. Please stand by.

Please dial-in to a suitable toll-free number

provided in the invite to listen to the audio stream

Alternatively, you can use Skype to

dial-in to:

+18663654406

Participants’ lines are muted

and only the presenters’ voice

will be audible

Intelligence Driven Risk AssuranceAshwin Menon & Abhijeet Singh

Aug 2015

Webinar

About the Presenters

Abhijeet Singh

Principal Consultant at Subex• Over 9 years in Telecom Fraud Management• Specializes in Consulting & Advisory, Risk & Health

Assessments and Managed Services

www.subex.com 3

Ashwin Menon

Associate Director at Subex• Over 9 years in Enterprise Risk Management,

Analytics for Business Optimization• Specializes in Solution Design, Risk Framework,

Technology Solutions

• Data Traffic:Data traffic is expected to rise to 17 Exabytes by Dec 2018, from an approx. of 3 Exabytes currently

• Connected People:5.5 billion connected people by the end of Dec 2018

• LTE Subscription:LTE subscription to increase 4.5 folds to 1.3 billion by the end of Dec 2018

• Internet of Things:70+ Billion connected things by the year 2020

CommercialWorldwide

2010

2014

20 commercial LTE networks across 14

countries

320+ commercial LTE networks across

110+ countries

Complicating Risk Assurance: 4G Adoption

www.subex.com 4

Complicating Risk Assurance: The Converged Environment

Expanded Value Chain

Cloud & other IT Services Other

ServicesFinancial Services

Payment Industry

Adverti-sementServices

Cloud Services

M2M/Utillity

Services

Content Services

Traditional Telco

ServicesDigital TV

Services

OtherServices

Assurance risks have evolved due to the increased convergence

• The cross industry convergence levels are at its peak – Exposing operators to risk levels similar to the other industries like banking or content

• The cross industry risks, while not new, are expected to induce more ‘direct’ risks to the operator – the new converged service provider

• Focus is also shifting to consumer protection as Mobile/Connection is becoming a subscription identity rather than just an access mechanism

www.subex.com 5

Complicating Risk Assurance: The Network & O/BSS Systems

New Network Elements

› Next gen services (e.g.: 4G) introduces new set of network elements and O/BSS systems

› This points to increase in complexity & volume of RA & FM activities to be performed due to increased data sources and controls

› Non COTS elements have questionable levels of data extraction, logging and access levels

1 Parallel Networks

› Pure 4G Operator: Traditional networks components running in parallel to enable partner network interconnection

› Evolved 4G Operator: The legacy networks of 2G/3G need to exist simultaneously with 4G network ensuring backward compatibility

› This increases the number and complexity of controls to be managed

2Non Standard Implementations

› Some areas of next gen networks, O/BSS systems and interface partnerships are taking customized approach

› This is due to lack of sufficient reference installations and standards

› E.g.: Interconnection (including roaming approach) and VoLTE/ VoLTE roaming etc.

3

www.subex.com 6

Everything is Data

Network allows Differentiated Quality Of Service

Multiple References

Customer is no more just an MSISDN / IMSI, he is referred as multiple entities such as IMPU, MSISDN, USER_ID Converged Billing Mode

in Real-time

All Customers charged in real-time

Digital Content Services

Content is set to become the focus of new revenue models for Telcos

Newer Revenue models & Complex Charging Policies

‘Freeconomics’ based models are evolving along with session based charging

Rich Communication Services suite

Telcos are striving to launch OTTs like services

Partner Ecosystem

Partner Network is growing multifold

IOT Services

Introduce newer security vulnerabilities

Complicating the Assurance: Other factors

www.subex.com 7

www.subex.com 8

Visualizing Impact on Revenue Assurance

OCS

OFCS

DPI

4G Specific Network Elements

www.subex.com 8

High UsagePartner Overbilling

Revenue ShareCramming

False Subscriber charging

Long firm fraudNew partner -

credit riskVAS AIT

High usagePolicy Non-adherence

Override PoliciesFree Service Exploit

Conceal IdentityPhysical Jumping

Usage on unapproved subscription

Usage on missing subscriptionNon Usage

Service/ Policy violation

Social EngineeringTheft

Exploit – ResellingEquipment Cloning

High risk dest. accessLong Duration

Account TakeoverTossed Accounts

Visualizing Impact on Fraud Management

Acquisition

Direct Sale+

Dealer/ Reseller Sale

Service Delivery

Communication Services

Voice & SMS

Fraudster Re-entryFalse

DocumentationProxy FraudSuspicious

RegistrationOverride sales

T&CSpurious

activationsFacilitating

Subscription Fraud

Unknown SalesSale in unlicensed

regionSale to self

Promotions and incentives abuseManipulation of

stocks and deliveries

High Speed Data

Internet Services

Fiber to home

Public WiFi

Content Services Mobile Money Services

Customer

Partner

Merchant

Rich Content

Digital TV

Duplicate Accounts

Address Change AnomaliesSuspicious

RegistrationsSuspicious Online

RegistrationsSuspicious

TransactionsSuspicious Location

MonitoringAbuse Of Test

AccountsLayering

Funds Accumulation

Abuse Of Dormant AccountsCloning

Device HackMoney

LaunderingSpammingSIM Swaps

Account TakeoverSuspicious Handsets

VAS

Ghost AccountsSuspicious

WithdrawalsSuspicious PurchasesSuspicious Merchants

TXN on Unapproved /Missing

SubscriptionFraudulent Partner

OnboardingCommission Frauds

Dormant Partner Usage

Fraudster Re EntryTXN on

Unapproved/ Missing Partnership

Fraudulent Merchant

OnboardingDormant Merchant

UsageUsage on

Unapproved Merchant Service

Usage against missing Merchant

ServiceMalware/Virus

Service Delivery Ecosystem

Wholesale & Inter connect Services

AD Services

Fraudulent Partner return

False Documentation

Credit RiskBypass fraudFalse Answer Supervision

Artificial inflation of

Traffic PBX/iPBX hack

ITFS fraudLong firm fraudArbitrage fraudCLI spoofing/

RefilingBlending HQ

routesCall looping

WangiriSMS Frauds

False disputes OverbillingFalse billing

Non payment intent

Attempted traffic billing

Click Fraud / Inflation Attack

including:Crowd

sourcingIncentivized

Ad NWClick Farms

MalwareSophisticate

d FraudRetargeting

FraudMobile

SimulatorAd Stacking

ToolbarsAd injection

Domain Identity

TheftPhantomBotDeceptiBotsCryptoBots

Hit Inflation Attack

Competition Click Fraud

Employee High UsageTest SIMs High UsageManual Adjustments

Manual RechargesUsed/Expired

voucher re-activationRecharge reuse

Non provisioned recharge use

Network updateRecharge

ManipulationNetwork B/OSS rule

modificationData update through

backend accessGold number

allocationAssisting fraudulent

activitiesAccess IP Mismatch

Access Control Bypass

Shared login Addition into exception list

Service Subscription Status Update

Service additionRate plan update

Rate Update

Service Delivery Support

Internal Employees&

Supply Chain

TheftPackage activation

post expiryAddress update

Ownership updateSIM Swaps

Balance TransfersInformation extractEquipment Delivery

Equipment SalePartner Profile Modification

Fictitious suppliers Manipulated

invoices Duplicate invoices

Provisioning of substandard/incorr

ect goods Collusion (inc.

kickbacks) Diversion of payments Contract

manipulation Credits/write-offs

Sale of the goods & services

Stock manipulation

Recharge &

Payments

Recharge

Payment

1 2 3 4 5

Dormant account reconnectionsUnauthorized Service Sale

Unauthorized Equipment SaleProduct subsidy

abuse

Hack - Malware/VirusTheft

Voicemail hackArbitrageWangiri

Tossed AccountsBypass – Voice & SMS

Free Access ExploitCall Back Fraud

URL MaskingAPN ModificationHigh risk APN use

High Risk Dest. accessBox Spiltting

High usageOutroamer high usageRevenue share fraud

Hack – CloningBill Shock

Social EngineeringNon Usage

Usage on unapproved /missing subscription

Exploit - ResellingLast event fraudLong Duration

Service/Policy violationSIM Stuffing

Inroamer high usageHigh Risk Device Use

Usage post expiry

Fraudulent generation of

creditsSimultaneous

recharges Duplicate

scratch cardVoucher Reuse

Suspicious Recharges

False complaintsUsed/fake

voucher saleRecharge

ManipulationCheque fraudBank Account

fraudNon pay

Partial paymentPromise to pay

Balance transfer frauds

Balance Transfer Anomaly

EVD fraudEVD Anomaly

Credit card fraud

URL MaskingHigh risk dest. access

Compromise APAccess Point Add Brute force attack

DNS SpoofingFree Access ExploitHigh risk APN use

High Risk Device UseUsage post expiry

Dial up / A-DSL

Exploit – Free Access or low

cost access plansContent AIT

Content HackBlacklisted Device UseDevice Hack

Usage on unapproved subscription

Usage on missing subscriptionNon Usage

Service /Policy Violation

Usage post expiry

Account Takeover

Card share

OTT BypassSignaling Abuse

15www.subex.com 9

350+ Fraud Risks

www.subex.com 10

Drivers of Intelligence Driven Assurance Systems

Coverage Enhancement

Quick Response to constantly changing

environment

Enable Faster Detection & Closure

Identification of Unknowns

Continuous Improvement

Effective Measurement

Rapid Return of Investment

Reduced Total Cost of Ownership

Upcoming ROC 3.0 Integration LayerA glimpse of the next version

www.subex.com11

Important Note:

The upcoming slides are forward looking and the look, feel & features around the capabilities

being presented may change in the final build.

ROC 3.0 OverviewIntegrated Solution Suite

Core Platform

www.subex.com 12

Single Landing Page

Shared AnalyticsSingle Sign On

Single ETL

Single Security Model

Single Storage

Centralized System Monitoring

Zero Touch Installation

Intuitive New GUI

Robust Case Management

Big Data Support

Shared Rating Engine

• Improved user experience

through responsive web

design with tile-based

navigation

• Context sensitive user

interface with favorite links

• A Single Sign On screen for

ROC Applications

• Common Landing Page to

navigate between applications

and view relevant

management information

• Common Analytics Layer, with

centralized Dashboards/KPIs

for Executive & Operations

(Supports OLAP Analysis)

ROC 3.0 in ActionNew GUI, Single Sign-On, Landing Page & Shared Analytics

www.subex.com 13

Third party BI tools are now replaced with In-house intelligent dashboard component with no license costs.

Benefits

ROC 3.0 in ActionSingle ETL, Single Storage, Shared Rating Engine & Zero touch Installation

www.subex.com 14

Single ETL1

Single Storage3

Shared Rating Engine4

• Removal of duplicate adapters

across products in a single ETL

• Reduced Number of Adaptors

(typically 25% reduction on

ETL development)

• Common Data Model using

same adapter & storage

• Storage Costs (typically 25%

reduction on independent

installations)

• Savings on operational costs

since both products can be

managed centrally from

multi-skilled resources

• Common rating engine for all

the products

• Rate once – use multiple

• Addresses pseudo rating

issues

Zero Touch Installation5

• Automated push &

installation of patches &

updates

• Removal of manual

installation risks & efforts

Prepackaged Controls2

• Prepackaged controls

including traditional

services, mobile money,

content services, 4G/LTE

and even 5G ready

Focus on “reduced TCO” & “increased agility” for customers across product lines by reducing efforts & leveraging

commonalities

ROC 3.0 in ActionSingle Security Model & Centralized System Monitoring

www.subex.com 15

• Common monitoring &

administration portal for all

ROC applications

• Simplified Administration &

User Management

• Common User

Management & Access

Control

• Common Security

Standards across product

lines

• Intuitive GUI with relevant

Metrics also preconfigured

• Complex tasks line log

analysis & process

management right from the

GUI

Benefits

ROC 3.0 in ActionRobust Case Management for Seamless Collaboration

www.subex.com 16

• Single sign-on over ROC layer

facilitates seamless collaboration

and case transfer across

products/departments.

• Provides flexibility to analysts &

empowers them to be more

productive

• continuity and simplicity in the

analysis process

• Ownership• Request for Information

Mode of Transfer

• Transfer Attachments

• Transfer History & Activity Log

• Access to alarm/case data

Features

Common Case Management Use Case

Benefits

ROC 3.0 in ActionBig Data Support

www.subex.com 17

ROC 3.0 framework is big data ready

• 100X faster performance

• Big data support works as an enabler for next generation of ROC product lines & analytics

• Built for scalability and load handling.

• Tested on Vertica & Exadata

• The platform scales up to handle loads in excess of 8 Billion CDRs per day.

CommercialBenefits

Upcoming ROC Revenue Assurance v5.3A glimpse of the next version

www.subex.com18

ROC Revenue Assurance 5.3What’s new in this version

www.subex.com 19

ROC 3 Integration

DNA

Big Data Ready

Mobile App

Totally New User Experience

4G/LTE Controls5G Ready

20

DNA OneView

DNA – OneView: Enterprise-wide RA Visibility

www.subex.com 21

Business Hierarchy represents the business structure of the telecom service provider based on geographic location and the revenue generating business units.

Intelligent Process Topology provides GUI based tools for actively monitoring the health and integrity of the revenue processes, while also helping in fast analysis and root cause determination of any errant conditions

Demonstrates the overall health and maturity of RA operations across business units by displaying key measures such as Potential Leakage, Revenue Recovered, Revenue Recoverable & Case Closure Rate

Business Hierarchy

Network Topology

RevenuePad

This is a one stop information center to gain visibility on enterprise-wide RA, including Business Hierarchy

and Network Topology

Business Process

HierarchyOneView RevenuePad Case Arena

Geography and LoB based revenue structure

Dynamic Network Analytics

A revolutionary User Operational Experience that supports real-time

operational analysis across the business

while also supporting Automated

Configuration of new business processes

New approach to dashboarding to provide E2E view of performance

Overall health and performance of RA operations across

business units

CASE Management integrated with Zen for quicker

root cause analysis

www.subex.com 22

Rapid deployment with pre-defined libraries enabling seamless due-diligence, systems integration & robust operations

Zen: Virtual Analyst

• Zen is a virtual analyst for Revenue Assurance

• It analyzes millions of discrepancy records and presents the possible reasons for discrepancies to the analyst

Benefits of Zen:

o Improves analyst productivity

o Enables faster revenue recovery

o Enables knowledge management

o Enables effective handling of cases presented

o Provides a three dimensional view - Trend,

validation and analyst performance

www.subex.com 23

A useful tool for faster identification of Root Causes that increases analyst productivity substantially

Mobile App

www.subex.com 24

**These are wireframes – Not the final look and feel

Bringing the ROC RA capabilities on mobile devices ensures that RA specialists have information at their fingertips to make crucial, time-sensitive decisions!

Upcoming ROC Fraud Management v8.3A Glimpse into the next version

www.subex.com

www.subex.com 26

Big Data Ready

ROC 3Integration

Enhanced User Experience

Solution Packse.g. 4G/LTE, 5G,

Content etc.

ROC Fraud Management 8.3What’s new in this version

www.subex.com 27

Mobile AppIntelligent Alarm

Qualification

Fraud Manager’s Toolkit

Bypass Fraud Analytics

Online Statistical Rules

ROC FM Specific CommercialCommon Framework

Fraud Manager’s Toolkit

www.subex.com 28

KPI Hub

• Operational KPIs• Financial KPIs• System KPIs

Performance Hub

• Analyst Performance• System Performance• Resourcing Analysis

Intelligence Hub

• Trending• Discovery

FMT

Set of tools designed to provide enhanced operational intelligence & best practice measurement metrics

to support fast decision making

Private & Confidentialwww.subex.com29

Fraud Manager’s Toolkit: Snapshots

30

Association Discovery

Activity Profiling & Matching

ROC FM v8.2 FMS Elements

Online Threshold Based Rules

Online & Offline Statistical Rules

Measure & Audit Module

Big Data Support - Vertica

Automatic Barring – Provisioning Integration

Partnership with leading TCG Provider

• International network of test call generators with 1900+ routes

• Most extended VoIP & Calling Card platformin the market & ability to execute test calls from phone shops

• Highest bypass detection rates in the market!

• Near « Real » time fraud notifications

• Most advanced call campaign algorithms

• Extensive operator & regulator experience!

• Only patented TCG provider

• A team of skilled Fraud Analysts managing campaign

• Scrambling Policy against counter detection

Bypass AnalyticsSubex Integrated Bypass Detection Approach

Subex combines the accuracy offered by a TCG solution with flexibility and higher coverage offered by a FMS and integrates them through a Bypass Analytics layer

Associated MSISDNs discovery through analytics

FMS Fraud Hits

New Bypass Profile Patterns

Feedback for rule efficiency

Feedback for more focused call generation

Input for further analysis

Detection

www.subex.com

Online Statistical Rules

31

Capabilities

› Introduced in response to Bypass Fraud, but evolved to cover fraud risks across the telecom services

spectrum

Negative Scenarios Trend AnomalyBehavioral Match Proportional AnomalyThreshold Breach

Powerful near-real-time detection capabilities with arithmetic rules built for anomaly detection which now supports near real time evaluation for limited look back period.

Mobile App

On the go fraud alerts and decisioning with a new Mobile App - supported by clean & simple tools to assist investigation & continuous improvement powered by intelligent charts & dashboards

www.subex.com 32

**These are wireframes – Not the final look and feel

www.subex.com

Intelligent Alarm Qualification

33

Its purpose is to prioritize the alarms in the system by scoring them in the range more accurately and intuitively.

Intelligent Alarm Qualifier (IAQ) is a powerful Machine-Learning module which uses Hidden Markov Models.

IAQ

92

Likely to be

Fraud

16

Unlikely to be

Fraud

IAQ is built on the concept of Pareto Principle – 80% of effects come from 20% causes

Questions & Answers

www.subex.com 34

Questions?

Please send us your questions using the ‘Chat’ option available in the Webinar window.

Thank you

www.subex.com

For more information on ROC RA/FM, visit www.subex.com

Mail us additional questions/suggestions to

info@subex.com